SAKAP: SGX-Based Authentication Key Agreement Protocol in IoT-Enabled Cloud Computing

Abstract

With the rapid development of the Internet, Internet of Things (IoT) technology is widely used in people’s daily lives. As the number of IoT devices increases, the amount of data to be processed also increases. The emergence of cloud computing can process the data of IoT devices in a timely manner, and it provides robust storage and computing capabilities to facilitate data resource sharing. Since wireless communication networks are unstable and open, it is easy for attackers to eavesdrop, intercept, and tamper with the messages sent. In addition, authentication protocols designed for IoT-enabled cloud computing environments still face many security challenges. Therefore, to address these security issues, we propose an Intel software-guard-extensions (SGX)-based authentication key agreement protocol in an IoT-enabled cloud computing environment. The goal is to ensure data privacy and sustainable communication between the entities. Moreover, SGX can resist several well-known attacks. Finally, we show the security using the real-or-random model, ProVerif, and informal analysis. We also compare the security and performance of the proposed protocol with existing protocols. The comparison results show that our proposed protocol reduces the communication cost by $7.07\%$ compared to the best one among the current protocols and ensures sufficient security.

1. Introduction

The Internet of Things (IoT) [1,2,3,4] refers to a network that connects the Internet with any entity according to a specified protocol, which exchanges information and completes the communication through information-sensing equipment to realize the intelligent identification, positioning, and monitoring of entities. With the development of IoT technology, the information-collection feature of the IoT has been applied in many scenarios, such as artificial intelligence [5,6,7,8], transportation systems [9,10,11], smart grids [12], smart cities [13], and health systems [14,15]. IoT technology has increased the efficiency of production methods and improved the quality of people’s lives.

With the increase in the number of IoT devices, the generated data have also increased gradually to handle the data generated by IoT devices more effectively, leading to the introduction cloud computing [16,17,18,19]. Cloud computing is a form of distributed computing, which provides computing power, database storage, data analysis, and other information technology resources on demand. Cloud computing provides an efficient and convenient method for information and resource sharing, and its combination with the IoT can compensate their respective drawbacks. The IoT can benefit from the powerful storage capacity and computing power of cloud computing. Similarly, combining cloud computing with IoT devices can result in providing new services in real-life scenarios to expand the ability to solve practical problems. The applications of cloud computing and IoT were mentioned in [13,20,21]. In 2020, Kang et al. [20] designed a lightweight authentication and key agreement (AKA) protocol based on the IoT-enabled cloud computing environment. Huang et al. [13] proposed an AKA protocol that combines IoT and cloud computing and implemented it in a smart city environment in 2021. Iqbal et al. [21] proposed an AKA protocol for an IoT and cloud computing architecture in 2022. The architecture of IoT-enabled cloud computing is shown in Figure 1, and the communication entities include the user, cloud server, and control server. The cloud service provider deploys cloud servers in the region where the cloud service is provided and configures a control server to manage the cloud servers and users. In addition, only legitimate users can select cloud servers using IoT devices to handle large amounts of data.

However, there are still significant security risks in IoT-enabled cloud-computing environments. For example, malicious attackers can intercept messages on public channels and then tamper with or crack the data information, resulting in the confidentiality, privacy, and integrity of user data not being able to be guaranteed. Moreover, AKA protocols designed in IoT-enabled cloud computing environments are subject to impersonation [22,23], offline password guessing [20], and replay attacks [24]. The presence of these security risks and attacks does not ensure network sustainability.

Intel software guard extensions (SGX) [25,26,27] can be introduced to improve the security of AKA protocols designed for IoT-enabled cloud computing environments. SGX is an extension of the Intel instruction set, which protects the security of programs in the running state. SGX is divided into a trusted execution environment and an untrusted execution environment. Because a malicious attacker cannot access the trusted execution environment, storing data in this environment ensures data integrity, privacy, and confidentiality. The core of SGX is an enclave of the memory, and it is an encrypted area in the memory address space, which stores the running code and program data. The application program can transmit the data to be calculated to the enclave through the SGX interface for calculation. The enclave then sends the operation results to the application program. It is not affected by malware or other instructions with the highest authority during the entire operational process [28]. Referring to the AKA protocol proposed by Liu et al. [26] in the wireless sensor network architecture and Wu et al. [27] in the Internet of Vehicles and fog computing, we introduce SGX into the IoT-enabled cloud computing environment to design the AKA protocol. Our goal is to ensure data privacy and sustainable communication between the entities. The following are the primary contributions of this paper:

(1)

We propose a lightweight AKA in the IoT-enabled cloud computing environment. In our protocol, the user, cloud server, and control server achieve mutual authentication, and the session key is successfully established for communication.

(2)

We first introduce SGX into an IoT-enabled cloud computing environment and use it on the cloud server and control server. Because SGX has limitations in both storage and computation, we only use it to store the shared key. According to the safety features of SGX, even if an attacker can access the data in memory, he/she cannot obtain the shared key in SGX. Thus, privileged insider attacks are invalid for our protocol.

(3)

We use the real-or-random (ROR) model and ProVerif tool to verify the security of the proposed protocol, and informal security analysis shows that the protocol protects against known attacks.

(4)

Finally, we compare the security and performance with current protocols, and the results show that our protocol ensures greater security under a similar efficiency.

The remainder of this paper is organized as follows. We review the research related to the IoT, cloud computing, and SGX in Section 2. In Section 3, we describe the system model and protocol in detail. Section 4 describes the process by which we used the ROR model, the ProVerif tool, and informal security analysis do assess the security of the proposed protocol. Section 5 describes the comparison between our proposed protocol and existing protocols in terms of both security and performance. The conclusion of the study is presented in Section 6.

2. Related Work

Turkanovic et al. [29] designed an AKA protocol based on the IoT environment in 2014 that utilized lightweight primitives and provided enhanced security. However, Farash et al. [30] found that the protocol could not ensure the anonymity of the user and sensor node and was vulnerable to session key disclosure attacks and man-in-the-middle attacks. Farash et al. [30] designed an improved protocol and declared that the protocol could guarantee secure communication. However, Amin et al. [31] found that Farash et al.’s protocol [30] was susceptible to offline password guessing, smart card theft, user impersonation, and known temporary value disclosure attacks. Similarly, Amin et al. [31] proposed an AKA protocol for anonymity-protected three-factor authentication key exchange. However, Wu et al. [32] discovered that the protocol of Amin et al. [31] was not resistant to sensor capture, session key disclosure, and user impersonation attacks and could not guarantee mutual authentication, and they proposed an AKA protocol based on multiple gateways in the IoT environment.

