scholarly journals Secure Three-Factor Authentication Protocol for Multi-Gateway IoT Environments

Sensors ◽  
2019 ◽  
Vol 19 (10) ◽  
pp. 2358 ◽  
Author(s):  
JoonYoung Lee ◽  
SungJin Yu ◽  
KiSung Park ◽  
YoHan Park ◽  
YoungHo Park
Keyword(s):  
Open Channel ◽  
Mutual Authentication ◽  
Authentication Protocol ◽  
Internet Security ◽  
Authentication Protocols ◽  
Session Key ◽  
Security Issues ◽  
Smart Factories ◽  
Mutual Authentication Protocol ◽  
Three Factor

Internet of Things (IoT) environments such as smart homes, smart factories, and smart buildings have become a part of our lives. The services of IoT environments are provided through wireless networks to legal users. However, the wireless network is an open channel, which is insecure to attacks from adversaries such as replay attacks, impersonation attacks, and invasions of privacy. To provide secure IoT services to users, mutual authentication protocols have attracted much attention as consequential security issues, and numerous protocols have been studied. In 2017, Bae et al. presented a smartcard-based two-factor authentication protocol for multi-gateway IoT environments. However, we point out that Bae et al.’s protocol is vulnerable to user impersonation attacks, gateway spoofing attacks, and session key disclosure, and cannot provide a mutual authentication. In addition, we propose a three-factor mutual authentication protocol for multi-gateway IoT environments to resolve these security weaknesses. Then, we use Burrows–Abadi–Needham (BAN) logic to prove that the proposed protocol achieves secure mutual authentication, and we use the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool to analyze a formal security verification. In conclusion, our proposed protocol is secure and applicable in multi-gateway IoT environments.

scholarly journals A Two-Factor RSA-Based Robust Authentication System for Multiserver Environments

2017 ◽  
Vol 2017 ◽  
pp. 1-15 ◽  
Author(s):  
Ruhul Amin ◽  
SK Hafizul Islam ◽  
Muhammad Khurram Khan ◽  
Arijit Karati ◽  
Debasis Giri ◽  
...  
Keyword(s):  
User Authentication ◽  
Mutual Authentication ◽  
Authentication Protocol ◽  
Internet Security ◽  
Security Attacks ◽  
Authentication Protocols ◽  
Session Key ◽  
Authorized User ◽  
Proof Of Correctness ◽  
And Storage

The concept of two-factor multiserver authentication protocol was developed to avoid multiple number of registrations using multiple smart-cards and passwords. Recently, a variety of two-factor multiserver authentication protocols have been developed. It is observed that the existing RSA-based multiserver authentication protocols are not suitable in terms of computation complexities and security attacks. To provide lower complexities and security resilience against known attacks, this article proposes a two-factor (password and smart-card) user authentication protocol with the RSA cryptosystem for multiserver environments. The comprehensive security discussion proved that the known security attacks are eliminated in our protocol. Besides, our protocol supports session key agreement and mutual authentication between the application server and the user. We analyze the proof of correctness of the mutual authentication and freshness of session key using the BAN logic model. The experimental outcomes obtained through simulation of the Automated Validation of Internet Security Protocols and Applications (AVISPA) S/W show that our protocol is secured. We consider the computation, communication, and storage costs and the comparative explanations show that our protocol is flexible and efficient compared with protocols. In addition, our protocol offers security resilience against known attacks and provides lower computation complexities than existing protocols. Additionally, the protocol offers password change facility to the authorized user.

scholarly journals A Secure Lightweight Three-Factor Authentication Scheme for IoT in Cloud Computing Environment

Sensors ◽  
2019 ◽  
Vol 19 (16) ◽  
pp. 3598 ◽  
Author(s):  
SungJin Yu ◽  
KiSung Park ◽  
YoungHo Park
Keyword(s):  
Cloud Computing ◽  
Mutual Authentication ◽  
Internet Security ◽  
Authentication Scheme ◽  
Sensitive Information ◽  
Computing Environment ◽  
Session Key ◽  
Cloud Computing Environment ◽  
Smart Healthcare ◽  
Three Factor

With the development of cloud computing and communication technology, users can access the internet of things (IoT) services provided in various environments, including smart home, smart factory, and smart healthcare. However, a user is insecure various types of attacks, because sensitive information is often transmitted via an open channel. Therefore, secure authentication schemes are essential to provide IoT services for legal users. In 2019, Pelaez et al. presented a lightweight IoT-based authentication scheme in cloud computing environment. However, we prove that Pelaez et al.’s scheme cannot prevent various types of attacks such as impersonation, session key disclosure, and replay attacks and cannot provide mutual authentication and anonymity. In this paper, we present a secure and lightweight three-factor authentication scheme for IoT in cloud computing environment to resolve these security problems. The proposed scheme can withstand various attacks and provide secure mutual authentication and anonymity by utilizing secret parameters and biometric. We also show that our scheme achieves secure mutual authentication using Burrows–Abadi–Needham logic analysis. Furthermore, we demonstrate that our scheme resists replay and man-in-the-middle attacks usingthe automated validation of internet security protocols and applications (AVISPA) simulation tool. Finally, we compare the performance and the security features of the proposed scheme with some existing schemes. Consequently, we provide better safety and efficiency than related schemes and the proposed scheme is suitable for practical IoT-based cloud computing environment.

