Multi-factor User Authentication Protocol For Internet Of Things

The Internet of Things is a network which extends on the Internet.It has been scaled up to multiple areas such as transportation.Its development is accompanied by the networking of multiple devices,in which wearable devices are more common and can provide services such as collecting personal data and monitoring patient status.However,devices are portable and ubiquitous and often used in public environments,which increases the likelihood of malicious attacks and also brings security issues such as personal privacy leaks and unauthorized access to information stored in the device.Therefore,as one of the key means to solve the problem of sensitive data privacy and security protection,authentication is the focus of this paper.Some scholars have proposed several authentication protocols for wearable devices.However,these protocols still have shortcomings,or in terms of security,they cannot simultaneously satisfy defense for common attacks and provide the required security properties,or in terms of efficiency,there exist unnecessary calculations,making the computational complexity fail to achieve higher security demand.Therefore,the paper studies the authentication protocol in the wearable environment,and analyzes the existing schemes from the two application scenarios of single registration center and multiple registration centers,and proposes improvement schemes,namely user-center cloud-assisted three-factor authentication protocol for wearable devices as UC-3FA and cross-domain cloud-assisted three-factor authentication protocol for wearable devices as CD-3FA.In a single registry scenario,the wearable device and the smart terminal held by the user are registered on the same cloud server.Firstly,the paper analyzes the three-factor authentication protocol proposed by Das et al.,and points out two security flaws,namely,it can not resist offline password guessing attack and desynchronization attack.Secondly,the paper proposes the UC-3FA scheme.We adjusted the network model based on Das et al.,and added a cloud server with strong computing power to reduce the storage and computation burden of equipment.At the same time,considering the efficiency of communication,users can act between wearable devices and cloud servers.The relay role enables the wearable device to establish a direct connection with the cloud server,reducing the amount of traffic and embodying the user-centric feature.Specifically,the scheme uses a fuzzy extractor to protect biometric privacy,introduces a fuzzy verifier to solve offline password guessing attacks,avoids desynchronization attacks with a temporary identity state table,and uses elliptic curve cryptography to enhance the strong confidentiality of the protocol.Finally,a comprehensive security analysis of the UC-3FA scheme is given,in particular,for session key security and mutual authentication security,we also use the formal analysis tool Pro Verif for verification.Safety and efficiency comparisons with related schemes demonstrate the safety and utility of the UC-3FA scheme.In a multi-registration center scenario,the smart terminal and the wearable device in different security domains register with the cloud server in the domain.Firstly,this paper proposes a cross-domain cloud-assisted model for the case where smart terminals access the wearable devices in different domains,and takes the medical remote assisted scene as an example.Secondly,this paper proposes a three-factor authentication scheme CD-3FA for cross-domain cloud-assisted wearable devices,so that devices located in different domains are respectively registered with the cloud server of the domain,and the issuance of access credentials is realized by means of inter-cloud communication.The device then performs subsequent communications based on this credential.Finally,a comprehensive security analysis of the CD-3FA scheme is performed.In particular,we also present a provable security analysis under the random oracle model and a comparison of the security and performance of the relevant schemes.