Two-Factor Authentication and Key Agreement Schemes for Smart Home Fingerprint Characteristics

Liu, Zhenpeng; Li, Zeyuan; Zhang, Qingwen; Dong, Shuhui; Liu, Jiahang; Zhao, Yonggang

doi:https://doi.org/10.1155/2022/4184433

Mobile Information Systems

On this page

Abstract Introduction Discussion Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2022 | Article ID 4184433 | https://doi.org/10.1155/2022/4184433

Two-Factor Authentication and Key Agreement Schemes for Smart Home Fingerprint Characteristics

Zhenpeng Liu,¹Zeyuan Li,¹Qingwen Zhang,¹Shuhui Dong,¹Jiahang Liu,¹and Yonggang Zhao²

Academic Editor: Jose M. Barcelo-Ordinas

Received28 Sept 2021

Revised07 Mar 2022

Accepted08 Mar 2022

Published24 Mar 2022

Abstract

Aiming at the potential security threat of personal information disclosure in smart homes, a two-factor authentication and key protocol scheme based on fingerprint feature was designed to ensure privacy and secure communication in a smart home environment. The scheme consisted of fingerprint authentication and a key protocol. Fingerprint features were extracted by fuzzy processor to ensure the stability of fingerprint features and effectively prevent the failure of fingerprint extraction caused by subtle changes. The key protocol was used to ensure the security of the communication process. Through performance comparison and security analysis, it was proved that the proposed scheme can meet the security requirements.

1. Introduction

As an important branch of the Internet of Things (IoT), a smart home brings great convenience to people’s life, but privacy protection also ushers in a great challenge. The sensors in smart homes are associated with a large number of user privacy, and there is a risk of privacy leakage in the process of data generation, transmission and processing. Therefore, the protection of user privacy has become an urgent problem in the smart home industry. If privacy security cannot be guaranteed, the popularity of smart home is bound to be seriously resisted. Most smart devices in the home are resource-limited, so the traditional public key cryptography systems such as RSA (Rivest Shamir Adleman) are not suitable for modern smart home devices, while the birth of lightweight authentication schemes provides the possibility for cryptography authentication. In recent years, many scholars have conducted research in the field of user identity authentication and key agreement.

Authentication and key negotiation protocols based on elliptic curve and symmetric and modular arithmetic encryption have been proposed. [1, 2, 3] These schemes are susceptible to different security attacks and have high computational and communication overhead. Wu et al. [4] have proposed an improved scheme based on elliptic curve cryptosystem and one-way hash function, which provides a variety of IoT security features. Song et al. [5] believe that Wu et al.’s scheme is vulnerable to user impersonation and denial of service (DoS) attacks. Renuka et al. [6] have presented a smart medical application authentication scheme based on elliptic curves, but this scheme cannot provide intractability. Li et al. [7] have integrated the Internet of Things with the industrial field and proposed an identity authentication protocol based on elliptic curve to ensure the security of wireless sensor networks in the industrial Internet of Things environment. Although this solution can resist various types of attacks, its communication overhead is very large. Gupta et al. [8] have proposed a lightweight authentication and key agreement protocol based on one-way hash function and XOR (exclusive OR) operation. However, it is not efficient in terms of storage and communication costs. Li et al. [9] proposed a three-factor user authentication protocol based on elliptic curve passwords. They claimed that their scheme is resistant to various security attacks and can correct biometric errors using fuzzy processing techniques. Liu et al. [10] have proposed an authentication protocol based on elliptic curve, which lacks user preverification and uses two XOR values of unequal length. Shin et al. [11] proposed an authentication and key negotiation scheme that can protect user privacy in a 5G-integrated IoT environment, where users establish session keys via Elliptic Curve Diffie-Hellman (ECDH). Ali et al. [12] proposed a biometric-based authentication and access control protocol for wireless multimedia sensor networks using elliptic curve ciphers. They claim that their scheme is resistant to privileged insider, stolen smart card, and offline password guessing attacks. Ying and Nayak [13] have proposed a multiserver authentication key agreement scheme based on elliptic curve, which uses self-authenticated encryption technology for 5G networks. However, Haq et al. [14] have pointed out that this scheme may not be able to withstand offline password guessing attacks, user simulation attacks, and offline identity guessing attacks. Li et al. [15] have proposed an anonymous message authentication protocol in 5G framework by using discrete logarithm problem and the Diffie-Hellman problem. The verification of BAN (Burrows-Abadi-Needham) protocols shows that their protocols have good computing performance. Khan et al. [16] have proposed a cryptographic-based anonymous lightweight key agreement framework for smart grids using elliptic curve cryptography and secure hash functions. After analysis and verification, we have found loopholes in the login and authentication stages of [16].

