The proposed scheme outperforms existing related user authentication schemes, in terms of its security and functionality features, and computation costs, shows the research.
Jangirala Srinivas, Associate Professor, Jindal Global Business School, O. P. Jindal Global University, Haryana, India.
Soumya Banerjee, Department of Information Technology, Jadavpur University Salt Lake City, Kolkata, India.
Vanga Odelu, Department of Computer Science and Information Systems, Birla Institute of Technology and Science, Hyderabad, India.
Ashok Kumar Das, Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad, India.
Neeraj Kumar, Department of Computer Science and Engineering, Thapar University, Patiala, India.
Samiran Chattopadhyay, Department of Information Technology, Jadavpur University Salt Lake City, Kolkata, India.
Kim-Kwang Raymond Choo, Department of Information Systems and Cyber Security, University of Texas at San Antonio, San Antonio, TX, USA.
With the ever increasing adoption rate of Internet-enabled devices [also known as Internet of Things (IoT) devices] in applications such as smart home, smart city, smart grid, and healthcare applications, we need to ensure the security and privacy of data and communications among these IoT devices and the underlying infrastructure. For example, an adversary can easily tamper with the information transmitted over a public channel, in the sense of modification, deletion, and fabrication of data-in-transit and data-in-storage.
Time-critical IoT applications such as healthcare may demand the capability to support external parties (users) to securely access IoT data and services in real-time. This necessitates the design of a secure user authentication mechanism, which should also allow the user to achieve security and functionality features such as anonymity and un-traceability.
In this paper, we propose a new lightweight anonymous user authenticated session key agreement scheme in the IoT environment. The proposed scheme uses three-factor authentication, namely a user’s smart card, password, and personal biometric information. The proposed scheme does not require the storing of user specific information at the gateway node.
We then demonstrate the proposed scheme’s security using the broadly accepted real-or-random (ROR) model, Burrows-Abadi-Needham (BAN) logic, and automated validation of Internet security protocols and applications (AVISPAs) software simulation tool, as well as presenting an informal security analysis to demonstrate its other features. In addition, through our simulations, we demonstrate that the proposed scheme outperforms existing related user authentication schemes, in terms of its security and functionality features, and computation costs.
Published in: IEEE Internet of Things Journal
To read the full article, please click here.