In 2014, Liu et al. [33] proposed an AKA protocol for sharing privileges and guaranteeing privacy in a cloud computing environment. Tsai and Lo [34] designed a privacy authentication protocol based on a cloud computing environment and used bilinear pairs in their protocol. However, He et al. [35] pointed out that their protocol was not resistant to server impersonation attacks and designed an efficient and private authentication protocol using bilinear pairs. Kumar et al. [36] designed a bidirectional AKA protocol for healthcare systems in a cloud environment using elliptic curves. Lopes and Gond [37] proposed an AKA protocol for device-to-device communication applied to an electronic health system based on cloud computing and declared that the protocol could ensure secure communication between entities. Iqbal et al. [21] proposed an AKA protocol for the IoT and cloud computing, which used elliptic curves and symmetric encryption/decryption. Zhou et al. [23] proposed a lightweight AKA protocol based on the IoT in cloud computing. However, Wang et al. [38] discovered that the protocol did not ensure forward secrecy and was vulnerable to temporary value disclosure and impersonation attacks. Martinez-Pelaez et al. [24] designed an enhanced AKA protocol in the cloud computing environment. However, Yu et al. [39] found that their protocol could not guarantee mutual authentication and user anonymity and that it suffered from session key disclosure and replay and offline password guessing attacks. Kang et al. [20] designed an improved AKA protocol for IoT-enabled cloud computing. However, Huang et al. [13] discovered that Kang et al.’s protocol [20] was subject to offline password guessing attacks and highlighted the designed redundancy in the user registration step. Wu et al. [40] designed an authentication protocol in IoT-enabled cloud computing and showed that the protocol was resistant to various attacks and provided better security.

In 2016, Costan and Devadas [25] described the architecture and operational mechanism of SGX in detail, provided a detailed description of SGX’s public information, and analyzed its security properties. Fisch et al. [41] constructed a provably secure and practical functional encryption mechanism using Intel SGX and showed that the performance of this mechanism exceeded the known encryption schemes. Sun et al. [42] proposed a dynamic network identity authentication scheme using SGX, which can continuously update the key. Conde et al. [43] designed and implemented an identity authentication module based on SGX in a Unix operating system. The module uses an enclave in SGX to process data and improve the security of the module. Song et al. [44] proposed a privacy and anonymity protection authentication scheme based on blockchain and SGX, claiming that the scheme would not reveal users’ personal information. Liu et al. [26] designed an AKA protocol that uses SGX based on a wireless sensor network architecture, dynamically updating the authentication credentials, and declared that the protocol achieves better security with less overhead.

3. Proposed Protocol: SAKAP

In this section, we describe the system model and the specific protocol procedure in detail.

Table 1. Notations.

Notations	Description
$U_i$	i-th user
$I{D}_i$	Identity of $U_i$
$PI{D}_i,PSI{D}_j$	Pseudo-identity of $U_i$ and $S_j$
$P{W}_i,BI{O}_i$	Password and biometric of $U_i$
$S_j$	j-th cloud server
$SI{D}_j$	Identity of $S_j$
$CS$	The control server
$k_u$	Shared key between $U_i$ and $CS$
$k_s$	Shared key between $S_j$ and $CS$
$SK$	Session key
$T_i$	Timestamp
$Gen(.)/Rep(.)$	Fuzzy generator/reproduction function
$h(.)$	Secure hash function

lists the notations used in this protocol.

3.1. System Model

The system model has three entities: user $U_i$, cloud server $S_j$, and control server $CS$, as shown in Figure 2. Each $S_j$ and $CS$ requires SGX to be installed before deploying the environment. A detailed description of each entity is as follows:

(1)

User ($U_i$): $U_i$ refers to people who intend to use cloud computing services in the IoT-enabled cloud computing environment. Only legitimate $U_i$ can use cloud computing services through IoT devices.

(2)

Cloud server ($S_j$): $S_j$ is deployed in the area to provide services to process and store the data of IoT devices. $S_j$ is a semi-trusted entity; it can misbehave, but cannot collaborate with other participants. In addition, $S_j$ has powerful storage capacity and computing power.

(3)

Control server ($CS$): $CS$ is the control center for the cloud service provider to manage the $S_j$ in the service area. $CS$ is a semi-trusted entity; it can misbehave, but cannot collaborate with other participants. Furthermore, $CS$ is in charge of registration and authentication.

3.2. Concrete Protocol

The entire protocol consists of a registration phase, login phase, and a key agreement phase.

3.2.1. Registration Phase

In this section, we introduce the registration phase, which is divided into the $U_i$ registration phase and $S_j$ registration phase.

User ($U_i$) registration phase: When $U_i$ wants to use the cloud computing service provided by the cloud service provider, $U_i$ needs to register with $CS$. Moreover, to ensure the security and performance of confidential computation, a 1024-bit key length shared key was used in SGX. Figure 3 depicts the procedure for $U_i$ registration; the processes involved are described below:

(1)

Initially, $U_i$ selects $I{D}_i$, $P{W}_i$, and $BI{O}_i$. Next, $U_i$ computes $({\sigma }_i,{\tau }_i)=Gen\left(BI{O}_i\right)$ and $PI{D}_i$ = $h(I{D}_i\Vert P{W}_i\Vert {\sigma }_i)$ and transmits $\left\{PI{D}_i\right\}$ to $CS$ through a secure channel.

(2)

When $CS$ receives the $\left\{PI{D}_i\right\}$, it chooses a random number $r_i$ and a shared key $k_u$, to compute $Q{U}_i=h(PI{D}_i\Vert k_u\Vert r_i)$. Next, $CS$ stores $\{PI{D}_i,r_i\}$ in its database, $\{PI{D}_i,k_u\}$ in SGX, and $\{Q{U}_i,r_i\}$ in the smart card $\left(SC\right)$. Finally, $CS$ transmits $SC$ to $U_i$ via the secure channel.