Jiang et al. [17] have proposed a lightweight three-factor authentication and key agreement scheme for network integrated wireless sensor networks based on the Rabin cryptosystem. This scheme is difficult to implement and deploy in practical applications. Jung et al. [18] have proposed an efficient and securely enhanced key anonymous authentication protocol scheme. Fang et al. [19] have proposed a three-factor user authentication protocol in combination with smart cards and passwords while introducing biometrics. Sharma and Kalra [20] have proposed a lightweight authentication scheme for a cloud-based IoT environment. However, this solution was vulnerable to internal attacks and did not support anonymity and intractability. Jia et al. [21] proposed an anonymity-protected authentication scheme based on a fog architecture. However, if the private key of the server is lost, all the key material can be exported. And if the session information is leaked at the user side, it is vulnerable to session-specific ad hoc message attacks. Patonico et al. [22] introduced another mutual authentication key protocol for fog architecture that achieves anonymity, unlinkability, but also provides protection to satisfy full forward confidentiality. However, if a device is compromised by a stolen key, then that device may also be hijacked by an attacker. Shabisha et al. [23] propose a symmetric key-based authentication scheme that provides anonymity and unlinkability to the fog architecture and is independent of user interaction. Zhang and Liu [24] have proposed a multifactor authentication protocol for short-distance communication between smart devices, but the protocol proposed in the article is suitable for short-distance communication that does not rely on additional hardware. Zhang et al. [25] have proposed a three-factor identity authentication scheme based on security outlines and Chebyshev polynomials, which can effectively solve the problems of repeated registration attacks, improper biometric processing, and low system robustness. Safkhani and Vasilakos [26] have proposed an ultralight authentication scheme based on radio frequency identification, but this scheme cannot maintain good forward and backward confidentiality. Roy et al. [27] designed an anonymous authentication protocol based on chaotic mapping using a fuzzy extractor for biometric feature extraction to be used in crowdsourced IoT, but the scheme could not provide perfect forward security in case of leakage of their private key. Amin et al. [28] have proposed an anonymous mutual authentication protocol for mobile users. He pointed out that the program can resist mobile device loss attacks and user impersonation attacks. However, the analysis found that the Amin’s solutions still cannot achieve the claimed security and are vulnerable to node capture attacks. Qu et al. [29] optimized the Amin scheme, designed a three-factor wireless sensor authentication key agreement scheme, and used BAN logic [30] and heuristic analysis to prove the security of the scheme. Islam et al. [31] proposed a provably secure three-factor protocol. However, since smart cards store incorrect password authentication parameters, the protocol is not resistant to offline password guessing attacks and is highly susceptible to password exposure, leading to key compromise user simulation attacks, and does not provide smart card revocation, making three-factor security and other security goals practically impossible to achieve. Cho [32] has proposed a hierarchical key tree efficient group key agreement protocol based on computational differential-Hellman hypothesis, which can be applied to frequently moving environments. Kumar, Vinod et al. [33] have proposed a scalable and efficient distributed key management protocol based on a trigeminal tree, which can reduce communication, computing and storage costs. Masud et al. [34] proposed a lightweight user authentication scheme based on IOT-medicine. They claim that their scheme prevents simulation attacks and replay attacks and provides data privacy and anonymity. Wazid et al. [35] have proposed a lightweight authentication scheme based on bit XOR operation and one-way hashing function for the edge IoT environment (LDAKM-EIOT). This scheme cannot withstand forgery attack, has poor scalability, and the password in the scheme cannot be updated locally. Zhou et al. [36] have also proposed a similar scheme, but the proposed scheme is vulnerable to security attacks such as replay attacks and internal attacks.

Recently, some scholars have proposed using physical unclonable function (PUF) for mutual authentication of the system [37]. PUF [38] refers to the introduction of random differences in integrated circuits during the manufacturing process. Just like human fingerprints, each PUF has its own unique physical characteristics. PUF is almost impossible to replicate, so the research on using PUF-enabled devices to achieve mutual authentication in identity authentication schemes is very successful. But its flaw is that it cannot verify the identity of the user who uses it. Chen et al. [39] proposed an effective mutual authentication and key negotiation scheme in a wireless sensor network environment using PUFs and biometrics. Gope et al. [40] tried to input the user’s biometric thumbprint into the PUF, and then generated a biometric key to verify the user’s identity. In the proposed scheme, fingerprint biometrics are directly input to PUF during the registration phase and the authentication phase. However, this solution does not support noisy PUF environments. Fingerprint biometrics will change slightly over time, and subtle disturbances in the input will cause unpredictable PUF output, so the result of this scheme is unreliable. In addition, in this scenario, the user needs to provide a password to complete registration and authentication. This will increase the complexity of the system and also bring security risks to the system. In response to the problems above, this paper has proposed an authentication and key agreement scheme based on fingerprint characteristics and PUF while using a fuzzy processor to extract fingerprints to solve the problem of fingerprint extraction failure caused by weak fingerprint differences.

