Skip to main content
SpringerLink
Log in

A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Internet of things (IoT) has become a new era of communication technology for performing information exchange. With the immense increment of usage of smart devices, IoT services become more accessible. To perform secure transmission of data between IoT network and remote user, mutual authentication, and session key negotiation play a key role. In this research, we have proposed an ECC-based three-factor remote user authentication scheme that runs in the smart device and preserves privacy, and data confidentiality of the communicating user. To support our claim, multiple cryptographic attacks are analyzed and found that the proposed scheme is not vulnerable to those attacks. Finally, the computation and communication overheads of the proposed scheme are compared with other existing protocols to confirm that the proposed scheme is lightweight. A formal security analysis using AVISPA simulation tool has been done that confirms the proposed scheme is robust against relevant security threats.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

References

  1. Ahmed MR, Huang X, Sharma D, Cui H (2012) Wireless sensor network: characteristics and architectures. Int J Electr Comput Energ Electron Commun Eng 6(12):1398–1401

    Google Scholar 

  2. Henze M, Hermerschmidt L, Kerpen D, Häußling R, Rumpe B, Wehrle K (2016) A comprehensive approach to privacy in the cloud-based Internet of Things. Future Gener Comput Syst 56:701–718

    Google Scholar 

  3. Jing Q, Vasilakos VA, Wan J, Lu J, Qiu D (2014) Security of the Internet of Things: perspectives and challenges. Wirel Netw 20(8):2481–2501

    Google Scholar 

  4. Li L (2012) Study on security architecture in the Internet of Things. In: 2012 International Conference on Measurement, Information and Control (MIC), vol 1. IEEE, pp 374–377

  5. Wu F, Xu L, Kumari S, Li X, Shen J, Choo KKR, Das AK (2017) An efficient authentication and key agreement scheme for multi-gateway wireless sensor networks in IoT deployment. J Netw Comput Appl 89:72–85

    Google Scholar 

  6. Amin R, Kumar N, Biswas GP, Iqbal R, Chang RV (2018) A light weight authentication protocol for IoT-enabled devices in distributed Cloud Computing environment. Future Gener Comput Syst 78:1005–1019

    Google Scholar 

  7. Atzori L, Iera A, Morabito G (2010) The internet of things: a survey. Comput Netw 54(15):2787–2805

    MATH  Google Scholar 

  8. Jiang Q, Wei F, Fu S, Ma J, Li G, Alelaiwi A (2016) Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy. Nonlinear Dyn 83(4):2085–2101

    MathSciNet  MATH  Google Scholar 

  9. Wazid M, Das AK, Odelu V, Kumar N, Conti M, Jo M (2018) Design of secure user authenticated key management protocol for generic iot networks. IEEE Internet of Things J 5(1):269–282

    Google Scholar 

  10. Das AK, Goswami A (2015) A robust anonymous biometric-based remote user authentication scheme using smart cards. J King Saud Univ Comput Inf Sci 27(2):193–210

    Google Scholar 

  11. Kumari S, Li X, Wu F, Das AK, Arshad H, Khan MK (2016) A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps. Future Gener Comput Syst 63:56–75

    Google Scholar 

  12. Souissi I, Azzouna NB, Said LB (2019) A multi-level study of information trust models in WSN-assisted IoT. Comput Netw 151:12–30

    Google Scholar 

  13. Weber RH (2010) Internet of Things-New security and privacy challenges. Comput Law Secur Rev 26(1):23–30

    Google Scholar 

  14. Gubbi J, Buyya R, Marusic S, Palaniswami M (2013) Internet of Things (IoT): a vision, architectural elements, and future directions. Future Gener Comput Syst 29(7):1645–1660

    Google Scholar 

  15. Chang E, Thomson P, Dillon T, Hussain F (2005) The fuzzy and dynamic nature of trust. In: International Conference on Trust, Privacy and Security in Digital Business. Springer, Berlin, pp 161–174

  16. Yan Z, Zhang P, Vasilakos AV (2014) A survey on trust management for Internet of Things. J Netw Comput Appl 42:120–134

    Google Scholar 

  17. Xue K, Ma C, Hong P, Ding R (2013) A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. J Netw Comput Appl 36(1):316–323