(3)

Upon receiving the $SC$ from $CS$, $U_i$ calculates $RU=r_i\oplus h(I{D}_i\Vert {\sigma }_i)$, $SU=h(P{W}_i\Vert r_i\Vert {\sigma }_i)$, $TU=Q{U}_i\oplus h(r_i\Vert {\sigma }_i)$. Finally, $U_i$ deletes $\{Q{U}_i,r_i\}$ from $SC$ and stores $\{RU,SU,TU\}$ in $SC$.

Cloud server ($S_j$) registration phase:$S_j$ registers with $CS$ before providing high-density computing services to the users. Figure 4 describes the $S_j$ registration process, and the specific steps are described below:

(1)

First, $S_j$ selects $SI{D}_j$ and a random number $r_j$. Next, $S_j$ computes $PSI{D}_j=h(SI{D}_j\Vert r_j)$ and transmits $\{PSI{D}_j,r_j\}$ to $CS$ via the secure channel.

(2)

Upon receiving the $\{PSI{D}_j,r_j\}$, $CS$ first selects a shared key $k_s$ and computes the value $Q{S}_j=h(PSI{D}_j\Vert k_s\Vert r_j)$. $CS$ stores $\{PSI{D}_j,r_j\}$ in its database and stores $\{PSI{D}_j,k_s\}$ in SGX. Then, $CS$ transmits $\{Q{S}_j,k_s\}$ to $S_j$ through the secure channel.

(3)

Upon receiving $\{Q{S}_j,k_s\}$, $S_j$ computes the value $RS=h(SI{D}_j\Vert k_s)\oplus Q{S}_j$. Finally, $S_j$ stores $\{PSI{D}_j,RS\}$ in the database and stores $\left\{k_s\right\}$ in SGX.

3.2.2. Login and Key Agreement Phase

During this phase, $U_i$, $S_j$, and $CS$ achieve mutual authentication and successfully establish an $SK$ for future communication. Figure 5 depicts the full login and key agreement procedure; the exact steps are outlined below:

(1)

First, $U_i$ inputs $I{D}_i$, $P{W}_i$, and $BI{O}_i$. Subsequently, $U_i$ computes ${\sigma }_i=Rep(BI{O}_i,{\tau }_i)$, $PI{D}_i=h(I{D}_i\Vert P{W}_i\Vert {\sigma }_i)$, $r_i=RU\oplus h(I{D}_i\Vert {\sigma }_i)$, $S{U}^{*}=h(P{W}_i\Vert r_i\Vert {\sigma }_i)$ and checks $S{U}^{*}\stackrel{?}{=}SU$. If it is equal, $U_i$ logs in successfully. Otherwise, the device rejects the login of $U_i$. Next, $U_i$ computes $Q{U}_i=TU\oplus h(r_i\Vert {\sigma }_i)$, generates a random number $N_i$, and chooses an $SI{D}_j$, which is the private cloud server $S_j$’s identity. Then, $U_i$ computes $W_1=N_i\oplus h(r_i\Vert Q{U}_i)$, $W_2=SI{D}_j\oplus h(N_i\Vert Q{U}_i)$, and $V_1=h(PI{D}_i\Vert SI{D}_j\Vert Q{U}_i\Vert N_i)$. Finally, $U_i$ retrieves the current timestamp $T_1$ and sends the message $M_1=\{PI{D}_i,W_1,W_2,V_1,T_1\}$ to $S_j$ through the public channel.

(2)

Upon receiving $M_1$, $S_j$ checks the freshness of $T_1$. Then, $S_j$ sends $\{SI{D}_j,RS\}$ to the security interface of SGX and invokes the interface. The interface finds the $k_s$ and uses it to calculate $Q{S}_j=RS\oplus h(SI{D}_j\Vert k_s)$. Then, SGX sends $\left\{Q{S}_j\right\}$ to $S_j$ through the interface. Next, $S_j$ selects a random number $N_j$ and computes $W_3=h(SI{D}_j\Vert Q{S}_j)\oplus N_j$, $V_2=h(PSI{D}_j\Vert V_1\Vert N_j\Vert Q{S}_j)$. Finally, $S_j$ retrieves the current timestamp $T_2$ and transmits the message $M_2=\{PI{D}_i,PSI{D}_j,W_1,W_2,W_3,V_1,V_2,T_2\}$ to $CS$ via the public channel.

(3)

When $CS$ receives the $M_2$, it first verifies the freshness of $T_2$. Then, $CS$ retrieves $\left\{r_i\right\}$ in the database using $PI{D}_i$ and sends $\{PI{D}_i,r_i\}$ to the security interface of SGX. Then, SGX invokes the interface and uses $PI{D}_i$ to match $k_u$, then it computes $Q{U}_i=h(PI{D}_i\Vert k_u\Vert r_i)$. Then, SGX sends $\left\{Q{U}_i\right\}$ to $CS$ through the interface. Next, $CS$ computes $N_i=W_1\oplus h(r_i\Vert Q{U}_i)$, $SI{D}_j=W_2\oplus h(N_i\Vert Q{U}_i)$, and $V_1^{*}=h(PI{D}_i\Vert SI{D}_j\Vert Q{U}_i\Vert N_i)$. Then, $CS$ checks whether $V_1^{*}\stackrel{?}{=}{V}_1$. If it holds, $CS$ retrieves $\left\{r_j\right\}$ in the database using $PSI{D}_j$ and sends $\{PSI{D}_j,r_j\}$ to the security interface of SGX. Then, SGX invokes the interface and uses $PSI{D}_j$ to match $k_s$, then it computes $Q{S}_j=h(PSI{D}_j\Vert k_s\Vert r_j)$. Then, SGX sends $\left\{Q{S}_j\right\}$ to $CS$ through the interface. Next, $CS$ computes $N_j=W_3\oplus h(SI{D}_j\Vert Q{S}_j)$, $V_2^{*}=h(PSI{D}_j\Vert V_1^{*}\Vert N_j\Vert Q{S}_j)$ and checks the correctness of $V_2^{*}\stackrel{?}{=}{V}_2$. If it holds, $CS$ authenticates the $S_j$. Otherwise, $CS$ rejects the session. Further, $CS$ selects a random number $N_{cs}$ and calculates $W_4=(N_i\Vert N_{cs})\oplus h(Q{S}_j\Vert N_j)$, $W_5=(N_j\Vert N_{cs})\oplus h(Q{U}_i\Vert N_i)$, $SK=h(N_i\Vert N_j\Vert N_{cs}),V_3=h(N_j\Vert Q{S}_j\Vert SK)$, and $V_4=h(N_i\Vert Q{U}_i\Vert SK)$. Finally, $CS$ generates the current timestamp $T_3$ and transmits the message $M_3=\{W_4,W_5,V_3,V_4,T_3\}$ to $S_j$ through the public channel.

