A Secure, Lightweight, and Anonymous User Authentication Protocol for IoT Environments
The Internet of Things (IoT) is being applied to various environments such as telecare systems, smart homes, and intelligent transportation systems. The information generated from IoT devices is stored at remote servers, and external users authenticate to the server for requesting access to the stor...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2021-08-01
|
Series: | Sustainability |
Subjects: | |
Online Access: | https://www.mdpi.com/2071-1050/13/16/9241 |
id |
doaj-da82ec320a0a447487721c42641b5520 |
---|---|
record_format |
Article |
spelling |
doaj-da82ec320a0a447487721c42641b55202021-08-26T14:22:35ZengMDPI AGSustainability2071-10502021-08-01139241924110.3390/su13169241A Secure, Lightweight, and Anonymous User Authentication Protocol for IoT EnvironmentsSeunghwan Son0Yohan Park1Youngho Park2School of Electronic and Electrical Engineering, Kyungpook National University, Daegu 41566, KoreaSchool of Computer Engineering, Keimyung University, Daegu 42601, KoreaSchool of Electronic and Electrical Engineering, Kyungpook National University, Daegu 41566, KoreaThe Internet of Things (IoT) is being applied to various environments such as telecare systems, smart homes, and intelligent transportation systems. The information generated from IoT devices is stored at remote servers, and external users authenticate to the server for requesting access to the stored data. In IoT environments, the authentication process is required to be conducted efficiently, and should be secure against various attacks and ensure user anonymity and untraceability to ensure sustainability of the network. However, many existing protocols proposed in IoT environments do not meet these requirements. Recently, Rajaram et al. proposed a paring-based user authentication scheme. We found that the Rajaram et al. scheme is vulnerable to various attacks such as offline password guessing, impersonation, privileged insider, and known session-specific temporary information attacks. Additionally, as their scheme uses bilinear pairing, it requires high computation and communication costs. In this study, we propose a novel authentication scheme that resolves these security problems. The proposed scheme uses only hash and exclusive-or operations to be applicable in IoT environments. We analyze the proposed protocol using informal analysis and formal analysis methods such as the BAN logic, real-or-random (ROR) model, and the AVISPA simulation, and we show that the proposed protocol has better security and performance compared with existing authentication protocols. Consequently, the proposed protocol is sustainable and suitable for real IoT environments.https://www.mdpi.com/2071-1050/13/16/9241mutual authenticationkey agreementlightweightanonymityIoT environmentBAN logic |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Seunghwan Son Yohan Park Youngho Park |
spellingShingle |
Seunghwan Son Yohan Park Youngho Park A Secure, Lightweight, and Anonymous User Authentication Protocol for IoT Environments Sustainability mutual authentication key agreement lightweight anonymity IoT environment BAN logic |
author_facet |
Seunghwan Son Yohan Park Youngho Park |
author_sort |
Seunghwan Son |
title |
A Secure, Lightweight, and Anonymous User Authentication Protocol for IoT Environments |
title_short |
A Secure, Lightweight, and Anonymous User Authentication Protocol for IoT Environments |
title_full |
A Secure, Lightweight, and Anonymous User Authentication Protocol for IoT Environments |
title_fullStr |
A Secure, Lightweight, and Anonymous User Authentication Protocol for IoT Environments |
title_full_unstemmed |
A Secure, Lightweight, and Anonymous User Authentication Protocol for IoT Environments |
title_sort |
secure, lightweight, and anonymous user authentication protocol for iot environments |
publisher |
MDPI AG |
series |
Sustainability |
issn |
2071-1050 |
publishDate |
2021-08-01 |
description |
The Internet of Things (IoT) is being applied to various environments such as telecare systems, smart homes, and intelligent transportation systems. The information generated from IoT devices is stored at remote servers, and external users authenticate to the server for requesting access to the stored data. In IoT environments, the authentication process is required to be conducted efficiently, and should be secure against various attacks and ensure user anonymity and untraceability to ensure sustainability of the network. However, many existing protocols proposed in IoT environments do not meet these requirements. Recently, Rajaram et al. proposed a paring-based user authentication scheme. We found that the Rajaram et al. scheme is vulnerable to various attacks such as offline password guessing, impersonation, privileged insider, and known session-specific temporary information attacks. Additionally, as their scheme uses bilinear pairing, it requires high computation and communication costs. In this study, we propose a novel authentication scheme that resolves these security problems. The proposed scheme uses only hash and exclusive-or operations to be applicable in IoT environments. We analyze the proposed protocol using informal analysis and formal analysis methods such as the BAN logic, real-or-random (ROR) model, and the AVISPA simulation, and we show that the proposed protocol has better security and performance compared with existing authentication protocols. Consequently, the proposed protocol is sustainable and suitable for real IoT environments. |
topic |
mutual authentication key agreement lightweight anonymity IoT environment BAN logic |
url |
https://www.mdpi.com/2071-1050/13/16/9241 |
work_keys_str_mv |
AT seunghwanson asecurelightweightandanonymoususerauthenticationprotocolforiotenvironments AT yohanpark asecurelightweightandanonymoususerauthenticationprotocolforiotenvironments AT younghopark asecurelightweightandanonymoususerauthenticationprotocolforiotenvironments AT seunghwanson securelightweightandanonymoususerauthenticationprotocolforiotenvironments AT yohanpark securelightweightandanonymoususerauthenticationprotocolforiotenvironments AT younghopark securelightweightandanonymoususerauthenticationprotocolforiotenvironments |
_version_ |
1721189825594261504 |