Enhanced Authentication Protocol for the Internet of Things Environment

Chen, Chien-Ming; Li, Xuanang; Liu, Shuangshuang; Wu, Mu-En; Kumari, Saru

doi:https://doi.org/10.1155/2022/8543894

Security and Communication Networks

On this page

Abstract Introduction Related Work Conclusion Data Availability Conflicts of Interest References Copyright Related Articles

Research Article | Open Access

Volume 2022 | Article ID 8543894 | https://doi.org/10.1155/2022/8543894

Enhanced Authentication Protocol for the Internet of Things Environment

Chien-Ming Chen,¹Xuanang Li,¹Shuangshuang Liu,¹Mu-En Wu,²and Saru Kumari³

Academic Editor: Youwen Zhu

Received11 Nov 2021

Revised11 Jan 2022

Accepted31 Jan 2022

Published11 Mar 2022

Abstract

The Internet of Things (IoT) is among the most promising technologies of the future, and its development has garnered attention worldwide. However, the rise of the IoT has been accompanied by a proportionate increase in security concerns regarding communication between IoT entities. Recently, Alzahrani et al. proposed an identity-based authentication and key agreement protocol for an IoT environment, wherein a physically unclonable function was employed. They claimed that their protocol can resist various types of attacks; however, after thorough analysis, we determined it to be ineffective against privileged internal attacks, physical IoT device capture attacks, stolen-verifier attacks, and known temporary information exposure attacks. To resolve these security weaknesses, we propose a new authentication and key agreement protocol. In addition, we demonstrate that the proposed protocol is provably secure in real-or-random (ROR) model and Burrows–Abadi–Needham (BAN) logic, resisting known attacks while incurring low communication and computation costs.

1. Introduction

The Internet of Things (IoT) [1–3] has become a popular topic since its conception at the end of the 20th century. The technology has developed from the simple application of a single sensor to a specific scene to the vast IoT that is currently a ubiquitous part of our lives [4]. The IoT has found application in many scenarios (shown in Figure 1), such as education [5], smart homes [6, 7], healthcare [8, 9], and VANETs [10, 11]. In schools, teachers can use IoT devices to assist them with teaching to more actively engage students in the process of learning, and the IoT makes it easier for schools to troubleshoot students’ problems more effectively. Ultimately, students’ development would improve in all respects. The traffic police could use IoT devices such as intelligent cameras to detect vehicle movements, violations, vehicle-related crime, and security, which would enable them to manage the traffic more efficiently with safety in mind. In terms of medical treatment, doctors could use intelligent detection equipment to monitor patients’ conditions in real time such that patients feel more at ease during treatment. Therefore, IoT has become ubiquitous in our daily lives, with people becoming increasingly dependent on IoT devices.

The IoT has made our lives more convenient. However, the IoT not only brings us convenience but also has significant hidden threats. For example, Amazon’s Ring home surveillance camera has a security loophole, which has been hacked. A large number of videos and photos of users have been posted online by hackers. Another example is malware named Silex, which is able to attack thousands of IoT devices, paralyzing these devices in a large area and causing considerable human, material, and financial losses. Therefore, the security of IoT must be improved to prevent further danger to human life. Researchers have developed various solutions to solve the aforementioned security problems. The primary solution involves encrypting all messages/data transmitted through public channels. This would ensure that the data pertaining to each entity are not leaked during the communication phase. Therefore, a secure and efficient authentication and key agreement (AKA) protocol is required.

In 2021, Alzahrani and Mahmood [12] demonstrated that Chikouche et al.’s AKA protocol [13] is insecure against device anonymity attacks and known temporary information exposure attacks and then designed a provable privacy-preserving AKA protocol for IoT. Their protocol utilized a physical unclonable function (PUF) to encrypt transmitted data. The authors claimed that the use of PUF can ensure resistance to physical capture attacks on IoT devices. Besides, the authors claimed that their protocol can resist various types of attacks and provide perfect forward security.

However, in this study, we further demonstrate that Alzahrani and Mahmood’s AKA protocol [12] is still vulnerable to physical IoT device capture attacks, privileged insider attacks, known temporary information disclosure attacks, and stolen-verifier attacks. To address the security loopholes in Alzahrani and Mahmood’s protocol [12], we further propose a new AKA protocol. In our design, we used an asymmetric encryption system to encrypt the identity of the device, considering that symmetric encryption is more efficient than asymmetric encryption. In addition, we added a login phase for IoT devices. It verifies the legality of an IoT device before it communicates with servers. The proposed protocol is then validated by a formal proof with the real-or-random (ROR) model and Burrows–Abadi–Needham (BAN) logic. We also analyze that the proposed protocol provides robustness against various kinds of potential attacks. Finally, we present a performance analysis and compare it with other related protocols. Experimental results show that the proposed protocol has low computational and communication overhead.

