A secure remote user authentication scheme for smart cities e-governance applications


Smart cities are rapidly gaining momentum and aims at improving the quality of life of citizens by adopting Information and Communication Technology. E-governance have become the smarter way of deployment of administration by the authority under its jurisdiction. The citizens can access the services of government anywhere at any time. Since this technique requires the transmission of sensitive information between the government and the citizen through the Internet, information security is of utmost importance. This paper proposes a lightweight, robust remote user authentication and key agreement protocol for e-governance applications in the smart cities. The proposed protocol is based on XOR and hash operations, and includes (1) a password and smart card, (2) user anonymity, (3) mutual authentication, (4) shared session key, and (5) key freshness. It satisfies desirable security attributes and is resistant against all well-known security attacks. Further, the formal security verification using AVISPA and informal security proves the security strength of the proposed protocol and its robustness against all possible security threats.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10


  1. 1.

    Hu Y, Tilke D, Adams T, Crandall AS, Cook DJ, Schmitter-Edgecombe M (2016) Smart home in a box: usability study for a large scale self-installation of smart home technologies. J Reliab Intell Environ 2(2):93–106. doi:10.1007/s40860-016-0021-y

    Article  Google Scholar 

  2. 2.

    Dahmen J, Cook DJ, Wang X, Honglei W (2017) Smart secure homes: a survey of smart home technologies that sense, assess, and respond to security threats. J Reliab Intell Environ. doi:10.1007/s40860-017-0035-0

    Google Scholar 

  3. 3.

    Chen S, Song S, Li L, Shen J (2009) Survey on smart grid technology [J]. Power Syst Technol 8:1–7

    Google Scholar 

  4. 4.

    Adeli H, Jiang X (2009) Intelligent infrastructure: neural networks, wavelets, and chaos theory for intelligent transportation systems and smart structures. Crc Press, Boca Raton

    Google Scholar 

  5. 5.

    Vithanwattana N, Mapp G, George C (2017) Developing a comprehensive information security framework for mHealth: a detailed analysis. J Reliab Intell Environ. doi:10.1007/s40860-017-0038-x

    Google Scholar 

  6. 6.

    Kummitha RKR, Crutzen N (2017) How do we understand smart cities? An evolutionary perspective. Cities 67:43–52. doi:10.1016/j.cities.2017.04.010

    Article  Google Scholar 

  7. 7.

    Corno F, Guercio E, De Russis L, Gargiulo E (2015) Designing for user confidence in intelligent environments. J Reliab Intell Environ 1(1):11–21. doi:10.1007/s40860-015-0001-7

    Article  Google Scholar 

  8. 8.

    Datta A (2015) A 100 smart cities, a 100 utopias. Dialogues Hum Geogr 5(1):49–53. doi:10.1177/2043820614565750

    Article  Google Scholar 

  9. 9.

    Hollands RG (2008) Will the real smart city please stand up? Intelligent, progressive or entrepreneurial? City 12(3):303–320. doi:10.1080/13604810802479126

    MathSciNet  Article  Google Scholar 

  10. 10.

    Graham S, Marvin S (2001) Splintering urbanism: networked infrastructures, technological mobilities and the urban condition. Psychology Press, Routledge

    Book  Google Scholar 

  11. 11.

    Haider SF et al (2016) Taxonomy and issues for antifragile-based multimedia cloud computing. J Reliab Intell Environ 2(1):37–49. doi:10.1007/s40860-016-0017-7

    Article  Google Scholar 

  12. 12.

    Banda G, Bommakanti CK, Mohan H (2016) One IoT: an IoT protocol and framework for OEMs to make IoT-enabled devices forward compatible. J Reliab Intell Environ 2(3):131–144. doi:10.1007/s40860-016-0027-5

    Article  Google Scholar 

  13. 13.

    Kim S, Kim HJ, Lee H (2009) An institutional analysis of an e-government system for anti-corruption: the case of OPEN. Gov Inf Q 26(1):42–50. doi:10.1016/j.giq.2008.09.002

    MathSciNet  Article  Google Scholar 

  14. 14.

    Awoleye OM, Ojuloge B, Ilori MO (2014) Web application vulnerability assessment and policy direction towards a secure smart government. Gov Inf Q 31:S118–S125. doi:10.1016/j.giq.2014.01.012

    Article  Google Scholar 

  15. 15.

    Roy A, Banik S, Karforma S (2011) Object oriented modelling of RSA digital signature in e-governance security. Int J Comput Eng Inf Technol 26:24–33

    Google Scholar 

  16. 16.

    Roy A, Karforma S (2012) Object oriented approach of digital certificate based e-governance mechanism. ACEEE Conf Proc Ser 3:3–4

    Google Scholar 

  17. 17.

    Roy A, Karforma S (2013) UML based modeling of ECDSA for secured and smart E-Governance system. In Computer Science and Information Technology (CS and IT-CSCP 2013), Proceedings of National Conference on Advancement of Computing in Engineering Research (ACER13) organized by Global Institute of Management and Technology, pp 207–222. doi:10.5121/csit.2013.3219

  18. 18.