    Google Scholar 

  18. Wang D, Zhang X, Zhang Z, Wang P (2020) Understanding security failures of multi-factor authentication schemes for multi-server environments. Comput Secur 88:101619

    Google Scholar 

  19. Sood SK, Sarje AK, Singh K (2010) An improvement of Wang et al.’s authentication scheme using smart cards. In: 2010 National Conference on Communications (NCC). IEEE, pp 1–5

  20. Song R (2010) Advanced smart card based password authentication protocol. Comput Standards Interfaces 32(5–6):321–325

    Google Scholar 

  21. Chen TH, Hsiang HC, Shih WK (2011) Security enhancement on an improvement on two remote user authentication schemes using smart cards. Future Gener Comput Syst 27(4):377–380

    Google Scholar 

  22. Kumari S, Khan MK (2014) Cryptanalysis and improvement of ‘a robust smart-card-based remote user password authentication scheme’. Int J Commun Syst 27(12):3939–3955

    Google Scholar 

  23. Mishra D, Das AK, Chaturvedi A, Mukhopadhyay S (2015) A secure password-based authentication and key agreement scheme using smart cards. J Inf Secur Appl 23:28–43

    Google Scholar 

  24. Sharma G, Kalra S (2018) A lightweight multi-factor secure smart card based remote user authentication scheme for cloud-IoT applications. J Inf Secur Appl 42:95–106

    Google Scholar 

  25. Porambage QP, Schmitt C, Kumar P, Gurtov A, Ylianttila M (2014) Two-phase authentication protocol for wireless sensor networks in distributed IoT applications. In: Proceedings of IEEE Wireless Communications and Networking Conference (WCNC), Istanbul, Turkey, pp 2728–2733

  26. Turkanović M, Brumen B, Hölbl M (2014) A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion. Ad Hoc Netw 20:96–112

    Google Scholar 

  27. Amin R, Biswas GP (2016) A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks. Ad Hoc Netw 36:58–80

    Google Scholar 

  28. Kalra S, Sood SK (2015) Secure authentication scheme for IoT and cloud servers. Pervasive Mob Comput 24:210–223

    Google Scholar 

  29. Kumari S, Karuppiah M, Das AK, Li X, Wu F, Kumar N (2018) A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers. J Supercomput 74(12):6428–6453

    Google Scholar 

  30. Chang C-C, Le H-D (2016) A provably secure, efficient, and flexible authentication scheme for ad hoc wireless sensor networks. IEEE Trans Wirel Commun 15(1):357–366

    MathSciNet  Google Scholar 

  31. Dhillon PK, Kalra S (2017) A lightweight biometrics based remote user authentication scheme for IoT services. J Inf Secur Appl 34:255–270

    Google Scholar 

  32. Souri A, Norouzi M (2019) A state-of-the-art survey on formal verification of the internet of things applications. J Serv Sci Res 11(1):47–67

    Google Scholar 

  33. Challa S, Wazid M, Das AK, Kumar N, Reddy AG, Yoon EJ, Yoo KY (2017) Secure signature-based authenticated key establishment scheme for future IoT applications. IEEE Access 5:3028–3043

    Google Scholar 

  34. Fakroon M, Alshahrani M, Gebali F, Traore I (2020) Secure remote anonymous user authentication scheme for smart home environment. Internet of Things, p 100158

  35. Hussain K, Jhanjhi NZ, Mati-ur-Rahman H, Hussain J, Islam MH (2019) Using a systematic framework to critically analyze proposed smart card based two factor authentication schemes. J King Saud Univ Comput Inf Sci 2019

  36. Shuai M, Yu N, Wang H, Xiong L (2019) Anonymous authentication scheme for smart home environment with provable security. Comput Secur 86:132–146

    Google Scholar 

  37. Hankerson D, Menezes AJ, Vanstone S (2006) Guide to elliptic curve cryptography. Springer, Berlin

    MATH  Google Scholar 

  38. Kapoor V, Abraham VS, Singh R (2008) Elliptic curve cryptography. Ubiquity 20:7

    Google Scholar 

  39. Koblitz N (2000) Towards a quarter-century of public key cryptography. Kluwer Academic, Dordrecht

    MATH  Google Scholar 

  40. Miller VS (1985) Use of elliptic curves in cryptography. In: Conference on the Theory and Application of Cryptographic Techniques. Springer, Berlin, pp 417–426

