Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

access icon free ElGamal cryptosystem-based secure authentication system for cloud-based IoT applications

  • Author(s): Tanmoy Maitra 1 ; Mohammad S. Obaidat 2, 3, 4 ; Debasis Giri 5 ; Subrata Dutta 6 ; Keshav Dahal 7, 8
    • View affiliations
  • Source: Volume 8, Issue 5, September 2019, p. 289 – 298
    DOI:  10.1049/iet-net.2019.0004 , Print ISSN 2047-4954, Online ISSN 2047-4962
© The Institution of Engineering and Technology
Received 07/01/2019, Accepted 08/03/2019, Revised 17/02/2019, Published 12/03/2019

Life in modern society becomes easier due to the rapid growth of different technologies like real-time analytic, ubiquitous wireless communication, commodity sensors, machine learning and embedded systems. Nowadays, there seems to be a need to merge these technologies in the form of Internet of Things (IoT) so that smart systems can be achieved. On the other hand, cloud computing is a pillar in IoT by which end users get connected through the cloud servers for getting different services. However, to recognise the legitimacy of communicators during communication sessions through insecure channels like the Internet, serious issues in cloud-based IoT applications need to be addressed. Thus, authentication procedure is highly desirable to remove the unapproved access in IoT applications. This study presents an ElGamal cryptosystem and biometric information along with a user's password-based authentication scheme for cloud-based IoT applications refereed as SAS-Cloud. Security of the proposed scheme has been analysed by well popular random oracle model and it is found that SAS-Cloud has the ability to defend all the possible attacks. Furthermore, the performance of SAS-Cloud has been evaluated and it was found that SAS-Cloud has better efficiency than other existing competing ElGamal cryptosystem-based authentication schemes.

Inspec keywords: telecommunication security; Internet of Things; cloud computing; message authentication; embedded systems; cryptographic protocols; biometrics (access control); cryptography; Internet; public key cryptography

Other keywords: cloud servers; cloud-based IoT applications; existing competing ElGamal cryptosystem-based authentication schemes; SAS-Cloud; ElGamal cryptosystem-based secure authentication system; cloud computing; ubiquitous wireless communication

Subjects: Data security; Radio links and equipment; Internet software; Protocols; Cryptography

