A provably secure and lightweight anonymous user authenticated session key exchange scheme for internet of things deployment

Banerjee, Soumya, Odelu, Vanga, Das, Ashok Kumar, Srinivas, Jangirala, Kumar, Neeraj, Chattopadhyay, Samiran and Choo, Kim-Kwang Raymond (2019) A provably secure and lightweight anonymous user authenticated session key exchange scheme for internet of things deployment. IEEE Internet of Things Journal, 6 (5). pp. 8739-8752. ISSN 23274662

[thumbnail of IEEEITJ2019.pdf] Text
IEEEITJ2019.pdf - Published Version
Restricted to Registered users only

Download (1MB) | Request a copy


With the ever increasing adoption rate of Internet-enabled devices (also known as Internet of Things (IoT) devices) in applications such as smart home, smart city, smart grid and healthcare applications, we need to ensure the security and privacy of data and communications among these IoT devices and the underlying infrastructure. For example, an adversary can easily tamper with the information transmitted over a public channel, in the sense of modification, deletion and fabrication of data-in-transit and data-in-storage. Time-critical IoT applications such as healthcare may demand the capability to support external parties (users) to securely access IoT data and services in real-time. This necessitates the design of a secure user authentication mechanism, which should also allow the user to achieve security and functionality features such as anonymity and un-traceability. In this paper, we propose a new lightweight anonymous user
authenticated session key agreement scheme in the IoT environment. The proposed scheme uses three-factor authentication, namely; a user’s smart card, password and personal biometric information. The proposed scheme does not require the storing of user specific information at the gateway node. We then demonstrate the proposed scheme’s security using the broadly accepted Real-Or-Random (ROR) model, Burrows-Abadi-Needham (BAN) logic, and Automated Validation of Internet Security Protocols and Applications (AVISPA) software simulation tool, as well as presenting an informal security analysis to demonstrate its other features. In addition, through our simulations, we demonstrate that the proposed scheme outperforms existing related user authentication schemes, in terms of its security and functionality features, and computation costs.

Item Type: Article
Keywords: Internet of Things (IoT) | User authentication | Key agreement | Session key | Security
Subjects: Social Sciences and humanities > Social Sciences > Health (Social sciences)
Social Sciences and humanities > Social Sciences > Communication and Transportation
JGU School/Centre: Jindal Global Business School
Depositing User: Shilpi Rana
Date Deposited: 16 Dec 2021 09:04
Last Modified: 12 Jan 2022 08:39
Official URL: https://doi.org/10.1109/JIOT.2019.2923373
URI: https://pure.jgu.edu.in/id/eprint/226


Downloads per month over past year

Actions (login required)

View Item
View Item