The main contributions of this paper are as follows: (1)Propose a two-factor authentication and key agreement scheme based on fingerprints. This solution not only meets various security requirements but also uses lightweight operations such as XOR and hash functions, which is very suitable for resource-constrained smart home network environments(2)Use BAN logic to prove the safety of the proposed scheme. And using objective third-party evaluation criteria compared with existing schemes, it is shown that the scheme is able to meet the required security performance and resist various attacks

2. Smart Home Two-Factor Authentication and Key Agreement Scheme

2.1. Scheme Description

The scheme uses a fuzzy extractor to generate the user keystore from the fingerprint biometric template obtained in the registration phase and restore from the fingerprint biometric template obtained in the login phase. In the fuzzy extraction technology, when a biometric B is input, a key can be generated in a fault-tolerant way. When the input and B differ little, the key output by the fuzzy extractor remains unchanged. When biometric is input to restore , an auxiliary public information P is generally required.

The fuzzy extraction technology consists of the following two algorithms: (1)Random number generation algorithm . Enter the user biometric B into , and the output is a key and an auxiliary string P(2)Random number recovery algorithm . Enter the user’s biometric and auxiliary string P into , and outputs the key

Figure 1 shows the system model of the smart home two-factor solution.

In the scheme, the user’s biometric information will not be stored on any device, which can completely eliminate the risk of the biometric information being leaked. The system model includes three types of entities: the user, the home gateway, and the sensor. No password and session key negotiation is required between the user and the sensor. The scheme consists of three stages: registration, login, and mutual authentication and key agreement. The symbols and meanings used in this paper are shown in Table 1.

2.2. Adversary Model

We refer to the adversary models of Qiu et al. [41], Kwon et al. [42], and Wang et al. [43] and assumed that the adversary’s capabilities are as follows: (1)Steal information from smart devices by extracting parameters from smart devices using power analysis techniques(2)Pretend to be a normal user as well as register as a legitimate user(3)Steal user biometrics from end devices and clone them to perform impersonation attacks(4)Performing various attacks such as password guessing attack, session-specific temporary information attack, and man-in-the middle attack(5)Intercept, modify, delete, or resend messages from open channels (unsecured channels)

2.3. Interactive Process Description of Each Stage

2.3.1. Registration Stage

The registration phase is divided into four steps to realize the communication between sensor and user through secure channels. The green section in Figure 2 shows the interaction between the user and the sensor during the registration phase.

Step 1: The user selected identity and input fingerprint on the device. The user can be extracted from the input fingerprint fingerprint biometric template and randomly generated a challenge and a random number N.

Step 2: Client computes output ; the user key and secondary data , of which were obtained from fingerprint biometric template by using fuzzy processor. Then, calculate, , . Finally, the user sent and a registration request to the server over the secure channel.

Step 3: After the server receives the registration request from the user, it first checks the uniqueness of . Then, the server randomly generates private key and random user number and uses the data transmitted by the client to calculate . Store to the server and send back to the client via a secure channel.

Step 4: After receiving , the client computes , and . Finally, the user stores the information to the mobile device.

2.3.2. Landing Stage

During the login stage, the user needs to enter his identity and the fingerprint used in the registration stage. After the user mobile device extracts to the fingerprint template , the following steps are performed. The yellow part in Figure 2 shows the interaction between the user and the sensor during the login stage.

Step 1: After the client verifies the user’s identity successfully, it can retrieve the stored information in the device, decode, and calculate and .

Step 2: Use the fuzzy processor to extract the key , where .

Step 3: Calculate whether is true. If not, the login will be terminated. If so, the login request can be continued.

Step 4: The client generates a random number at first and then computes the value of in turn.

The user completes the login request by sending a message to the server.

2.3.3. Authentication and Key Negotiation Stage

After the server receives the , it begins mutual authentication and session key negotiation. The pink section in Figure 2 shows this process visually.

Step 1: The server first decodes from , then computes .

Step 2: The server checks the validity of . If valid, the challenge-response pair is retrieved and loaded. Otherwise, the session is terminated.

Step 3: Calculate and verify that is true. Validation continues if it is valid, or terminates the session if it is not.

Step 4: The server generates a random number n, computes , , , then sends a composite response message to the user.

Step 5: After the user receives message , first decode from , and then verify whether is true. If the formulais true, it will go on; if not, it will terminate.

Step 6: Calculate challenge , response , , session secret keys and , where M is the secondary data. Finally, sent to the server.

Step 7: After the server receives , Decodes the auxiliary data , then calculates and , and finally verifies whether is true. If so, the authentication is successful; otherwise, the authentication fails.