  41. Stallings W (2006) Cryptography and network security: principles and practices. Pearson Education India

  42. Ray S, Biswas GP (2012) Establishment of ECC-based initial secrecy usable for IKE implementation. In: Proceedings of World Congress on Expert Systems (WCE)

  43. Ray S, Biswas GP (2011) Design of mobile-PKI for using mobile phones in various applications. In: 2011 International Conference on Recent Trends in Information Systems (ReTIS). IEEE, pp 297–302

  44. Ray S, Biswas GP (2012) An ECC based public key infrastructure usable for mobile applications. In: Proceedings of the Second International Conference on Computational Science, Engineering and Information Technology. ACM, pp 562–568

  45. Ray S, Biswas GP, Dasgupta M (2016) Secure multi-purpose mobile-banking using elliptic curve cryptography. Wirel Pers Commun 90(3):1331–1354

    Google Scholar 

  46. Paar C, Pelzl J (2009) Understanding cryptography: a textbook for students and practitioners. Springer, Berlin

    MATH  Google Scholar 

  47. Guajardo J, Paar C (1997) Efficient algorithms for elliptic curve cryptosystems. In: Annual International Cryptology Conference. Springer, Berlin, pp 342–356

  48. Moon AH, Iqbal U, Bhat GM (2016) Mutual entity authentication protocol based on ECDSA for WSN. Proc Comput Sci 89:187–192

    Google Scholar 

  49. Lynn B (2007) On the implementation of pairing-based cryptosystems (Doctoral dissertation, Stanford University)

  50. Kilinc HH, Yanik T (2014) A survey of SIP authentication and key agreement schemes. IEEE Commun Surv Tutor 16(2):1005–1023

    Google Scholar 

  51. He D, Gao Y, Chan S, Chen C, Bu J (2010) An enhanced two-factor user authentication scheme in wireless sensor networks. Ad hoc Sens Wirel Netw. 10(4):361–371

    Google Scholar 

  52. Hernández-Ramos JL, Moreno MV, Bernabé JB, Carrillo DG, Skarmeta AF (2015) SAFIR: secure access framework for IoT-enabled services on smart buildings. J Comput Syst Sci 81(8):1452–1463

    MathSciNet  Google Scholar 

  53. Viganò L (2006) Automated security protocol analysis with the AVISPA tool. Electron Notes Theor Comput Sci 155:61–86

    Google Scholar 

  54. Reddy G, Das AK, Yoon E, Yoo K (2016) A secure anonymous authentication protocol for mobile services on elliptic curve cryptography. IEEE Access 4:4394–4407

    Google Scholar 

  55. Islam SKH, Amin R, Biswas GP, Farash MS, Li X, Kumari S (2017) An improved three party authenticated key exchange protocol using hash function and elliptic curve cryptography for mobile-commerce environments. J King Saud Univ Comput Inf Sci 29(3):311–324

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, National Institute of Technology Sikkim, Ravangla, 737139, India

    Dipanwita Sadhukhan & Sangram Ray

  2. Department of Computer Science and Engineering, Indian Institute of Technology (ISM), Dhanbad, Jharkhand, 826004, India

    G. P. Biswas

  3. Center of Excellence in Information Assurance, King Saud University, Riyadh, 11653, Kingdom of Saudi Arabia

    M. K. Khan

  4. Department of Computer Application, National Institute of Technology Raipur, Raipur, 492010, India

    Mou Dasgupta

Authors
  1. Dipanwita Sadhukhan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sangram Ray
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. G. P. Biswas
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. M. K. Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mou Dasgupta
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sangram Ray.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sadhukhan, D., Ray, S., Biswas, G.P. et al. A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography. J Supercomput 77, 1114–1151 (2021). https://doi.org/10.1007/s11227-020-03318-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-020-03318-7

Keywords

Search

Navigation