The Journal of Supercomputing

, Volume 74, Issue 12, pp 6428–6453 | Cite as

A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers

  • Saru Kumari
  • Marimuthu Karuppiah
  • Ashok Kumar DasEmail author
  • Xiong Li
  • Fan Wu
  • Neeraj Kumar


The Internet of Things (IoT) is now a buzzword for Internet connectivity which extends to embedded devices, sensors and other objects connected to the Internet. Rapid development of this technology has led to the usage of various embedded devices in our daily life. However, for resource sharing and communication among these devices, there is a requirement for connecting these embedded devices to a large pool of resources like a cloud. The promising applications of IoT in Government and commercial sectors are possible by integrating cloud servers with these embedded devices. But such an integration of technologies involves security issues like data privacy and authentication of devices whenever information is exchanged between them. Recently, Kalra and Sood proposed an authentication scheme based on elliptic curve cryptography (ECC) for IoT and cloud servers and claimed that their scheme satisfies all security requirements and is immune to various types of attacks. However, in this paper, we show that Kalra and Sood scheme is susceptible to offline password guessing and insider attacks and it does not achieve device anonymity, session key agreement, and mutual authentication. Keeping in view of the shortcomings of Kalra and Sood’s scheme, we have proposed an authentication scheme based on ECC for IoT and cloud servers. In the proposed scheme in this paper, we have formally analyzed the security properties of the designed scheme by the most widely accepted and used Automated Validation of Internet Security Protocols and Applications tool. Security and performance analysis show that when compared with other related schemes, the proposed scheme is more powerful, efficient, and secure with respect to various known attacks.


Authentication Embedded device Internet of Things Cloud server Cookies Security 



This work was supported by the National Natural Science Foundation of China under Grant No. 61300220. Fan Wu is supported by Fujian Education and Scientific Research Program for Young and Middle-aged Teachers under Grant No. JA14369 and University Distinguished Young Research Talent Training Program of Fujian Province (Year 2016). This work was partially supported by the Information Security Education and Awareness (ISEA) Phase II Project, Department of Electronics and Information Technology (DeitY), India.


