A secure mutual authentication protocol for IoT environment

  • Prabhat Kumar PandaEmail author
  • Sudipta Chattopadhyay
Original Article


Rapid development in the field of Internet of Things (IoT) has made it possible to connect many embedded devices to the internet for the sharing of data. Since, the embedded device has limited storage, power, and computational ability, an integration of embedded devices with the large pool of resource such as cloud is required. This integration of technologies is expected to provide extraordinary growth in current and future promising applications of IoT. In this context, the security issues such as authentication and data privacy of devices are major issues of concern. The research motivation of the present work is to propose a secure mutual authentication protocol for IoT and cloud servers based on elliptic curve cryptography. In this work, the security properties of the proposed protocol have been formally verified by using Automated Validation of Internet Security Protocols and Applications tools and informally analyzed and compared with the related protocols in terms of various security attributes such as device privacy, impersonation attack, replay attack, password guessing attack, mutual authentication and so on. Moreover, the performance of the proposed protocol has also been evaluated in terms of computational, communication, storage overhead and total computational time. The security and performance analyses found the supremacy of the proposed protocol over the other related protocols.


Authentication Cloud server Elliptic curve cryptography Internet of Things Security 



  1. 1.
    Atzori L, Lera A, Morabito G (2010) The Internet of Things: a survey. Comput Netw 54:2787–2805zbMATHCrossRefGoogle Scholar
  2. 2.
    Al-Fuqaha A, Guizani M, Mohammadi M, Aledhari M, Ayyash M (2015) Internet of Things: a survey on enabling technologies, protocols, and applications. IEEE Commun Surv Tutor 17(4):2347–2376CrossRefGoogle Scholar
  3. 3.
    Kouicem DE, Bouabdallah A, Lakhlef H (2018) Internet of Things security: a top-down survey. Comput Netw 141:199–221CrossRefGoogle Scholar
  4. 4.
    Botta A, Donato WD, Persico V, Pescape A (2016) Integration of cloud computing and Internet of things: a survey. Future Gener Comput Syst 56:684–700CrossRefGoogle Scholar
  5. 5.
    Sascha M, Sebastian W (2008) Secure communication in microcomputer bus systems for embedded devices. J Syst Archit 54:1065–1076CrossRefGoogle Scholar
  6. 6.
    Debiao H, Sherali Z (2015) An analysis of RFID authentication schemes for Internet of Things in healthcare environment using elliptic curve cryptography. IEEE Internet Things J 2(1):72–83CrossRefGoogle Scholar
  7. 7.
    Afreen R, Mehrotra SC (2011) A review on elliptic curve cryptography for embedded systems. J Comput Sci Inf Technol 3(3):84–103Google Scholar
  8. 8.
    Yang J, Chang C (2009) An ID-based remote mutual authentication with key agreement protocol for on elliptic curve cryptosystem. Comput Secur 28:138–143CrossRefGoogle Scholar
  9. 9.
    Yoon EJ, Yoo KY (2009) Robust ID-based remote mutual authentication with key agreement protocol for mobile devices on ECC. In: Proceedings of the international conference on computational science and engineering, pp 633–640Google Scholar
  10. 10.
    Hafizul SK, Biswas GP (2011) A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve crypto systems. J Syst Softw 84(11):1892–1898CrossRefGoogle Scholar
  11. 11.
    Chou CH, Tsai KY, Lu CF (2013) Two ID-based authenticated schemes with key agreement for mobile environments. J Supercomput 66(2):973–988CrossRefGoogle Scholar
  12. 12.
    Farash MS, Attari MA (2014) A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks. J Supercomput 69:395–411CrossRefGoogle Scholar
  13. 13.
    Liao YP, Hsiao CM (2014) A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol. Ad Hoc Netw 18:133–146CrossRefGoogle Scholar
  14. 14.
    Peeters R, Hermans J (2013) Attack on Liao and Hsiao’s Secure ECC based RFID authentication scheme integrated with ID-verifier transfer protocol. Cryptology ePrint Archive. Report 2013/399Google Scholar
  15. 15.
    Moosavi SR, Nigussie E, Virtanen S, Isoaho J (2014) An elliptic curve-based mutual authentication scheme for RFID implants systems. Procedia Comput Sci 32:198–206CrossRefGoogle Scholar
  16. 16.
    Khatwani C, Roy S (2015) Security analysis of ECC based authentication protocols. In: Proceedings of ieee international conference on computational intelligence and communication networks, pp 1167–1172Google Scholar
  17. 17.
    Abbasinezhad-Mood D, Nikooghadam M (2018) Efficient design of a novel ECC-based public key scheme for medical data protection by utilization of NanoPi fire. IEEE Trans Reliab 67(3):1328–1339CrossRefGoogle Scholar
  18. 18.
    Abbasinezhad-Mood D, Nikooghadam M (2018) Efficient anonymous password-authenticated key exchange protocol to read isolated smart meters by utilization of extended chebyshev chaotic maps. IEEE Trans Ind Inf 4(11):4815–4828Google Scholar
  19. 19.
    Abbasinezhad-Mood D, Ostad-Sharif A, Nikooghadam M (2019) Novel anonymous key establishment protocol for isolated smart meters. IEEE Trans Ind Electron 67(4):2844–2851CrossRefGoogle Scholar
