Advertisement

Advanced lightweight multi-factor remote user authentication scheme for cloud-IoT applications

  • Geeta SharmaEmail author
  • Sheetal Kalra
Original Research

Abstract

With the ongoing revolution of Internet-enabled devices, Internet of Things (IoT) has emerged as the most popular networking paradigm. The enormous amount of data generated from smart devices in IoT environment is one of the biggest concerns. Cloud computing has emerged as a key technology to process the generated data. The confidential data of user from IoT devices is stored in cloud server and the remote user can access this data anytime, anywhere and at any place from the cloud server. This makes remote user authentication a critical issue. This paper proposes a lightweight remote user authentication scheme for cloud-IoT applications. The formal security analysis using BAN logic and random oracle model confirms that the scheme is resilient to known security attacks. Furthermore, the scheme is formally verified using AVISPA tool which confirms the security against multiple security attacks.

Keywords

Authentication BAN logic Cloud computing Internet of things Random oracle Session key 

Notes

References

  1. An YH (2013) Security improvements of dynamic id-based remote user authentication scheme with session key agreement. In: 15th international conference on advanced communication technology (ICACT) pp 1072–1076Google Scholar
  2. Armando A, Basin D, Cuellar J, Rusinowitch M, Viganò L (2006) Avispa: automated validation of internet security protocols and applications. ERCIM News 64Google Scholar
  3. Burrows M, Abadi M, Needham RM (1989) A logic of authentication. Proc R Soc Lond A 426(1871):233–271.  https://doi.org/10.1098/rspa.1989.0125 MathSciNetzbMATHGoogle Scholar
  4. Chandrakar P, Om H (2017) Cryptanalysis and security enhancement of three-factor remote user authentication scheme for multi-server environment. Int J Bus Data Commun Netw 13(1):85–101.  https://doi.org/10.4018/IJBDCN.2017010108 Google Scholar
  5. Chandrakar P, Om H (2018) An efficient two-factor remote user authentication and session key agreement scheme using rabin cryptosystem. Arab J Sci Eng 43(2):661–673.  https://doi.org/10.1007/s13369-017-2709-6 Google Scholar
  6. Chang YF, Tai WL, Chang HC (2014) Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. Int J Commun Syst 27(11):3430–3440.  https://doi.org/10.1002/dac.2552 Google Scholar
  7. Chang V, Kuo YH, Ramachandran M (2016) Cloud computing adoption framework: a security framework for business clouds. Future Gener Comput Syst 57:24–41.  https://doi.org/10.1016/j.future.2015.09.031 Google Scholar
  8. Chaturvedi A, Mishra D, Jangirala S, Mukhopadhyay S (2017) A privacy preserving biometric-based three-factor remote user authenticated key agreement scheme. J Inf Secur Appl 32:15–26.  https://doi.org/10.1016/j.jisa.2016.11.002 Google Scholar
  9. Chen TH, Hsiang HC, Shih WK (2011) Security enhancement on an improvement on two remote user authentication schemes using smart cards. Future Gener Comput Syst 27(4):377–380.  https://doi.org/10.1016/j.future.2010.08.007 Google Scholar
  10. Chen BL, Kuo WC, Wuu LC (2014) Robust smart-card-based remote user password authentication scheme. Int J Commun Syst 27(2):377–389.  https://doi.org/10.1002/dac.2368 Google Scholar
  11. Chen Y, Chou JS, Liao IC (2016) Improved on an improved remote user authentication scheme with key agreement. IACR Cryptol ePrint Arch.  https://doi.org/10.1155/2017/1619741 Google Scholar
  12. Chien HY, Jan JK, Tseng YM (2002) An efficient and practical solution to remote authentication: smart card. Comput Secur 21(4):372–375.  https://doi.org/10.1016/S0167-4048(02)00415-7 Google Scholar
  13. Chung HR, Ku WC, Tsaur MJ (2009) Weaknesses and improvement of Wang et al.’s remote user password authentication scheme for resource-limited environments. Comput Stand Interfaces 31(4):863–868.  https://doi.org/10.1016/j.csi.2008.09.020 Google Scholar