  1. 1.
    Zhou J, Leppanen T, Harjula E, Ylianttila M, Ojala T, Yu C, Jin H, Yang LT (2013) Cloudthings: a common architecture for integrating the internet of things with cloud computing. In: 2013 IEEE 17th International Conference on Computer Supported Cooperative Work in Design (CSCWD). IEEE, pp 651–657Google Scholar
  2. 2.
    Chang KD, Chen CY, Chen JL, Chao HC (2011) Internet of things and cloud computing for future internet. In: Security-enriched urban computing and smart grid. Springer, pp 1–10Google Scholar
  3. 3.
    Botta A, de Donato W, Persico V, Pescapé A (2016) Integration of cloud computing and internet of things: a survey. Future Gener Comput Syst 56:684–700CrossRefGoogle Scholar
  4. 4.
    Fox GC, Kamburugamuve S, Hartman RD (2012) Architecture and measured characteristics of a cloud based internet of things. In: 2012 International Conference on Collaboration Technologies and Systems (CTS). IEEE, pp 6–12Google Scholar
  5. 5.
    Dash SK, Mohapatra S, Pattnaik PK (2010) A survey on applications of wireless sensor network using cloud computing. Int J Comput Sci Eng Technol 1(4):50–55Google Scholar
  6. 6.
    Suciu G, Vulpe A, Halunga S, Fratu O, Todoran G, Suciu V (2013) Smart cities built on resilient cloud computing and secure internet of things. In: 2013 19th International Conference on Control Systems and Computer Science (CSCS). IEEE, pp 513–518Google Scholar
  7. 7.
    Mühlbach S, Wallner S (2008) Secure communication in microcomputer bus systems for embedded devices. J Syst Archit 54(11):1065–1076CrossRefGoogle Scholar
  8. 8.
    He D, Zeadally S (2015) An analysis of rfid authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet Things J 2(1):72–83CrossRefGoogle Scholar
  9. 9.
    Afreen R, Mehrotra SC (2011) A review on elliptic curve cryptography for embedded systems. J Comput Sci Inf Technol 3(3):84–103Google Scholar
  10. 10.
    Salas M (2013) A secure framework for OTA smart device ecosystems using ECC encryption and biometrics. In: Advances in Security of Information and Communication Networks. Springer, pp 204–218Google Scholar
  11. 11.
    Wu ST, Chiu JH, Chieu BC (2005) ID-based remote authentication with smart cards on open distributed system from elliptic curve cryptography. In: IEEE International Conference on Electro Information Technology. IEEE, pp 5Google Scholar
  12. 12.
    Tian X, Wong DS, Zhu RW (2005) Analysis and improvement of an authenticated key exchange protocol for sensor networks. IEEE Commun Lett 9(11):970–972CrossRefGoogle Scholar
  13. 13.
    Abi-Char PE, Mhamed A, El-Hassan B (2007) A fast and secure elliptic curve based authenticated key agreement protocol for low power mobile communications. In: The 2007 International Conference on Next Generation Mobile Applications, Services and Technologies (NGMAST’07). IEEE, pp 235–240Google Scholar
  14. 14.
    Yang JH, Chang CC (2009) An id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Comput Secur 28(3):138–143CrossRefGoogle Scholar
  15. 15.
    Islam SH, Biswas GP (2011) A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J Syst Softw 84(11):1892–1898CrossRefGoogle Scholar
  16. 16.
    He D, Chen J, Hu J (2012) An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security. Inf Fusion 13(3):223–230CrossRefGoogle Scholar
  17. 17.
    Ray S, Biswas GP (2012) Establishment of ECC-based initial secrecy usable for IKE implementation. In: Proceedings of the World Congress on Engineering, vol 1Google Scholar
  18. 18.
    Granjal J, Monteiro E, Silva JS (2013) End-to-end transport-layer security for internet-integrated sensing applications with mutual and delegated ECC public-key authentication. In: IFIP Networking Conference, 2013. Brooklyn, NY, pp 1–9Google Scholar
  19. 19.
    Jiang R, Lai C, Luo J, Wang X, Wang H (2013) EAP-based group authentication and key agreement protocol for machine-type communications. Int J Distrib Sens Netw 9(11):1–14Google Scholar
  20. 20.
    Yao X, Chen Z, Tian Y (2015) A lightweight attribute-based encryption scheme for the internet of things. Future Gener Comput Syst 49:104–112CrossRefGoogle Scholar
  21. 21.
    Moosavi SR, Nigussie E, Virtanen S, Isoaho J (2014) An elliptic curve-based mutual authentication scheme for RFID implant systems. Procedia Comput Sci 32:198–206CrossRefGoogle Scholar
  22. 22.
    Liao YP, Hsiao CM (2014) A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol. Ad Hoc Netw 18:133–146CrossRefGoogle Scholar
