With the emergence of the concept of smart city and the increasing demands for a range of vehicles, Internet of Vehicles (IoV) has achieved a lot of attention by providing multiple benefits, including vehicle emergence, accidents, levels of pollution, and traffic congestion. Moreover, IoV provides various services by combining vehicular ad-hoc networks (VANET) with the Internet of Things (IoT) in smart cities. However, the communication among vehicles is susceptible to various security threats because the sensitive message is transmitted via a insecure channel in the IoV-based smart city environment. Thus, a secure message authentication protocol is indispensable to ensure various services for IoV in a smart city environment. In 2020, a secure message authentication protocol for IoV communication in smart cities has been proposed. However, we discover that the analyzed scheme suffers from various potential attacks such as impersonation, secret key disclosure, and off-line guessing attacks, and also does not ensure authentication. To solve the security threats of the analyzed scheme, we design a secure and efficient message authentication protocol for IoV in a smart city environment, called IoV-SMAP. The proposed IoV-SMAP can resist security drawbacks and provide user anonymity, and mutual authentication. We demonstrate the security of IoV-SMAP by performing informal and formal analyses such as the Real-or-Random (ROR) model, and Automated Validation of Internet Security Protocols and Application (AVISPA) simulations. In addition, we compare the performance of IoV-SMAP with related existing competing authentication schemes. We demonstrate that IoV-SMAP provides better security along with efficiency than related competing schemes and is suitable for the IoV-based smart city environment.
Internet of Things (IoT) environments such as smart homes, smart factories, and smart buildings have become a part of our lives. The services of IoT environments are provided through wireless networks to legal users. However, the wireless network is an open channel, which is insecure to attacks from adversaries such as replay attacks, impersonation attacks, and invasions of privacy. To provide secure IoT services to users, mutual authentication protocols have attracted much attention as consequential security issues, and numerous protocols have been studied. In 2017, Bae et al. presented a smartcard-based two-factor authentication protocol for multi-gateway IoT environments. However, we point out that Bae et al.’s protocol is vulnerable to user impersonation attacks, gateway spoofing attacks, and session key disclosure, and cannot provide a mutual authentication. In addition, we propose a three-factor mutual authentication protocol for multi-gateway IoT environments to resolve these security weaknesses. Then, we use Burrows–Abadi–Needham (BAN) logic to prove that the proposed protocol achieves secure mutual authentication, and we use the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool to analyze a formal security verification. In conclusion, our proposed protocol is secure and applicable in multi-gateway IoT environments.
With the information and communication technologies (ICT) and Internet of Things (IoT) gradually advancing, smart homes have been able to provide home services to users. The user can enjoy a high level of comfort and improve his quality of life by using home services provided by smart devices. However, the smart home has security and privacy problems, since the user and smart devices communicate through an insecure channel. Therefore, a secure authentication protocol should be established between the user and smart devices. In 2020, Xiang and Zheng presented a situation-aware protocol for device authentication in smart grid-enabled smart home environments. However, we demonstrate that their protocol can suffer from stolen smart device, impersonation, and session key disclosure attacks and fails to provide secure mutual authentication. Therefore, we propose a secure and lightweight authentication protocol for IoT-based smart homes to resolve the security flaws of Xiang and Zheng’s protocol. We proved the security of the proposed protocol by performing informal and formal security analyses, using the real or random (ROR) model, Burrows–Abadi–Needham (BAN) logic, and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Moreover, we provide a comparison of performance and security properties between the proposed protocol and related existing protocols. We demonstrate that the proposed protocol ensures better security and lower computational costs than related protocols, and is suitable for practical IoT-based smart home environments.
Smart homes are an emerging paradigm of Internet of Things (IoT) in which users can remotely control various home devices via the internet anytime and anywhere. However, smart home environments are vulnerable to security attacks because an attacker can inject, insert, intercept, delete, and modify transmitted messages over an insecure channel. Thus, secure and lightweight authentication protocols are essential to ensure useful services in smart home environments. In 2021, Kaur and Kumar presented a two-factor based user authentication protocol for smart homes using elliptic curve cryptosystems (ECC). Unfortunately, we demonstrate that their scheme cannot resist security attacks such as impersonation and session key disclosure attacks, and also ensure secure user authentication. Moreover, their scheme is not suitable in smart home environments because it utilizes public-key cryptosystems such as ECC. Hence, we design a secure and lightweight three-factor based privacy-preserving authentication scheme for IoT-enabled smart home environments to overcome the security problems of Kaur and Kumar's protocol. We prove the security of the proposed scheme by using informal and formal security analyses such as the ROR model and AVISPA simulation. In addition, we compare the performance and security features between the proposed scheme and related schemes. The proposed scheme better provides security and efficiency compared with the previous schemes and is more suitable than previous schemes for IoTenabled smart home environments.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.