Internet of Things (IoT) is a newly emerged paradigm where multiple embedded devices, known as things, are connected via the Internet to collect, share, and analyze data from the environment. In order to overcome the limited storage and processing capacity constraint of IoT devices, it is now possible to integrate them with cloud servers as large resource pools. Such integration, though bringing applicability of IoT in many domains, raises concerns regarding the authentication of these devices while establishing secure communications to cloud servers. Recently, Kumari et al proposed an authentication scheme based on elliptic curve cryptography (ECC) for IoT and cloud servers and claimed that it satisfies all security requirements and is secure against various attacks. In this paper, we first prove that the scheme of Kumari et al is susceptible to various attacks, including the replay attack and stolen-verifier attack. We then propose a lightweight authentication protocol for secure communication of IoT embedded devices and cloud servers. The proposed scheme is proved to provide essential security requirements such as mutual authentication, device anonymity, and perfect forward secrecy and is robust against security attacks. We also formally verify the security of the proposed protocol using BAN logic and also the Scyther tool. We also evaluate the computation and communication costs of the proposed scheme and demonstrate that the proposed scheme incurs minimum computation and communication overhead, compared to related schemes, making it suitable for IoT environments with low processing and storage capacity. 相似文献
The elliptic curve cryptosystem (ECC) has recently received significant attention by researchers due to its high performance, low computational cost, and small key size. In this paper, an efficient key management and derivation scheme based on ECC is proposed to solve dynamic access problems in a user hierarchy. Compared to previous ECC based works, the proposed method does not require constructing interpolate polynomials, therefore, the computational complexity of key generation and key derivation is significantly reduced. At the same time, time complexity of adding/deleting security classes, modifying their relationships, and changing of secret keys is decreased in the proposed method. 相似文献
Wireless body area networks (WBANs) are a network designed to gather critical information about the physical conditions of patients and to exchange this information. WBANs are prone to attacks, more than other networks, because of their mobility and the public channel they use. Therefore, mutual authentication and privacy protection are critical for WBANs to prevent attackers from accessing confidential information of patients and executing undetectable physical attacks. In addition, in the authentication and key agreement process, messages should be transferred anonymously such that they are not linkable. In this paper, we first indicate that one of the most recently introduced authentication protocol is vulnerable to the wrong session key agreement attack and desynchronization attack. Second, we propose a lightweight authentication and key agreement protocol, which can withstand the well‐known attacks and provide the anonymity feature. Eventually, we analyze the security of our proposed protocol using both Automated Validation of Internet Security Protocols and Applications (AVISPA) and random oracle model and compare its performance with the related works. The results demonstrate the superiority of our proposed protocol in comparison with the other protocols. 相似文献
With the growth of the internet, development of IP based services has increased. Voice over IP (VoIP) technology is one of the services which works based on the internet and packet switching networks and uses this structure to transfer the multimedia data e.g. voices and images. Recently, Chaudhry et al., Zhang et al. and Nikooghadam et al. have presented three authentication and key agreement protocols, separately. However, in this paper, it is proved that the presented protocols by Chaudhry et al. and also Nikooghadam et al. do not provide the perfect forward secrecy, and the presented protocol by Zhang et al. not only is vulnerable to replay attack, and known session-specific temporary information attack, but also does not provide user anonymity, re-registration and revocation, and violation of fast error detection. Therefore, a secure and efficient two-factor authentication and key agreement protocol is presented. The security analysis proves that our proposed protocol is secure against various attacks. Furthermore, security of proposed scheme is formally analyzed using BAN logic and simulated by means of the AVISPA tool. The simulation results demonstrate security of presented protocol against active and passive attacks. The communication and computation cost of the proposed scheme is compared with previously proposed authentication schemes and results confirm superiority of the proposed scheme.
Tele-medical information system provides an efficient and convenient way to connect patients at home with medical personnel in clinical centers. In this system, service providers consider user authentication as a critical requirement. To address this crucial requirement, various types of validation and key agreement protocols have been employed. The main problem with the two-way authentication of patients and medical servers is not built with thorough and comprehensive analysis that makes the protocol design yet has flaws. This paper analyzes carefully all aspects of security requirements including the perfect forward secrecy in order to develop an efficient and robust lightweight authentication and key agreement protocol. The secureness of the proposed protocol undergoes an informal analysis, whose findings show that different security features are provided, including perfect forward secrecy and a resistance to DoS attacks. Furthermore, it is simulated and formally analyzed using Scyther tool. Simulation results indicate the protocol’s robustness, both in perfect forward security and against various attacks. In addition, the proposed protocol was compared with those of other related protocols in term of time complexity and communication cost. The time complexity of the proposed protocol only involves time of performing a hash function Th, i.e.,: O(12Th). Average time required for executing the authentication is 0.006 seconds; with number of bit exchange is 704, both values are the lowest among the other protocols. The results of the comparison point to a superior performance by the proposed protocol. 相似文献
Nowadays with widespread employment of the Internet, servers provide various services for legal users. The vital issue in client/server connections is authentication protocols that make the communication channel safe and secure against famous attacks. Recently, Kumari et al. and Chaudhry et al. proposed two authentication and key agreement protocols and illustrated that their proposed protocols are secure against various security attacks. However, in this paper we demonstrate that both protocols are vulnerable to off-line password guessing attacks. Moreover, we show that Kumari et al.’s protocol does not provide the property of user anonymity. In order to overcome these weaknesses, we propose a lightweight authentication and key agreement protocol. The correctness of the proposed protocol is proved using BAN logic. Security analysis demonstrates that the proposed protocol resists various security attacks and provides user anonymity. Furthermore, performance analysis confirms that the computation cost of the proposed protocol is acceptable.
The Journal of Supercomputing - The integration of information technologies into the current power grid has raised significant security concerns for the advanced metering infrastructure (AMI).... 相似文献
In smart grid, bidirectional communications between the smart meters and control center are subject to several security challenges. Since the smart meters have limited storage space and processing capability, the suggested communication scheme not only must consider the security requirements but also should put the least possible burden on the smart meters' resources. In 2014, an interesting communication scheme has been proposed for the secure consumption reports transmission of the smart meters to the neighbor gateways. In this paper, we first show that this scheme is vulnerable to the smart meter's memory modification, pollution, and denial of service attacks; then, we propose an authenticated communication scheme, which not only is secure against the aforementioned attacks, but also is much more efficient in terms of storage space, communication overhead, and computational complexity. Moreover, our scheme also presents the details of control messages transmission from the neighborhood gateways to the smart meters. Our comparative analysis with several recently published schemes indicates that the proposed scheme is more suitable than the previous ones. More significantly, our realistic implementation on ATmega2560, as a suitable candidate to be used for the smart meters, confirms our claim. 相似文献
Huang et al. has recently proposed an efficient key management and access control scheme for mobile agent environments based on Elliptic Curve Cryptosystem (ECC). Although their scheme provides superior efficiency in comparison with the previous works, however some active attacks threaten its security. In this paper a new dynamic key management scheme based on ECC is proposed that is secure and also is efficient in computation cost. Analyzing the security criteria and performance confirms suitability of the proposed scheme for mobile agent environments. 相似文献
下载免费PDF全文