3. Security Analysis and Discussion

3.1. Evaluation Metrics

In order to make a fair comparison, we compared the proposed scheme with existing schemes using objective, third-party evaluation criteria. Given the redundancy and ambiguity of earlier sets of criteria, we referred to the sets of criteria provided by Wang et al. [44], Gope et al. [40], Erdem et al. [45], and Smet et al. [46] and concluded that the proposed scheme should satisfy the following evaluation metrics:

C1: No password verifier-table: user’s password should not be stored in the sensors and gateway devices where the validity of the user’s password information can be checked through the database provided by the service provider.

C2: Password friendly: users can set and change passwords by their own.

C3: No password exposure: users are free to choose their identity and does not send ID_i in plain text during the registration phase. The user only submits AID_i and W to the server, where ,. Where the secret values K_u and N are protected by hash functions, so no insider can extract the user’s secret information. In addition, the secret value K_u must be extracted through the biometric information, which can only be mastered by the user and cannot be obtained by insiders. Without the secret information of K_u and random number N, no one with access to the server would have access to the user’s ID_i.

C4: No smart card loss attack: when user’s smart card is lost, attackers cannot obtain or change the user’s password through online, offline, or hybrid guessing attack, and also cannot pretend to be a user to access the system.

C5: Resistance to known attacks: (1)Stolen verifier attack: user’s identity and biometric information are not stored on the device, and the user identity is not contained in any message in plain text. Therefore, the attacker cannot obtain valuable user information from the device, so it can effectively prevent the leakage of sensitive information. Assuming an attacker has stolen the user’s mobile device and has extracted the value of , the hash function can be used to protect this information. With . If an attacker wants to get the value of ID_i, he needs to know the value of N, and the value of N depends on the value of ID_i, so ID_i and N play a mutually protective role, preventing the attacker from getting messages. If an attacker wants to get ID_i from other data extracted from a mobile device, he needs not only N, but also FA or K_u, and the thief must have the users’ biometric. Thus, it can be seen that the proposed scheme can resist Stolen verifier attack(2)User impersonation attack: a fake user must generate a valid login message in order to simulate a legitimate user. However, the fake user does not have access to the secret ID_i of the legitimate user, and therefore cannot obtain more secret values such as N, FA, etc. Even if the fake user has obtained N and FA, a valid login message still cannot be generated, because the user’s fingerprint template only belongs to the legitimate user, and the fake user cannot obtain the legitimate user’s key K_u, therefore, the fake user cannot calculate the value of . Therefore, the scheme can resist the user impersonation attack(3)Offline password guessing attacks: the scheme does not need password authentication, it only uses the key extracted from the user’s biometric to encrypt the user terminal data, and the attacker will never have the opportunity to perform password guessing attack, so our scheme does not have the risk of password guessing attack(4)Parallel session attack: assuming that the attacker already knows the temporary session information N_u and N_s, to attack the session requires mastering the session key , , where the value of is only open to the user and the server, and it must be generated by the PUF of the user in the session, and cannot be calculated in the case of unknown . So the attacker cannot obtain the key . So the scheme is not vulnerable to temporary information for a particular session

C6: Sound repairability: in the event of theft or loss of a smart card, the user can request revocation of the stolen smart card and apply for a new one. This is convenient for users.

C7: Provision of key agreement: in the stage of user authentication and key negotiation, both the user and the server need to independently calculate the session key where . Only when the session key calculated by the user and the server is the same, can they use for secure communication. Moreover, the confidentiality of depends on the confidentiality of the random values N_u and N_s, which are, respectively, protected by the user and the server and the Shared key between them. Even if an attacker obtains the Shared key for this session, he will not be able to calculate the key used in the past because N_u and N_s are different for each session. Therefore, the scheme realizes session key agreement and known key security.

C8: No clock synchronization: there is no need to keep the clock synchronized before the user and the sensor, so the user is not affected by the time when authenticating.

C9: Timely typo detection: when a user enters wrong ID and password information when logging in, the server is able to provide timely error feedback to the user.

C10: Mutual authentication: in the mutual authentication stage, the user sends a message A₁ to the server for authentication, and the server sends a message A₄to the user after receiving the authentication message to respond to authentication. The server authenticates the user by sending a message A₄ to the user, and the user responds to authentication by sending a message A₇ to the server. Therefore, only user and PUF_i information with correct biometric characteristics can successfully complete mutual authentication. In addition, the scheme can resist camouflage attacks on both client and server, thus ensuring the security of mutual authentication.

C11: User anonymity: in order to fully protect users’ privacy, the proposed scheme needs to have strong anonymity which is untraceable. In our scheme, the real identity of the user is encrypted with the user key extracted from the biometric and the randomly generated secret number N in the registration stage. AID_i is obtained from , and only the user has the biometric information, and only the user can know the values of the keys K_u and N. Therefore, the attacker cannot retrieve ID_i values from AID_i. During the login phase, the user sends to the server, where .Because the user’s mobile device randomly generates N_u for each session, the parameters in the message are dynamic, and all values in the login message are different in the session, which greatly reduces the possibility of traceability. Therefore, the proposed scheme can provide intractability and user anonymity, so as to further protect user privacy.

