Skip to main content
SpringerLink
Log in

Secure and lightweight authentication protocol for anonymous data access in cloud assisted IoT system

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

Rapid evolution of IoT technologies has virtually made connectivity of all the real world objects to the internet possible with the help of tiny embedded devices also known as IoT devices. The IoT devices are equipped with some type of sensors which enables it to integrate with real world objects and gather different information from its surrounding environment and communicate to the user through internet (Perera et al. in IEEE Trans Emerg Top Comput 3(4):585–598, 2015). But constrained resources like compute, memory and power limits its application areas. Integration of IoT devices with cloud server overcomes these limitations and makes it suitable for practical applications (Nikooghadam and Amintoosi in Int J Commun Syst 36(1):e4332, 2020; Guntuku and Pasupuleti in 2018 3rd International Conference on Internet of Things: Smart Innovation and Usages (IoT-SIU), 2018). Often these IoT devices are positioned at network edge and communicates using wireless insecure channel which leaves all messages exposed to adversary and creates a severe security concern. Authentication between IoT device and cloud server is the first and important step to achieve secure communication. Due to limited power and demand of long life for deployed IoT device, the authentication protocols must be highly secure and lightweight. In this paper, we propose a mutual authentication scheme which is more secure and performance optimized and accomplish authentication with minimum message exchange. We prove its security with informal analysis, formal BAN logic based verification and RoR model. We have also simulated this protocol using AVISPA tool and shows protocol as attack safe.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Data availability

Not applicable.

References

  1. Perera C, Liu CH, Jayawardena S (2015) The emerging internet of things marketplace from an industrial perspective: a survey. IEEE Trans Emerg Top Comput 3(4):585–598

    Article  Google Scholar 

  2. Nikooghadam M, Amintoosi H (2020) Secure communication in CloudIoT through design of a lightweight authentication and session key agreement scheme. Int J Commun Syst 36(1):e4332

    Article  Google Scholar 

  3. Guntuku C, Pasupuleti SK (2018) Secure authentication scheme for internet of things in cloud. In: 2018 3rd International Conference on Internet of Things: Smart Innovation and Usages (IoT-SIU). pp 1–7

  4. Dohr A, Modre-Opsrian R, Drobics M, Hayn D, Schreier G (2010) The internet of things for ambient assisted living. In: 2010 Seventh International Conference on Information Technology: New Generations. pp 804–809

  5. Statista (2023) New internet of things (IoT) connections in 2025 compared to 2019. https://www.statista.com/statistics/1101127/new-iot-connections-by-2025/. Accessed 30 Mar 2023

  6. Roy S, Chatterjee S, Das AK, Chattopadhyay S, Kumari S, Jo M (2018) Chaotic map-based anonymous user authentication scheme with user biometrics and fuzzy extractor for crowdsourcing internet of things. IEEE Internet Things J 5(4):2884–2895

    Article  Google Scholar 

  7. Wazid M, Das AK, Odelu V, Kumar N, Conti M, Jo M (2018) Design of secure user authenticated key management protocol for generic IoT networks. IEEE Internet Things J 5(1):269–282

    Article  Google Scholar 

  8. Challa S, Wazid M, Das AK, Kumar N, Reddy A, Yoon E-J, Kee-Young Y (2017) Secure signature-based authenticated key establishment scheme for future iot applications. IEEE Access 5:3028–3043

    Article  Google Scholar 

  9. Bharathi MV, Tanguturi RC, Jayakumar C, Selvamani K (2012) Node capture attack in wireless sensor network: a survey. In: 2012 IEEE International Conference on Computational Intelligence and Computing Research. pp 1–3

  10. Challa S, Das AK, Kumari S, Odelu V, Wu F, Li X (2016) Provably secure three-factor authentication and key agreement scheme for session initiation protocol. Secur Commun Netw 9(18):5412–5431

    Article  Google Scholar 

  11. Kumari S, Karuppiah M, Das AK, Li X, Wu F, Kumar N (2018) A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers. J Supercomput 74(12):6428–6453

    Article  Google Scholar 

  12. Kalra S, Sood SK (2015) Secure authentication scheme for IoT and cloud servers. Pervasive Mob Comput 24:210–223. Special Issue on Secure Ubiquitous Computing

  13. He D, Cai Y, Zhu S, Zhao Z, Chan S, Guizani M (2023) A lightweight authentication and key exchange protocol with anonymity for IoT. IEEE Trans Wirel Commun 1–1

  14. Amin R, Islam S, Biswas G, Khan K, Obaidat M (2015) Design and analysis of an enhanced patient-server mutual authentication protocol for telecare medical information system. J Med Syst 39:1–20

    Article  Google Scholar 

  15. Sureshkumar V, Amin R, Vijaykumar V, Sekar SR (2019) Robust secure communication protocol for smart healthcare system with FPGA implementation. Futur Gener Comput Syst 100:938–951