(4)

Upon receiving the $M_3$, $S_j$ first checks the freshness of $T_3$. Then, $S_j$ computes $(N_i\Vert N_{cs})=W_4\oplus h(Q{S}_j\Vert N_j)$, $SK=h(N_i\Vert N_j\Vert N_{cs})$, and $V_3^{*}=h(N_j\Vert Q{S}_j\Vert SK)$. Then, $S_j$ checks $V_3^{*}\stackrel{?}{=}{V}_3$. If $V_3^{*}=V_3$, $S_j$ retrieves the current timestamp $T_4$ and sends the message $M_4=\{W_5,V_4,T_4\}$ to $U_i$.

(5)

When $U_i$ receives the $M_4$, it first verifies the freshness of $T_4$. Then, $U_i$ calculates $(N_j\Vert N_{cs})=W_5\oplus h(Q{U}_i\Vert N_i)$, $SK=h(N_i\Vert N_j\Vert N_{cs})$ and $V_4^{*}=h(N_i\Vert Q{U}_i\Vert SK)$. Finally, $U_i$ checks $V_4^{*}\stackrel{?}{=}{V}_4$. If it holds, $U_i$ authenticates the $S_j$, and the entire authentication process is achieved.

4. Security Analysis

4.1. Formal Security Analysis

In this section, we utilize the ROR model [45,46] to formally demonstrate the security of the proposed protocol. By playing different games, we can calculate the probability of an attacker ($\mathcal{A}$) breaking the protocol ($\mathcal{P}$) under various conditions.

Attacker model: We assumed that $\mathcal{A}$ has the following capabilities based on the well-known Dolev–Yao (DY) [47] and Canetti–Krawczyk (CK) [48] models:

(1)

$\mathcal{A}$ has the ability to eavesdrop, intercept, tamper with, and replay messages sent between entities over a public channel.

(2)

$\mathcal{A}$ can be a malicious insider in the $CS$ or $S_j$ and has access to the database’s information.

(3)

$\mathcal{A}$ can steal the user’s $SC$ and use power analysis [49] to extract information from the $SC$.

(4)

$\mathcal{A}$ can affect the protocol’s security by obtaining random numbers.

4.1.1. Security Model

The proposed protocol contains three entities, $U_i$, $S_j$, and $CS$. Here, we used ${\mathsf{\Pi }}_{U_i}^x$, ${\mathsf{\Pi }}_{S_j}^y$, and ${\mathsf{\Pi }}_{CS}^z$ to represent the x-th user instance, y-th cloud server instance, and z-th control server instance, respectively. Suppose $\mathcal{A}$ has the following query capabilities:

(1)

$Execute\left(\mathcal{Z}\right)$: $\mathcal{A}$ executing this query can intercept the messages $M_i$ transmitted over the public channel between $U_i$, $S_j$, and $CS$, where $\mathcal{Z}=\{{\mathsf{\Pi }}_{U_i}^x,{\mathsf{\Pi }}_{S_j}^y,{\mathsf{\Pi }}_{CS}^z\}$.

(2)

$Send(\mathcal{Z},M_i)$: When $\mathcal{A}$ executes the query, $\mathcal{A}$ sends an $M_i$ to $\mathcal{Z}$, then receives a response from the $\mathcal{Z}$.

(3)

$Hash\left(string\right)$: Through executing this query, $\mathcal{A}$ can obtain the hash value of the $string$ after the input $string$.

(4)

$Corrupt\left(\mathcal{Z}\right)$: $\mathcal{A}$ can obtain some private values by executing this query, such as the long-term private key, temporary value, and parameters in the $SC$.

(5)

$Test\left(\mathcal{Z}\right)$: When $\mathcal{A}$ performs this operation, he/she flips the coin c. If $c=0$, $\mathcal{A}$ can obtain a random value with the same length as $SK$. Otherwise, if $c=1$, $\mathcal{A}$ can obtain the correct $SK$.

Based on the attacker model and Section 4.1.1, the security of the proposed protocol is demonstrated using the theorem and proof below.

Theorem 1.

Within polynomial time complexity, the advantage that $\mathcal{A}$ can break $\mathcal{P}$ is $Ad{v}_{\mathcal{A}}^{\mathcal{P}}\left(\xi \right)\le q_{send}/2^{l-1}+3q_{hash}^2/2^l+2max\{C^{\prime }·q_{send}^{s^{\prime }},q_{send}/2^l\}$. Here, $q_{send}$ and $q_{hash}$ denote the number of hashes and queries executed, respectively. l represents the bit length of the biometric, and $C^{\prime }$ and $s^{\prime }$ are constants.

Proof. 

Seven rounds of games are played in the ROR model to verify the above theorem, denoted as $G{M}_0$–$G{M}_6$. Here, $Suc{c}_{\mathcal{A}}^{G{M}_i}\left(\xi \right)$ refers to the event in which $\mathcal{A}$ can win in $G{M}_i$. The process of $\mathcal{A}$ simulating the queries is described in detail in

Table 2. Simulation of the $Send, Execute, Hash, Corrupt$, and $Test$ queries.

