An improved lightweight anonymous user authenticated session key exchange scheme for Internet of Things
- PDF / 2,328,842 Bytes
- 17 Pages / 595.276 x 790.866 pts Page_size
- 11 Downloads / 210 Views
ORIGINAL RESEARCH
An improved lightweight anonymous user authenticated session key exchange scheme for Internet of Things Devender Kumar1 · Siddharth Jain2 · Aasif Khan2 · Pranav Sarv Pathak2 Received: 15 December 2019 / Accepted: 5 September 2020 © Springer-Verlag GmbH Germany, part of Springer Nature 2020
Abstract Due to the myriad applications of the Internet of Things (IoT) in various sectors like healthcare, military, industry, safety, etc., there is also a need to secure these systems efficiently. The devices in such networks need to provide services to users in a secure manner. User authentication is a mechanism through which we can provide secure communication between IoT devices. Recently Banerjee et al. outlined a lightweight anonymous user authenticated session key exchange scheme for Internet of Things deployment, which uses three-factor authentication of a user such as smart card, password and biometric. In this paper, we cryptanalyze their scheme and find that it is not secure against smart card loss attack and stolen verifier attack. Then we have proposed an improved scheme to overcome the weaknesses of their scheme. We present the formal security analysis of our scheme using the random oracle model and informal security analysis to show that our scheme is secure against many known attacks. Its formal security verification is carried out using ProVerif tool. Its performance analysis is carried out with the related schemes which shows that our scheme is more secure than other schemes. Also, our scheme does not contain any storage table at the gateway side for authentication. Keywords Internet of Things · User authentication · Session key agreement · Security · Smart card loss attack · Stolen verifier attack
1 Introduction Internet of Things (IoT) is redefining our lifestyle and changing the way we interact with technologies by providing us with various facilities. For example, the sensors in air conditioners regularly send data about its temperature and its current state to the company so that they can inform the customer to get their appliance checked before the appliance stops functioning. Another application of IoT is inventory management. The smart bar code scanners instantly transmit the data regarding the purchase of the item to the manufacturer. This way the manufacturer can keep a real-time track on its inventory. We have another example in the medical field where we need to capture data pertaining to the various devices installed with the patients. The data captured is
* Devender Kumar [email protected] 1
Department of Information Technology, NSUT, New Delhi, India
Division of Information Technology, NSIT, New Delhi, India
2
related to circadian rhythms, rate of heartbeats, blood pressure which is extremely imperative in nature. Such kind of data should not be compromised in any form or manner to any external malicious party. Similarly, military and intelligence incorporate IoT devices for real-time surveillance, data collection from different military platforms including a
Data Loading...