The remainder of this paper is organized as follows. Section 2 reviews related work. In Section 3, we briefly review the protocol of Alzahrani et al. [12]. Section 4 presents our demonstration that Alzahrani et al.’s protocol [12] is vulnerable to several attacks. The proposed protocol is described in Section 5. Sections 6 and 7 provide security and performance analyses and suitable comparisons. Finally, Section 8 concludes the paper.

In 2015, Sun et al. [14] proposed an AKA protocol using hash functions. However, this protocol [14] did not provide secure identity verification. In 2018, Gope and Sikdar [15] proposed a lightweight privacy-preserving two-party AKA protocol, but this protocol is not vulnerable to desynchronization attacks and does not provide perfect forward security. Various AKA protocols that were designed to improve the level of security [16–18] are based on elliptic curve cryptography (ECC). Kalra and Sood [19] proposed an ECC-based AKA protocol for the IoT. They claimed that this protocol provided perfect forward security. However, Chang et al. found that it was unable to provide basic authentication and session key agreement mechanisms. Consequently, in an attempt to address the security loopholes in the protocol of Kalra et al., Chang et al. improved the protocol such that it offered a higher level of security. In addition, Kumari et al. [20] found that Kalra et al.’s protocol is not resistant to device anonymity attacks, interest password-guessing attacks, and privileged insider attacks. Recently, Chikouche et al. [13] proposed another AKA protocol for IoT.

3. Review of Alzahrani et al.’s Protocol

In this section, we review the protocol proposed by Alzahrani and Mahmood [12] for the IoT environment. The protocol consists of two phases: a registration phase and a mutual authentication phase. The symbols used in the paper are listed in Table 1.

3.1. Registration Phase

Assuming that an IoT device with the identity desires to register on a server, the following steps are performed:(1)First, selects an identity for itself; subsequently, it sends a registration request to , and outputs its identity to through a secure channel. Thus, can identify whether the communicating with it during the authentication phase has been registered earlier.(2)After receives the registration request and the identity of , it first generates a valid period of time and then calculates Thereafter, generates the PUF to request the information and , and generates a series of pseudo-identities . Subsequently, sends the calculated , , , and to .(3)After receives the message , it first uses the PUF to calculate the transmitted from to obtain , and then stores its own identity and pseudo-identities , , and in its own memory, while transmitting to .(4)Finally, stores identities , , , and in its own memory. Consequently, the entire registration phase of is completed.

3.2. Mutual Authentication Phase

(1) must perform normal authentication and communication with . First, generates a random number and then calculates Thereafter, transmits the calculated , and the pseudo-identity of to through the public channel.(2)After receives the transmission information from , it first extracts the information from its own memory and subsequently calculates the random number Then, it calculates Subsequently, it is verified whether the received value of is equal to the value of . If equal, the authentication is successful, and subsequently, generates its own random number and the pseudo-identity of the new . Thereafter, calculates And finally, generates the session key with . Then, the data stored in is updated, and the pseudo-identity of is . Finally, transmits to through the public channel.(3) first calculates the values of , , and according to the transmitted and the random number generated by itself. Then, calculates Thereafter, it is verified whether is equal to the transmitted value; if equal, it implies that the , that is, sending the information is legal. Subsequently, uses the physical IoT unclonable function to calculate the value of , and finally obtains the session key to communicate with as follows:

4. Cryptanalysis of Alzahrani et al.’s Protocol

In this section, we first describe the attack model used in this study and then explain the vulnerability thereof against physical IoT device capture attacks, stolen verification attacks, privileged internal attacks, and known temporary information exposure attacks.

4.1. Threat Model

Dolev–Yao (DY) model was proposed by Dolev and Yao in 1983 [21]. DY model is based on the hierarchical idea of security protocol. It first considers whether there are defects in the behavior logic of the security protocol itself, and then considers whether there are problems in the implementation method. The reason we select DY model is to offer the maximum capabilities to an adversary who is allowed to breach the security of the proposed protocol.

In the DY model, the capabilities of an adversary are as follows:(1) can intercept, tamper with, and delete the information transmitted from to through the public channel(2)If is captured by , can obtain the information stored in the memory of and use the information to perform illegal operations(3) can use power analysis to obtain the information stored in the smart card(4) can extract the registration information of stored in as a privileged insider, that is, the information sent by to during the registration phase can be obtained by (5)During the authentication phase of and , and generate temporary information to encrypt certain parameters, and can obtain the random number generated by or

4.2. Physical IoT Device Capture Attack

In our daily life and work, IoT devices are usually everywhere. People can easily obtain IoT devices. It means that an adversary can also easily capture IoT devices. After this, can capture the data in IoT devices through data analysis to attack [22].

