Formal security analysis of lightweight authenticated key agreement protocol for IoT in cloud computing

The internet of things (IoT) and cloud computing are evolving technologies in the information technology field. Merging the pervasive IoT technology with cloud computing is an innovative solution for better analytics and decision-making. Deployed IoT devices offload different types of data to the cloud, while cloud computing converges the infrastructure, links up the servers, analyzes information obtained from the IoT devices, reinforces processing power, and offers huge storage capacity. However, this merging is prone to various cyber threats that affect the IoT-Cloud environment. Mutual authentication is considered as the forefront mechanism for cyber-attacks as the IoT-Cloud participants have to ensure the authenticity of each other and generate a session key for securing the exchanged traffic. While designing these mechanisms, the constrained nature of the IoT devices must be taken into consideration. We proposed a novel lightweight protocol (Light-AHAKA) for authenticating IoT-Cloud elements and establishing a key agreement for encrypting the exchanged sensitive data was proposed. In this paper, the formal verification of (Light-AHAKA) was presented to prove and verify the correctness of our proposed protocol to ensure that the protocol is free from design flaws before the deployment phase. The verification is performed based on two different approaches, the strand space model and the automated validation of internet security protocols and applications (AVISPA) tool.

Download Full-text

Secure Key Agreement and Authentication Protocol for Message Confirmation in Vehicular Cloud Computing

Applied Sciences ◽

10.3390/app10186268 ◽

2020 ◽

Vol 10 (18) ◽

pp. 6268

Author(s):

JoonYoung Lee ◽

SungJin Yu ◽

MyeongHyun Kim ◽

YoungHo Park ◽

SangWoo Lee ◽

...

Keyword(s):

Cloud Computing ◽

Key Agreement ◽

Mutual Authentication ◽

Authentication Protocol ◽

Internet Security ◽

Malicious Attacks ◽

Session Key ◽

Vehicular Cloud Computing ◽

Vehicular Cloud ◽

Man In The Middle

With the development of vehicular ad-hoc networks (VANETs) and Internet of vehicles (IoVs), a large amount of useful information is generated for vehicle drivers and traffic management systems. The amount of vehicle and traffic information is as large as the number of vehicles and it is enormous when compared to vehicle calculation and storage performance. To resolve this problem, VANET uses a combined cloud computing technology, called vehicular cloud computing (VCC), which controls vehicle-related data, and helps vehicle drivers directly or indirectly. However, VANETs remain vulnerable to attacks such as tracking, masquerade and man-in-the-middle attacks because VANETs communicate via open networks. To overcome these issues, many researchers have proposed secure authentication protocols for message confirmation with vehicular cloud computing. However, many researchers have pointed out that some proposed protocols use ideal tamper-proof devices (TPDs). They demonstrated that realistic TPDs cannot prevent adversaries attack. Limbasiya et al. presented a message confirmation scheme for vehicular cloud computing using a realistic TPD in order to prevent these problems. However, their proposed scheme still has security weaknesses over a TPD and does not guarantee mutual authentication. This paper proposes a secure key agreement and authentication protocol to address the security weaknesses inherent in the protocol of Limbasiya et al. The suggested protocol withstands malicious attacks and ensures secure mutual authentication for privacy-preserving. We prove that the proposed protocol can provide session key security using Real-Or-Random (ROR) model. We also employed Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool to show that the proposed protocol is able to defeat replay and man-in-the-middle attacks. Furthermore, we established that the proposed protocol can resist other malicious attacks by conducting the informal security analysis. We proved that our proposed protocol is lightweight and suitable for VCC environments.