  14. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208.  https://doi.org/10.1109/TIT.1983.1056650 MathSciNetzbMATHGoogle Scholar
  15. Duan Q, Yan Y, Vasilakos AV (2012) A survey on service-oriented network virtualization toward convergence of networking and cloud computing. IEEE Trans Netw Serv Manag 9(4):373–392.  https://doi.org/10.1109/TNSM.2012.113012.120310 Google Scholar
  16. Ham HS, Kim HH, Kim MS, Choi MJ (2014) Linear SVM-based android malware detection for reliable IoT services. J Appl Math.  https://doi.org/10.1155/2014/594501 Google Scholar
  17. Hao F, Min G, Chen J, Wang F, Lin M, Luo C, Yang LT (2014) An optimized computational model for multi-community-cloud social collaboration. IEEE Trans Serv Comput 7(3):346–358.  https://doi.org/10.1109/TSC.2014.2304728 Google Scholar
  18. Irshad A, Sher M, Ashraf S, Faisal S, Hassan M (2015) Cryptanalysis for secure and efficient smart-card-based remote user authentication scheme for multi-server environment. IACR Cryptology ePrint Archive 686Google Scholar
  19. Jaspher G, Katherine W, Kirubakaran E, Prakash P (2012) Smart card based remote user authentication schemes—survey. In: Third international conference on computing communication & networking technologies (ICCCNT) pp 1–5.  https://doi.org/10.1109/ICCCNT.2012.6395882
  20. Jiang Q, Ma J, Li G, Li X (2015) Improvement of robust smart-card-based password authentication scheme. Int J Commun Syst 28(2):383–393.  https://doi.org/10.1002/dac.2644 Google Scholar
  21. Kalra S, Sood SK (2015) Secure authentication scheme for IoT and cloud servers. Pervasive Mob Comput 24:210–223.  https://doi.org/10.1016/j.pmcj.2015.08.001 Google Scholar
  22. Ku WC, Chen SM (2004) Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Trans Consum Electron 50(1):204–207.  https://doi.org/10.1109/TCE.2004.1277863 Google Scholar
  23. Kumari S, Khan MK, Li X (2014) An improved remote user authentication scheme with key agreement. Comput Electr Eng 40(6):1997–2012.  https://doi.org/10.1016/j.compeleceng.2014.05.007 Google Scholar
  24. Lee NY, Chiu YC (2005) Improved remote authentication scheme with smart card. Comput Stand Interfaces 27(2):177–180.  https://doi.org/10.1016/j.csi.2004.06.001 Google Scholar
  25. Lee CC, Li LH, Hwang MS (2002) A remote user authentication scheme using hash functions. ACM SIGOPS Oper Syst Rev 36(4):23–29.  https://doi.org/10.1145/583800.583803 Google Scholar
  26. Lee SW, Kim HS, Yoo KY (2005) Improvement of Chien et al.’s remote user authentication scheme using smart cards. Comput Stand Interfaces 27(2):181–183.  https://doi.org/10.1016/j.csi.2004.02.002 Google Scholar
  27. Li X, Niu J, Khan MK, Liao J (2013) An enhanced smart card based remote user password authentication scheme. J Netw Comput Appl 36(5):1365–1371.  https://doi.org/10.1016/j.jnca.2013.02.034 Google Scholar
  28. Limbasiya T, Soni M, Mishra SK (2018) Advanced formal authentication protocol using smart cards for network applicants. Comput Electr Eng 66:50–63.  https://doi.org/10.1016/j.compeleceng.2017.12.045 Google Scholar
  29. Nguyen NT, Le HD, Chang CC (2016) Provably secure and efficient three-factor authenticated key agreement scheme with untraceability. Int J Netw Secur 18(2):335–344Google Scholar
  30. Nikooghadam M, Jahantigh R, Arshad H (2017) A lightweight authentication and key agreement protocol preserving user anonymity. Multimed Tools Appl 76(11):13401–13423.  https://doi.org/10.1007/s11042-016-3704-8 Google Scholar
  31. Odelu V, Das AK, Goswami A (2014) A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Inf Sci 269:270–285.  https://doi.org/10.1016/j.ins.2013.10.022 MathSciNetzbMATHGoogle Scholar