In Alzahrani et al.’s protocol, during the registration and mutual authentication phases of and , can easily be physically captured by a certain . Subsequently, is easily stored in the information in . Thereafter, it performs certain calculations considering the information obtained from the memory of , and finally obtains the session key for the communication between and . The specific steps of this attack are as follows:(1)After capturing , obtains the information stored in the memory and subsequently obtains the information sent by to through the public channel in the authentication phase. It then calculates(2) obtains the value of through the public channel. Thereafter, Is calculated to obtain the random numbers and generated by .(3)With the value of obtained in the previous step, uses the PUF to obtain the value of .(4)Finally, obtains the session key Used for communication between and according to the parameters . Therefore, can successfully perform a physical IoT capture attack.

4.3. Privileged Insider Attack

The whole process of the protocol includes various participants, and the staff are also part of the participants. However, it cannot ensure the credibility of the staff. In case the sneaks into the staff, the secret data contacted by the staff will not be saved [23]. In Alzahrani et al.’s protocol, during the registration phase, sends a registration request and its own identity information to through a secure channel. In general, the registration information of is confidential and is not made available to others. However, should a certain exist among the administrators, the registration information would be readily accessible. Consequently, could perform certain calculations based on the registration information and the information obtained through the public channel to finally obtain the session key between and . The specific process is as follows:(1)As a privileged insider of , obtains the registration information of .(2)Thereafter, obtains the information and transmitted by and , respectively, through the common channel during the authentication phase. Then, the parameters and , which were obtained in this manner, are used to calculate . Thereafter, is calculated using the calculated and values to obtain the parameters and .(3)A PUF is used in the protocol and the method whereby this function is calculated is fixed. Provided that obtains the value of , the value of can be obtained with the aforementioned method.(4)Consequently, according to the aforementioned parameters, can easily obtain the session key between and Equipped with this information, can access the private content of the communication between and based on the session key between the two parties. Therefore, we can conclude that the protocol of Alzahrani and Mahmood [12] does not offer resistance against privileged insider attacks.

4.4. Known Temporary Information Disclosure Attack

Temporary data will be generated during the operation of various devices, and these temporary data will be temporarily stored in the memory. can easily obtain the temporarily stored data and further attack [24].

In general, when and perform mutual authentication, transmits a certain amount of its own private information to . Then, is verified on the basis of this private information, which is stored in and which cannot be accessed by other people. Therefore, generates random numbers to encrypt the private information and then transmit the encrypted parameters to . However, under certain circumstances, this temporary information may also be obtained by , who could consequently use it to crack the session key based on the obtained temporary random number information. Here, we demonstrate that the protocol of Alzahrani et al. is not robust against temporary information disclosure attacks at all times. The attack could take place via the following steps.(1) obtains the random number generated by during the authentication phase with through certain illegal channels and then obtains the parameter transmitted by to through the public channel.(2) can calculate Considering the obtained parameter information and , can easily obtain the random number generated by and the parameter used by the PUF. Thus, can be calculated according to parameter .(3)Regarding the session key for the communication between and , according to certain parameters obtained by earlier, information about the keys of both parties can be easily obtained. Therefore, the protocol of Alzahrani et al. cannot resist known temporary information disclosure attacks.

4.5. Stolen-Verifier Attack

The verifier stored in the server will also be leaked. When the server is unattended, the can analyze and obtain the verifier stored in it, so as to further attack [25]. During the registration and authentication phases, stores certain information in its own memory for subsequent calculations. A stolen verification attack implies that accesses the information in the memory and then performs calculations to finally obtain the session key between the two parties. The specific attack process is as follows:(1)In the registration phase, stores the identity of , that is, and used by the PUF, the result , and the validity period ETime in its own memory. However, can gain access to the parameters in memory through certain means.(2)Subsequently, uses the acquired identity information of to calculate the parameter , and the parameter is used to derive the parameters and .(3) and communicate using the session key . As has obtained the parameters required to calculate the session key, it can thus access the session key of both parties. Therefore, we can conclude that the protocol of Alzahrani et al. does not provide resistance against stolen verification attacks.

5. Proposed Protocol

This section proposes a new AKA protocol for the IoT environment. The protocol contains three phases, the predeployment phase, the IoT device registration phase, and the login and authentication phase. The proposed protocol considers two roles, IoT devices, and a server. In the predeployment phase, an IoT device and the server negotiate a shared key for later use. The IoT device registration phase enables IoT devices to register to the server. Devices and the server further authenticate each other and generate a session key.

5.1. Predeployment Phase

Before and are authenticated, a shared key is first assigned to and , such that can encrypt its own identity in the later registration phase. The shared key between the two is only known to and and is inaccessible to other devices and personnel.