Download Full-text

Password Based Client-Server-User Authenticated Key Agreement Mechanism for Cloud System

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.d8352.118419 ◽

2019 ◽

Vol 8 (4) ◽

pp. 12839-12841

Keyword(s):

Key Agreement ◽

Identity Management ◽

Mutual Authentication ◽

Security Analysis ◽

Impersonation Attack ◽

Session Key ◽

Replay Attack ◽

Authentication Mechanism ◽

Diffie Hellman ◽

Cloud Server

The authentication is an essential concern in the cloud environment to restrict the unauthorized users to retrieve the files from cloud server. Moreover, authentication mechanisms are used to prevent illegal access of resources over insecure channel. Thus proposed work provides the strong and efficient authentication process in cloud computing environment by chebyshev polynomial based chaotic maps Diffie Hellman property. The proposed authentication mechanism does not disclose the identity of the user to CSP. Moreover proposed authentication mechanism enables mutual authentication, Identity management, and session-key agreement. The Proposed mechanism of security analysis includes the enabling mutual authentication and key agreement, restricting the impersonation attack, man in the middle attack and replay attack.

Download Full-text

A Secure Lightweight Three-Factor Authentication Scheme for IoT in Cloud Computing Environment

Sensors ◽

10.3390/s19163598 ◽

2019 ◽

Vol 19 (16) ◽

pp. 3598 ◽

Cited By ~ 13

Author(s):

SungJin Yu ◽

KiSung Park ◽

YoungHo Park

Keyword(s):

Cloud Computing ◽

Mutual Authentication ◽

Internet Security ◽

Authentication Scheme ◽

Sensitive Information ◽

Computing Environment ◽

Session Key ◽

Cloud Computing Environment ◽

Smart Healthcare ◽

Three Factor

With the development of cloud computing and communication technology, users can access the internet of things (IoT) services provided in various environments, including smart home, smart factory, and smart healthcare. However, a user is insecure various types of attacks, because sensitive information is often transmitted via an open channel. Therefore, secure authentication schemes are essential to provide IoT services for legal users. In 2019, Pelaez et al. presented a lightweight IoT-based authentication scheme in cloud computing environment. However, we prove that Pelaez et al.’s scheme cannot prevent various types of attacks such as impersonation, session key disclosure, and replay attacks and cannot provide mutual authentication and anonymity. In this paper, we present a secure and lightweight three-factor authentication scheme for IoT in cloud computing environment to resolve these security problems. The proposed scheme can withstand various attacks and provide secure mutual authentication and anonymity by utilizing secret parameters and biometric. We also show that our scheme achieves secure mutual authentication using Burrows–Abadi–Needham logic analysis. Furthermore, we demonstrate that our scheme resists replay and man-in-the-middle attacks usingthe automated validation of internet security protocols and applications (AVISPA) simulation tool. Finally, we compare the performance and the security features of the proposed scheme with some existing schemes. Consequently, we provide better safety and efficiency than related schemes and the proposed scheme is suitable for practical IoT-based cloud computing environment.

Download Full-text

A Secure Two-Factor Remote User Authentication and Session Key Agreement Scheme

International Journal of Business Data Communications and Networking ◽

10.4018/ijbdcn.2016070104 ◽

2016 ◽

Vol 12 (2) ◽

pp. 62-79 ◽

Cited By ~ 12

Author(s):

Preeti Chandrakar ◽

Hari Om

Keyword(s):

Key Agreement ◽

User Authentication ◽

Mutual Authentication ◽

Security Analysis ◽

Session Key ◽

Key Agreement Protocol ◽

Remote User Authentication ◽

Session Key Agreement ◽

Man In The Middle ◽

Remote User

In this article, the authors have proposed a secure two-factor remote user authentication and session key agreement protocol. As they have shown in the presented scheme, is precise and secure according to both formal and informal security analysis. For formal security analysis, they have applied BAN (Burrows-Abadi-Needham) logic which certifies that the presented scheme provides the amenity of mutual authentication and session key agreement safely. The informal security verification has shown that the proposed scheme is more vigorous against various sort of cruel threats. Moreover, the authors have simulated the presented scheme using broadly accepted AVISPA tool, whose simulation results make sure that the protocol is not dangerous from active and passive attacks together with replay and man-in-the-middle attacks. In addition, the performance evaluation and the security comparison have revealed that the presented scheme gives strong security as well as better complexity in the context of smart card memory requirement, communication cost and computation cost.