  20. 20.
    Alshahrani M, Traore I (2019) Secure mutual authentication and automated access control for IoT smart home using cumulative Keyed-hash chain. J Inf Secur Appl 45:156–175Google Scholar
  21. 21.
    Li X, Niu J, Bhuiyan MZA, Wu F, Karuppiah M, Kumari S (2018) A robust ECC based provable secure authentication protocol with privacy preserving for Industrial Internet of Things. IEEE Trans Ind Inf 14(8):3599–3609CrossRefGoogle Scholar
  22. 22.
    Alcaide A, Palomar E, Montero-Castillo J, Ribagorda A (2013) Anonymous authentication for privacy-preserving IoT target-driven applications. Comput Secur 37:111–123CrossRefGoogle Scholar
  23. 23.
    Lin X-J, Sun L, Qu H (2015) Insecurity of an anonymous authentication for privacy-preserving IoT target-driven applications. Comput Secur 48:142–149CrossRefGoogle Scholar
  24. 24.
    Dhillon PK, Kalra S (2017) Secure multi-factor remote user authentication scheme for Internet of Things environments. Int J Commun Syst 6:e3323CrossRefGoogle Scholar
  25. 25.
    Ostad-Sharif A, Arshad H, Nikooghadam M, Abbasinezhad-Mood D (2019) Three party secure data transmission in IoT networks through design of a lightweight authenticated key agreement scheme. Future Gener Comput Syst 100:82–892CrossRefGoogle Scholar
  26. 26.
    Waquar A, Raza A, Abbas H, Khan MK (2013) A framework for preservation of cloud users’ data privacy using dynamic reconstruction of metadata. J Netw Comput Appl 36:235–248CrossRefGoogle Scholar
  27. 27.
    Distefano S, Merlino G, Puliafito A (2015) A utility paradigm for IoT: the sensing cloud. Pervasive Mob Comput 20:127–144CrossRefGoogle Scholar
  28. 28.
    Persson P, Angelsmark O (2015) Calvin—merging cloud and IoT. Procedia Comput Sci 52:210–217CrossRefGoogle Scholar
  29. 29.
    Stergiou C, Psannis KE, Kim B-G, Gupta B (2018) Secure integration of IoT and cloud computing. Future Gener Comput Syst 78:964–975CrossRefGoogle Scholar
  30. 30.
    Chatterjee S, Samaddar SG (2020) A robust lightweight ECC-based three-way authentication scheme for IoT in cloud. In: Elçi A, Sa P, Modi C, Olague G, Sahoo M, Bakshi S (eds) Smart computing paradigms: new progresses and challenges Advances in intelligent systems and computing, vol 767. Springer, SingaporeGoogle Scholar
  31. 31.
    Kalra S, Sood SK (2015) Secure authentication scheme for IOT and cloud servers. Pervasive Mob Comput 24:210–223CrossRefGoogle Scholar
  32. 32.
    Chang C-C, Wu H-L, Sun C-Y (2017) Notes on secure authentication scheme for IOT and cloud servers. Pervasive Mob Comput 38:275–278CrossRefGoogle Scholar
  33. 33.
    Wang K-H, Chen C-M, Fang W, Wu T-Y (2017) A secure authentication scheme for internet of things. Pervasive Mob Comput 42:15–26CrossRefGoogle Scholar
  34. 34.
    Kumari S, Karuppiah M, Das AK (2018) A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers. J Supercomput 74:6428–6453CrossRefGoogle Scholar
  35. 35.
    Bhubaneswari S, Ananth NV (2018) Enhanced mutual authentication scheme for cloud of things. Int J Pure Appl Math 119(15):1571–1583Google Scholar
  36. 36.
    Hankerson D, Menezes A, Vanstone S (2004) Guide to elliptic curve cryptography. Springer, New YorkzbMATHGoogle Scholar
  37. 37.
    Mahto D, Khan DA, Yadav DK (2016) Security analysis of elliptic curve cryptography and RSA. In: Proceedings of the world congress on engineering, pp 1–4Google Scholar
  38. 38.
    Wu F, Xu L, Kumari S, Li X (2018) An improved and provably secure three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Netw Appl 11(1):1–20CrossRefGoogle Scholar
  39. 39.
    Panda PK, Chattopadhyay S (2019) An improved authentication and security scheme for LTE/LTE-a networks. J Ambient Intell Hum Comput. CrossRefGoogle Scholar
  40. 40.
    Vigano L (2006) Automated security protocol analysis with the AVISPA tool. Electron Notes Theor Comput Sci 155:61–86CrossRefGoogle Scholar
  41. 41.
    [Online]. AVISPA: automated validation of internet security protocols and applications. Accessed Jan (2018).
  42. 42.
    Wazid M, Das AK, Odelu V, Kumar N, Conti M, Jo M (2018) Design of secure user authenticated key management protocol for generic IoT networks. IEEE Internet Things J 5(1):269–282CrossRefGoogle Scholar
  43. 43.
    Dolev D, Yao AC (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208MathSciNetzbMATHCrossRefGoogle Scholar
  44. 44.
    Secure hash standard (1995) Nat. Inst. Standards Technol. (NIST), USA, Tech. Rep. FIPS PUB: 180-1Google Scholar
  45. 45.
    Panda PK, Chattopadhyay S (2019) A modified PKM environment for the security enhancement of IEEE 802.16e. Comput Standard Interface 61:107–120CrossRefGoogle Scholar
  46. 46.
    Challa S, Wazid M, Das AK, Kumar N, Reddy AG, Yoon E-J, Yoo K-Y (2017) Secure signature based authenticated key establishment scheme for future IOT applications. IEEE Access 5:3028–3043CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.School of Electronics and Communication EngineeringREVA UniversityBangaloreIndia
  2. 2.Department of Electronics and Telecommunication EngineeringJadavpur UniversityKolkataIndia

Personalised recommendations