5.2. IoT Device Registration Phase

Figure 2 illustrates the IoT device registration phase. The detailed steps are as follows:(1)First, selects an identity and password and then uses a symmetric encryption algorithm to encrypt the identity of to obtain the pseudo-identity of the IoT device. Thereafter, the IoT device transmits the registration request and pseudo-identity to through a secure channel.(2)After receives the registration information, it first generates a validity period ETime and subsequently decrypts the pseudo-identity to obtain the device identity. Furthermore, encrypts the identity of and the private key of to obtain Consequently, generates for and also generates a series of pseudo-identities for its use. Finally, sends the calculated , , , and to through a secure channel.(3) encrypts the received using a PUF to obtain Subsequently, it encrypts its own identity and password to obtain , which was used by during the login phase. Finally, the parameters are stored in its own memory, and is sent to .(4) stores in its own memory.

5.3. Login and Authentication Phase

Figure 3 shows the login phase of and the authentication phase with . The specific details of the process are as follows.(1) enters its own and password and generates a temporary random number . Then, uses a symmetric encryption algorithm to encrypt its own identity to obtain a pseudo-identity as follows: The verification is passed, and stores it in its own memory to check whether it is equal to , which already resides in the memory, to prove the legality of . If the values are equal, the login is successful and then the following is calculated. Finally, sends to through the public channel.(2)After receiving the information, first verifies the freshness of the timestamp , and if −, then the authentication phase continues. The is determined through , and uses a symmetric decryption algorithm to decrypt the stored in the memory to obtain the real identity of as follows: Following which certain additional parameters are calculated as follows: Subsequently, it is verified whether is equal to the transmitted ; if equal, it implies that a legitimate is communicating with it. Then, generates a random number and calculates the following: Finally, the session key to communicate with is generated as whereupon sends to through the public channel.(3) first checks the freshness of the timestamp generated by and then obtains and through the parameters and as compares the calculated with the received and proves that if they are equal, is legitimate. Finally, calculates the session key For the communication between and according to , calculated by the PUF.

The aforementioned steps represent the entire process according to which registers with and performs the key exchange.

6. Security Analysis

In this section, we present the analyses we conducted to prove that the proposed protocol is sufficiently secure.

6.1. BAN Logic Analysis

Burrows–Abadi–Needham logic has been used in several studies to prove whether a protocol can be executed securely. This section uses BAN logic to prove the security and reliability of our proposed protocol. This proof verifies that our protocol can successfully establish and share a session key between the server and IoT device. represents an IoT device in the following proof, and represents the server. The specific proof rules and process are as follows:

6.1.1. BAN Logic Rules

Message-meaning rule (R1) Nonce-verification rule (R2) Jurisdiction rule (R3) Freshness rule (R4) Belief rule (R5) Session key rule (R6)

6.1.2. Goals

G1 G2 G3 G4

6.1.3. Idealizing Communication

M1 : M2 :

6.1.4. Initial State Assumptions

A1 A2 A3 A4 A5 A6 A7 A8

6.1.5. Detailed Steps

By considering the message M1 and using the seeing rule, we get S1: Using S1, we get the following: S2: Under the assumption of A2, using S2, R1 can be used to obtain: S3: With conclusion R2, using A4 and S3, the following can be obtained: S4: Using A6, R3, and conclusion S4, the following can be obtained: S5: According to conclusion S1, the following can be obtained: S6: Using A2, R1, and conclusion S6, the following can be obtained: S7: Using A4, R2, and conclusion S7, the following can be obtained: S8 Using A6, R2, and conclusion S3, the following can be obtained: S9: Because , using A5, S5 and S9, we obtain : S10: (G2) Using A4 and R4, we can obtain: S11: (G4) In addition, considering the message M2, we obtain: S12: Using S12, we get the following: S13: By using A1, S13, and R1, we obtain: S14: With conclusion S14, using A3 and applying R2, we obtain: S15: Applying A8, S15 and R3 we obtain: S16: Because , using A7 and S16, we obtain: S17: (G1) With conclusion S17, using A3 and R4, we can obtain: S18: (G3)

6.2. ROR Security Analysis

The real-or-random (ROR) [26] model is a function that randomly maps all possible inputs and outputs. ROR model is a popular security proof method, which can be used for evaluating the security of protocols. [27]. To prove that our proposed protocol offers the necessary security, we use the ROR model [26] to analyze the protocol.

