Cited By
View all- Cao ZYe H(2025)Comment on “Efficient design of an authenticated key agreement protocol for dew-assisted IoT systems”The Journal of Supercomputing10.1007/s11227-024-06661-181:1Online publication date: 1-Jan-2025
A Lightweight, Secure Big Data-Based Authentication and Key-Agreement Scheme for IoT with Revocability
Authors: 
Behnam Zahednejad, Huang Teng, Saeed Kosari, Ren Xiaojun Academic Editor: Mohammad R. KhosraviAuthors Info & Claims
Behnam Zahednejad, Huang Teng, Saeed Kosari, Ren Xiaojun Academic Editor: Mohammad R. KhosraviAuthors Info & ClaimsAbstract
With the rapid development of Internet of Things (IoT), designing a secure two-factor authentication scheme for IoT is becoming increasingly demanding. Two-factor protocols are deployed to achieve a higher security level than single-factor protocols. Given the resource constraints of IoT devices, other factors such as biometrics are ruled out as additional authentication factors due to their large overhead. Smart cards are also prone to side-channel attacks. Therefore, historical big data have gained interest recently as a novel authentication factor in IoT. In this paper, we show that existing big data-based schemes fail to achieve their claimed security properties such as perfect forward secrecy (PFS), key compromise impersonation (KCI) resilience, and server compromise impersonation (SCI) resilience. Assuming a real strong attacker rather than a weak one, we show that previous schemes not only fail to provide KCI and SCI but also do not provide real two-factor security and revocability and suffer inside attack. Then, we propose our novel scheme which can indeed provide real two-factor security, PFS, KCI, and inside attack resilience and revocability of the client. Furthermore, our performance analysis shows that our scheme has reduced modular exponentiation operation and multiplication for both the client and the server compared to Liu et al.’s scheme which reduces the execution time by one third for security levels of λ=128. Moreover, in order to cope with the potential threat of quantum computers, we suggest using lightweight XMSS signature schemes which provide the desired security properties with λ=128 bit postquantum security. Finally, we prove the security of our proposed scheme formally using both the real-or-random model and the ProVerif analysis tool.
References
[1]
A. C. F. Chan, J. W. Wong, J. Zhou, and J. Teo, “Scalable two-factor authentication using historical data,” in European Symposium on Research in Computer Security, pp. 91–110, Springer, Berlin, Germany, 2016.
[2]
B. Liu, Q. Tang, and J. Zhou, “Bigdata-facilitated two-party authenticated key exchange for iot,” in International Conference on Information Security, pp. 95–116, Springer, Berlin, Germany, 2021.
[3]
Y. Zhang, H. Xian, and A. Yu, “Csnn: password guessing method based on Chinese syllables and neural network,” Peer-to-Peer Networking and Applications, vol. 13, no. 6, pp. 2237–2250, 2020.
[4]
T. Sabhanayagam, V. P. Venkatesan, and K. Senthamaraikannan, “A comprehensive survey on various biometric systems,” International Journal of Applied Engineering Research, vol. 13, no. 5, pp. 2276–2297, 2018.
[5]
M. K. Sharma and M. J. Nene, “Dual factor third-party biometric-based authentication scheme using quantum one time passwords,” Security and Privacy, vol. 3, no. 6, p. e129, 2020.
[6]
J. Diaz, “Hackers Unlock Any Phone Using Photographed Fingerprints in Just 20 minutes,” 2019, https://www.tomsguide.com/news/hackers-unlock-any-phone-using-photographed-fingerprints-in-just-20-minutes.
[7]
Q. Jiang, J. Ma, F. Wei, Y. Tian, J. Shen, and Y. Yang, “An untraceable temporal-credential-based two-factor authentication scheme using ecc for wireless sensor networks,” Journal of Network and Computer Applications, vol. 76, pp. 37–48, 2016.
[8]
X. Li, J. Niu, S. Kumari, F. Wu, A. K. Sangaiah, and K. K. R. Choo, “A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments,” Journal of Network and Computer Applications, vol. 103, pp. 194–204, 2018.