References

    1. 1)
      • 14. Yan, X., Li, W., Li, P., et al: ‘A secure biometrics-based authentication scheme for telecare medicine information systems’, J. Med. Syst., 2013, 37, (5).
    2. 2)
      • 6. Mir, O., v. d. Weide, T., Lee, C.C.: ‘A secure user anonymity and authentication scheme using avispa for telecare medical information systems’, J. Med. Syst., 2015, 39, (9).
    3. 3)
      • 14. , pp. 584–589.
    4. 4)
      • 2. . Report Number: 800-145..
    5. 5)
      • 17. Maitra, T., Giri, D.: ‘An efficient biometric and password-based remote user authentication using smart card for telecare medical information systems in multi-server environment’, J. Med. Syst., 2014, 38, (12: 142).
    6. 6)
      • 39. Henry, E.R.: ‘Classification and uses of finger prints’ (Routledge, London, 1900).
    7. 7)
      • 21. Giri, D., Maitra, T., Amin, R., et al: ‘An efficient and robust rsa-based remote user authentication for telecare medical information systems’, J. Med. Syst., 2014, 39, (1: 145).
    8. 8)
      • 32. Shen, J.J., Lin, C.W., Hwang, M.S.: ‘A modifed remote user authentication scheme using smart cards’, IEEE Trans. Consum. Electron., 2003, 49, (2), pp. 414416.
    9. 9)
      • 6. , pp. 265–281.
    10. 10)
      • 25. Maitra, T., Obaidat, M.S., Islam, S.H., et al: ‘Security analysis and design of an efficient ecc-based two-factor password authentication scheme’, Secur. Commun. Netw., 2016, 9, (17), pp. 41664181.
    11. 11)
      • 15. , pp. 1–12.
    12. 12)
      • 2. Mell, P.M., Grance, T.: ‘The nist definition of cloud computing, computer security division, information technology laboratory, national institute of standards and technology gaithersburg’, 2011.
    13. 13)
      • 28. He, D., Zeadally, S., Kumar, N., et al: ‘Efficient and anonymous mobile user authentication protocol using self-certi_ed public key cryptography for multiserver architectures’, IEEE Trans. Inf. Forensics Sec., 2016, 11, (9), pp. 20522064.
    14. 14)
      • 23. Hwang, M.S., Li, L.H.: ‘A new remote user authentication scheme using smart cards’, IEEE Trans. Consum. Electron., 2000, 46, (1), pp. 2830.
    15. 15)
      • 14. Yan, X., Li, W., Li, P., et al: ‘A secure biometrics-based authentication scheme for telecare medicine information systems’, J. Med. Syst., 2013, 37, (5).
    16. 16)
      • 25. Maitra, T., Obaidat, M.S., Islam, S.H., et al: ‘Security analysis and design of an ef_cient ecc-based two-factor password authentication scheme’, Secur. Commun. Netw., 2016, 9, (17), pp. 41664181.
    17. 17)
      • 28. He, D., Zeadally, S., Kumar, N., et al: ‘Ef_cient and anonymous mobile user authentication protocol using self-certi_ed public key cryptography for multiserver architectures’, IEEE Trans. Inf. Forensics Sec., 2016, 11, (9), pp. 20522064.
    18. 18)
      • 15. Mishra, D., Mukhopadhyay, S., Chaturvedi, A., et al: ‘Cryptanalysis and improvement of Yan et al.’s biometric-based authentication scheme for telecare medicine information systems’, J. Med. Syst., 2014, 38, (6).
    19. 19)
      • 5. Maitra, T., Amin, R., Giri, D., et al: ‘An efficient and robust user authentication scheme for hierarchical wireless sensor networks without tamper-proof smart card’, I J Netw. Secur., 2016, 18, (3), pp. 553564.
    20. 20)
      • 8. Maitra, T., Islam, S.H., Amin, R., et al: ‘An enhanced multi-server authentication protocol using password and smart-card: cryptanalysis and design’, Secur. Commun. Netw., 2016, 9, (17), pp. 46154638.
    21. 21)
      • 6. Mir, O., v. d. Weide, T., Lee, C.C.: ‘A secure user anonymity and authentication scheme using avispa for telecare medical information systems’, J. Med. Syst., 2015, 39, (9).
    22. 22)
      • 21. Giri, D., Maitra, T., Amin, R., et al: ‘An efficient and robust rsa-based remote user authentication for telecare medical information systems’, J. Med. Syst., 2014, 39, (1).
    23. 23)
      • 39. Henry, E.R.: ‘Classification and uses of finger prints’ (George Routledge and Sons, London, 1900).
    24. 24)
      • 41. Dolev, D., Yao, A.C.: ‘On the security of public key protocols’, IEEE Trans. Inf. Theory, 1983, 29, (2), pp. 198208.
    25. 25)
      • 26. Han, L., Tan, X., Wang, S., et al: ‘An efficient and secure three-factor based authenticated key exchange scheme using elliptic curve cryptosystems’, Peer-to-Peer Netw. Appl., 2018, 11, (1), pp. 6373.
    26. 26)
      • 35. Tian, X., Zhu, R.W., Wong, D.S.: ‘Improved efficient remote user authentication schemes’, Int. J. Netw. Secur., 2007, 4, (2), pp. 149154.
    27. 27)
      • 29. Jiang, Q., Ma, J., Wei, F.: ‘On the security of a privacy-aware authentication scheme for distributed mobile cloud computing services’, IEEE Syst. J., 2018, 12, (2), pp. 20392042.
    28. 28)
      • 34. Yoon, E.J., Ryu, E.K., Yoo, K.Y.: ‘Efficient remote user authentication scheme based on generalized elgamal signature scheme’, IEEE Trans. Consum. Electron., 2004, 50, (2), pp. 568570.
    29. 29)
      • 19. Wazid, M., Das, A.K., Kumari, S., et al: ‘Provably secure biometric-based user authentication and key agreement scheme in cloud computing’, Secur. Commun. Netw., 2016, 9, (17), pp. 41034119.
    30. 30)