6.2.1. ROR Model

The protocol involves two entities, and . The symbols and are used to represent and , respectively, while is used to encapsulate the two entities, . Furthermore, in the analysis process, is required to submit multiple queries, which are as follows: : by performing this operation, can obtain the information transmitted by and through the public channel during the login authentication phase. : with the help of this query condition, can initiate requests to and , which implies that can send certain false messages to both and . : this operation can help obtain the message in memory. : can obtain the shared key of and in the mutual authentication phase. : verifies the correctness of the session key established by the two entities in the protocol by tossing a coin . Theorem: assuming that desires to obtain the session key in the authentication phase of and , the advantage has to successfully obtain the session key within the polynomial time , .

Here, represents the password length of during the login phase, and represent two constants, represents the number of hash functions in the protocol, represents the range of functions, and represents the number of functions.

6.2.2. Security Proof

Proof: in the proof process, we defined four games to prove the security of the protocol, of which represents the probability of winning the game. The specific description of the process is as follows. : in the initial game, must compete with legal and . At the beginning of the game, does not perform any query operations; therefore, . : in the second game, executes the query operation to obtain the messages and transmitted by and through the public channel, and needs to perform and operations to verify whether the session key contains long-term keys and randomness, which can be easily determined. Therefore, messages transmitted via the public channel must be monitored continuously to ensure that cannot obtain this information. Thus, we can conclude . : in this game, we simulate an attack. During the attack, continues to submit queries. In addition, also obtains the information exchanged between and during the authentication phase. However, to obtain the session key of both parties, must know the identity of and the random number of . However, it is impossible for to obtain the identity of because only has access to the identity after symmetric encryption. Moreover, because of the existence of PUFs, obtaining and is also a challenging proposition. Therefore, we can prove that and are different, and furthermore, we can also derive the following relationship based on the birthday paradox principle: : in the last game, uses and to query the information stored in the memory of . attempts to obtain the random numbers and used in the session key, but to obtain , it must obtain the key that encrypts the identity of . After performs these operations, we obtain the following relationship:

It is well known that when we toss a coin with a uniform texture, the probability of getting a heads or tails is ; thus, the probability of guessing the correct session key is

Based on the aforementioned drawn conclusions, we can derive the relationship:

Subsequently, we can obtain

6.3. Security Analysis

In this section, we evaluate the proposed protocol to prove its ability to withstand a privileged insider attack, known temporary information disclosure attack, stolen verification attack, physical IoT device capture attack, and a perfect forward security and IoT device simulation attack.

6.3.1. Ability to Withstand Privileged Insider Attack

If was to succeed in obtaining the registration information that was sent by to during the registration phase, the value of could be calculated based on the pseudo-identity of , while the parameter could be intercepted on the public channel. Furthermore, the parameters and can be derived from and ; however, the real identity of is only available after being encrypted by a symmetric encryption algorithm, which is unable to decrypt. Therefore, even if was to obtain the registration information sent by to during the registration phase, it would not succeed in obtaining the session key for communication between and . Therefore, the proposed protocol offers protection against privileged insider attacks.

6.3.2. Ability to Withstand Known Temporary Information Disclosure Attack

We assume that obtains the temporary information generated by during the login authentication phase. Consequently, can also easily obtain the pseudo-identity of , that is , based on the information on the public channel. However, the session key of and is based on the real identity of and is composed of , such that cannot obtain the key , which would be necessary to decrypt the real identity. Therefore, despite having obtained , it would not be able to access the value of the session key. In addition, we assume that obtains the temporary information generated by in the authentication phase, which is used by to verify the legality of by encrypting . As does not know the values of the parameters and , obtaining temporary information from would not allow to crack the session key. In summary, our proposed protocol can effectively resist known temporary information exposure attacks.

6.3.3. Ability to Withstand Stolen Verification Attack

We assume that obtains certain parameters stored in the memory of , which can use to calculate the value of . The session key of and is set by . The real identity is composed of random numbers , , , and generated by and , during the authentication phase and thus cannot be obtained. Therefore, even if the information in the memory was to be obtained, it would not be possible to successfully launch the attack. Thus, our proposed protocol provides resistance against stolen verification attacks.

6.3.4. Physical IoT Device Capture Attack

Assuming that is physically captured by , the latter can obtain the information stored in the memory of , according to the power analysis. However, cannot obtain the information generated by and during the login authentication phase. Furthermore, the random numbers and , and the key-value pairs and used by the PUF are also not available. Therefore, cannot carry out the attack despite capturing and obtaining the information in the memory. Thus, our protocol can resist physical IoT device capture attacks.

6.3.5. Perfect Forward Security

Consider that obtains the shared key of and in the predeployment phase; however, the key is only used to encrypt the identity of . Although the value of the shared key is known, the identity of , that is , cannot be obtained by . Therefore, cannot crack the session key of and , and thus the obtained in this manner is of no value. In summary, the proposed protocol has perfect forward security.

