Author dc.contributor.author | Hosseinzadeh Mehdi | |
Author dc.contributor.author | Malik Mazhar Hussain | |
Author dc.contributor.author | Safkhani Masoumeh | |
Author dc.contributor.author | Bagheri Nasour | |
Author dc.contributor.author | Le Quynh Hoang | |
Author dc.contributor.author | Tightiz Lilia | |
Author dc.contributor.author | Mosavi Amir H. | |
Availability Date dc.date.accessioned | 2023-06-23T08:54:41Z | |
Availability Date dc.date.available | 2023-06-23T08:54:41Z | |
Release dc.date.issued | 2023 | |
Issn dc.identifier.issn | 2071-1050 | |
uri dc.identifier.uri | http://hdl.handle.net/20.500.12944/20646 | |
Abstract dc.description.abstract | Authentication protocol is a critical part of any application to manage the access control in many applications. A former research recently proposed a lightweight authentication scheme to transmit data in an IoT subsystem securely. Although the designers presented the first security analysis of the proposed protocol, that protocol has not been independently analyzed by third-party researchers, to the best of our knowledge. On the other hand, it is generally agreed that no cryptosystem should be used in a practical application unless its security has been verified through security analysis by third parties extensively, which is addressed in this paper. Although it is an efficient protocol by design compared to other related schemes, our security analysis identifies the non-ideal properties of this protocol. More specifically, we show that this protocol does not provide perfect forward secrecy. In addition, we show that it is vulnerable to an insider attacker, and an active insider adversary can successfully recover the shared keys between the protocol’s entities. In addition, such an adversary can impersonate the remote server to the user and vice versa. Next, the adversary can trace the target user using the extracted information. Finally, we redesign the protocol such that the enhanced protocol can withstand all the aforementioned attacks. The overhead of the proposed protocol compared to its predecessor is only 15.5% in terms of computational cost. | |
Language dc.language | en | |
Keywords dc.subject | internet of things | |
Keywords dc.subject | security | |
Keywords dc.subject | authentication | |
Keywords dc.subject | key agreement | |
Keywords dc.subject | multi-factor | |
Keywords dc.subject | smart-card | |
Keywords dc.subject | hash function | |
Keywords dc.subject | insider attacker | |
Keywords dc.subject | key compromised impersonation | |
Keywords dc.subject | key recovery | |
Title dc.title | Toward Designing a Secure Authentication Protocol for IoT Environments | |
Type dc.type | folyóiratcikk | |
Date Change dc.date.updated | 2023-06-22T13:38:20Z | |
Version dc.description.version | kiadói | |
dc.rights.accessRights | nyílt hozzáférésű | |
Doi ID dc.identifier.doi | 10.3390/su15075934 | |
Discipline Discipline + dc.subject.discipline | Műszaki tudományok | |
dc.subject.sciencebranch | Informatikai tudományok | |
MTMT ID dc.identifier.mtmt | 33727302 | |
dc.identifier.journalTitle | Sustainability | |
dc.identifier.journalVolume | 15 | |
dc.identifier.journalIssueNumber | 7 | |
Scope dc.format.page | 1-16 | |
Wos ID dc.identifier.wos | 000970283500001 | |
ID Scopus dc.identifier.scopus | 85152782559 | |
dc.identifier.journalAbbreviatedTitle | SUSTAINABILITY-BASEL | |
Release Date dc.description.issuedate | 2023 | |
Author institution dc.contributor.department | Szoftvertervezés- és Fejlesztés Intézet | |
Author institution dc.contributor.department | Információs Társadalom Kutatóintézet | |
Author institution dc.contributor.department | Információs Társadalom Kutatóintézet | |
Author institution dc.contributor.department | Informatikai Tudományok Doktori Iskola | |
Author institution dc.contributor.department | Szoftvertervezés- és Fejlesztés Intézet | |
Author institution dc.contributor.department | Biztonságtudományi Doktori Iskola | |
Author institution dc.contributor.department | Felsőbbfokú Tanulmányok Intézete |