  32. Sharma G, Kalra S (2018a) Advanced multi-factor user authentication scheme for E-governance applications in smart cities. Int J Comput Appl.  https://doi.org/10.1080/1206212X.2018.1445352 Google Scholar
  33. Sharma G, Kalra S (2018b) Identity based secure authentication scheme based on quantum key distribution for cloud computing. Peer-to-Peer Netw Appl 11(2):220–234.  https://doi.org/10.1007/s12083-016-0528-2 Google Scholar
  34. Shunmuganathan S, Saravanan RD, Palanichamy Y (2015) Secure and efficient smart-card-based remote user authentication scheme for multiserver environment. Can J Electr Comput Eng 38(1):20–30.  https://doi.org/10.1109/CJECE.2014.2344447 Google Scholar
  35. Sicari S, Rizzardi A, Grieco LA, Coen-Porisini A (2015) Security, privacy and trust in internet of things: the road ahead. Comput Netw 76:146–164.  https://doi.org/10.1016/j.comnet.2014.11.008 Google Scholar
  36. Singh D, Tripathi G, Jara AJ (2014) A survey of internet-of-things future vision, architecture, challenges and services. In: IEEE world forum on internet of things (WF-IoT) pp 287–292.  https://doi.org/10.1109/WF-IoT.2014.6803174
  37. Song R (2010) Advanced smart card based password authentication protocol. Comput Stand Interfaces 32(5):321–325.  https://doi.org/10.1016/j.csi.2010.03.008 Google Scholar
  38. Sood SK, Sarje AK, Singh K (2010) An improvement of Xu et al.’s authentication scheme using smart cards. In: Proceedings of the third annual ACM Bangalore conference p 15.  https://doi.org/10.1145/1754288.1754303
  39. Sutrala AK, Das AK, Odelu V, Wazid M, Kumari S (2016) Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems. Comput Methods Programs Biomed 135:167–185.  https://doi.org/10.1016/j.cmpb.2016.07.028 Google Scholar
  40. Teh TY, Lee YS, Cheah ZY, Chin JJ (2017) IBI-mobile authentication: a prototype to facilitate access control using identity-based identification on mobile smart devices. Wirel Pers Commun 94(1):127–144.  https://doi.org/10.1007/s11277-016-3320-y Google Scholar
  41. Tsai CS, Lee CC, Hwang MS (2006) Password authentication schemes: current status and key issues. IJ Netw Secur 3(2):101–115Google Scholar
  42. Wang XM, Zhang WF, Zhang JS, Khan MK (2007) Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Comput Stand Interfaces 29(5):507–512.  https://doi.org/10.1016/j.csi.2006.11.005 Google Scholar
  43. Wang XA, Ma J, Yang X (2015) A new proxy re-encryption scheme for protecting critical information systems. J Ambient Intell Humaniz Comput 6(6):699–711.  https://doi.org/10.1007/s12652-015-0261-3 Google Scholar
  44. Wang XA, Ma J, Xhafa F, Zhang M, Luo X (2017) Cost-effective secure E-health cloud system using identity based cryptographic techniques. Future Gener Comput Syst 67:242–254.  https://doi.org/10.1016/j.future.2016.08.008 Google Scholar
  45. Wang XA, Liu Y, Zhang J, Yang X, Zhang M (2018) Improved group-oriented proofs of cloud storage in IoT setting. Concurr Comput Pract Exp 30(21):e4781.  https://doi.org/10.1002/cpe.4781 Google Scholar
  46. Wei J, Liu W, Hu X (2016) Secure and efficient smart card based remote user password authentication scheme. Int J Netw Secur 18(4):782–792Google Scholar
  47. Xu J, Zhu WT, Feng DG (2009) An improved smart card based password authentication scheme with provable security. Comput Stand Interfaces 31(4):723–728.  https://doi.org/10.1016/j.csi.2008.09.006 Google Scholar
  48. Yan Z, Zhang P, Vasilakos AV (2014) A survey on trust management for internet of things. J Netw Comput Appl 42:120–134.  https://doi.org/10.1016/j.jnca.2014.01.014 Google Scholar
  49. Yoon EJ, Ryu EK, Yoo KY (2004) Further improvement of an efficient password based remote user authentication scheme using smart cards. IEEE Trans Consum Electron 50(2):612–614.  https://doi.org/10.1109/TCE.2004.1309437 Google Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringGuru Nanak Dev UniversityJalandharIndia

Personalised recommendations