Download Full-text

SALMAKA: Secured, Anonymity Preserving and Lightweight Mutual Authentication and Key Agreement Scheme for WBAN

International Journal of Sensors Wireless Communications and Control ◽

10.2174/2210327910999200507124851 ◽

2020 ◽

Vol 10 ◽

Cited By ~ 4

Author(s):

Bhawna Narwal ◽

Amar Kumar Mohapatra

Keyword(s):

Key Agreement ◽

Mutual Authentication ◽

Internet Security ◽

Communication Process ◽

Security Evaluation ◽

Session Key ◽

Efficient Manner ◽

Authentication And Key Agreement ◽

Processing Cost ◽

And Performance

Background: It is paramount to secure the healthcare system from unauthorized users and security attacks through appropriate security mechanisms as a break in communication process leads to leaked or blurred messages, which is totally unacceptable. Moreover, mutual authentication is a core requirement for privacy protection as it is paramount to control who is accessing the sensed data and whether they are authenticated or not. In addition to this, energy efficiency is a major issue to be dealt with. Objective: After examination of the present related schemes, we proposed a novel Secured, Anonymity Preserving and Lightweight Mutual Authentication and Key Agreement Scheme (SALMAKA) for two-hop WBAN topology; where the scheme mutually authenticates the sensing nodes with the controller node in an anonymous, energy efficient manner and establishes session key securely. Method: To corroborate the accuracy of the proposed scheme, Burrows-Abadi-Needham (BAN) logic and Automated Validation of Internet Security Protocols and Applications (AVISPA) simulator are used. Apart from this, informal security evaluation is also performed in detail. Results: To exhibit the practical application and performance of the proposed scheme, it is compared with the existing related schemes and the results reveal that the proposed scheme reduces energy consumption, processing cost and processing time significantly. Conclusion: A Secured, Anonymity Preserving and Lightweight Mutual Authentication and Key Agreement Scheme (SALMAKA) for two-hop WBAN topology is propounded.

Download Full-text

A Secure Ciphertext Retrieval Scheme against Insider KGAs for Mobile Devices in Cloud Storage

Security and Communication Networks ◽

10.1155/2018/7254305 ◽

2018 ◽

Vol 2018 ◽

pp. 1-7 ◽

Cited By ~ 11

Author(s):

Run Xie ◽

Chanlian He ◽

Dongqing Xie ◽

Chongzhi Gao ◽

Xiaojun Zhang

Keyword(s):

Cloud Computing ◽

Mobile Devices ◽

Data Privacy ◽

Security Analysis ◽

Data Retrieval ◽

Sensitive Data ◽

Encrypted Data ◽

Security Issues ◽

Efficiency Comparison ◽

Cloud Servers

With the advent of cloud computing, data privacy has become one of critical security issues and attracted much attention as more and more mobile devices are relying on the services in cloud. To protect data privacy, users usually encrypt their sensitive data before uploading to cloud servers, which renders the data utilization to be difficult. The ciphertext retrieval is able to realize utilization over encrypted data and searchable public key encryption is an effective way in the construction of encrypted data retrieval. However, the previous related works have not paid much attention to the design of ciphertext retrieval schemes that are secure against inside keyword-guessing attacks (KGAs). In this paper, we first construct a new architecture to resist inside KGAs. Moreover we present an efficient ciphertext retrieval instance with a designated tester (dCRKS) based on the architecture. This instance is secure under the inside KGAs. Finally, security analysis and efficiency comparison show that the proposal is effective for the retrieval of encrypted data in cloud computing.

Download Full-text

Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics

The Scientific World JOURNAL ◽

10.1155/2014/281305 ◽

2014 ◽

Vol 2014 ◽

pp. 1-15 ◽

Cited By ~ 19

Author(s):

Younsung Choi ◽

Junghyun Nam ◽

Donghoon Lee ◽

Jiye Kim ◽

Jaewook Jung ◽

...

Keyword(s):

Key Agreement ◽

User Authentication ◽

Mutual Authentication ◽

Smart Cards ◽

Security Requirements ◽

Impersonation Attack ◽

Single Server ◽

Authenticated Key Agreement ◽

Session Key ◽

Authentication Schemes

An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user’s biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen’s scheme.