scholarly journals Cost and Lightweight Modeling Analysis of RFID Authentication Protocols in Resource Constraint Internet of Things

2017 ◽  
Vol 10 (3) ◽  
pp. 179
Author(s):  
Adarsh Kumar ◽  
Krishna Gopal ◽  
Alok Aggarwal
Keyword(s):  
Internet Of Things ◽  
Radio Frequency ◽  
Radio Frequency Identification ◽  
Mutual Authentication ◽  
Authentication Protocol ◽  
Resource Constraint ◽  
Authentication Protocols ◽  
Pervasive Environment ◽  
Rfid Authentication Protocols ◽  
Mutual Authentication Protocol

Internet of Things (IoT) is a pervasive environment to interconnect the things like: smart objects, devices etc. in a structure like internet. Things can be interconnected in IoT if these are uniquely addressable and identifiable. Radio Frequency Identification (RFID) is one the important radio frequency based addressing scheme in IoT. Major security challenge in resource constraint RFID networks is how to achieve traditional CIA security i.e. Confidentiality, Integrity and Authentication. Computational and communication costs for Lightweight Mutual Authentication Protocol (LMAP), RFID mutual Authentication Protocol with Permutation (RAPP) and kazahaya authentication protocols are analyzed. These authentication protocols are modeled to analyze the delays using lightweight modeling language. Delay analysis is performed using alloy model over LMAP, RAPP and kazahaya authentication protocols where one datacenter (DC) is connected to different number of readers (1,5 or 10) with connectivity to 1, 5 or 25 tags associated with reader and its results show that for LMAP delay varies from 30-156 msec, for RAPP from 31-188 while for kazahaya from 61-374 msec. Further, performance of RFID authentication protocols is analyzed for group construction through more than one DC (1,5 or 10) with different number of readers (10, 50 or 100) and tags associated with these readers (50, 500, 1000) and results show that DC based binary tree topology with LMAP authentication protocol is having a minimum delay for 50 or 100 readers. Other authentication protocols fail to give authentication results because of large delays in the network. Thus, RAPP and Kazahaya are not suitable for scenarios where there is large amount of increase in number of tags or readers.

scholarly journals A Secure and Efficient Three-Factor Authentication Protocol in Global Mobility Networks

2020 ◽  
Vol 10 (10) ◽  
pp. 3565 ◽  
Author(s):  
SungJin Yu ◽  
JoonYoung Lee ◽  
YoHan Park ◽  
YoungHo Park ◽  
SangWoo Lee ◽  
...  
Keyword(s):  
Mutual Authentication ◽  
Security Analysis ◽  
Authentication Protocol ◽  
Internet Security ◽  
Mobile Technologies ◽  
Security Requirements ◽  
Replay Attacks ◽  
Global Mobility ◽  
Global Mobility Networks ◽  
Three Factor

With the developments in communication and mobile technologies, mobile users can access roaming services by utilizing a mobile device at any time and any place in the global mobility networks. However, these require several security requirements, such as authentication and anonymity, because the information is transmitted over an open channel. Thus, secure and efficient authentication protocols are essential to provide secure roaming services for legitimate users. In 2018, Madhusudhan et al. presented a secure authentication protocol for global mobile networks. However, we demonstrated that their protocol could not prevent potential attacks, including masquerade, session key disclosure, and replay attacks. Thus, we proposed a secure and efficient three-factor authentication protocol to overcome the security weaknesses of Madhusudhan et al.’s scheme. The proposed scheme was demonstrated to prevent various attacks and provided a secure mutual authentication by utilizing biometrics and secret parameters. We evaluated the security of the proposed protocol using informal security analysis and formal security analysis, such as the real-or-random (ROR) model and Burrows–Abadi–Needham (BAN) logic. In addition, we showed that our scheme withstands man-in-the-middle (MITM) and replay attacks utilizing formal security validation automated validation of internet security protocols and applications (AVISPA) simulation. Finally, we compared the performance of our protocol with existing schemes. Consequently, our scheme ensured better security and efficiency features than existing schemes and can be suitable for resource-constrained mobile environments.

scholarly journals Proving authentication property of PUF-based mutual authentication protocol based on logic of events

2021 ◽  
Author(s):  
Jiawen Song ◽  
Meihua Xiao ◽  
Tong Zhang ◽  
Haoyang Zhou
Keyword(s):  
Protocol Analysis ◽  
Mutual Authentication ◽  
Hardware Security ◽  
Authentication Protocol ◽  
Interaction Process ◽  
Authentication Protocols ◽  
Analysis Process ◽  
Security Properties ◽  
And Behavior ◽  
Mutual Authentication Protocol

AbstractPUF (Physical unclonable function) is a new hardware security primitive, and the research on PUFs is one of the emerging research focuses. For PUF-based mutual authentication protocols, a method to abstract the security properties of hardware by using logic of events is proposed, and the application aspects of logic of events are extended to protocols based on hardware security. With the interaction of PUF-based mutual authentication protocol formally described by logic of events, the basic sequences are constructed and the strong authentication property in protocol interaction process is verified. Based on the logic of events, the freshness of nonces is defined, and the persist rule is proposed according to the concept of freshness, which ensures the consistency of the protocol state and behavior predicate in the proof process, and reduces the complexity and redundancy in the protocol analysis process. Under reasonable assumptions, the security of the protocol is proven, and the fact that logic of events applies to PUF-based mutual authentication protocols is shown.

RFID Mutual Authentication Protocol Based on Chaos Key

2013 ◽  
Vol 846-847 ◽  
pp. 1519-1523
Author(s):  
Nan Zhang ◽  
Jian Hua Zhang ◽  
Jun Yang
Keyword(s):  
Radio Frequency Identification ◽  
Low Cost ◽  
Mutual Authentication ◽  
Authentication Protocol ◽  
Secret Key ◽  
Security Issues ◽  
Hash Algorithm ◽  
Frequency Identification ◽  
Chaos Sequences ◽  
Mutual Authentication Protocol

While radio frequency identification (RFID) is evolving as a major technology enabler for identifying and tracking goods and assets around the world, its security issues are also increasingly exposed. A Hash-based RFID mutual authentication protocol was put forward. The key was joined into the hash algorithm, and chaos sequences were used to update the key. The protocol enhances the security of the RFID system with low cost. Experiments show that the chaos system has the character of initial value sensitivity, which can be used to distribute and update the secret key. Safety analysis show that the mutual authentication protocol can solve security issues including eavesdropping, illegal access, masquerade, spoofing attack, position tracking.

scholarly journals Secure Key Agreement and Authentication Protocol for Message Confirmation in Vehicular Cloud Computing

2020 ◽  
Vol 10 (18) ◽  
pp. 6268
Author(s):  
JoonYoung Lee ◽  
SungJin Yu ◽  
MyeongHyun Kim ◽  
YoungHo Park ◽  
SangWoo Lee ◽  
...  
Keyword(s):  
Cloud Computing ◽  
Key Agreement ◽  
Mutual Authentication ◽  
Authentication Protocol ◽  
Internet Security ◽  
Malicious Attacks ◽  
Session Key ◽  
Vehicular Cloud Computing ◽  
Vehicular Cloud ◽  
Man In The Middle

With the development of vehicular ad-hoc networks (VANETs) and Internet of vehicles (IoVs), a large amount of useful information is generated for vehicle drivers and traffic management systems. The amount of vehicle and traffic information is as large as the number of vehicles and it is enormous when compared to vehicle calculation and storage performance. To resolve this problem, VANET uses a combined cloud computing technology, called vehicular cloud computing (VCC), which controls vehicle-related data, and helps vehicle drivers directly or indirectly. However, VANETs remain vulnerable to attacks such as tracking, masquerade and man-in-the-middle attacks because VANETs communicate via open networks. To overcome these issues, many researchers have proposed secure authentication protocols for message confirmation with vehicular cloud computing. However, many researchers have pointed out that some proposed protocols use ideal tamper-proof devices (TPDs). They demonstrated that realistic TPDs cannot prevent adversaries attack. Limbasiya et al. presented a message confirmation scheme for vehicular cloud computing using a realistic TPD in order to prevent these problems. However, their proposed scheme still has security weaknesses over a TPD and does not guarantee mutual authentication. This paper proposes a secure key agreement and authentication protocol to address the security weaknesses inherent in the protocol of Limbasiya et al. The suggested protocol withstands malicious attacks and ensures secure mutual authentication for privacy-preserving. We prove that the proposed protocol can provide session key security using Real-Or-Random (ROR) model. We also employed Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool to show that the proposed protocol is able to defeat replay and man-in-the-middle attacks. Furthermore, we established that the proposed protocol can resist other malicious attacks by conducting the informal security analysis. We proved that our proposed protocol is lightweight and suitable for VCC environments.

scholarly journals WSN-SLAP: Secure and Lightweight Mutual Authentication Protocol for Wireless Sensor Networks

Sensors ◽  
2021 ◽  
Vol 21 (3) ◽  
pp. 936
Author(s):  
Deok Kyu Kwon ◽  
Sung Jin Yu ◽  
Joon Young Lee ◽  
Seung Hwan Son ◽  
Young Ho Park
Keyword(s):  
Wireless Sensor Networks ◽  
Sensor Networks ◽  
Mutual Authentication ◽  
Authentication Protocol ◽  
Internet Security ◽  
Sensor Nodes ◽  
Wireless Sensor ◽  
Forward Secrecy ◽  
Perfect Forward Secrecy ◽  
Mutual Authentication Protocol

Wireless sensor networks (WSN) are widely used to provide users with convenient services such as health-care, and smart home. To provide convenient services, sensor nodes in WSN environments collect and send the sensing data to the gateway. However, it can suffer from serious security issues because susceptible messages are exchanged through an insecure channel. Therefore, secure authentication protocols are necessary to prevent security flaws in WSN. In 2020, Moghadam et al. suggested an efficient authentication and key agreement scheme in WSN. Unfortunately, we discover that Moghadam et al.’s scheme cannot prevent insider and session-specific random number leakage attacks. We also prove that Moghadam et al.’s scheme does not ensure perfect forward secrecy. To prevent security vulnerabilities of Moghadam et al.’s scheme, we propose a secure and lightweight mutual authentication protocol for WSNs (WSN-SLAP). WSN-SLAP has the resistance from various security drawbacks, and provides perfect forward secrecy and mutual authentication. We prove the security of WSN-SLAP by using Burrows-Abadi-Needham (BAN) logic, Real-or-Random (ROR) model, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation. In addition, we evaluate the performance of WSN-SLAP compared with existing related protocols. We demonstrate that WSN-SLAP is more secure and suitable than previous protocols for WSN environments.

scholarly journals Secure Authentication Protocol for Wireless Sensor Networks in Vehicular Communications

Sensors ◽  
2018 ◽  
Vol 18 (10) ◽  
pp. 3191 ◽  
Author(s):  
SungJin Yu ◽  
JoonYoung Lee ◽  
KyungKeun Lee ◽  
KiSung Park ◽  
YoungHo Park
Keyword(s):  
Wireless Sensor Networks ◽  
Sensor Networks ◽  
Mutual Authentication ◽  
Authentication Protocol ◽  
Internet Security ◽  
Wireless Sensor ◽  
Vehicular Communications ◽  
Security Issue ◽  
Session Key ◽  
Secure Authentication

With wireless sensor networks (WSNs), a driver can access various useful information for convenient driving, such as traffic congestion, emergence, vehicle accidents, and speed. However, a driver and traffic manager can be vulnerable to various attacks because such information is transmitted through a public channel. Therefore, secure mutual authentication has become an important security issue, and many authentication schemes have been proposed. In 2017, Mohit et al. proposed an authentication protocol for WSNs in vehicular communications to ensure secure mutual authentication. However, their scheme cannot resist various attacks such as impersonation and trace attacks, and their scheme cannot provide secure mutual authentication, session key security, and anonymity. In this paper, we propose a secure authentication protocol for WSNs in vehicular communications to resolve the security weaknesses of Mohit et al.’s scheme. Our authentication protocol prevents various attacks and achieves secure mutual authentication and anonymity by using dynamic parameters that are changed every session. We prove that our protocol provides secure mutual authentication by using the Burrows–Abadi–Needham logic, which is a widely accepted formal security analysis. We perform a formal security verification by using the well-known Automated Validation of Internet Security Protocols and Applications tool, which shows that the proposed protocol is safe against replay and man-in-the-middle attacks. We compare the performance and security properties of our protocol with other related schemes. Overall, the proposed protocol provides better security features and a comparable computation cost. Therefore, the proposed protocol can be applied to practical WSNs-based vehicular communications.

RFID Security Authentication Protocol Based on Hash for the Lightweight RFID Systems

2013 ◽  
Vol 380-384 ◽  
pp. 2831-2836
Author(s):  
Hong He ◽  
Qi Li ◽  
Zhi Hong Zhang
Keyword(s):  
Mutual Authentication ◽  
Authentication Protocol ◽  
Authentication Protocols ◽  
Privacy And Security ◽  
Rfid Systems ◽  
Security Authentication ◽  
Rfid System ◽  
Significant Performance ◽  
Rfid Authentication Protocols ◽  
Mutual Authentication Protocol

In order to solve the RFID authentication protocols, a new mutual authentication protocol based on Hash for the lightweight RFID system is proposed in this paper. Compared with several RFID authentication protocols with the similar structure, the proposed protocol can effectively solve the privacy and security of the RFID system, and it has significant performance advantages. It greatly reduces the amount storage and computation of tags.

Sign in / Sign up

Export Citation Format

Share Document