C12: Forward secrecy: our scheme uses different random values N_u and N_s in each session to calculate the session key , so the values of N_u and N_s must be known if you want to calculate the session key .Even if an attacker intercepts all the information passing through the public channels, the value of X_us is unknown and thus cannot calculate the key .Even if the attacker U_a gets a challenge C_i, he still needs to compute the response R_i in each session using PUF_i installed on the user’s mobile device to obtain the X_us. Due to the confidentiality of PUF_i, the attack cannot be carried out and the attacker cannot rebuild the established session key. Therefore, our scheme has perfect forward confidentiality.

3.2. BAN Logic Proof

In this section, BAN logic is used to prove the correctness of this scheme. The symbols and meanings in BAN logic are shown in Table 2.

BAN logic rules are as follows:

(i) Message meaning rule 1: the meaning of is that if principal P believes that the key K is Shared between P and Q, and P sees the message X encrypted by the key K, then P believes that Q has said the message X.

(ii) Message meaning rule 2: the meaning of is that if subject P believes that only P and Q know the secret Y, and P sees the message that X combines with Y, then P believes that Q has said the message X.

(iii) Nonce verification rule: the meaning of is that if subject P believes that X was sent at the current moment, and P believes that Q has said X, then P believes that Q believes that X is true.

(iv) Jurisdiction rule: the meaning of is that if subject P believes that Q has jurisdiction over X, and P believes that Q believes X, then P believes X.

(v) Freshness conjuncatenation rule: the meaning of is that if subject P believes that X is fresh, then P believes that (X, Y) is fresh.

(vi) Belief rule: the meaning of is that if P believes Q believes (X, Y), then P believes Q believes X.

Server S and user achieve the security goal of mutual authentication:

Goal 1:

Goal 2:

Goal 3:

Goal 4:

Safety assumption

H1:

H2::

H3:

H4:

H5:

H6:

H7:

H8:

Proof Process

V1:

According to security hypothesis H3, message meaning rule 1 and V1 can be obtained as follows:

V2:

According to the safety hypothesis H1 and the fresh series rule can be obtained as follows:

V3:

According to V2, V3 and random number verification rules, it can be obtained as follows:

V4:

According to V4, H1, H2, H5, , fresh series rule and random number verification gauge, we can get:

V5:Goal 1)

According to V5, H7 and the jurisdiction rules:

V6:Goal 2)

V7:

According to H6, V7 and message meaning rule 2:

V8:

According to H2 and fresh series rule, it can be obtained as follows:

V9:

According to V8, V9 and random number verification rules:

V10:

According to the trust rule and V10, we can get:

V11:Goal 3)

According to V11, H8 and the jurisdiction rules:

V12:Goal 4)

Goals 1–4 above clearly show that our solution achieves mutual authentication between the user and the server.

3.3. Performance Analysis and Comparison

We compared our proposed scheme with 12representative schemes for the 12evaluationmetrics and use a table with reference to the literature [47, 48] to visually reflect the comparison results. As shown in Table 3, “√” means that the attack can be resisted and “×” means that the attack cannot be resisted.

As can be seen from Table 3, our scheme can satisfy the 12 evaluation metrics.

For decades, protocol designers have been working to break old protocols and propose new ones, and the proposed protocols will be broken within a few years, so provable security has become an indispensable tool for analyzing and evaluating new cryptographic protocols [49]. However, provable security has its limitations, and hundreds of schemes claiming to be “provably secure” have failed. In general, the process of providing “provable security” for a protocol requires making some cryptographic assumptions under which any provably secure protocol satisfies its goals within some security model, rather than achieving provable security in a particular protocol. Most two-factor schemes with formal proofs have been found to have serious problems soon after they were proposed [50, 51]. This indicates that having a formal (but inadequate) security model does not ensure actual security. Therefore, we employ a multifaceted evaluation and provide some heuristic analyses in order to strive for proposed protocols that can guarantee their security under existing conditions.

4. Conclusion and Future Work

Aiming at the security defects of existing identity authentication and key agreement schemes, a two-factor authentication and key agreement scheme based on fingerprint biometrics and PUF is proposed, and fuzzy extraction technology is used to improve the stability of the scheme. The BAN logic is used to prove the protocol, and the security analysis proves that our solution can resist various known security attacks. Finally, a comparative analysis of the proposed scheme with other related schemes shows that the scheme in this paper is safe and effective for actual user authentication applications.

In the next step, we consider applying mobile-edge technology to the smart home environment to solve the problem of limited computing capacity of smart home terminal devices and combine the two-factor authentication and key scheme mentioned in this paper with mobile-edge computing technology to ensure the security of a smart home environment.

