Lightweight Mutual Authentication Protocol for IoT devices Using Elliptical Curves
Abstract
The Internet of Things (IoT) has now permeated every aspect of modern life, requiring that all things be connected to one another and to the Internet using proper protocols. IoT, being an essential component of today's smart society is experiencing enormous problems from various security and interoperability attacks. Traditional encryption is unsuitable for low-cost IoTs because they are vulnerable to physical attacks. This paper proposes Lightweight mutual Authentication Protocol for IoT devices based on hash function using Elliptical Curve approach in which mutual authentication between RFID Tag and Reader is established through several rounds of communication. We also compare the proposed approach of authentication at both ends (Tag and Reader) in terms of efficiency and security.
References
M. Shukla, J. Lin, and O. Seneviratne, “BlockIoT: Blockchain-based Health Data Integration using IoT Devices,” in AMIA Annu Symp Proc.2021, 2021, pp. 1119–1128. Accessed: Jan. 30, 2023. [Online]. Available: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8861710/
M. M. Modiri, J. Mohajeri, and M. Salmasizadeh, “GSLHA: Group-based Secure Lightweight Handover Authentication Protocol for M2M Communication,” The ISC International Journal of Information Security, vol. 12, no. 2, pp. 101–111, Jul. 2020, doi: 10.22042/ISECURE.2020.213482.507.
M. El-hajj, H. Mousawi, and A. Fadlallah, “Analysis of Lightweight Cryptographic Algorithms on IoT Hardware Platform,” Future Internet 2023, Vol. 15, Page 54, vol. 15, no. 2, p. 54, Jan. 2023, doi: 10.3390/FI15020054.
X. Yao, Z. Chen, and Y. Tian, “A lightweight attribute-based encryption scheme for the Internet of Things,” Future Generation Computer Systems, vol. 49, pp. 104–112, Aug. 2015, doi: 10.1016/J.FUTURE.2014.10.010.
Y. Yang, X. Zheng, and C. Tang, “Lightweight distributed secure data management system for health internet of things,” Journal of Network and Computer Applications, vol. 89, pp. 26–37, Jul. 2017, doi: 10.1016/J.JNCA.2016.11.017.
S. Singh, P. K. Sharma, S. Y. Moon, and J. H. Park, “Advanced lightweight encryption algorithms for IoT devices: survey, challenges and solutions,” J Ambient Intell Humaniz Comput, pp. 1–18, May 2017, doi: 10.1007/S12652-017-0494-4/METRICS.
S. Al Salami, J. Baek, K. Salah, and E. Damiani, “Lightweight encryption for smart home,” Proceedings - 2016 11th International Conference on Availability, Reliability and Security, ARES 2016, pp. 382–388, Dec. 2016, doi: 10.1109/ARES.2016.40.
A. Biryukov and L. Perrin, “State of the Art in Lightweight Symmetric Cryptography,” ArXiv, 2017.
V. Verma and D. Gupta, “An efficient signcryption algorithm using bilinear mapping,” in Proceedings of the 10th INDIACom; 2016 3rd International Conference on Computing for Sustainable Global Development, INDIACom 2016, 2016.
P. Mishra, Renuka, and V. Verma, “Identity Based Broadcast Encryption Scheme with Shorter Decryption Keys for Open Networks,” Wirel Pers Commun, vol. 115, no. 2, 2020, doi: 10.1007/s11277-020-07606-6.
X. Jia, Q. Feng, T. Fan, and Q. Lei, “RFID technology and its applications in Internet of Things (IoT),” in 2012 2nd International Conference on Consumer Electronics, Communications and Networks, CECNet 2012 - Proceedings, 2012, pp. 1282–1285. doi: 10.1109/CECNet.2012.6201508.
V. Chegeni, H. Haj Seyyed Javadi, M. Reza, M. Goudarzi, and A. Rezakhani, “Providing a Hybrid Cryptography Algorithm for Lightweight Authentication Protocol in RFID with Urban Traffic Usage Case,” vol. 13, no. 1, pp. 73–85, 2021, doi: 10.22042/isecure.2020.
L. M. Shamala, G. Zayaraz, K. Vivekanandan, and V. Vijayalakshmi, “Lightweight Cryptography Algorithms for Internet of Things enabled Networks: An Overview,” J Phys Conf Ser, vol. 1717, no. 1, p. 012072, Jan. 2021, doi: 10.1088/1742-6596/1717/1/012072.
J. ; Yang, J. Park, H. Lee, K. Ren, and K. Kim, “Mutual authentication protocol for low-cost RFID.,” in In Proceedings of the Workshop on RFID and Lightweight Cryptography, Graz, Austria, Jul. 2005, pp. 17–24.
C. C. Tan, B. Sheng, and Q. Li, “Secure and Serverless RFID Authentication and Search Protocols,” IEEE Trans Wirel Commun, vol. 7, no. 4, pp. 1400–1407, Apr. 2008, doi: 10.1109/TWC.2008.061012.
S. Cai, Y. Li, T. Li, and R. H. Deng, “Attacks and Improvements to an RIFD Mutual Authentication Protocol and Its Extensions,” in Proceedings of the Second ACM Conference on Wireless Network Security, in WiSec ’09. New York, NY, USA: Association for Computing Machinery, 2009, pp. 51–58. doi: 10.1145/1514274.1514282.
J. S. Cho, Y. S. Jeong, and S. O. Park, “Consideration on the brute-force attack cost and retrieval cost: A hash-based radio-frequency identification (RFID) tag mutual authentication protocol,” Computers & Mathematics with Applications, vol. 69, no. 1, pp. 58–65, Jan. 2015, doi: 10.1016/J.CAMWA.2012.02.025.
