The rise of Smart Cities with underlying adoptions of technologies like the IoT and Cloud Computing has made the integration between them a promising field with different challenges including security. Authentication is one of the foremost attempts to address these issues. Allowing direct device-to-device rather than only device-to-service communications can introduce several benefits like high data transmission rate and reliable communications even when the central clouds fail. However, the resource constraint nature of IoT devices makes it more difficult to develop secure protocols that can provide a sustainable deployment in practice. This article proposes an authentication scheme extension providing secure control from resourceful cloud servers to devices while also enabling the direct secure communications between them. The scheme is designed to use ECC and low-cost operations to provide efficient resource and energy consumption. The protocol correctness is proven by using a formal security analysis with BAN-logic. Detailed analysis is presented to show its resilience to common attacks. A performance analysis is also given to show the scheme's practical value as it only consumes at most 29 mJ on each device in addition to the amount required by the original protocol.

随着IoT和云计算等技术的基础采用，智慧城市的兴起使它们之间的集成成为一个充满希望的领域，面临着包括安全性在内的各种挑战。身份验证是解决这些问题的最重要尝试之一。允许直接的设备到设备通信，而不是仅允许设备到服务通信，可以带来一些好处，例如，即使中央云出现故障，也可以实现高数据传输速率和可靠的通信。但是，物联网设备的资源约束性质使开发安全协议在实践中提供可持续部署变得更加困难。本文提出了一种身份验证方案扩展，该扩展提供了从资源丰富的云服务器到设备的安全控制，同时还支持它们之间的直接安全通信。该方案旨在使用ECC和低成本操作来提供有效的资源和能源消耗。通过使用带有BAN-logic的正式安全分析来证明协议的正确性。进行了详细分析，以显示其对常见攻击的抵抗力。还进行了性能分析，以显示该方案的实用价值，因为除原始协议所需的数量外，该方案在每个设备上最多仅消耗29 mJ。