Data Availability

The data used to support the findings of this study are included within the article.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This research was supported by the Natural Science Foundation of Hebei Province, China under Grant No. F2019201427 and Fund for Integration of Cloud Computing and Big Data, Innovation of Science and Education of China under Grant No. 2017A20004.

References

X. Li, M. H. Ibrahim, S. Kumari, and R. Kumar, “Secure and efficient anonymous authentication scheme for three-tier mobile healthcare systems with wearable sensors,” Telecommunication Systems, vol. 67, no. 2, pp. 323–348, 2018.
View at: Google Scholar
Q. Jiang, J. Ma, C. Yang, X. Ma, J. Shen, and S. A. Chaudhry, “Efficient end-to-end authentication protocol for wearable health monitoring systems,” Computers & Electrical Engineering, vol. 63, pp. 182–195, 2017.
View at: Publisher Site | Google Scholar
Q. Feng, D. He, S. Zeadally, and H. Wang, “Anonymous biometrics-based authentication scheme with key distribution for mobile multi-server environment,” Future Generation Computer System, vol. 84, pp. 239–251, 2018.
View at: Publisher Site | Google Scholar
F. Wu, L. Xu, S. Kumari, and X. Li, “A privacy-preserving and provable user authentication scheme for wireless sensor networks based on Internet of Things security,” Journal of Ambient Intelligence and Humanized Computing, vol. 8, no. 1, pp. 101–116, 2017.
View at: Publisher Site | Google Scholar
T. Song, D. Kang, J. Ryu, H. Kim, and D. Won, Cryptanalysis and Improvement of an ECC-Based Authentication Protocol for Wireless Sensor Networks, 18th International Conference on Computational Science and Its Applications, Melbourne, VIC, Australia, LNCS, vol. 10961, 2018.
View at: Publisher Site
K. Renuka, S. Kumari, and X. Li, “Design of a secure three-factor authentication scheme for smart healthcare,” Journal of Medical Systems, vol. 43, no. 5, p. 133, 2019.
View at: Publisher Site | Google Scholar
X. Li, J. Niu, M. Z. A. Bhuiyan, F. Wu, M. Karuppiah, and S. Kumari, “A robust ECC-based provable secure authentication protocol with privacy preserving for industrial Internet of Things,” IEEE Transactions on Industrial Informatics, vol. 14, no. 8, pp. 3599–3609, 2018.
View at: Publisher Site | Google Scholar
A. Gupta, M. Tripathi, T. J. Shaikh, and A. Sharma, “A lightweight anonymous user authentication and key establishment scheme for wearable devices,” Computer Networks, vol. 149, pp. 29–42, 2019.
View at: Publisher Site | Google Scholar
X. Li, J. Peng, M. S. Obaidat, F. Wu, M. K. Khan, and C. Chen, “A secure three-factor user authentication protocol with forward secrecy for wireless medical sensor network systems,” IEEE Systems Journal, vol. 14, no. 1, pp. 39–50, 2020.
View at: Publisher Site | Google Scholar
X. Liu, W. Ma, and H. Cao, “NPMA: a novel privacy-preserving mutual authentication in TMIS for Mobile edge-cloud architecture,” Journal of Medical Systems, vol. 43, no. 10, p. 318, 2019.
View at: Publisher Site | Google Scholar
S. Shin and T. Kwon, “A privacy-preserving authentication, authorization, and key agreement scheme for wireless sensor networks in 5G-integrated Internet of Things,” IEEE Access, vol. 8, pp. 67555–67571, 2020.
View at: Publisher Site | Google Scholar
Z. Ali, A. Ghani, I. Khan, S. A. Chaudhry, S. H. Islam, and D. Giri, “A robust authentication and access control protocol for securing wireless healthcare sensor networks,” Journal of Information Security and Applications, vol. 52, article 102502, 2020.
View at: Google Scholar
B. Ying and A. Nayak, “Lightweight remote user authentication protocol for multi-server 5G networks using self-certified public key cryptography,” Journal of Network and Computer Applications, vol. 131, pp. 66–74, 2019.
View at: Publisher Site | Google Scholar
I. Haq, J. Wang, and Y. Zhu, “Secure two-factor lightweight authentication protocol using self-certified public key cryptography for multi-server 5G networks,” Journal of Network and Computer Applications, vol. 161, article 102660, 2020.
View at: Publisher Site | Google Scholar
X. Li, F. Wu, S. Kumari, L. Xu, A. K. Sangaiah, and K.-K. R. Choo, “A provably secure and anonymous message authentication scheme for smart grids,” Journal of Parallel and Distributed Computing, vol. 132, pp. 242–249, 2019.