P. Gope and T. Hwang, “A Realistic Lightweight Anonymous Authentication Protocol for Securing Real-Time Application Data Access in Wireless Sensor Networks,” IEEE Transactions on Industrial Electronics, vol. 63, no. 11, pp. 7124–7132, 2016, doi: 10.1109/TIE.2016.2585081.
K. Mansoor, A. Ghani, S. A. Chaudhry, S. Shamshirband, S. A. Khan Ghayyur, and A. Mosavi, “Securing IoT-Based RFID Systems: A Robust Authentication Protocol Using Symmetric Cryptography”, doi: 10.3390/s19214752.
H. Shen, J. Shen, M. K. Khan, and J. H. Lee, “Efficient RFID Authentication Using Elliptic Curve Cryptography for the Internet of Things,” Wirel Pers Commun, vol. 96, no. 4, pp. 5253–5266, Oct. 2017, doi: 10.1007/S11277-016-3739-1/METRICS.
Z. Zhang and Q. Qi, “An efficient RFID authentication protocol to enhance patient medication safety using elliptic curve cryptography,” J Med Syst, vol. 38, no. 5, pp. 1–7, Apr. 2014, doi: 10.1007/S10916-014-0047-8/METRICS.
M. S. Farash, O. Nawaz, K. Mahmood, S. A. Chaudhry, and M. K. Khan, “A Provably Secure RFID Authentication Protocol Based on Elliptic Curve for Healthcare Environments,” J Med Syst, vol. 40, no. 7, p. 165, 2016, doi: 10.1007/s10916-016-0521-6.
V. Kumar, R. Kumar, A. A. Khan, V. Kumar, Y. C. Chen, and C. C. Chang, “RAFI: Robust Authentication Framework for IoT-Based RFID Infrastructure,” Sensors, vol. 22, no. 9, May 2022, doi: 10.3390/s22093110.
M. Safkhani, P. Peris-Lopez, J. Cesar Hernandez-Castro, N. Bagheri, and M. Naderi, “Cryptanalysis of Cho et al.’s Protocol, A Hash-Based Mutual Authentication Protocol for RFID Systems,” IACR Cryptology ePrint Archive, vol. 2011, no. 2011, pp. 1–7, 2011, Accessed: Apr. 27, 2022. [Online]. Available: https://eprint.iacr.org/2011/331.pdf
B. Liu and X. Su, “An Anti-Collision Algorithm for RFID Based on an Array and Encoding Scheme,” Information, vol. 9, no. 3, 2018, doi: 10.3390/info9030063.
Additional Files
Published
Issue
Section
License
Copyright (c) 2024 International Journal of Electronics and Telecommunications
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
1. License
The non-commercial use of the article will be governed by the Creative Commons Attribution license as currently displayed on https://creativecommons.org/licenses/by/4.0/.
2. Author’s Warranties
The author warrants that the article is original, written by stated author/s, has not been published before, contains no unlawful statements, does not infringe the rights of others, is subject to copyright that is vested exclusively in the author and free of any third party rights, and that any necessary written permissions to quote from other sources have been obtained by the author/s. The undersigned also warrants that the manuscript (or its essential substance) has not been published other than as an abstract or doctorate thesis and has not been submitted for consideration elsewhere, for print, electronic or digital publication.
3. User Rights
Under the Creative Commons Attribution license, the author(s) and users are free to share (copy, distribute and transmit the contribution) under the following conditions: 1. they must attribute the contribution in the manner specified by the author or licensor, 2. they may alter, transform, or build upon this work, 3. they may use this contribution for commercial purposes.
4. Rights of Authors
Authors retain the following rights:
- copyright, and other proprietary rights relating to the article, such as patent rights,
- the right to use the substance of the article in own future works, including lectures and books,
- the right to reproduce the article for own purposes, provided the copies are not offered for sale,
- the right to self-archive the article
- the right to supervision over the integrity of the content of the work and its fair use.
5. Co-Authorship
If the article was prepared jointly with other authors, the signatory of this form warrants that he/she has been authorized by all co-authors to sign this agreement on their behalf, and agrees to inform his/her co-authors of the terms of this agreement.
6. Termination
This agreement can be terminated by the author or the Journal Owner upon two months’ notice where the other party has materially breached this agreement and failed to remedy such breach within a month of being given the terminating party’s notice requesting such breach to be remedied. No breach or violation of this agreement will cause this agreement or any license granted in it to terminate automatically or affect the definition of the Journal Owner. The author and the Journal Owner may agree to terminate this agreement at any time. This agreement or any license granted in it cannot be terminated otherwise than in accordance with this section 6. This License shall remain in effect throughout the term of copyright in the Work and may not be revoked without the express written consent of both parties.
7. Royalties
This agreement entitles the author to no royalties or other fees. To such extent as legally permissible, the author waives his or her right to collect royalties relative to the article in respect of any use of the article by the Journal Owner or its sublicensee.
8. Miscellaneous
The Journal Owner will publish the article (or have it published) in the Journal if the article’s editorial process is successfully completed and the Journal Owner or its sublicensee has become obligated to have the article published. Where such obligation depends on the payment of a fee, it shall not be deemed to exist until such time as that fee is paid. The Journal Owner may conform the article to a style of punctuation, spelling, capitalization and usage that it deems appropriate. The Journal Owner will be allowed to sublicense the rights that are licensed to it under this agreement. This agreement will be governed by the laws of Poland.
By signing this License, Author(s) warrant(s) that they have the full power to enter into this agreement. This License shall remain in effect throughout the term of copyright in the Work and may not be revoked without the express written consent of both parties.
