Litcius/Paper detail

An enhanced authentication scheme for Internet of Things and cloud based on elliptic curve cryptography

Pallavi Bhuarya, Preeti Chandrakar, Rifaqat Ali, Aakanksha Sharaff

2021International Journal of Communication Systems19 citationsDOI

Abstract

Summary Authentication plays a fundamental role in achieving security over unreliable channels. Authentication is a technique that lets an entity verify the identity of other communicating entities. There are a plethora of authentication schemes available in recent times. A short time ago, Kumari et al. offered an authentication protocol using elliptic curve cryptography (ECC) for Internet of Things (IoT) and professed that their design defends various security attacks. We examined Kumari et al.'s scheme and detected some loopholes like (1) inefficient login phase, (2) inefficient authentication phase, (3) known session‐specific temporary information attack, (4) denial‐of‐service (DoS) attack, and (5) lack of password changing phase. To eradicate all these flaws, we present an enhanced authentication protocol utilizing ECC for deployment in the field of IoT using cloud servers. This protocol uses hypertext transfer protocol (HTTP) cookies to authenticate clients. The developed protocol provides various security features and able to counter various security attacks. The security analysis validates that the extended scheme is potent. We simulate our protocol in Automated Validation of Internet Security Protocols and Applications (AVISPA) tool that evaluates the safety of the scheme in the presence of an adversary. We compare the proposed scheme with some similar schemes in respect of computation cost, estimated time, storage cost, communication cost, and security features.

Topics & Concepts

Computer scienceAuthentication protocolComputer securityElliptic curve cryptographyChallenge–response authenticationAuthentication (law)Challenge-Handshake Authentication ProtocolInternet securityDenial-of-service attackReplay attackComputer networkThe InternetPublic-key cryptographyEncryptionInformation securitySecurity serviceWorld Wide WebAdvanced Authentication Protocols SecurityUser Authentication and Security SystemsCryptography and Data Security