6.3.6. IoT Device Simulation Attack

Assume that captures an IoT device and attempts to tamper with certain information in the memory, thereby establishing a session key with . First, must log in after obtaining . However, during the login phase, the login password of must be known, which is not stored in the memory of . Therefore, cannot log in successfully and thus cannot simulate the operation of networked devices. Therefore, our proposed protocol can effectively resist IoT device simulation attacks.

7. Security and Performance Comparisons

In this section, we present a comparison of the proposed protocol with existing protocols [12, 13, 20, 28–30] in related fields. We compared the performance of the protocol considering its running time and communication cost. In addition, protocols were compared in terms of security. Comprehensive performance and security analyses prove that the proposed protocol has significant advantages in both respects. The specific evaluation and comparison process is as follows.

We drew on the experimental environment of a published protocol [12]. As physical IoT devices and servers are involved in the protocol, artificial devices can be used to implement the encryption operation of the IoT devices in the authentication phase. Moreover, a desktop system can be used to implement the encryption operation on the server. In the case of the specific implementation process, only the running time of the hash function is considered in the protocol authentication phase, whereas the connection operation and the XOR operation are ignored for the moment. According to the previous experimental results [12], the single hash operation time for using artificial equipment for the realization of is 1.063 ms, whereas that for realizing the encryption operation on is 0.0027 ms. Furthermore, the communication cost was determined by only considering the cost incurred during the login authentication phase. We specify the identity of , XOR operation, timestamp, symmetric encryption, symmetric decryption, connection operation, and memory occupied using the hash function in the transmission process as 160, 160, 160, 128, 128, 160, 160, and 256 bits, respectively. represents the time consumed by a single hash operation, and represents the time consumed by a single dot multiplication operation.

7.1. Security Comparisons

Security analysis: although the time and communication performance of the proposed protocol was not analyzed, we performed a security analysis of the protocol. We compared the proposed protocol with related protocols and proved that our protocol offers the required security by evaluating whether the protocols can resist certain attacks during the login authentication phase. The main attacks included in the comparison were: A1—privileged insider attack, A2—IoT device capture attack, A3—stolen verification attack, A4—IoT device simulation attack, A5—perfect forward security, and A6—desynchronization attack. The results in Table 2 confirm that our protocol can resist various attacks and has significant advantages over other protocols in terms of security. In the table, “” implies that the protocol can resist the attack, whereas “” indicates that it cannot.

7.2. Performance Comparisons

Time consumption cost analysis: time consumption cost represents the time consumed by the encryption operations used in the authentication phase of and . We compared the proposed protocol with existing protocols [12, 13, 20, 28–30] in related fields. In the login and authentication phase of the proposed protocol, uses four hash functions; thus, the time consumed by the IoT device is , while uses five hash functions, resulting in a time consumption of by on the desktop system. Thus, the total time consumed by our proposed protocol is . Furthermore, the time consumed by each entity of other related protocols and the total time consumed are shown in Figure 4. In addition, Table 3 shows the time consumed by each protocol more intuitively.

Communication cost analysis: communication cost refers to the information transmitted between and during the login authentication phase. First, transmits the information to , and sends the information to after authenticating it as legitimate . As and , the communication cost consumed by in the authentication phase is bits. In addition, and , and thus the communication cost consumed by in the authentication phase is bits. Considering these results, we can conclude that the overall communication cost incurred by the proposed protocol during the login authentication phase is 992 bits. Figure 5 shows the communication costs incurred by various entities of other related protocols [12, 13, 20, 28–30]. Furthermore, Table 4 presents a more intuitive comparison of the communication costs incurred by our proposed protocol and other protocols.

Based on the aforementioned analysis of the protocol, it is evident that the proposed protocol is superior to other related protocols in terms of time and security performance.

8. Conclusion

The development of IoT has increasingly focused attention on security issues related to IoT communication. Alzahrani et al. proposed an identity-based authentication and key exchange protocol to address the key exchange network problem experienced by IoT devices and servers. However, we identified many security vulnerabilities in their protocol, and the IoT device login phase was absent. Therefore, we designed a two-factor encryption protocol using the symmetric key method based on an identity password. Using the ROR model, we proved that our proposed protocol could resist various attacks. In addition, we observed that our protocol is significantly advantageous in terms of time and communication cost through comparison with other related protocols. Therefore, future developments in the IoT industry are anticipated to benefit from our protocol, which is expected to provide more efficient security for smart devices. Owing to the possibility of improving the communication efficiency of this protocol, we will enhance this protocol in future work to help provide more efficient communication efficiency.