Query	Description
$Send(\mathcal{Z},M_i)$	For a query $Send({\mathsf{\Pi }}_{U_i}^x$, start), suppose ${\mathsf{\Pi }}_{U_i}^x$ selects $N_i,SI{D}_j$, and $T_1$, and compute $W_1=N_i\oplus h(r_i\Vert Q{U}_i)$, $W_2=SI{D}_j\oplus h(N_i\Vert Q{U}_i)$, $V_1=h(PI{D}_i\Vert SI{D}_j\Vert Q{U}_i\Vert N_i)$ in a normal state. Then, the query returns the output $M_1=\{PI{D}_i,W_1,W_2,V_1,T_1\}$.
	On a query $Send({\mathsf{\Pi }}_{S_j}^y,(PI{D}_i,W_1,W_2,V_1,T_1))$, suppose ${\mathsf{\Pi }}_{S_j}^y$ is in a normal state and performs the following operations: computes $Q{S}_j$, and selects $N_j,T_2$; then, computes $W_3,V_2$. The query is answered by $M_2=\{PI{D}_i,PSI{D}_j,W_1,W_2,W_3,V_1,V_2,T_2\}$.
	On a query $Send({\mathsf{\Pi }}_{CS}^z,(PI{D}_i,PSI{D}_j,W_1,W_2,W_3,V_1,V_2,T_2))$, upon receiving the send query message ($PI{D}_i,PSI{D}_j,W_1,W_2,W_3,V_1,V_2,T_2$), ${\mathsf{\Pi }}_{CS}^z$ computes $Q{U}_i,N_i,SI{D}_j$ and checks $V_1$. If it is equal, then it computes $Q{S}_j,N_j$ and checks $V_2$. If it is equal, it generates $N_{cs},T_3$ and computes $W_4,W_5,SK,V_3,V_4$. Then, ${\mathsf{\Pi }}_{CS}^z$ returns the output $M_3=\{W_4,W_5,V_3,V_4,T_3\}$.
	For a query $Send({\mathsf{\Pi }}_{S_j}^y,(W_4,W_5,V_3,V_4,T_3))$, suppose ${\mathsf{\Pi }}_{S_j}^y$ computes $(N_i\Vert N_{cs})$, $SK$ and checks $V_3$ in a normal state. If $V_3$ holds, it selects $T_4$. Then, the query returns the output $M_4=\{W_5,V_4,T_4\}$.
	For a query $Send({\mathsf{\Pi }}_{U_i}^x,W_5,V_4,T_4$), upon receiving the send query message ($W_5,V_4,T_4$), ${\mathsf{\Pi }}_{U_i}^x$ computes $(N_j\Vert N_{cs})$, $SK$ and checks $V_4$. If $V_4$ is incorrect, the query process is terminated. Finally, ${\mathsf{\Pi }}_{U_i}^x$ accepts and terminates.
$Execute\left(\mathcal{Z}\right)$	We proceed with the send query for the $Execute\left(\mathcal{Z}\right)$ query as follows. $(PI{D}_i,W_1,W_2,V_1,T_1)$⟵$Send$(${\mathsf{\Pi }}_{U_i}^x$, start), ($PI{D}_i,PSI{D}_j,W_1,W_2,W_3,V_1,V_2,T_2$)⟵$Send$( ${\mathsf{\Pi }}_{S_j}^y,(PI{D}_i,W_1,W_2,V_1,T_1))$, $(W_4,W_5,V_3,V_4,T_3)$⟵$Send$(${\mathsf{\Pi }}_{CS}^z,(PI{D}_i,PSI{D}_j,W_1,$$W_2,W_3,V_1,V_2,T_2\left)\right)$, $(W_4,W_5,V_3,V_4,T_3)$⟵$Send$(${\mathsf{\Pi }}_{S_j}^y,(W_4,W_5,V_3,V_4,T_3))$. The query is answered with transcripts $(PI{D}_i,W_1,W_2,V_1,T_1)$,($PI{D}_i,PSI{D}_j,W_1,W_2,W_3,V_1,V_2,T_2$),$(W_4,W_5,V_3,V_4,T_3)$, and ($W_5,V_4,T_4$).
$Hash\left(string\right)$	For a $Hash\left(string\right)$ query, if the query is executed and a record ($string,s$) appears in the query, $s=hash\left(string\right)$ is returned. Otherwise, an element s is selected, and ($string,s$) is added to the list and returns s.
$Corrupt\left(\mathcal{Z}\right)$	For a $Corrupt\left({\mathsf{\Pi }}_{U_i}^x\right)$, if the $\left({\mathsf{\Pi }}_{U_i}^x\right)$ is accepted, executing the query returns the parameters $\{RU,SU,TU\}$ in $SC$.
$Test\left(\mathcal{Z}\right)$	The coin c is flipped; if $c=0$, return a random value with the same length as $SK$; otherwise, return the correct $SK$.

. The steps of the proof are as follows.

$G{M}_0$: $G{M}_0$ does not initiate query operations. Here, the game starts by flipping the coin c. Thus, the probability of $G{M}_0$ is

$$Ad{v}_{\mathcal{A}}^{\mathcal{P}}\left(\xi \right)=|2Pr\left[Suc{c}_{\mathcal{A}}^{G{M}_0}\left(\xi \right)\right]-1|.$$

(1)

$G{M}_1$: $G{M}_1$ adds the $Execute\left(\mathcal{Z}\right)$ operation. At this point, $\mathcal{A}$ intercepts messages $\{M_1,M_2,M_3,M_4\}$ transmitted over the public channel. Because the random numbers $N_i$, $N_j$, and $N_{cs}$ are not available, $\mathcal{A}$ using the $Test\left(\mathcal{Z}\right)$ query cannot calculate $SK$. Therefore, the probability of $G{M}_1$ does not change and is

$$Pr\left[Suc{c}_{\mathcal{A}}^{G{M}_1}\left(\xi \right)\right]=Pr\left[Suc{c}_{\mathcal{A}}^{G{M}_0}\left(\xi \right)\right].$$

(2)

$G{M}_2$: $G{M}_2$ adds the $Send\left(\mathcal{Z}\right)$ operation. $G{M}_2$ refers to Zipf’s law [50], and its probability is

$$|Pr\left[Suc{c}_{\mathcal{A}}^{G{M}_2}\left(\xi \right)\right]-Pr\left[Suc{c}_{\mathcal{A}}^{G{M}_1}\left(\xi \right)\right]|\le q_{send}/2^l.$$

(3)