      • 4. Li, X., Niu, J., Khan, M.K., et al: ‘An enhanced smart card based remote user password authentication scheme’, J. Netw. Comput. Appl., 2013, 36, (5), pp. 13651371.
    31. 31)
      • 7. Guo, C., Chang, C.C.: ‘Chaotic maps-based password-authenticated key agreement using smart cards’, Commun. Nonlinear Sci. Numer. Simul., 2013, 18, (6), pp. 14331440.
    32. 32)
      • 11. Jain, A.K., Ross, A., Pankanti, S.: ‘Biometrics: a tool for information security’, IEEE Trans. Inf. Forensics Sec., 2006, 1, (2), pp. 125143.
    33. 33)
      • 22. Amin, R., Maitra, T., Giri, D., et al: ‘Cryptanalysis and improvement of an rsa based remote user authentication scheme using smart card’, Wirel. Pers. Commun., 2017, 96, (3), pp. 46294659.
    34. 34)
      • 31. Chan, C.K., Cheng, L.M.: ‘Cryptanalysis of a remote user authentication scheme using smart cards’, IEEE Trans. Consum. Electron., 2000, 46, (4), pp. 992993.
    35. 35)
      • 37. Lee, Y.C., Hsieh, Y.C., Lee, P.J., et al: ‘Improvement of the elgamal based remote authentication scheme using smart cards’, J. Appl. Res. Technol., 2014, 12, (6), pp. 10631072.
    36. 36)
      • 13. Tan, Z.: ‘An efficient biometrics-based authentication scheme for telecare medicine information systems’, Network, 2013, 2, (3), pp. 200204.
    37. 37)
      • 1. Zanella, A., Bui, N., Castellani, A., et al: ‘Internet of things for smart cities’, IEEE Internet Things J., 2014, 1, (1), pp. 2232.
    38. 38)
      • 2. Mell, P.M., Grance, T.: ‘The nist definition of cloud computing, computer security division, information technology laboratory, national institute of standards and technology gaithersburg’, 2011.
    39. 39)
      • 18. Islam, S.H., Vijayakumar, P., Bhuiyan, M.Z.A., et al: ‘A provably secure three-factor session initiation protocol for multimedia big data communications’, IEEE Internet Things J., 2017, PP, (99), pp. 111.
    40. 40)
      • 16. Chuang, M.C., Chen, M.C.: ‘An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics’, Expert Syst. Appl., 2014, 41,(4, Part 1), pp. 14111418.
    41. 41)
      • 9. Odelu, V., Das, A.K., Wazid, M., et al: ‘Provably secure authenticated key agreement scheme for smart grid’, IEEE Trans. Smart Grid, 2018, 9, (3), pp. 19001910.
    42. 42)
      • 33. Leung, K.C., Cheng, L.M., Fong, A.S., et al: ‘Cryptanalysis of a modified remote user authentication scheme using smart cards’, IEEE Trans. Consum. Electron., 2003, 49, (4), pp. 12431245.
    43. 43)
      • 38. Maitra, T., Obaidat, M.S., Amin, R., et al: ‘A robust elgamal-based password-authentication protocol using smart card for client-server communication’, Int. J. Commun. Syst., 2016, 30, (11), pp. 112.
    44. 44)
      • 3. Lamport, L.: ‘Password authentication with insecure communication’, Commun. ACM, 1981, 24, (11), pp. 770772.
    45. 45)
      • 30. ElGamal, T.: ‘A public key cryptosystem and a signature scheme based on discrete logarithms’ (Springer Berlin Heidelberg, Berlin, Heidelberg, 1985), pp. 1018.
    46. 46)
      • 20. Giri, D., Sherratt, R.S., Maitra, T., et al: ‘Efficient biometric and password based mutual authentication for consumer usb mass storage devices’, IEEE Trans. Consum. Electron., 2015, 61, (4), pp. 491499.
    47. 47)
      • 32. Shen, J.J., Lin, C.W., Hwang, M.S.: ‘A modi_ed remote user authentication scheme using smart cards’, IEEE Trans. Consum. Electron., 2003, 49, (2), pp. 414416.
    48. 48)
      • 10. Jan, M.A., Khan, F., Alam, M., et al: ‘A payload-based mutual authentication scheme for internet of things’, Future Gener. Comput. Syst., 2019, 92, pp. 10281039.
    49. 49)
      • 36. Ramasamy, R., Muniyandi, A.P.: ‘New remote mutual authentication scheme using smart cards’, Trans. Data Privacy, 2009, 2, (2), pp. 141152.
    50. 50)
      • 12. Giri, D., Sherratt, R.S., Maitra, T.: ‘A novel and efficient session spanning biometric and password based three-factor authentication protocol for consumer usb mass storage devices’, IEEE Trans. Consum. Electron., 2016, 62, (3), pp. 283291.
    51. 51)
      • 42. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: ‘Examining smart-card security under the threat of power analysis attacks’, IEEE Trans. Comput., 2002, 51, (5), pp. 541552.
    52. 52)
      • 24. Amin, R., Biswas, G.P.: ‘Remote access control mechanism using rabin public key cryptosystem’ (Springer India, New Delhi, 2015), pp. 525533.
    53. 53)
      • 17. Maitra, T., Giri, D.: ‘An efficient biometric and password-based remote user authentication using smart card for telecare medical information systems in multi-server environment’, J. Med. Syst., 2014, 38, (12).
    54. 54)
      • 27. Odelu, V., Das, A.K., Goswami, A.: ‘A secure biometrics-based multi-server authentication protocol using smart cards’, IEEE Trans. Inf. Forensics Sec., 2015, 10, (9), pp. 19531966.
    55. 55)
      • 40. Obaidat, M., Boudriga, N.: ‘Security of e-systems and computer networks’ (Cambridge University Press, New York, NY, USA, 2007).
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-net.2019.0004
Loading

Related content

content/journals/10.1049/iet-net.2019.0004
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
Print this page
This is a required field
Please enter a valid email address