Data Availability

No data were used to support this study.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

References

H. Xiong, X. Huang, M. Yang, L. Wang, and S. Yu, “Unbounded and efficient revocable attribute-based encryption with adaptive security for cloud-assisted internet of things,” IEEE Internet of Things Journal, vol. 9, 2021.
View at: Publisher Site | Google Scholar
C.-T. Li, C.-C. Lee, C.-Y. Weng, and C.-M. Chen, “Towards secure authenticating of cache in the reader for RFID-based IoT systems,” Peer-to-Peer Networking and Applications, vol. 11, no. 1, pp. 198–208, 2018.
View at: Publisher Site | Google Scholar
H. Xiong, Y. Zhao, Y. Hou et al., “Heterogeneous signcryption with equality test for IIoT environment,” IEEE Internet of Things Journal, vol. 8, 2020.
View at: Publisher Site | Google Scholar
C. M. Chen, X. Deng, W. Gan, J. Chen, and S. H. Islam, “A secure blockchain-based group key agreement protocol for IoT,” The Journal of Supercomputing, vol. 77, pp. 1–23, 2021.
View at: Publisher Site | Google Scholar
L. McRae, K. Ellis, and M. Kent, “Internet of things (IoT): education and technology,” Relatsh. between Educ. Technol. students with Disabil. Leanne, Res, pp. 1–37, 2018.
View at: Google Scholar
S. A. Chaudhry, J. Nebhen, K. Yahya, and F. Al-Turjman, “A privacy enhanced authentication scheme for securing smart grid infrastructure,” IEEE Transactions on Industrial Informatics, 2021.
View at: Publisher Site | Google Scholar
H. Yang, W. Lee, and H. Lee, “IoT smart home adoption: the importance of proper level automation,” Journal of Sensors, vol. 2018, 2018.
View at: Publisher Site | Google Scholar
T. Y. Wu, L. Yang, J. N. Luo, L. Ming-Taiex, and J. Wu, “A Provably Secure Authentication and Key Agreement Protocol In cloud-based smart healthcare environments,” Security and Communication Networks, vol. 2021, 2021.
View at: Publisher Site | Google Scholar
S. A. Chaudhry, A. Irshad, J. Nebhen et al., “An anonymous device to device access control based on secure certificate for internet of medical things systems,” Sustainable Cities and Society, vol. 75, Article ID 103322, 2021.
View at: Publisher Site | Google Scholar
T.-Y. Wu, Z. Lee, L. Yang, C.-M. Chen, and R. Tso, “A provably secure authentication and key exchange protocol in vehicular ad hoc networks,” Security and Communication Networks, vol. 2021, pp. 1–17, 2021.
View at: Publisher Site | Google Scholar
P. Wang, C. M. Chen, S. Kumari, M. Shojafar, R. Tafazolli, and Y. N. Liu, “HDMA: hybrid D2D message authentication scheme for 5G-enabled VANETs,” IEEE Transactions on Intelligent Transportation Systems, vol. 22, 2020.
View at: Publisher Site | Google Scholar
B. A. Alzahrani and K. Mahmood, “Provable privacy preserving authentication solution for internet of things environment,” IEEE Access, vol. 9, 2021.
View at: Publisher Site | Google Scholar
N. Chikouche, P.-L. Cayrel, E. H. M. Mboup, and B. O. Boidje, “A privacy-preserving code-based authentication protocol for Internet of Things,” The Journal of Supercomputing, vol. 75, no. 12, pp. 8231–8261, 2019.
View at: Publisher Site | Google Scholar
X. Sun, S. Men, C. Zhao, and Z. Zhou, “A security authentication scheme in machine-to-machine home network service,” Security and Communication Networks, vol. 8, no. 16, pp. 2678–2686, 2015.
View at: Publisher Site | Google Scholar
P. Gope and B. Sikdar, “Lightweight and privacy-preserving two-factor authentication scheme for IoT devices,” IEEE Internet of Things Journal, vol. 6, no. 1, pp. 580–589, 2018.
View at: Publisher Site | Google Scholar
A. A. Alamr, F. Kausar, J. Kim, and C. Seo, “A secure ECC-based RFID mutual authentication protocol for internet of things,” The Journal of Supercomputing, vol. 74, no. 9, pp. 4281–4294, 2018.
View at: Publisher Site | Google Scholar
A. Maarof, M. Senhadji, Z. Labbi, and M. Belkasmi, “Authentication protocol for securing internet of things,” in Proceedings of the Fourth International Conference, pp. 1–7, USA, June 2018.
View at: Publisher Site | Google Scholar
S. Hussain, S. A. Chaudhry, O. A. Alomari, M. H. Alsharif, M. K. Khan, and N. Kumar, “Amassing the security: an ECC-based authentication scheme for Internet of drones,” IEEE Systems Journal, vol. 15, 2021.
View at: Publisher Site | Google Scholar
S. Kalra and S. K. Sood, “Secure authentication scheme for IoT and cloud servers,” Pervasive and Mobile Computing, vol. 24, pp. 210–223, 2015.
View at: Publisher Site | Google Scholar
S. Kumari, M. Karuppiah, A. K. Das, X. Li, F. Wu, and N. Kumar, “A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers,” The Journal of Supercomputing, vol. 74, no. 12, pp. 6428–6453, 2018.
View at: Publisher Site | Google Scholar
D. Dolev and A. Yao, “On the security of public key protocols,” IEEE Transactions on Information Theory, vol. 29, no. 2, pp. 198–208, 1983.
View at: Publisher Site | Google Scholar
I. Agadakos, C. Y. Chen, M. Campanelli et al., “Jumping the air gap: modeling cyber-physical attack paths in the Internet-of-Things,” in Proceedings of the 2017 Workshop, pp. 37–48, USA, November 2017.
View at: Publisher Site | Google Scholar
S. Y. Kim, H. Kim, and D. H. Lee, “An Efficient Id-Based Mutual Authentication Secure against Privileged-Insider Attack,” in Proceedings of the 2015 5th International Conference on IT Convergence and Security (ICITCS), pp. 1–4, IEEE, Kuala Lumpur, Malaysia, August 2015.
View at: Publisher Site | Google Scholar
Q. Jiang, S. Zeadally, J. Ma, and D. He, “Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks,” IEEE Access, vol. 5, pp. 3376–3392, 2017.
View at: Publisher Site | Google Scholar
K. A. Rahman, K. S. Balagani, and V. V. Phoha, “Making impostor pass rates meaningless: a case of snoop-forge-replay attack on continuous cyber-behavioral verification with keystrokes,” in Proceedings of the CVPR 2011 WORKSHOPS, pp. 31–38, IEEE, Colorado Springs, CO, USA, August 2011.
View at: Publisher Site | Google Scholar
M. Abdalla, P.-A. Fouque, and D. Pointcheval, “Password-based authenticated key exchange in the three-party setting,” in Proceedings of the Public Key Cryptography - PKC 2005, pp. 65–84, Berlin, Heidelberg, January 2005.
View at: Publisher Site | Google Scholar
S. Banerjee, V. Odelu, A. K. Das et al., “A provably secure and lightweight anonymous user authenticated session key exchange scheme for internet of things deployment,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8739–8752, 2019.
View at: Publisher Site | Google Scholar
S. A. Chaudhry, I. L. Kim, S. Rho, M. S. Farash, and T. Shon, “An improved anonymous authentication scheme for distributed mobile cloud computing services,” Cluster Computing, vol. 22, no. 1, pp. 1595–1609, 2019.
View at: Publisher Site | Google Scholar
R. Melki, H. N. Noura, and A. Chehab, “Lightweight multi-factor mutual authentication protocol for IoT devices,” International Journal of Information Security, vol. 19, no. 6, pp. 679–694, 2020.
View at: Publisher Site | Google Scholar
P. K. Panda and S. Chattopadhyay, “A secure mutual authentication protocol for IoT environment,” Journal of Reliable Intelligent Environments, vol. 6, no. 2, pp. 79–94, 2020.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2022 Chien-Ming Chen et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Security and Communication Networks

