Top

Peer-to-Peer Networking and Applications

Published in:

27-06-2022

EPSAPI: An efficient and provably secure authentication protocol for an IoT application environment

Authors: Bahaa Hussein Taher Algubili, Neeraj Kumar, Hongwei Lu, Ali A. Yassin, Rihab Boussada, Alzahraa J. Mohammed, Huiyu Liu

Published in: Peer-to-Peer Networking and Applications | Issue 5/2022

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

With the increasing and rapid deployment of the Internet of Things (IoT), it has become necessary to design an efficient secure user authentication protocol to reduce security vulnerabilities and attacks that affect the performance of IoT applications. During the last decade, several authentication protocols have been proposed to provide secure communication between remote users and the IoT sensor nodes. Nevertheless, most of these contributions have serious security vulnerabilities and high computational overhead at the IoT sensor node side. In this article, we present a secure three-factor (i.e., password, biometrics, and smart device) user authentication and key agreement protocol (EPSAPI) based on the chaotic maps (CMs) and the fuzzy extractor to reduce the overhead on the IoT sensor node side. It satisfies the required security features and provides efficient communication and computational overheads for a restricted IoT environment. In addition, an informal and formal security analysis, including the Real-Or-Random (ROR) model, Burrows-Abadi-Needham (BAN) logic, and the popular simulation tool Automated Validation of Internet Security Protocols and Applications (AVISPA), concludes that the EPSAPI protocol is provably secure and can withstand all possible well-known attacks. Finally, the presented protocol is better than other recent protocols by performance comparison and it is practical by simulation study through the widely used tool NS-3.

previous article Service function path selection methods for multi-layer satellite networks

next article A new design of intrusion detection in IoT sector using optimal feature selection and high ranking-based ensemble learning model

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Available only for authorised users

Jia X, Hu N, Su S, Yin S, Zhao Y, Cheng X, Zhang C (2020) IRBA: An Identity-Based Cross-Domain Authentication Scheme for the Internet of Things.Electronics634

Ostad-Sharif A, Arshad H, Nikooghadam M, Abbasinezhad-Mood D (2019) Three party secure data transmission in IoT networks through design of a lightweight authenticated key agreement scheme. Futur Gener Comput Syst 100:882–892CrossRef

Zhang J, Wang Y, Li S, Shi S (2020) An Architecture for IoT-enabled smart transportation security system: A geospatial approach. IEEE Internet Things J 6205–6213

Zhao H, Yue H, Gu T, Li C, Zhou D (2021) Low delay and seamless connectivity-based message propagation mechanism for VANET of VCPS. Wireless Pers Commun 118(4):3385–3402CrossRef

Wu F, Li X, Sangaiah AK, Xu L, Kumari S, Wu L, Shen J (2018) A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks. Future Gener Comput Syst 727–737

Alexakis G, Panagiotakis S, Fragkakis A, Markakis E, Vassilakis K (2019) Control of smart home operations using natural language processing, voice recognition and IoT technologies in a multi-tier architecture. Designs 32

Magaia N, Fonseca R, Muhammad K, Segundo AHF, Neto AVL, de Albuquerque VHC (2020) Industrial internet of things security enhanced with deep learning approaches for smart cities. IEEE Internet Things J 6393–6405

Wan J, Chen M, Xia F, Li D, Zhou K (2013) From machine-to-machine communications towards cyber-physical systems. Comput Sci Inf Syst 1105–1128

Gubbi J, Buyya R, Marusic S, Palaniswami M (2013) Internet of Things (IoT): A vision, architectural elements, and future directions. Future Gener Comput Syst 1645–1660

10.

Li CT, Hwang MS (2010) An efficient biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 1–5

11.

Khan SH, Akbar MA, Shahzad F, Farooq M, Khan Z (2015) Secure biometric template generation for multi-factor authentication. Pattern Recognit 458–472

12.

Taher BH, Jiang S, Yassin AA, Lu H (2019) Low-overhead remote user authentication protocol for iot based on a fuzzy extractor and feature extraction. IEEE Access 148950–148966

13.

Mahmood Z, Ullah A, Ning H (2018) Distributed multiparty key management for efficient authentication in the Internet of things. IEEE Access 29460–29473

14.

Shamir A (1984) Identity-based cryptosystems and signature schemes. In Workshop on the theory and application of cryptographic techniques, pp. 47–53, Springer, Berlin, Heidelberg

15.

Chatterjee S, Roy S, Das AK, Chattopadhyay S, Kumar N, Vasilakos AV (2016) Secure biometric-based authentication scheme using Chebyshev chaotic map for multi-server environment. IEEE Trans Depend Secur Comput 824–839

16.

Yu Y, Taylor O, Li R, Sunagawa B (2021) An extended chaotic map-based authentication and key agreement scheme for multi-server environment. Mathematics 9(8):798CrossRef

17.

