Certificateless-Signcryption-Based Three-Factor User Access Control Scheme for IoT Environment

Mandal, Sandip; Bera, Basudeb; Sutrala, Anil Kumar; Das, Ashok Kumar; Choo, Kim‐Kwang Raymond; Park, Young-Ho

doi:10.1109/jiot.2020.2966242

Cited by 111 publications

(39 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We utilized the AVISPA tool [ 7 , 8 , 9 ] to verify the security of our protocol against MITM and replay attacks. The AVISPA tool uses a role based language, High-Level Protocols Specification Language (HLPSL), to specify actions of each protocol participant [ 45 ].…”

Section: Security Analysismentioning

confidence: 99%

“…We conducted formal analysis using the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool [ 7 , 8 , 9 ], Burrows–Abadi–Needham (BAN) logic [ 10 ], and the real or random (ROR) model [ 11 ]. With the formal analysis, we proved secure mutual authentication, the session key security, and the resistance against MITM and replay attacks of our protocol.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Secure and Lightweight Authentication Protocol for IoT-Based Smart Homes

Lee

et al. 2021

Sensors

Self Cite

View full text Add to dashboard Cite

With the information and communication technologies (ICT) and Internet of Things (IoT) gradually advancing, smart homes have been able to provide home services to users. The user can enjoy a high level of comfort and improve his quality of life by using home services provided by smart devices. However, the smart home has security and privacy problems, since the user and smart devices communicate through an insecure channel. Therefore, a secure authentication protocol should be established between the user and smart devices. In 2020, Xiang and Zheng presented a situation-aware protocol for device authentication in smart grid-enabled smart home environments. However, we demonstrate that their protocol can suffer from stolen smart device, impersonation, and session key disclosure attacks and fails to provide secure mutual authentication. Therefore, we propose a secure and lightweight authentication protocol for IoT-based smart homes to resolve the security flaws of Xiang and Zheng’s protocol. We proved the security of the proposed protocol by performing informal and formal security analyses, using the real or random (ROR) model, Burrows–Abadi–Needham (BAN) logic, and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Moreover, we provide a comparison of performance and security properties between the proposed protocol and related existing protocols. We demonstrate that the proposed protocol ensures better security and lower computational costs than related protocols, and is suitable for practical IoT-based smart home environments.

show abstract

Section: Security Analysismentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A Secure and Lightweight Authentication Protocol for IoT-Based Smart Homes

Lee

et al. 2021

Sensors

Self Cite

View full text Add to dashboard Cite

show abstract

“…In the process of our proof, we take advantage of the method, which is used in previous studies. [61][62][63][64] In the following, we explain some of the preliminaries that we used during our proof.…”

Section: Formal Security Analysis Under Ro Modelmentioning

confidence: 99%

An efficient hash‐based authentication protocol for wireless sensor networks in Internet of Things applications with forward secrecy

Sadri

Asaar

2021

Int J Communication

View full text Add to dashboard Cite

Wireless sensor networks (WSNs) play an influential role in the advancement of Internet of Things (IoT) because the infrastructure of WSNs consists of lots of sensors, which can be used to collect online data by the users or service providers; however, in the process of collecting the data, the users and service providers have to communicate with the sensors through an unprotected channel, so the confidentiality and integrity of the transmitted messages might be threatened by an adversary. Consequently, several authentication protocols have been proposed to provide a secure authentication process for IoT-based WSNs. In this paper, we analyze Ghani et al.'s protocol and demonstrate that their protocol is vulnerable to user impersonation attack, malicious gateway attack, and traceability attack. Furthermore, it suffers from some design weaknesses. To fix these drawbacks, we propose a new hash-based authentication protocol for IoT-based WSNs. We analyze our protocol with both formal and informal methods to show that our protocol is secure against various known attacks such as sensor and user trace, sensor capture, off-line password guessing, and replay attacks. Finally, we evaluate our protocol in terms of security features and communication and computation costs. The results show that not only the proposed protocol is more secure than other existing protocols but also reduces 60% of the execution time of the user authentication process in comparison with Ghani et al.'s protocol.

show abstract

“…Inspired by [37], Gagne et al [38] proposed an ABSC scheme by using a threshold access strategy, in which users must determine their access structure before the system establishment. Mandal et al presented a new three-factor signcryption-based user access control scheme in [39]. Hu et al [40] constructed a new secure fuzzy ABSC scheme.…”

Section: A Attribute Based Signcryptionmentioning

confidence: 99%

A Blockchain-Assisted Verifiable Outsourced Attribute-Based Signcryption Scheme for EHRs Sharing in the Cloud

Yang

et al. 2020

IEEE Access

View full text Add to dashboard Cite

The sharing of electronic health records (EHRs) has shown great advantages in the accurate treatment of patients and the development of medical institutions. However, it is easy to cause some security problems in the process of medical data sharing. Generally, after a patient's EHRs are generated by different medical institutions, they are outsourced to the cloud server (CS) by the authorized medical institutions for storage, which causes the patient to lose control of EHRs. Moreover, malicious medical institutions and semi-trusted cloud servers may collude to tamper with EHRs to seek benefits, which threatens the integrity of EHRs. Therefore, we propose a blockchain-assisted verifiable outsourced attribute-based signcryption scheme (BVOABSC) which realizes the secure sharing of EHRs in a multi-authority cloud storge environment. Firstly, we use the attribute-based signcryption algorithm to realize the confidentiality and unforgeability of the EHRs and protect the privacy of the signer. Secondly, it greatly reduces the computational burden of users by using verifiable outsourcing computation mechanism. Most of the designcryption calculation is performed by the cloud server, and the correctness of the generated partial designcryption ciphertext is verified by users. Furthermore, we use blockchain technology to protect outsourced EHRs from tampering by illegal users. Specifically, each operation on outsourced EHRs is stored as a transaction on the public blockchain, which ensures that EHRs cannot be modified. At the same time, the auditor can verify the integrity of the outsourced EHRs by checking the corresponding transactions. In addition, the smart contract created by the patient can solve the problems in cloud storage, such as tampering EHRs and returning incorrect results. Finally, security analysis and performance evaluation show that the proposed BVOABSC scheme satisfies stronger security and higher efficiency than similar schemes. INDEX TERMS Attribute-based signcryption, blockchain, cloud storage, electronic health records, verifiable outsourced calculation.

show abstract

Certificateless-Signcryption-Based Three-Factor User Access Control Scheme for IoT Environment

Cited by 111 publications

References 30 publications

A Secure and Lightweight Authentication Protocol for IoT-Based Smart Homes

A Secure and Lightweight Authentication Protocol for IoT-Based Smart Homes

An efficient hash‐based authentication protocol for wireless sensor networks in Internet of Things applications with forward secrecy

A Blockchain-Assisted Verifiable Outsourced Attribute-Based Signcryption Scheme for EHRs Sharing in the Cloud

Contact Info

Product

Resources

About