Enhanced Authentication Protocol for the Internet of Things Environment

Abstract

1. Introduction

2. Related Work

3. Review of Alzahrani et al.’s Protocol

3.1. Registration Phase

3.2. Mutual Authentication Phase

4. Cryptanalysis of Alzahrani et al.’s Protocol

4.1. Threat Model

4.2. Physical IoT Device Capture Attack

4.3. Privileged Insider Attack

4.4. Known Temporary Information Disclosure Attack

4.5. Stolen-Verifier Attack

5. Proposed Protocol

5.1. Predeployment Phase

5.2. IoT Device Registration Phase

5.3. Login and Authentication Phase

6. Security Analysis

6.1. BAN Logic Analysis

6.1.1. BAN Logic Rules

6.1.2. Goals

6.1.3. Idealizing Communication

6.1.4. Initial State Assumptions

6.1.5. Detailed Steps

6.2. ROR Security Analysis

6.2.1. ROR Model

6.2.2. Security Proof

6.3. Security Analysis

6.3.1. Ability to Withstand Privileged Insider Attack

6.3.2. Ability to Withstand Known Temporary Information Disclosure Attack

6.3.3. Ability to Withstand Stolen Verification Attack

6.3.4. Physical IoT Device Capture Attack

6.3.5. Perfect Forward Security

6.3.6. IoT Device Simulation Attack

7. Security and Performance Comparisons

7.1. Security Comparisons

7.2. Performance Comparisons

8. Conclusion

Data Availability

Conflicts of Interest

References

Copyright