    Zhu J, Ma J (2004) A new authentication scheme with anonymity for wireless environments. IEEE Trans Consum Electron 50(1):231–235. doi:10.1109/TCE.2004.1277867

    Article  Google Scholar 

  19. 19.

    Lee C-C, Hwang M-S, Liao I-E (2006) Security enhancement on a new authentication scheme with anonymity for wireless environments. IEEE Trans Ind Electron 53(5):1683–1687. doi:10.1109/TIE.2006.881998

    Article  Google Scholar 

  20. 20.

    Liao I-E, Lee C-C, Hwang M-S (2006) A password authentication scheme over insecure networks. J Comput Syst Sci 72(4):727–740. doi:10.1016/j.jcss.2005.10.001

    MathSciNet  Article  MATH  Google Scholar 

  21. 21.

    Yoon E-J, Yoo K-Y (2006) Drawbacks of Liao et al.’s password authentication scheme. In: Next generation web services practices, 2006. NWeSP 2006. International conference on, pp 101–108. doi:10.1109/NWESP.2006.15

  22. 22.

    Juang W-S, Chen S-T, Liaw H-T (2008) Robust and efficient password-authenticated key agreement using smart cards. IEEE Trans Ind Electron 55(6):2551–2556. doi:10.1109/TIE.2008.921677

    Article  Google Scholar 

  23. 23.

    Xu J, Zhu W-T, Feng D-G (2009) An improved smart card based password authentication scheme with provable security. Comput Stand Interfaces 31(4):723–728. doi:10.1016/j.csi.2008.09.006

    Article  Google Scholar 

  24. 24.

    Lee S-W, Kim H-S, Yoo K-Y (2005) Improvement of Chien et al’.s remote user authentication scheme using smart cards. Comput Stand Interfaces 27(2):181–183. doi:10.1016/j.csi.2004.02.002

    Article  Google Scholar 

  25. 25.

    Sood SK, Sarje AK, Singh K (2010) An improvement of Xu et al.’s authentication scheme using smart cards. In: Third annual ACM Bangalore conference on—COMPUTE ’10, pp 1–5. doi:10.1145/1754288.1754303

  26. 26.

    Chen T-H, Hsiang H-C, Shih W-K (2011) Security enhancement on an improvement on two remote user authentication schemes using smart cards. Futur Gener Comput Syst 27(4):377–380. doi:10.1016/j.future.2010.08.007

    Article  Google Scholar 

  27. 27.

    Li X, Niu J, Khan MK, Liao J (2013) An enhanced smart card based remote user password authentication scheme. J Netw Comput Appl 36(5):1365–1371. doi:10.1016/j.jnca.2013.02.034

    Article  Google Scholar 

  28. 28.

    Mishra D, Das AK, Chaturvedi A, Mukhopadhyay S (2015) A secure password-based authentication and key agreement scheme using smart cards. J Inf Secur Appl 23:28–43. doi:10.1016/j.jisa.2015.06.001

    Google Scholar 

  29. 29.

    Kalra S, Sood SK (2015) Secure authentication scheme for IoT and cloud servers. Pervasive Mob Comput 24:210–223. doi:10.1016/j.pmcj.2015.08.001

    Article  Google Scholar 

  30. 30.

    Sharma G, Kalra S (2016) A novel scheme for data security in cloud computing using quantum cryptography. In: ACM international conference proceeding series, vol 12–13-Augu. doi:10.1145/2979779.2979816

  31. 31.

    Sharma G, Kalra S (2016) Identity based secure authentication scheme based on quantum key distribution for cloud computing. Peer Peer Netw Appl. doi:10.1007/s12083-016-0528-2

    Google Scholar 

  32. 32.

    Dhillon PK, Kalra S (2017) A lightweight biometrics based remote user authentication scheme for IoT services. J Inf Secur Appl. doi:10.1016/j.jisa.2017.01.003

    Google Scholar 

  33. 33.

    Dhillon PK, Kalra S (2017) Secure multi-factor remote user authentication scheme for Internet of Things environments. Int J Commun Syst. doi:10.1002/dac.3323

    Google Scholar 

  34. 34.

    Liu Y-J, Chang C-C, Chang S-C (2017) An efficient and secure smart card based password authentication scheme. Int J Netw Secur. doi:10.6633/IJNS.201701.19(1).01

    Google Scholar 

  35. 35.

    AVISPA (2017) AVISPA Web Tool. http://www.avispaproject.org/webinterface/expert.php/. Accessed Jan 2017

  36. 36.

    Chevalier Y, Compagna L, Cuellar J, Drielsma PH, Mantovani J, Mödersheim S, Vigneron L (2004) A high level protocol specification language for industrial security-sensitive protocols. In: Workshop on Specification and Automated Processing of Security Requirements-SAPS’2004. Austrian Computer Society, 13p

Download references

Author information



Corresponding author

Correspondence to Geeta Sharma.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Sharma, G., Kalra, S. A secure remote user authentication scheme for smart cities e-governance applications. J Reliable Intell Environ 3, 177–188 (2017). https://doi.org/10.1007/s40860-017-0046-x

Download citation


  • Authentication
  • E-governance
  • ICT
  • Session key
  • Smart city