View at: Publisher Site | Google Scholar
A. A. Khan, V. Kumar, M. Ahmad, S. Rana, and D. Mishra, “PALK: Password-based anonymous lightweight key agreement framework for smart grid,” International Journal of Electrical Power & Energy Systems, vol. 121, article 106121, 2020.
View at: Publisher Site | Google Scholar
Q. Jiang, S. Zeadally, J. Ma, and D. He, “Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks,” IEEE Access, vol. 5, pp. 3376–3392, 2017.
View at: Publisher Site | Google Scholar
J. Jung, J. Moon, D. Lee, and D. Won, “Efficient and security enhanced anonymous authentication with key agreement scheme in wireless sensor networks,” Sensors, vol. 17, no. 3, p. 644, 2017.
View at: Publisher Site | Google Scholar
W. D. Fang, W. X. Zhang, and Y. Yang, “BTh-UAP: biometric-based three-factor user AuthenticationProtocolforWirelessSensorNetwork,” Acta Electronica Sinica, vol. 46, no. 3, p. 644, 2017.
View at: Google Scholar
G. Sharma and S. Kalra, “A lightweight user authentication scheme for cloud-IoT based healthcare services,” Iranian Journal of Science and Technology, Transactions of Electrical Engineering, vol. 43, no. S1, pp. 619–636, 2019.
View at: Publisher Site | Google Scholar
X. Jia, D. He, N. Kumar, and K. K. R. Choo, “Authenticated key agreement scheme for fog-driven IoT healthcare system,” Wireless Networks, vol. 25, no. 8, pp. 4737–4750, 2019.
View at: Publisher Site | Google Scholar
S. Patonico, A. Braeken, and K. Steenhaut, “Identity-based and anonymous key agreement protocol for fog computing resistant in the Canetti–Krawczyk security model,” Wireless Networks, pp. 1–13, 2019.
View at: Publisher Site | Google Scholar
P. Shabisha, K. Steenhaut, and A. Braeken, Anonymous symmetric key based key agreement protocol for fog computing, Internal Report,Vrije Universiteit Brussel, 2020.
X. Zhang and J. Q. Liu, “Multi-factor authentication protocol based on hardware fingerprint and biometrics,” Netinfo Security, vol. 20, no. 8, pp. 9–15, 2020.
View at: Google Scholar
M. Zhang, Y. D. He, and Y. Zhang, “Authentication Schemefor multi-server environment Basedon Chebyshev chaotic Mapwith access control,” Computer Engineeringand Applications, vol. 53, no. 17, pp. 123–129, 2017.
View at: Google Scholar
M. Safkhani and A. Vasilakos, “A new secure authentication protocol for telecare medicine information system and smart campus,” IEEE Access, vol. 7, pp. 23514–23526, 2019.
View at: Publisher Site | Google Scholar
S. Roy, S. Chatterjee, A. K. Das, S. Chattopadhyay, S. Kumari, and M. H. Jo, “Chaotic map-based anonymous user authentication scheme with user biometrics and fuzzy extractor for crowdsourcing Internet of Things,” IEEE Internet of Things Journal, vol. 5, no. 4, pp. 2884–2895, 2018.
View at: Publisher Site | Google Scholar
R. Amin, S. H. Islam, G. P. Biswas, M. K. Khan, and N. Kumar, “A robust and anonymous patient monitoring system using wireless medical sensor networks,” Future Generation Computer Systems, vol. 80, no. 3, pp. 483–495, 2018.
View at: Publisher Site | Google Scholar
J. Qu and Y. M. Feng, “Provably secure three-factor authentication and key agreement scheme for wireless sensor network,” Journal on Communications, vol. 39, no. Z2, pp. 189–197, 2018.
View at: Google Scholar
M. Burrows, M. Abadi, and R. Needham, “A logic of authentication,” Operating Systems Review, vol. 23, no. 5, pp. 1–13, 1989.
View at: Publisher Site | Google Scholar
S. K. H. Islam, P. Vijayakumar, M. Z. A. Bhuiyan, R. Amin, and B. Balusamy, “A provably secure three-factor session initiation protocol for multimedia big data communications,” IEEE Internet of Things Journal, vol. 5, no. 5, pp. 3408–3418, 2018.
View at: Publisher Site | Google Scholar
S. Cho, “An efficient group key agreement using hierarchical key tree in mobile environment,” Journal of the Korea Society of Computer and Information, vol. 23, no. 2, pp. 53–61, 2018.
View at: Google Scholar
V. Kumar, R. Kumar, and S. K. Pandey, “An efficient and scalable distributed key management scheme using ternary tree for secure communication in dynamic groups,” Proceedings of ICETIT, vol. 605, p. 2020, 2020.
View at: Google Scholar
M. Masud, G. S. Gaba, K. Choudhary, M. S. Hossain, M. F. Alhamid, and G. Muhammad, “Lightweight and anonymity-preserving user authentication scheme for IoT-based healthcare,” IEEE Internet of Things Journal, vol. 9, no. 4, pp. 2649–2656, 2022.
