A secure remote user authentication scheme for 6LoWPAN-based Internet of Things

One of the significant challenges in the Internet of Things (IoT) is the provisioning of guaranteed security and privacy, considering the fact that IoT devices are resource-limited. Oftentimes, in IoT applications, remote users need to obtain real-time data, with guaranteed security and privacy, from resource-limited network nodes through the public Internet. For this purpose, the users need to establish a secure link with the network nodes. Though the IPv6 over low-power wireless personal area networks (6LoWPAN) adaptation layer standard offers IPv6 compatibility for resource-limited wireless networks, the fundamental 6LoWPAN structure ignores security and privacy characteristics. Thus, there is a pressing need to design a resource-efficient authenticated key exchange (AKE) scheme for ensuring secure communication in 6LoWPAN-based resource-limited networks. This paper proposes a resource-efficient secure remote user authentication scheme for 6LoWPAN-based IoT networks, called SRUA-IoT. SRUA-IoT achieves the authentication of remote users and enables the users and network entities to establish private session keys between themselves for indecipherable communication. To this end, SRUA-IoT uses a secure hash algorithm, exclusive-OR operation, and symmetric encryption primitive. We prove through informal security analysis that SRUA-IoT is secured against a variety of malicious attacks. We also prove the security strength of SRUA-IoT through formal security analysis conducted by employing the random oracle model. Additionally, we prove through Scyther-based validation that SRUA-IoT is resilient against various attacks. Likewise, we demonstrate that SRUA-IoT reduces the computational cost of the nodes and communication overheads of the network.

Comments on ‘A Dynamic ID-Based Remote User Authentication Scheme’

The initial version of this paper was published in https://www.sciencedirect.com/science/article/abs/pii/S0920548906000122?via=ihub

Comments on ‘A Dynamic ID-Based Remote User Authentication Scheme’

The initial version of this paper was published in https://www.sciencedirect.com/science/article/abs/pii/S0920548906000122?via=ihub

Lattice-based remote user authentication from reusable fuzzy signature

In this paper, we introduce a new construction of reusable fuzzy signature based remote user authentication that is secure against quantum computers. We investigate the reusability of fuzzy signature, and we prove that the fuzzy signature schemes provide biometrics reusability (aka. reusable fuzzy signature). We define formal security models for the proposed construction, and we prove that it achieves user authenticity and user privacy. The proposed construction ensures: 1) a user’s biometrics can be securely reused in remote user authentication; 2) a third party having access to the communication channel between a user and the authentication server cannot identify the user.

An Efficient and Robust Remote User Authentication Method

<p>Wu-Chieu proposed an enhanced remote user authentication scheme to improve the security of a user-friendly remote user authentication scheme with smart cards. However, we demonstrate that their scheme is vulnerable and susceptible to the attacks and can easily be cryptanalyzed. Their scheme performs only unilateral authentication (only client authentication) and there is no mutual authentication between user and remote system, so their scheme suscepts from the server spoofing attack. Furthermore, their scheme is slower in detecting the wrong input-password, and users cannot change their passwords. This paper proposes an efficient and secure remote authentication scheme to solve the problems found in Wu-Chieu’s scheme. In addition, the computational costs and efficiency of the proposed scheme is better than other related published schemes.</p>