Skip to main content

A lightweight authentication and key agreement protocol for heterogeneous IoT with special attention to sensing devices and gateway

Abstract

Focusing specifically on sensing devices with restricted resources, heterogeneous internet of things (HIoT) is an attractive scenario for IoT networks. Nonetheless, the very nature of wireless channels in these networks has given rise to a series of security challenges, which need to be considered while developing authentication protocols. Here, we scrutinized Yu and Park’s, Kumari et al.’s, and Ostad-sharif et al.'s protocols and illustrated their weaknesses against key compromise attacks, insider attacks, and violation of anonymity. Furthermore, for heterogeneous IoT contexts, a lightweight and secure authentication and key agreement protocol for heterogeneous IoT environments is presented. Concerning the restricted resources of sensing devices, an attempt is made to provide an efficient HIoT-based authentication protocol to enhance network security and performance. The gateway as a trusted authority with the maximum workload and sensing devices with the highest restrictions on resources are considered in the suggested protocol. As a result, the user bears the brunt of the workload in the individual session. The Burrows–Abadi–Needham (BAN) logic is used to validate the proposed protocol, and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is utilized to demonstrate resilience to existing active attacks. Simulation findings and performance assessment revealed that our protocol improved communication overheads by up to 110%, computation overheads by up to 83%, and sensing device maximum storage capacity by up to 51%.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

References

  1. Deebak BD, Al-Turjman F (2021) Secure-user sign-in authentication for IoT-based eHealth systems. Complex Intell Syst. https://doi.org/10.1007/s40747-020-00231-7

    Article  Google Scholar 

  2. Zhang Y, Zhao H, Xiang Y, Huang X, Chen X (2019) A key agreement scheme for smart homes using the secret mismatch problem. IEEE Internet Things J 6(6):10251–10260. https://doi.org/10.1109/JIOT.2019.2936884

    Article  Google Scholar 

  3. Yaqoob I, Hashem IAT, Mehmood Y, Gani A, Mokhtar S, Guizani S (2017) Enabling Communication Technologies For Smart Cities. IEEE Commun Mag 55(1):112–120. https://doi.org/10.1109/MCOM.2017.1600232CM

    Article  Google Scholar 

  4. Ji S, Liu S, Wang C, Qi R, Shen J (2020) An anonymous mutual authentication scheme for rfid-based transportation system. Electronics 9(12):2167. https://doi.org/10.3390/electronics9122167

    Article  Google Scholar 

  5. Shashidhara R, Bojjagani S, Maurya AK et al (2020) A Robust user authentication protocol with privacy-preserving for roaming service in mobility environments. Peer-to-Peer Netw 13:1943–1966. https://doi.org/10.1007/s12083-020-00929-y

    Article  Google Scholar 

  6. Irshad A, Usman M, Chaudhry SA, Naqvi H, Shafiq M (2020) A provably secure and efficient authenticated key agreement scheme for energy internet-based vehicle-to-grid technology framework. IEEE Trans Ind Appl 56(4):4425–4435. https://doi.org/10.1109/TIA.2020.2966160

    Article  Google Scholar 

  7. Yugha R, Chithra S (2020) A survey on technologies and security protocols: Reference for future generation IoT. J Netw Comput Appl 169:102763. https://doi.org/10.1016/j.jnca.2020.102763

    Article  Google Scholar 

  8. Kavianpour S, Shanmugam B, Azam S, Zamani M, Narayana Samy G, De Boer F (2019) A systematic literature review of authentication in Internet of Things for heterogeneous devices. J Comput Netw Commun. https://doi.org/10.1155/2019/5747136

    Article  Google Scholar 

  9. Nandy T, Idris MYIB, Noor RM, Kiah LM, Lun LS et al (2019) Review on security of Internet of Things authentication mechanism. IEEE Access 7:151054–151089. https://doi.org/10.1109/ACCESS.2019.2947723

    Article  Google Scholar 

  10. Qiu T, Chen N, Li K, Atiquzzaman M, Zhao W (2018) How can heterogeneous Internet of Things build our future: A survey. IEEE Commun Surveys Tutor 20(3):2011–2027. https://doi.org/10.1109/COMST.2018.2803740

    Article  Google Scholar 

  11. Kumari S, Das AK, Wazid M, Li X, Wu F, Choo KKR, Khan MK (2017) On the design of a secure user authentication and key agreement scheme for wireless sensor networks. Concurr Comput Pract Exp 29(23):e3930. https://doi.org/10.1002/cpe.3930

    Article  Google Scholar 

  12. Yu S, Park Y (2020) SLUA-WSN: secure and lightweight three-factor-based user authentication protocol for wireless sensor networks. Sensors 20(15):4143. https://doi.org/10.3390/s20154143

    Article  Google Scholar 

  13. Ostad-Sharif A, Arshad H, Nikooghadam M, Abbasinezhad-Mood D (2019) Three party secure data transmission in IoT networks through design of a lightweight authenticated key agreement scheme. Futur Gener Comput Syst 100:882–892. https://doi.org/10.1016/j.future.2019.04.019

    Article  Google Scholar 

  14. Li J, Zhang W, Kumari S, Choo KKR, Hogrefe D (2018) Security analysis and improvement of a mutual authentication and key agreement solution for wireless sensor networks using chaotic maps. Trans Emerg Telecommun Technol 29(6):e3295. https://doi.org/10.1002/ett.3295

    Article  Google Scholar 

  15. Fang D, Qian Y, Hu RQ (2020) A flexible and efficient authentication and secure data transmission scheme for IoT applications. IEEE Internet Things J 7(4):3474–3484. https://doi.org/10.1109/JIOT.2020.2970974