$G{M}_3$: $G{M}_3$ introduces the $Hash\left(\mathcal{Z}\right)$ operation while decreasing the $Send\left(\mathcal{Z}\right)$ operation. Given the birthday paradox, it can be deduced that the probability of $G{M}_3$ is

$$|Pr\left[Suc{c}_{\mathcal{A}}^{G{M}_3}\left(\xi \right)\right]-Pr\left[Suc{c}_{\mathcal{A}}^{G{M}_2}\left(\xi \right)\right]|\le q_{hash}^2/2^{l+1}.$$

(4)

$G{M}_4$: In $G{M}_4$, we assumed that $\mathcal{A}$ uses ${\mathsf{\Pi }}_{U_i}^x$, ${\mathsf{\Pi }}_{S_j}^y$, or ${\mathsf{\Pi }}_{CS}^z$ to obtain a random number from the entities. Although $\mathcal{A}$ can obtain a random number $N_i$ chosen by $U_i$, the values of $N_j$ and $N_{cs}$ are unknown, and thus, $\mathcal{A}$ cannot calculate $SK$. Similarly, assume that $\mathcal{A}$ has access to $N_j$ or $N_{cs}$, and $SK$ is also not computed. Therefore, the probability of $G{M}_4$ is

$$|Pr\left[Suc{c}_{\mathcal{A}}^{G{M}_4}\left(\xi \right)\right]-Pr\left[Suc{c}_{\mathcal{A}}^{G{M}_3}\left(\xi \right)\right]|\le q_{hash}^2/2^{l+1}.$$

(5)

$G{M}_5$: In $G{M}_5$, suppose that $\mathcal{A}$ can obtain $\{RU,SU,TU\}$ in $SC$ by executing a $Corrupt\left(\mathcal{Z}\right)$ query. Subsequently, $\mathcal{A}$ utilizes these parameters to perform an offline password guessing attack to determine the user’s correct password. However, $\mathcal{A}$ cannot obtain $r_i$ and ${\sigma }_i$, and thus, $\mathcal{A}$ cannot guess $P{W}_i$. The probability that $\mathcal{A}$ guesses the biometric of l bits is $1/2^l$. Based on Zipf’s law [50], the probability of $\mathcal{A}$ guessing the correct $P{W}_i$ when $q_{send}\le {10}^6$ is greater than 1/2. Therefore, the probability of $G{M}_5$ is

$$|Pr\left[Suc{c}_{\mathcal{A}}^{G{M}_5}\left(\xi \right)\right]-Pr\left[Suc{c}_{\mathcal{A}}^{G{M}_4}\left(\xi \right)\right]|\le max\{C^{\prime }·q_{send}^{s^{\prime }},q_{send}/2^l\}$$

(6)

$G{M}_6$: $G{M}_6$ is designed to demonstrate that the proposed protocol can withstand impersonation attacks. Assuming that $\mathcal{A}$ can successfully obtain $SK$ by using the $h(N_i\Vert N_j\Vert N_{cs})$ query, the game terminates. Therefore, the probability of $G{M}_6$ is

$$|Pr\left[Suc{c}_{\mathcal{A}}^{G{M}_6}\left(\xi \right)\right]-Pr\left[Suc{c}_{\mathcal{A}}^{G{M}_5}\left(\xi \right)\right]|\le q_{hash}^2/2^{l+1}.$$

(7)

Both the success and failure probabilities for $G{M}_6$ are equal to 1/2. Consequently, the probability that $\mathcal{A}$ calculates $SK$ is

$$Pr\left[Suc{c}_{\mathcal{A}}^{G{M}_6}\left(\xi \right)\right]=1/2.$$

(8)

Given the probabilities of $G{M}_0$ to $G{M}_6$, we obtain

$$\begin{array}{cc}\hfill 1/2Ad{v}_{\mathcal{A}}^{\mathcal{P}}\left(\xi \right)& =\left|Pr\right[Suc{c}_{\mathcal{A}}^{G{M}_0}\left(\xi \right)]-1/2|\hfill \\ \hfill & =|Pr\left[Suc{c}_{\mathcal{A}}^{G{M}_0}\left(\xi \right)\right]-Pr\left[Suc{c}_{\mathcal{A}}^{G{M}_6}\left(\xi \right)\right]|\hfill \\ \hfill & =|Pr\left[Suc{c}_{\mathcal{A}}^{G{M}_1}\left(\xi \right)\right]-Pr\left[Suc{c}_{\mathcal{A}}^{G{M}_6}\left(\xi \right)\right]|\hfill \\ \hfill & \le \sum _{i=0}^5|Pr\left[Suc{c}_{\mathcal{A}}^{G{M}_{i+1}}\left(\xi \right)\right]-Pr\left[Suc{c}_{\mathcal{A}}^{G{M}_i}\left(\xi \right)\right]|\hfill \\ \hfill & =q_{send}/2^l+3q_{hash}^2/2^{l+1}+max\{C^{\prime }·q_{send}^{s^{\prime }},q_{send}/2^l\}\hfill \end{array}$$

(9)

Finally, we obtained the following:

$$Ad{v}_{\mathcal{A}}^{\mathcal{P}}\left(\xi \right)\le q_{send}/2^{l-1}+3q_{hash}^2/2^l+2max\{C^{\prime }·q_{send}^{s^{\prime }},q_{send}/2^l\}.$$

(10)

□

4.2. Informal Security Analysis

4.2.1. Replay Attacks

In our protocol, each message transmitted on a public channel contains timestamp $T_i$. Only within a valid timestamp can the receiver pass the check and continue with the subsequent computation. Here, take message $M_1=\{PI{D}_i,W_1,W_2,V_1,T_1\}$ as an example. Suppose $\mathcal{A}$ repeatedly sends $M_1$ to $S_j$. After receiving $M_1$, $S_j$ checks the validity of its timestamp by computing $|T_1-T_c|\le \Delta T$. Because $T_1$ in $M_1$ exceeds a limited time, $S_j$ terminates this session process. Therefore, the replay attacks were invalid for our proposed protocol.