  23. 23.
    Kalra S, Sood SK (2015) Secure authentication scheme for IoT and cloud servers. Pervasive Mob Comput 24:210–223CrossRefGoogle Scholar
  24. 24.
    Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48(177):203–209MathSciNetCrossRefGoogle Scholar
  25. 25.
    Menezes AJ, Van Oorschot PC, Vanstone SA (1996) Handbook of applied cryptography. CRC Press, Boca RatonCrossRefGoogle Scholar
  26. 26.
    Miller VS (1985) Use of elliptic curves in cryptography. In: Advances in Cryptology—CRYPTO’85 Proceedings. Springer, pp 417–426Google Scholar
  27. 27.
    Hancock B (1999) Security views. Comput Secur 18(7):553–564CrossRefGoogle Scholar
  28. 28.
    Caelli WJ, Dawson EP, Rea SA (1999) Pki, elliptic curve cryptography, and digital signatures. Comput Secur 18(1):47–66CrossRefGoogle Scholar
  29. 29.
    Bertino E, Shang N, Wagstaff SS Jr (2008) An efficient time-bound hierarchical key management scheme for secure broadcasting. IEEE Trans Dependable Secure Comput 5(2):65–70CrossRefGoogle Scholar
  30. 30.
    Odelu V, Das AK, Goswami A (2016) A secure and efficient time-bound hierarchical access control scheme for secure broadcasting. Int J Ad Hoc Ubiquitous Comput 22(4):236–248CrossRefGoogle Scholar
  31. 31.
    Lassus M (1997) Smart-cards-a cost-effective solution against electronic fraud. In: European Conference on Security and Detection (ECOS 1997), pp 81–85Google Scholar
  32. 32.
    Macq BM, Quisquater JJ (1995) Cryptology for digital TV broadcasting. Proc IEEE 83(6):944–957CrossRefGoogle Scholar
  33. 33.
    Wan Z, Liu J, Zhang R, Deng RH (2013) A collusion-resistant conditional access system for flexible-pay-per-channel pay-TV broadcasting. IEEE Trans Multimed 15(6):1353–1364CrossRefGoogle Scholar
  34. 34.
    AVISPA Automated Validation of Internet Security Protocols and Applications. Accessed on February (2016)
  35. 35.
    Odelu V, Das AK, Goswami A (2015) A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans Inf Forensics Secur 10(9):1953–1966CrossRefGoogle Scholar
  36. 36.
    Odelu V, Das AK, Goswami A (2015) A secure and scalable group access control scheme for wireless sensor networks. Wirel Pers Commun 85(4):1765–1788CrossRefGoogle Scholar
  37. 37.
    Odelu V, Das AK, Goswami A (2015) An effective and robust secure remote user authenticated key agreement scheme using smart cards in wireless communication systems. Wirel Pers Commun 84(4):2571–2598CrossRefGoogle Scholar
  38. 38.
    Odelu V, Das AK, Goswami A (2015) DMAMA: dynamic migration access control mechanism for mobile agents in distributed networks. Wirel Pers Commun 84(1):207–230CrossRefGoogle Scholar
  39. 39.
    Das AK (2015) A secure and efficient user anonymity-preserving three-factor authentication protocol for large-scale distributed wireless sensor networks. Wirel Pers Commun 82(3):1377–1404CrossRefGoogle Scholar
  40. 40.
    Das AK (2016) A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks. Peer-to-peer Netw Appl 9(1):223–244CrossRefGoogle Scholar
  41. 41.
    Mishra D, Das AK, Mukhopadhyay S (2016) A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card. Peer-to-peer Netw Appl 9(1):171–192CrossRefGoogle Scholar
  42. 42.
    Dolev D, Yao AC (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208MathSciNetCrossRefGoogle Scholar
  43. 43.
    von Oheimb D (2005) The high-level protocol specification language HLPSL developed in the EU project AVISPA. In: Proceedings of APPSEM 2005 WorkshopGoogle Scholar
  44. 44.
    Kilinc HH, Yanik T (2014) A survey of SIP authentication and key agreement schemes. IEEE Commun Surv Tutor 16(2):1005–1023CrossRefGoogle Scholar
  45. 45.
    PUB FIPS (1995) 180-1. Secure hash standard. Natl Inst Stand Technol 17:45Google Scholar

Copyright information

© Springer Science+Business Media New York 2017

Authors and Affiliations

  1. 1.Department of MathematicsCh. Charan Singh UniversityMeerutIndia
  2. 2.School of Computer Science and EngineeringVIT UniversityVelloreIndia
  3. 3.Center for Security, Theory and Algorithmic ResearchInternational Institute of Information TechnologyHyderabadIndia
  4. 4.School of Computer Science and EngineeringHunan University of Science and TechnologyXiangtanChina
  5. 5.Department of Computer Science and EngineeringXiamen Institute of TechnologyXiamenChina
  6. 6.Department of Computer Science and EngineeringThapar UniversityPatialaIndia

Personalised recommendations