Download Full-text

Security analysis for chaotic maps-based mutual authentication and key agreement using smart cards for wireless networks

Journal of Information and Optimization Sciences ◽

10.1080/02522667.2018.1470752 ◽

2019 ◽

Vol 40 (3) ◽

pp. 725-750 ◽

Cited By ~ 1

Author(s):

A. Shakiba

Keyword(s):

Wireless Networks ◽

Key Agreement ◽

Chaotic Maps ◽

Mutual Authentication ◽

Security Analysis ◽

Smart Cards ◽

Authentication And Key Agreement

Download Full-text

Design of Secure Protocol for Cloud-Assisted Electronic Health Record System Using Blockchain

Sensors ◽

10.3390/s20102913 ◽

2020 ◽

Vol 20 (10) ◽

pp. 2913 ◽

Cited By ~ 1

Author(s):

MyeongHyun Kim ◽

SungJin Yu ◽

JoonYoung Lee ◽

YoHan Park ◽

YoungHo Park

Keyword(s):

Cloud Computing ◽

Electronic Health Record ◽

Medical Service ◽

Mutual Authentication ◽

Internet Security ◽

Communication Overhead ◽

Health Record ◽

Blockchain Technology ◽

Secure Protocol ◽

Electronic Health

In the traditional electronic health record (EHR) management system, each medical service center manages their own health records, respectively, which are difficult to share on the different medical platforms. Recently, blockchain technology is one of the popular alternatives to enable medical service centers based on different platforms to share EHRs. However, it is hard to store whole EHR data in blockchain because of the size and the price of blockchain. To resolve this problem, cloud computing is considered as a promising solution. Cloud computing offers advantageous properties such as storage availability and scalability. Unfortunately, the EHR system with cloud computing can be vulnerable to various attacks because the sensitive data is sent over a public channel. We propose the secure protocol for cloud-assisted EHR system using blockchain. In the proposed scheme, blockchain technology is used to provide data integrity and access control using log transactions and the cloud server stores and manages the patient’s EHRs to provide secure storage resources. We use an elliptic curve cryptosystems (ECC) to provide secure health data sharing with cloud computing. We demonstrate that the proposed EHR system can prevent various attacks by using informal security analysis and automated validation of internet security protocols and applications (AVISPA) simulation. Furthermore, we prove that the proposed EHR system provides secure mutual authentication using BAN logic analysis. We then compare the computation overhead, communication overhead, and security properties with existing schemes. Consequently, the proposed EHR system is suitable for the practical healthcare system considering security and efficiency.

Download Full-text

A Secure Authentication and Key Agreement Scheme for IoT-Based Cloud Computing Environment

Symmetry ◽

10.3390/sym12010150 ◽

2020 ◽

Vol 12 (1) ◽

pp. 150 ◽

Cited By ~ 2

Author(s):

Yicheng Yu ◽

Liang Hu ◽

Jianfeng Chu

Keyword(s):

Cloud Computing ◽

Internet Of Things ◽

Secure Communication ◽

Key Agreement ◽

Security Analysis ◽

Computing Environment ◽

Cloud Computing Environment ◽

Authentication And Key Agreement ◽

Insider Attack ◽

Cloud Servers

The integration of Internet of things (IoT) and cloud computing technology has made our life more convenient in recent years. Cooperating with cloud computing, Internet of things can provide more efficient and practical services. People can accept IoT services via cloud servers anytime and anywhere in the IoT-based cloud computing environment. However, plenty of possible network attacks threaten the security of users and cloud servers. To implement effective access control and secure communication in the IoT-based cloud computing environment, identity authentication is essential. In 2016, He et al. put forward an anonymous authentication scheme, which is based on asymmetric cryptography. It is claimed that their scheme is capable of withstanding all kinds of known attacks and has good performance. However, their scheme has serious security weaknesses according to our cryptanalysis. The scheme is vulnerable to insider attack and DoS attack. For overcoming these weaknesses, we present an improved authentication and key agreement scheme for IoT-based cloud computing environment. The automated security verification (ProVerif), BAN-logic verification, and informal security analysis were performed. The results show that our proposed scheme is secure and can effectively resist all kinds of known attacks. Furthermore, compared with the original scheme in terms of security features and performance, our proposed scheme is feasible.

Download Full-text