Roy S, Chatterjee S, Das AK, Chattopadhyay S, Kumari S, Jo M (2017) Chaotic map-based anonymous user authentication scheme with user biometrics and fuzzy extractor for crowdsourcing Internet of Things. IEEE Internet Things J 2884–2895

18.

Li W, Cheng H, Wang P (2019) Secure chaotic maps-based authentication scheme for real-time data access In Internet of Things. In 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security) (pp. 1–8). IEEE

19.

Challa S, Wazid M, Das AK, Kumar N, Reddy AG, Yoon EJ, Yoo KY (2017) Secure signature-based authenticated key establishment scheme for future IoT applications. IEEE Access 3028–3043

20.

Porambage P, Braeken A, Schmitt C, Gurtov A, Ylianttila M, Stiller B (2015) Group key establishment for enabling secure multicast communication in wireless sensor networks deployed for IoT applications. IEEE Access 1503–1511

21.

Jia X, He D, Li L, Choo KKR (2018) Signature-based three-factor authenticated key exchange for internet of things applications. Multimed Tools Appl 18355–18382

22.

Moon J, Lee D, Lee Y, Won D (2017) Improving biometric-based authentication schemes with smart card revocation / reissue for wireless sensor networks. Sensors 940

23.

Wang C, Wang D, Tu Y, Xu G, Wang H (2020) Understanding node capture attacks in user authentication schemes for wireless sensor networks. IEEE Trans Depend Secur Comput 1–1

24.

Maurya AK, Sastry VN (2017) Fuzzy extractor and elliptic curve based efficient user authentication protocol for wireless sensor networks and Internet of Things. Information 8(4):136CrossRef

25.

Shin S, Kwon T (2020) A privacy-preserving authentication, authorization, and key agreement scheme for wireless sensor networks in 5G-integrated Internet of Things. IEEE Access 67555–67571‏

26.

Li X, Niu J, Bhuiyan MZA, Wu F, Karuppiah M, Kumari S (2017) A robust ECC-based provable secure authentication protocol with privacy preserving for industrial internet of things. IEEE Trans Ind Inf 3599–3609

27.

Kavianpour S, Shanmugam B, Azam S, Zamani M, Narayana Samy G, De Boer F (2018) A systematic literature review of authentication in internet of things for heterogeneous devices. J Comput Netw Commun2019

28.

Ali R, Pal AK (2018) An efficient three factor–based authentication scheme in multiserver environment using ECC. Int J Commun Syst 31(4):e3484

29.

Wang F, Xu G, Wang C, Peng J (2019) A provably secure biometrics-based authentication scheme for multiserver environment. Secur Commun Netw

30.

Li X, Niu J, Kumari S, Wu F, Sangaiah AK, Choo KKR (2018) A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments. J Netw Comput Appl 103:194–204

31.

Ryu J, Lee H, Kim H, Won D (2018) Secure and efficient three-factor protocol for wireless sensor networks. Sensors 4481

32.

Wang F, Xu G, Xu G (2019) provably secure anonymous biometrics-based authentication scheme for wireless sensor networks using chaotic map. IEEE Access 101596–101608

33.

Tai WL, Chang YF, Hou PL (2019) Security analysis of a three-factor anonymous authentication scheme for wireless sensor networks in Internet of Things environments. Int J Netw Secur 1014–1020

34.

Zhao H, Yue H, Gu T, Li W (2019) CPS-based reliability enhancement mechanism for vehicular emergency warning system. Int J Intell Transp Syst Res 17(3):232–241

35.

Mo J, Hu Z, Chen H, Shen W (2019) An efficient and provably secure anonymous user authentication and key agreement for mobile cloud computing. Wirel Commun Mob Computi

36.

Ghani A, Mansoor K, Mehmood S, Chaudhry SA, Rahman AU, Najmus Saqib M (2019) Security and key management in IoT-based wireless sensor networks: an authentication protocol using symmetric key. Int J Commun Syst 32(16):e4139

37.

Martínez-Peláez R, Toral-Cruz H, Parra-Michel JR, García V, Mena LJ, Félix VG, Ochoa-Brust A (2019) An enhanced lightweight IoT-based authentication scheme in cloud computing circumstances. Sensors 19(9):2098CrossRef

38.

39.

Chen Y, Ge Y, Wang Y, Zeng Z (2019) An improved three-factor user authentication and key agreement scheme for wireless medical sensor networks. IEEE Access 7:85440–85451

40.

Wang F, Xu G, Xu G, Wang Y, Peng J (2020) A robust IoT-based three-factor authentication scheme for cloud computing resistant to session key exposure. Wirel Commun Mob Comput

41.

Wu F, Li X, Xu L, Vijayakumar P, Kumar N (2020) A novel three-factor authentication protocol for wireless sensor networks with IoT notion. IEEE Syst J

42.

Lee CC (2013) A simple key agreement scheme based on chaotic maps for VSAT satellite communications. Int J Satell Commun Network 31(4):177–186CrossRef

43.

He D, Kumar N, Lee JH, Sherratt RS (2014) Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Trans Consum Electron 30–37

44.