View at: Publisher Site | Google Scholar
M. Wazid, A. K. Das, S. Shetty, J. J. P. C. Rodrigues, and Y. Park, “LDAKM-EIoT: lightweight Device Authentication and Key Management Mechanism for Edge-Based IoT Deployment,,” Sensors, vol. 19, article 245539, 2019.
View at: Google Scholar
L. Zhou, X. Li, K. H. Yeh, C. Su, and W. Chiu, “Lightweight IoT-based authentication scheme in cloud computing circumstance,” Future Generation Computer Systems, vol. 91, pp. 244–251, 2019.
View at: Publisher Site | Google Scholar
P. Gope and B. Sikdar, “Privacy-Aware authenticated key agreement scheme for secure smart grid communication,” IEEE Transactions on Smart Grid, vol. 10, no. 4, pp. 3953–3962, 2019.
View at: Publisher Site | Google Scholar
G. E. Suh and S. Devadas, Physical Unclonable Functions for Device Authentication and Secret Key Generation, 2007 44th ACM/IEEE Design Automation Conference, San Diego, CA, USA, 2008.
Y. Chen and J. Chen, “An efficient mutual authentication and key agreement scheme without password for wireless sensor networks,” The Journal of Supercomputing, vol. 77, no. 12, pp. 13653–13675, 2021.
View at: Publisher Site | Google Scholar
P. Gope, A. K. Das, N. Kumar, and Y. Q. Cheng, “Lightweight and physically secure anonymous mutual authentication protocol for real-time data access in industrial wireless sensor networks,” IEEE Transactions on Industrial Informatics, vol. 15, no. 9, pp. 4957–4968, 2019.
View at: Publisher Site | Google Scholar
S. M. Qiu, D. Wang, G. A. Xu, and S. Kumari, “Practical and Provably Secure Three-Factor Authentication Protocol Based on Extended Chaotic-Maps for Mobile Lightweight Devices,” IEEE Transactions on Dependable and Secure Computing, vol. 17,, no. 3, 2020.
View at: Google Scholar
D. Kwon, Y. Park, and Y. Park, “Provably secure three-factor-based mutual authentication scheme with PUF for wireless medical sensor networks,” Sensors, vol. 21, no. 18, p. 6039, 2021.
View at: Publisher Site | Google Scholar
D. Wang, W. T. Li, and P. Wang, “Measuring Two-Factor Authentication Schemes for Real-Time Data Access in Industrial Wireless Sensor Networks,” IEEE Transactions on Industrial Informatics, vol. 14, no. 9, pp. 4081–4092, 2018.
View at: Google Scholar
D. Wang and P. Wang, “Two birds with one stone: two-factor authentication with security beyond conventional bound,” IEEE trans. On dependable and secure, vol. 15, no. 4, pp. 708–722, 2018.
View at: Google Scholar
E. Erdem and M. T. Sandıkkaya, “OTPaaS-one time password as a service,” IEEE Transactions on Information Forensics and Security, vol. 14, no. 3, pp. 743–756, 2019.
View at: Publisher Site | Google Scholar
R. D. Smet, T. Vandervelden, K. Steenhaut, and A. Braeken, “Lightweight PUF based authentication scheme for fog architecture,” Wireless Networks, vol. 27, pp. 1–13, 2021.
View at: Google Scholar
J. Bonneau, C. Herley, P. C. Oorschot, and S. Frank, “The quest to replace passwords: a framework for comparative evaluation of web authentication schemes,” in IEEE Symposium on Security and Privacy IEEE, pp. 553–567, San Francisco, CA, USA, 2012.
View at: Google Scholar
D. Wang, Q. C. Gu, H. B. Cheng, and P. Wang, “The request for better measurement: a comparative evaluation of two-factor authentication schemes,” in Proceedings of the 11th ACM on Asia conference on computer and communications security, pp. 475–486, New York, NY, United States, 2016.
View at: Google Scholar
D. Wang, D. B. He, P. Wang, and C. H. Chu, “Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment,” IEEE Transactions on Dependable and Secure Computing, vol. 12, no. 4, pp. 428–442, 2015.
View at: Publisher Site | Google Scholar
R. C. Wang, W. S. Juang, and C. L. Lei, “Robust authentication and key agreement scheme preserving the privacy of secret key,” Computer Communications, vol. 34, no. 3, pp. 274–280, 2011.
View at: Publisher Site | Google Scholar
S. H. Wu, Y. F. Zhu, and Q. Pu, “Robust smart-cards-based user authentication scheme with user anonymity,” Security and Communication Networks, vol. 5, no. 2, 248 pages, 2012.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2022 Zhenpeng Liu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies