IDEAS home Printed from https://ideas.repec.org/a/gam/jsusta/v15y2023i7p5934-d1110598.html
   My bibliography  Save this article

Toward Designing a Secure Authentication Protocol for IoT Environments

Author

Listed:
  • Mehdi Hosseinzadeh

    (Institute of Research and Development, Duy Tan University, Da Nang 550000, Vietnam
    School of Medicine and Pharmacy, Duy Tan University, Da Nang 550000, Vietnam
    Computer Science, University of Human Development, Sulaymaniyah 0778-6, Iraq)

  • Mazhar Hussain Malik

    (School of Computing and Creative Technologies College of Arts, Technology and Environment (CATE) University of the West of England Frenchay Campus, Coldharbour Lane, Bristol BS16 1QY, UK)

  • Masoumeh Safkhani

    (Faculty of Computer Engineering, Shahid Rajaee Teacher Training University, Tehran P.O. Box 16788-15811, Iran
    School of Computer Science, Institute for Research in Fundamental Sciences (IPM), Tehran P.O. Box 19395-5746, Iran)

  • Nasour Bagheri

    (School of Computer Science, Institute for Research in Fundamental Sciences (IPM), Tehran P.O. Box 19395-5746, Iran
    Faculty of Electrical Engineering, Shahid Rajaee Teacher Training University, Tehran P.O. Box 16788-15811, Iran)

  • Quynh Hoang Le

    (Institute of Research and Development, Duy Tan University, Da Nang 550000, Vietnam
    School of Medicine and Pharmacy, Duy Tan University, Da Nang 550000, Vietnam)

  • Lilia Tightiz

    (School of Computing, Gachon University, 1342 Seongnamdaero, Seongnam 13120, Republic of Korea)

  • Amir H. Mosavi

    (John von Neumann Faculty of Informatics, Obuda University, 1034 Budapest, Hungary
    Institute of the Information Society, University of Public Service, 1083 Budapest, Hungary)

Abstract

Authentication protocol is a critical part of any application to manage the access control in many applications. A former research recently proposed a lightweight authentication scheme to transmit data in an IoT subsystem securely. Although the designers presented the first security analysis of the proposed protocol, that protocol has not been independently analyzed by third-party researchers, to the best of our knowledge. On the other hand, it is generally agreed that no cryptosystem should be used in a practical application unless its security has been verified through security analysis by third parties extensively, which is addressed in this paper. Although it is an efficient protocol by design compared to other related schemes, our security analysis identifies the non-ideal properties of this protocol. More specifically, we show that this protocol does not provide perfect forward secrecy. In addition, we show that it is vulnerable to an insider attacker, and an active insider adversary can successfully recover the shared keys between the protocol’s entities. In addition, such an adversary can impersonate the remote server to the user and vice versa. Next, the adversary can trace the target user using the extracted information. Finally, we redesign the protocol such that the enhanced protocol can withstand all the aforementioned attacks. The overhead of the proposed protocol compared to its predecessor is only 15.5% in terms of computational cost.

Suggested Citation

  • Mehdi Hosseinzadeh & Mazhar Hussain Malik & Masoumeh Safkhani & Nasour Bagheri & Quynh Hoang Le & Lilia Tightiz & Amir H. Mosavi, 2023. "Toward Designing a Secure Authentication Protocol for IoT Environments," Sustainability, MDPI, vol. 15(7), pages 1-16, March.
    • Handle: RePEc:gam:jsusta:v:15:y:2023:i:7:p:5934-:d:1110598
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2071-1050/15/7/5934/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2071-1050/15/7/5934/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Seunghwan Son & Yohan Park & Youngho Park, 2021. "A Secure, Lightweight, and Anonymous User Authentication Protocol for IoT Environments," Sustainability, MDPI, vol. 13(16), pages 1-21, August.
    2. Jan Lansky & Amir Masoud Rahmani & Saqib Ali & Nasour Bagheri & Masoumeh Safkhani & Omed Hassan Ahmed & Mehdi Hosseinzadeh, 2021. "BCmECC: A Lightweight Blockchain-Based Authentication and Key Agreement Protocol for Internet of Things," Mathematics, MDPI, vol. 9(24), pages 1-17, December.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Mehdi Hosseinzadeh & Rizwan Ali Naqvi & Masoumeh Safkhani & Lilia Tightiz & Raja Majid Mehmood, 2022. "Secure Authentication in the Smart Grid," Mathematics, MDPI, vol. 11(1), pages 1-24, December.
    2. Weichu Deng & Teng Huang & Haiyang Wang, 2022. "A Review of the Key Technology in a Blockchain Building Decentralized Trust Platform," Mathematics, MDPI, vol. 11(1), pages 1-29, December.
    3. Qingyun Xie & Zixuan Ding & Qi Xie, 2023. "A Lightweight and Privacy-Preserving Authentication Protocol for Healthcare in an IoT Environment," Mathematics, MDPI, vol. 11(18), pages 1-17, September.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jsusta:v:15:y:2023:i:7:p:5934-:d:1110598. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.