4.2.2. Privileged Insider Attacks

Case 1: Suppose $\mathcal{A}$ can steal data $\{PI{D}_i,r_i\}$ and $\{PSI{D}_j,r_j\}$ from $CS$ and attempt to compute $N_i$ and $N_j$ using messages intercepted on the public channel, where $N_i=W_1\oplus h(r_i\Vert Q{U}_i)$ and $N_j=W_3\oplus h(SI{D}_j\Vert Q{S}_j)$. However, $\mathcal{A}$ cannot obtain the values $Q{U}_i$, $Q{S}_j$, and $SI{D}_j$, and thus, $N_i$ and $N_j$ cannot be calculated. $N_{cs}$ is a number randomly chosen by the $CS$ and is different in each session such that $\mathcal{A}$ does not obtain $N_{cs}$. Thus, $\mathcal{A}$ does not obtain session key $SK$, where $SK=h(N_i\Vert N_j\Vert N_{cs})$.

Case 2: Assume that $\mathcal{A}$ has access to the data $\{PI{D}_i,RS\}$ in $S_j$ and attempts to calculate the value $N_j$, where $N_j=W_3\oplus h(SI{D}_j\Vert Q{S}_j)$. However, $\mathcal{A}$ cannot obtain the values $Q{S}_j$ or $SI{D}_j$; thus, $\mathcal{A}$ cannot compute $N_j$. Similarly, $(N_i\Vert N_{cs})$ cannot be computed by $(N_i\Vert N_{cs})=W_5\oplus h(Q{S}_j\Vert N_j)$. Therefore, $\mathcal{A}$ cannot successfully calculate the $SK$.

An analysis of the above two cases leads to the conclusion that privileged insider attacks are not valid for our proposed protocol.

4.2.3. Man-in-the-Middle Attacks

We assumed that $\mathcal{A}$ can intercept the message $M_2=\{PI{D}_i,PSI{D}_j,W_1,W_2,W_3,V_1,V_2,$

$T_2\}$ sent from $S_j$ to $CS$ and attempt to modify the authentication values $V_1$ and $V_2$, where $V_1=h(PI{D}_i\Vert SI{D}_j\Vert Q{U}_i\Vert N_i)$ and $V_2=h(PSI{D}_j\Vert V_1\Vert N_j\Vert Q{S}_j)$. However, $\mathcal{A}$ cannot obtain the values $SI{D}_j,Q{U}_i,Q{S}_j,N_i,$ and $N_j$; $\mathcal{A}$ cannot calculate $V_1$ and $V_2$. Therefore, after the $CS$ receives the message sent by $\mathcal{A}$, it is not allowed to pass this authentication. Similarly, $\mathcal{A}$ eavesdrops the message $M_4=\{W_5,V_4,T_4\}$ sent from $S_j$ to $U_i$ and attempts to change the authentication value $V_3$, where $V_3=h(N_j\Vert Q{S}_j\Vert SK)$. Because $\mathcal{A}$ cannot obtain the value $N_j$ and cannot compute the $SK$, it cannot calculate the correct authentication value $V_3$. It can be observed that the request sent by $\mathcal{A}$ cannot be authenticated by $U_i$. Consequently, our protocol is immune to man-in-the-middle attacks.

4.2.4. User Impersonation Attacks

Suppose that $\mathcal{A}$ can intercept message $M_1=\{PI{D}_i,W_1,W_2,V_1,T_1\}$. If $\mathcal{A}$ imitates a legitimate $U_i$ to communicate with the $CS$, $\mathcal{A}$ must construct the correct authentication value $V_1$, where $V_1=h(PI{D}_i\Vert SI{D}_j\Vert Q{U}_i\Vert N_i)$. However, $\mathcal{A}$ cannot obtain $SI{D}_j$, $Q{U}_i$, and $N_i$; therefore, the correct authentication value $V_1$ cannot be calculated. Therefore, the message delivered by $\mathcal{A}$ cannot pass $CS$ authentication. The proposed protocol can withstand user impersonation attacks.

4.2.5. Cloud Sever Impersonation Attacks

Assume that $\mathcal{A}$ wants to impersonate a legitimate $S_j$ to establish communication with the $CS$. $\mathcal{A}$ must intercept the message $M_1=\{PI{D}_i,W_1,W_2,V_1,T_1\}$ on the public channel and construct the correct authentication value $V_2$, where $V_2=h(PSI{D}_j\Vert V_1\Vert N_j\Vert Q{S}_j)$. However, $\mathcal{A}$ cannot obtain the values $N_j$ and $Q{S}_j$ and cannot calculate the valid parameter $V_1$; thus, $\mathcal{A}$ cannot compute the correct $V_2$. Thus, the request sent by $\mathcal{A}$ cannot be authenticated by $CS$. Our protocol can resist cloud server impersonation attacks.

4.2.6. Anonymity and Untraceability

In our protocol, the real identities of $U_i$ and $S_j$ are hidden using random numbers and a hash function. Only pseudo-identities $PI{D}_i$ or $PSI{D}_j$ are used in the authentication process to ensure the anonymity of $U_i$ and $S_j$. In addition, attackers cannot trace $U_i$ or $S_j$ through an intercepted message because both entities use pseudo-identities when communicating with $CS$. Furthermore, the random number in the message was different for each session, ensuring that each entity was untraceable. Thus, the proposed protocol guarantees anonymity and untraceability.

4.3. ProVerif

ProVerif is a simulation tool proposed by Blanchet [51] for the automatic verification of encryption protocols. ProVerif can handle basic encryption operations based on the DY model [47], such as hashing, XOR, and fuzzy extraction. In this study, to demonstrate the security of our protocol, we simulated the entire registration and authentication procedure for $U_i$, $S_j$, and $CS$ using the ProVerif tool.

Figure 6 illustrates the ProVerif code symbols and operational definitions. Figure 7 shows the query operations and events. There are six events involved in the protocol, namely IoTDeviceStarted(), IoTDeviceAuthed(), ControlServerAcIoTDevice(), ControlServerAcCouldServer(), CouldServerAcControlServer(), and IoTDeviceAcControlServer(), which represent that $U_i$ begins the authentication process, $U_i$ completes the authentication, $CS$ completes the authentication of the $U_i$, $CS$ completes the authentication of the $S_j$, $S_j$ completes the authentication of the $CS$, and $U_i$ completes the authentication of the $CS$.

