Research On Authentication Protocol For Internet Of Things

With the rapid development of the Internet of Things(IoT),the security and the privacy issues have become the key to restricting the development of IoT.Authentication protocols as the first line of defense play an irreplaceable role in IoT.This paper studies the authentication protocols for two typical scenarios in IoT,i.e.,IoT cloud environment and wireless sensor networks.The combination of IoT and cloud computing aims to solve the resource limitation problem in the storage and analytics of massive data in IoT.In IoT cloud environment,the data stored in the cloud server may involve the user's business secrets or personal privacy.As a key technology of real-time data acquisition,wireless sensor networks are widely used in many security-critical applications such as industrial monitoring and smart healthcare.The communication data is highly sensitive.In the above two scenarios,if the data is unauthorized accessed,or the communication data is tampered,it will bring immeasurable loss to human being.Hence,the high secure authentication protocol is essential to provide security and privacy protection.This paper proposes multiple high-secure authentication protocols for the security-critical applications in the two scenarios.On the basis of ensuring the security of authentication protocols,we concentrate on improving the efficiency.The contributions of this paper are summarized as follows.1.We propose an anonymous authentication scheme for IoT cloudenvironment using elliptic curve cryptosystem(ECC).Firstly,we reveal that Ali et al.'s biometrics-based authentication protocol using ECC has security flaws like insider attack,impersonation attack,and de-synchronization attack.And it cannot preserve three-factor security and forward secrecy.To eliminate these security flaws,we present an enhanced authentication scheme.The formal analysis under the random oracle model demonstrates that our new scheme provides semantic security.Burrows-Abadi-Needham logic(BAN)analysis demonstrates that our new scheme provides mutual authentication and session key establishment.In addition,the heuristic analysis shows that our new scheme can resist known attacks and preserves the desired features like three-factor security and forward secrecy.In addition,the performance comparison with related schemes shows that our new scheme provides better security with lower computation and communication overhead.2.We propose an anonymous authentication scheme for IoT cloud environment using chaotic maps.We reveals that Zhou et al.'s scheme has security flaws such as known session-specific temporary information attack,replay attack,user impersonation attack,server impersonation attack,etc.Furthermore,we propose a provably secure chaotic maps-based authentication scheme.The proposed scheme can fully guarantee data transmission secure.The security of the proposed scheme is fully demonstrated by using the formal analysis under the random oracle model,the heuristic analysis,and BAN logic analysis.It shows that the proposed scheme can resist known attacks and preserve three-factor security,user anonymity,and forward secrecy.Besides,the performance comparison indicates that our scheme achieves optimal security with acceptable overhead.3.We propose a robust authentication scheme for wireless medical sensor networks using Rabin cryptosystem and chaotic maps.Firstly,we point out Soni et al.'s scheme has security flaws,such as can not achieve three-factor security and forward secrecy,and sensor node capture attack.Furthermore,we propose an enhanced scheme to improve the security and efficiency.By utilizing Rabin cryptosystem and chaotic maps,the secure session key is established with the lowest computational overhead.We utilize several widely-accepted security analysis methods to verify the correctness and the security of our new scheme.The performance comparison indicates that our new scheme is superior to the related schemes in terms of security and efficiency,and it has low cost for the sensor node.4.We propose an anonymous authentication scheme for industrial wireless sensor networks using Chebyshev chaotic maps.Firstly,we point out that Aghili et al.'s protocol has serious security flaws.With user identity and sensor node's identity,the attacker can launch desynchronization attack,sensor node impersonation attack,and session key disclosure attack.Furthermore,we propose a provably secure biometrics-based authentication scheme.Our new scheme meets the security and efficiency requirements of industrial wireless sensor networks.The formal analysis and informal analysis are utilized to demonstrate the security of our new scheme.Compared with the related schemes,our new scheme is more practical.5.We proposes a provably secure multi-gateway authentication scheme for IoT-based green agriculture.The proposed scheme accords with the evaluation criteria for industrial wireless sensor networks.We use BAN logic proof,the formal analysis under random oracle model,and the heuristic analysis to prove the proposed scheme can resist known attacks and realize the security attributes such as forward security,three-factor security,and good repairability.The performance analysis shows that the proposed scheme achieves more security attributes and has high efficiency.The proposed scheme is more practical.