    Article  Google Scholar 

  16. Jiang Q, Jianfeng M, Guangsong L, Yang L (2013) An enhanced authentication scheme with privacy preservation for roaming service in global mobility networks. Wirel Pers Commun 68(4):1477–1491

    Article  Google Scholar 

  17. Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772

    Article  Google Scholar 

  18. Fink GA, Edgar TW, Rice TR, MacDonald DG, Crawford CE (2017) Overview of security and privacy in cyber-physical systems in security and privacy in cyber-physical systems

  19. Xie SWQ, Liu W, Han L, Hu B, Wu T (2014) Improvement of a uniqueness-and-anonymity-preserving user authentication scheme for connected health care. J Med Syst 38:1–10

    Article  CAS  Google Scholar 

  20. Xu L, Wu F (2015) Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. J Med Syst 39:179

    Article  Google Scholar 

  21. Das AK (2016) A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks. Peer Peer Netw Appl 9(1):233–244

    MathSciNet  Google Scholar 

  22. Wu F, Xu L, Kumari S, Li X (2018) An improved and provably secure three-factor user authentication scheme for wireless sensor networks. Peer Peer Netw Appl 11:1–20

    Article  Google Scholar 

  23. Chuang Y-H, Lo N-W, Yang C-Y, Tang S-W (2018) A lightweight continuous authentication protocol for the internet of things. Sensors 18(4)

  24. Li X, Niu J, Kumari S, Wu F, Sangaiah AK, Choo K-KR (2018) A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments. J Netw Comput Appl 103:194–204

    Article  Google Scholar 

  25. Tai W-L, Chang Y-F, Hou P-L (2019) Security analysis of a threefactor anonymous authentication scheme for wireless sensor networks. Int J Netw Secur 21:1014–1020

    Google Scholar 

  26. Melki R, Noura HN, Chehab A (2020) Lightweight multi-factor mutual authentication protocol for iot devices. Int J Inf Secur 19(6):679–694

    Article  Google Scholar 

  27. Kumar V, Ahmad M, Mishra D, Kumari S, Khan MK (2020) RSEAP: RFID based secure and efficient authentication protocol for vehicular cloud computing. Veh Commun 22

  28. Shahidinejad A, Ghobaei-Arani M, Souri A, Shojafar M, Kumari S (2022) Light-edge: a lightweight authentication protocol for IoT devices in an edge-cloud environment. IEEE Consum Electron Mag 11(2):57–63

    Article  Google Scholar 

  29. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29:198–208

    Article  MathSciNet  Google Scholar 

  30. Messerges T, Dabbish E, Sloan R (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  Google Scholar 

  31. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. Advances in Cryptology – CRYPTO’ 99. Berlin, Heidelberg. Springer, Berlin Heidelberg, pp 388–397

  32. Abdalla M, Fouque P-A, Pointcheval D (2005) Password-based authenticated key exchange in the three-party setting. In: Vaudenay S (ed) Public Key Cryptography - PKC 2005 (Berlin, Heidelberg). Springer, Berlin Heidelberg, pp 65–84

    Chapter  Google Scholar 

  33. Chatterjee S, Roy S, Das AK, Chattopadhyay S, Kumar N, Vasilakos AV (2018) Secure biometric-based authentication scheme using Chebyshev chaotic map for multi-server environment. IEEE Trans Dependable Secure Comput 15(5):824–839

    Article  Google Scholar 

  34. Kilinc HH, Yanik T (2014) A survey of sip authentication and key agreement schemes. IEEE Commun Surv Tutorials 16(2):1005–1023

    Article  Google Scholar 

Download references

Funding

No funding was received from any organization for this manuscript.

Author information

Author notes

  1. R. Padmavathi and Santanu Chatterjee contributed equally to this work.

Authors and Affiliations

  1. CSE, National Institute of Technology(NIT), Warangal, 506004, Telangana, India

    Vinod Mahor & R. Padmavathy

  2. DICT, Research Centre Imarat(RCI), Vignyana Kancha, Hyderabad, 500069, Telangana, India

    Santanu Chatterjee

Authors
  1. Vinod Mahor
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. R. Padmavathy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Santanu Chatterjee
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

All authors directly contributed in preparation of this manuscript.

Corresponding author

Correspondence to Vinod Mahor.

Ethics declarations

Ethics approval

Not applicable.

Consent to publish

All authors collectively agreed for publication of this manuscript.

Conflict of interest

All the authors have no conflict or competing interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article is part of the Topical Collection: 4 - Track on IoT

Guest Editor: Peter Langendoerfer

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mahor, V., Padmavathy, R. & Chatterjee, S. Secure and lightweight authentication protocol for anonymous data access in cloud assisted IoT system. Peer-to-Peer Netw. Appl. 17, 321–336 (2024). https://doi.org/10.1007/s12083-023-01590-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-023-01590-x

Keywords

Search

Navigation