Mehdi Hosseinzadeh
Toward designing a secure authentication protocol for IoT environments
Hosseinzadeh, Mehdi; Malik, Mazhar Hussain; Safkhani, Masoumeh; Bagheri, Nasour; Le, Quynh Hoang; Tightiz, Lilia; Mosavi, Amir H.
Authors
Dr Mazhar Malik Mazhar.Malik@uwe.ac.uk
Associate Director Intelligent Systems
Masoumeh Safkhani
Nasour Bagheri
Quynh Hoang Le
Lilia Tightiz
Amir H. Mosavi
Abstract
Authentication protocol is a critical part of any application to manage the access control in many applications. A former research recently proposed a lightweight authentication scheme to transmit data in an IoT subsystem securely. Although the designers presented the first security analysis of the proposed protocol, that protocol has not been independently analyzed by third-party researchers, to the best of our knowledge. On the other hand, it is generally agreed that no cryptosystem should be used in a practical application unless its security has been verified through security analysis by third parties extensively, which is addressed in this paper. Although it is an efficient protocol by design compared to other related schemes, our security analysis identifies the non-ideal properties of this protocol. More specifically, we show that this protocol does not provide perfect forward secrecy. In addition, we show that it is vulnerable to an insider attacker, and an active insider adversary can successfully recover the shared keys between the protocol’s entities. In addition, such an adversary can impersonate the remote server to the user and vice versa. Next, the adversary can trace the target user using the extracted information. Finally, we redesign the protocol such that the enhanced protocol can withstand all the aforementioned attacks. The overhead of the proposed protocol compared to its predecessor is only 15.5% in terms of computational cost.
Journal Article Type | Article |
---|---|
Acceptance Date | Jan 16, 2023 |
Online Publication Date | Mar 29, 2023 |
Publication Date | Apr 1, 2023 |
Deposit Date | Apr 28, 2023 |
Publicly Available Date | Apr 28, 2023 |
Journal | Sustainability (Switzerland) |
Electronic ISSN | 2071-1050 |
Publisher | MDPI |
Peer Reviewed | Peer Reviewed |
Volume | 15 |
Issue | 7 |
Pages | 5934 |
Series Title | This article belongs to the Special Issue Emerging Technologies, Sustainable Engineering and Cybersecurity in the Digital Age |
DOI | https://doi.org/10.3390/su15075934 |
Keywords | Article, internet of things, security, authentication, key agreement, multi-factor, smart-card, hash function, insider attacker, key compromised impersonation, key recovery, 94A62 |
Public URL | https://uwe-repository.worktribe.com/output/10613106 |
Publisher URL | https://www.mdpi.com/2071-1050/15/7/5934 |
Files
Toward designing a secure authentication protocol for IoT environments
(690 Kb)
PDF
Licence
http://creativecommons.org/licenses/by/4.0/
Publisher Licence URL
http://creativecommons.org/licenses/by/4.0/
You might also like
An adaptive opportunistic routing scheme for reliable data delivery in WSNs
(2018)
Presentation / Conference Contribution
Managing Congestion in Vehicular Networks Using Tabu Search
(2018)
Presentation / Conference Contribution
Max-gain relay selection scheme for wireless networks
(2020)
Journal Article
Rectangular antenna with vertical slots implemented for WLAN applications
(2019)
Presentation / Conference Contribution
Downloadable Citations
About UWE Bristol Research Repository
Administrator e-mail: repository@uwe.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search