[9]
S. Roy, S. Chatterjee, A. K. Das, S. Chattopadhyay, S. Kumari, and M. Jo, “Chaotic map-based anonymous user authentication scheme with user biometrics and fuzzy extractor for crowdsourcing internet of things,” IEEE Internet of Things Journal, vol. 5, no. 4, pp. 2884–2895, 2018.
[10]
J. Srinivas, A. K. Das, M. Wazid, and N. Kumar, “Anonymous lightweight chaotic map-based authenticated key agreement protocol for industrial internet of things,” IEEE Transactions on Dependable and Secure Computing, vol. 17, no. 6, pp. 1133–1146, 2020.
[11]
F. Wang, G. Xu, and G. Xu, “A provably secure anonymous biometrics-based authentication scheme for wireless sensor networks using chaotic map,” IEEE Access, vol. 7, 101608 pages, 2019.
[12]
D. Kumar, H. K. Singh, and C. Ahlawat, “A secure three-factor authentication scheme for wireless sensor networks using ecc,” Journal of Discrete Mathematical Sciences and Cryptography, vol. 23, no. 4, pp. 879–900, 2020.
[13]
H. Abdi Nasib Far, M. Bayat, A. Kumar Das, M. Fotouhi, S. M. Pournaghi, and M. A. Doostari, “Laptas: lightweight anonymous privacy-preserving three-factor authentication scheme for wsn-based iiot,” Wireless Networks, vol. 27, no. 2, pp. 1389–1412, 2021.
[14]
F. Raque, M. Obaidat, K. Mahmood, M. F. Ayub, J. Ferzund, and S. A. Chaudhry, “An efficient and provably secure certificateless protocol for industrial internet of things,” IEEE Transactions on Industrial Informatics, vol. 18, no. 11, pp. 8039–8046, 2022.
[15]
M. Saeed, M. Kamrul Hasan, R. Hassan, R. Mokhtar, R. A Saeed, E. Saeid, and M. Gupta, “Preserving privacy of user identity based on pseudonym variable in 5g,” Computers, Materials & Continua, vol. 70, no. 3, pp. 5551–5568, 2022.
[16]
S. Amanlou, M. K. Hasan, and K. A. A. Bakar, “Lightweight and secure authentication scheme for iot network based on publish–subscribe fog computing model,” Computer Networks, vol. 199, 2021.
[17]
R. H. Jhaveri, S. J. Patel, and D. C. Jinwala, “Dos attacks in mobile ad hoc networks: a survey,” in Proceedings of the 2012 Second International Conference on Advanced Computing & Communication Technologies, pp. 535–541, Rohtak, India, January 2012.
[18]
P. Gope and B. Sikdar, “Privacy-aware authenticated key agreement scheme for secure smart grid communication,” IEEE Transactions on Smart Grid, vol. 10, no. 4, pp. 3953–3962, 2019.
[19]
W. Bian, P. Gope, Y. Cheng, and Q. Li, “Bio-aka: an efficient fingerprint based two factor user authentication and key agreement scheme,” Future Generation Computer Systems, vol. 109, pp. 45–55, 2020.
[20]
J. Zhao, W. Bian, D. Xu, B. Jie, X. Ding, W. Zhou, and H. Zhang, “A secure biometrics and pufs-based authentication scheme with key agreement for multi-server environments,” IEEE Access, vol. 8, 45303 pages, 2020.
[21]
H. Zhang, W. Bian, B. Jie, D. Xu, and J. Zhao, “A complete user authentication and key agreement scheme using cancelable biometrics and puf in multi-server environment,” IEEE Transactions on Information Forensics and Security, vol. 16, pp. 5413–5428, 2021.
[22]
Y. Zheng, Y. Cao, and C. H. Chang, “Udhashing: physical unclonable function-based user-device hash for endpoint authentication,” IEEE Transactions on Industrial Electronics, vol. 66, no. 12, pp. 9559–9570, 2019.
