Internet of Things (IoT) is a network of interconnected smart devices which provides tremendous benefits and can be applied in various fields including, but not limited to, healthcare, monitoring, and transportation. Since late of 2019, the world faces coronavirus (COVID-19) which has harmful consequences in humans’ life and economy. Reducing human interaction is the most important health measure to avoid the spread of the infection. In this context, leveraging IoT and cloud-based technology help to remedy COVID-19 consequences by means of enabling individuals to manage their essential activities remotely with minimum engagement. However, sharing and gathering sensitive information over public insecure channel brings enormous security risks. To avoid these risks, we present a new practical lightweight multi-factor authentication and authorization scheme for real-time data access in IoT cloud-based environment, called LMAAS-IoT. Our scheme is suitable for, but not limited to, managing large scale systems such as health infrastructures. LMAAS-IoT is secure, efficient and strengthens user anonymity using dynamic index. Our design supports high scalability systems with efficient user registration process in which the legitimate user can access current as well as newly added system entities without further processes. We employed “one-way cryptographic hash functions” along with “bitwise XOR operations”. In addition, a fuzzy extractor algorithm is used at user side to verify user’s biometric information. LMAAS-IoT is analyzed for security with the help of the widely used “Real-Or-Random (ROR)” model; proof of correctness using BAN-logic; formal security verification using the broadly accepted “Automated Validation of Internet Security Protocols and Applications (AVISPA)” tool as well as the informal security analysis. LMAAS-IoT is also implemented using NS-3.31 simulator to demonstrate the practicability of our design. Finally, LMAAS-IoT provides more desired attributes and achieves mutual authentication with low computation and communication cost compared with other existing schemes.

物联网 (IoT) 是互连智能设备的网络，具有巨大的优势，可应用于各个领域，包括但不限于医疗保健、监控和交通。自 2019 年底以来，世界面临着冠状病毒 (COVID-19)，它对人类的生活和经济造成了有害的后果。减少人际交往是避免感染传播的最重要的健康措施。在这种情况下，利用物联网和基于云的技术通过使个人能够以最少的参与度远程管理其基本活动，有助于弥补 COVID-19 的后果。然而，通过公共不安全的渠道共享和收集敏感信息会带来巨大的安全风险。为了避免这些风险，我们提出了一种新的实用轻量级多因素身份验证和授权方案，用于基于 IoT 云的环境中的实时数据访问，称为 LMAAS-IoT。我们的方案适用于但不限于管理大型系统，例如卫生基础设施。LMAAS-IoT 安全、高效，并使用动态索引增强用户匿名性。我们的设计支持具有高效用户注册过程的高可扩展性系统，其中合法用户可以访问当前和新添加的系统实体，而无需进一步的过程。我们采用了“单向加密哈希函数”和“按位异或运算”。此外，在用户端使用模糊提取器算法来验证用户的生物特征信息。借助广泛使用的“真实或随机（ROR）”模型对 LMAAS-IoT 进行安全分析；使用 BAN-logic 证明正确性；使用广泛接受的“互联网安全协议和应用程序的自动验证 (AVISPA)”工具以及非正式安全分析进行正式安全验证。LMAAS-IoT 也使用 NS-3.31 模拟器实现，以证明我们设计的实用性。最后，与其他现有方案相比，LMAAS-IoT 提供了更多所需的属性并以较低的计算和通信成本实现了相互认证。