Tsai JL, Lo NW (2015) A chaotic map‐based anonymous multi‐server authenticated key agreement protocol using smart card. Int J Commun Syst1955–1963

45.

Bergamo P, D'Arco P, De Santis A, Kocarev L (2005) Security of public-key cryptosystems based on Chebyshev polynomials. IEEE Trans Circuits Syst I Regul Pap 1382–1393

46.

Irshad A, Sher M, Ashraf MU, Alzahrani BA, Wu F, Xie Q, Kumari S (2017) An improved and secure chaotic-map based multi-server authentication protocol based on lu et al. and Tsai and Lo’s scheme. Wirel Person Commun 3185–3208

47.

Lin HY (2015) Improved chaotic maps-based password-authenticated key agreement using smart cards. Commun Nonlinear Sci Numer Simul 482–488

48.

Guo C, Chang CC (2013) Chaotic maps-based password-authenticated key agreement using smart cards. Commun Nonlinear Sci Numer Simul 1433–1440

49.

Wu F, Xu L (2017) A chaotic map-based authentication and key agreement scheme with user anonymity for cloud computing. Int Conf Cloud Comput Secur 189–200

50.

Li J, Zhang W, Kumari S, Choo KKR, Hogrefe D (2018) Security analysis and improvement of a mutual authentication and key agreement solution for wireless sensor networks using chaotic maps. Trans Emerg Telecommun Technol e3295

51.

Kumari S, Li X, Wu F, Das AK, Arshad H, Khan MK (2016) A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps. Futur Gener Comput Syst 63:56–75

52.

Lee CC, Li CT, Chiu ST, Lai YM (2015) A new three-party-authenticated key agreement scheme based on chaotic maps without password table. Nonlinear Dyn 2485–2495

53.

Irshad A, Chaudhry SA, Xie Q, Li X, Farash MS, Kumari S, Wu F (2018) An enhanced and provably secure chaotic map-based authenticated key agreement in multi-server architecture. Arab J Sci Eng 43(2):811–828CrossRef

54.

Zhang S, Du X, Liu X (2020) A Secure Remote Mutual Authentication Scheme Based on Chaotic Map for Underwater Acoustic Networks. IEEE Access 48285–48298

55.

Zhao H, Chen Q, Shi W, Gu T, Li W (2019) Stability analysis of an improved car-following model accounting for the driver’s characteristics and automation. Phys A 526MathSciNetCrossRef

56.

Jabbari A, Mohasefi JB (2019) Improvement in new three-party-authenticated key agreement scheme based on chaotic maps without password table. Nonlinear Dyn 3177–3191

57.

Zhang L (2008) Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos Solit Fractals 669–674

58.

Challa S, Das AK, Gope P, Kumar N, Wu F, Vasilakos AV (2020) Design and analysis of authenticated key agreement scheme in cloud-assisted cyber–physical systems. Futur Gener Comput Syst 108:1267–1286CrossRef

59.

Dodis Y, Reyzin L, Smith A (2017) In security with noisy data: On private biometrics, secure key storage and anti-counterfeiting, pp. 79–99. Springer-Verlag

60.

Masud M, Gaba GS, Choudhary K, Hossain MS, Alhamid MF, Muhammad G (2021) Lightweight and anonymity-preserving user authentication scheme for IoT-based healthcare. IEEE Internet Things J 1–1

61.

Burrows M, Abadi M, Needham RM (1989) A logic of authentication. Proc R Soc London A Math Phys Sci 233–271

62.

Wang D, Wang P (2016) Two birds with one stone: Two-factor authentication with security beyond conventional bound. IEEE Trans Dependable Secure Comput 15(4):708–722

63.

Almuhaya MA, Jabbar WA, Sulaiman N, Abdulmalek S (2022) A survey on LoRaWAN technology: Recent trends, opportunities. Simul Tools Future Direct Electron 11(1):164

Title: EPSAPI: An efficient and provably secure authentication protocol for an IoT application environment
Authors: Bahaa Hussein Taher Algubili
Neeraj Kumar
Hongwei Lu
Ali A. Yassin
Rihab Boussada
Alzahraa J. Mohammed
Huiyu Liu
Publication date: 27-06-2022
Publisher: Springer US
Published in: Peer-to-Peer Networking and Applications / Issue 5/2022
Print ISSN: 1936-6442
Electronic ISSN: 1936-6450
DOI: https://doi.org/10.1007/s12083-022-01328-1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 5/2022

A novel defense mechanism to protect users from profile cloning attack on Online Social Networks (OSNs)

A high performance two-layer consensus architecture for blockchain-based IoT systems

An enhanced mutually authenticated security protocol with key establishment for cloud enabled smart vehicle to grid network

A new design of intrusion detection in IoT sector using optimal feature selection and high ranking-based ensemble learning model

A lightweight pairing-free ciphertext-policy attribute-based signcryption for cloud-assisted IoT

Privacy-preserving “Check-in Award” Service in Location-based Social Networks

Premium Partner