    Article  Google Scholar 

  16. Zhang Y, He D, Li L, Chen B (2020) A lightweight authentication and key agreement scheme for internet of drones. Comput Commun 154:455–464. https://doi.org/10.1016/j.comcom.2020.02.067

    Article  Google Scholar 

  17. Lee DH, Lee IY (2020) A lightweight authentication and key agreement schemes for IoT environments. Sensors 20(18):5350. https://doi.org/10.3390/s20185350

    Article  Google Scholar 

  18. Shin S, Kwon T (2020) A privacy-preserving authentication, authorization, and key agreement scheme for wireless sensor networks in 5G-integrated internet of things. IEEE Access 8:67555–67571. https://doi.org/10.1109/ACCESS.2020.2985719

    Article  Google Scholar 

  19. Wang F, Xu G, Xu G, Wang Y, Peng J (2020) A robust IoT-based three-factor authentication scheme for cloud computing resistant to session key exposure. Wirel Commun Mob Comput 2020:3805058. https://doi.org/10.1155/2020/3805058

    Article  Google Scholar 

  20. Gaba GS, Kumar G, Monga H, Kim TH, Kumar P (2020) Robust and lightweight mutual authentication scheme in distributed smart environments. IEEE Access 8:69722–69733. https://doi.org/10.1109/ACCESS.2020.2986480

    Article  Google Scholar 

  21. Hajian R, Erfani SH (2021) CHESDA: continuous hybrid and energy-efficient secure data aggregation for WSN. J Supercomput 77:5045–5075. https://doi.org/10.1007/s11227-020-03455-z

    Article  Google Scholar 

  22. Zhang X, Wen F (2019) An novel anonymous user WSN authentication for Internet of Things. Soft Comput 23(14):5683–5691. https://doi.org/10.1007/s00500-018-3226-6

    Article  Google Scholar 

  23. Xu L, Wu F (2019) A lightweight authentication scheme for multi-gateway wireless sensor networks under IoT conception. Arab J Sci Eng 44(4):3977–3993. https://doi.org/10.1007/s13369-019-03752-7

    Article  Google Scholar 

  24. Xue L, Huang Q, Zhang S, Huang H, Wang W (2021) A Lightweight Three-Factor Authentication and Key Agreement Scheme for Multigateway WSNs in IoT. Secur Commun Netw. https://doi.org/10.1155/2021/3300769

    Article  Google Scholar 

  25. Shin S, Kwon T (2019) A lightweight three-factor authentication and key agreement scheme in wireless sensor networks for smart homes. Sensors 19(9):2012. https://doi.org/10.3390/s19092012

    Article  Google Scholar 

  26. Wazid M, Das AK, Bhat V, Vasilakos AV (2020) LAM-CIoT: lightweight authentication mechanism in cloud-based IoT environment. J Netw Comput Appl 150:102496. https://doi.org/10.1016/j.jnca.2019.102496

    Article  Google Scholar 

  27. Banerjee S, Odelu V, Das AK, Chattopadhyay S, Park Y (2020) An efficient, anonymous and robust authentication scheme for smart home environments. Sensors 20(4):1215. https://doi.org/10.3390/s20041215

    Article  Google Scholar 

  28. Farash MS, Turkanović M, Kumari S, Hölbl M (2016) An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment. Ad Hoc Netw 36:152–176. https://doi.org/10.1016/j.adhoc.2015.05.014

    Article  Google Scholar 

  29. Mo J, Chen H (2019) A lightweight secure user authentication and key agreement protocol for wireless sensor networks. Secur Commun Netw. https://doi.org/10.1155/2019/2136506

    Article  Google Scholar 

  30. Yu B, Li H (2019) Anonymous authentication key agreement scheme with pairing-based cryptography for home-based multi-sensor Internet of Things. Int J Distrib Sens Netw 15(9):1550147719879379. https://doi.org/10.1177/1550147719879379

    Article  Google Scholar 

  31. Kocher P, Jaffe J, Benjamin J (1999) Differential power analysis. Annual international cryptology conference 1666:388–397. https://doi.org/10.1007/3-540-48405-1_25

    Article  MATH  Google Scholar 

  32. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552. https://doi.org/10.1109/TC.2002.1004593

    MathSciNet  Article  MATH  Google Scholar 

  33. Burrows M, Abadi M, Needham RM (1989) A logic of authentication. Proc R Soc Lond A Math Phys Sci 426(1871):233–271. https://doi.org/10.1098/rspa.1989.0125

    MathSciNet  Article  MATH  Google Scholar 

  34. AVISPA (2020) Automated validation of internet security protocols and applications. Available online, (4 Dec 2020), http://people.irisa.fr/Thomas.Genet/span/

  35. Heinzelman WE, Chandrakasan A, Balakrishnan H (200) Energy-efficient communication protocol for wireless microsensor networks. In: Proceedings of the 33rd Annual Hawaii International Conference on System Sciences (10-pp). IEEE, https://doi.org/10.1109/HICSS.2000.926982.

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to S. H. Erfani.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendix

Appendix

figure a

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Hajian, R., Erfani, S.H. & Kumari, S. A lightweight authentication and key agreement protocol for heterogeneous IoT with special attention to sensing devices and gateway. J Supercomput (2022). https://doi.org/10.1007/s11227-022-04464-w

Download citation

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11227-022-04464-w

Keywords

  • Authentication protocol
  • AVISPA
  • BAN logic
  • Efficiency
  • Key compromise attack
  • Heterogeneous IoT (HIoT)