[23]
B. Liu, Q. Tang, and J. Zhou, “Modular framework for constructing iot-server ake in post-quantum setting,” IEEE Access, vol. 10, 71611 pages, 2022.
[24]
J. Brainard, A. Juels, R. L. Rivest, M. Szydlo, and M. Yung, “Fourth-factor authentication: somebody you know,” in Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 168–178, Alexandria, VA, USA, October 2006.
[25]
A. A. Yavuz and M. O. Ozmen, “Ultra Lightweight Multiple-Time Digital Signature for the Internet of Things Devices,” IEEE Transactions on Services Computing, vol. 15, no. 1, pp. 215–227, 2019.
[26]
M. A. Strangio, “On the resilience of key agreement protocols to key compromise impersonation,” in European Public Key Infrastructure Workshop, pp. 233–247, Springer, Berlin, Germany, 2006.
[27]
A. Daniel and B. Lejla, “Initial Recommendations of Long-Term Secure post-quantum Systems,” 2015, https://pqcrypto.eu.org/slides/recommendations-20150907.pdf.
[28]
S. D. Galbraith, “Authenticated Key Exchange for Sidh,” 2018, https://eprint.iacr.org/2018/266.
[29]
X. Xu, H. Xue, K. Wang, M. H. Au, and S. Tian, “Strongly secure authenticated key exchange from supersingular isogenies,” in International Conference on the Theory and Application of Cryptology and Information Security, pp. 278–308, Springer, Berlin, Germany, 2019.
[30]
J. Ding, S. Alsayigh, J. Lancrenon, S. Rv, and M. Snook, “Provably secure password authenticated key exchange based on rlwe for the post-quantum world,” in Cryptographers’ Track at the RSA Conference, pp. 183–204, Springer, Berlin, Germany, 2017.
[31]
R. Pino, V. Lyubashevsky, and D. Pointcheval, “The whole is less than the sum of its parts: constructing more efficient lattice-based akes,” in International Conference on Security and Cryptography for Networks, pp. 273–291, Springer, Berlin, Germany, 2016.
[32]
S. Ghosh, R. Misoczki, and M. R. Sastry, “Lightweight post-quantum-secure Digital Signature Approach for Iot Motes,” 2019, https://eprint.iacr.org/2019/122.
[33]
M. Abdalla, P. A. Fouque, and D. Pointcheval, “Password-based authenticated key exchange in the three-party setting,” IEE Proceedings - Information Security, vol. 153, no. 1, pp. 27–39, 2006.
[34]
GitHub, “Our Source Code,” 2022, https://github.com/Crypto164/AKEwithBigdata/.
[35]
B. Zahednejad, “A Lightweight, Secure Big Data-Based Authentication and Key-Agreement Scheme for Iot with Revocability,” 2022, https://eprint.iacr.org/2022/1080.
Recommendations
A secure password-based authentication and key agreement scheme using smart cards
Authentication schemes present a user-friendly and scalable mechanism to establish the secure and authorized communication between the remote entities over the insecure public network. Later, several authentication schemes have proposed in the ...
Secure public-key encryption scheme without random oracles
Since the first practical and secure public-key encryption scheme without random oracles proposed by Cramer and Shoup in 1998, Cramer-Shoup's scheme and its variants remained the only practical and secure public-key encryption scheme without random ...
Enhancement on strongly secure group key agreement
In 2011, Zhao et al. presented a new security model of group key agreement GKA by considering ephemeral secret leakage ESL attacks. Meanwhile, they proposed a strongly secure GKA protocol under the new model. In this paper, two security weaknesses on ...
Comments
Information & Contributors
Information
Published In
Copyright © 2023 Behnam Zahednejad et al.
This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Publisher
John Wiley and Sons Ltd.
United Kingdom
Publication History
Published: 01 January 2023
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 18 Jan 2025
Other Metrics
Citations
Cited By
View all- Cao ZYe H(2025)Comment on “Efficient design of an authenticated key agreement protocol for dew-assisted IoT systems”The Journal of Supercomputing10.1007/s11227-024-06661-181:1Online publication date: 1-Jan-2025