Figure 8 shows the $U_i$ execution process, $S_j$ execution process, and $CS$ verification process. Here, we take the process of $U_i$ as an example to explain. “out(sch,(PIDi))” is the statement that $U_i$ initiates registration to $CS$, and “in(sch,xQUi:bitstring,xri:bitstring))” represents that $U_i$ receives messages from the $CS$ during the registration phase, which means that the registration phase is over. “out(ch,(PIDi,W1,W2,V1,T1))” means $U_i$ sends a authentication request to the $CS$. “in(ch,(xW5:bitstring,xV4:bitstring,xT4:bitstring))” represents that $U_i$ receives messages from the $CS$. Finally, in Figure 9, we can observe that $\mathcal{A}$ cannot calculate $SK$ between $U_i$, $S_j$, and $CS$, which means that the proposed protocol is secure.

5. Security and Performance Comparisons

In this section, the security and performance of our proposed protocol are compared with that of existing protocols [13,23,24,40].

5.1. Security Comparisons

In this section, the security of our proposed protocol is compared with that of current protocols. √ indicates that the protocol can withstand an attack, whereas × indicates that the protocol cannot. The primary attacks include: S1, mutual authentication; S2, session key disclosure attacks; S3, forward secrecy; S4, user anonymity; S5, temporary value disclosure attacks; S6, impersonation attacks; S7, replay attacks; S8, offline password guessing attacks.

Table 3. Comparisons of security.

Attack Methods	Huang et al. [13]	Zhou et al. [23]	Martinez-Pelaez et al. [24]	Wu et al. [40]	Ours
S1	√	√	× [39]	√	√
S2	√	√	× [39]	√	√
S3	√	× [38]	√	√	√
S4	√	√	× [39]	√	√
S5	√	× [38]	√	√	√
S6	√	× [38]	× [39]	√	√
S7	√	√	× [39]	√	√

shows that Zhou et al.’s protocol [23] does not guarantee forward secrecy and is not resistant to temporary value disclosure attacks and impersonation attacks, and Martinez-Pelaez et al.’s protocol [24] does not guarantee mutual authentication and anonymity and is not resistant to session key disclosure attacks, impersonation attacks, and replay attacks. The protocols of Huang et al. [13] and Wu et al. [40] have the same security as our proposed protocol, which can resist known attacks.

5.2. Performance Comparisons

The performance comparison includes both the computational and communication costs. In comparing the computational cost, the cost of ⊕ and ‖ is too small to be negligible, and the hash function and fuzzy extractor both execute at the same time [52]; thus, we used the time to execute a hash function to represent the execution time of the fuzzy extractor. Wang et al. [53] showed that the runtime of the system using SGX increases by only 20 us, which shows that the computational volume of SGX is relatively low. Therefore, we ignored the computational cost of SGX in the computational cost comparison. In addition, we conducted simulation experiments to estimate the computational cost of the protocols. Here, we used an MI 8 to simulate $U_i$, a Lenovo desktop computer to simulate $S_j$, and a Lenovo laptop to simulate $CS$. The phone used a packaged algorithmic time application, and the computer development software was IntelliJ idea version 2020.3. The equipment configuration and operation runtime are listed in

Table 4. The configuration of the equipment and operation times.

	MI 8	Lenovo Desktop Computer	Lenovo Laptop
Operating System	Android system	Windows 10	Windows 10
CPU	Qualcomm Snapdragon 845	Intel(R) Core(TM) i5-9500 CPU @ 3.00 GHz	Intel(R) Core(TM) i7-6700HQ CPU @ 2.60 GHz
Running memory	6 GB	16 GB	8 GB
Symmetric key encryption/decryption	0.2554 ms	0.1385 ms	0.1874 ms
Hash function	0.0045 ms	0.0026 ms	0.0035 ms

, in which the execution time is obtained by running 10 times and averaging. Here, we compared only the protocol’s login and key agreement phases. As can be observed from

Table 5. Computational cost comparison.

Protocols	${\mathit{U}}_{\mathit{i}}$ (ms)	${\mathit{S}}_{\mathit{j}}$ (ms)	$\mathbf{CS}$ (ms)	Total (ms)
Huang et al. [13]	$8T_h$ ≈ 0.036	$4T_h$ ≈ 0.010	$10T_h$ ≈ 0.035	0.081
Zhou et al. [23]	$10T_h$ ≈ 0.045	$7T_h$ ≈ 0.018	$19T_h$ ≈ 0.067	0.130
Martinez-Pelaez et al. [24]	$3T_s+7T_h$ ≈ 0.798	$3T_s+6T_h$ ≈ 0.431	$2T_s+26T_h$ ≈ 0.466	1.695
Wu et al. [40]	$12T_h$ ≈ 0.054	$8T_h$ ≈ 0.021	$19T_h$ ≈ 0.067	0.142
Ours	$T_f+10T_h$ ≈ 0.049	$6T_h$ ≈ 0.016	$12T_h$ ≈ 0.042	0.107

Here, $T_s$ denotes the symmetric key encryption/decryption operation’s execution time, $T_f$ denotes the fuzzy extraction function’s execution time, and $T_h$ denotes the hash operation’s execution time.

and Figure 10, since Martinez-Pelaez et al. [24] used symmetric key encryption/decryption in their protocol, the computational cost of their protocol was the highest among all protocols. In addition, the computational cost of our protocol was slightly higher than that of Huang et al.’s protocol [13], but our protocol had a lower computational cost compared to Zhou et al. [23] and Wu et al. [40].

In comparing the communication costs, we assumed that the length of identity $\left|ID\right|$, timestamp $\left|T\right|$, one-way hash function $\left|H\right|$, random number $|Z_p^{*}|$, and symmetric key encryption/decryption $\left|E\right|$ were 160, 32, 256, 128, and 256 bits, respectively. In our proposed protocol, the messages transmitted on the public channel included $M_1=\{PI{D}_i,W_1,W_2,V_1,T_1\}$, $M_2=\{PI{D}_i,PSI{D}_j,W_1,W_2,W_3,V_1,V_2,T_2\},M_3=\{W_4,W_5,V_3,V_4,T_3\}$, and $M_4=\{W_5,V_4,T_4\}$. Thus, it can be calculated that the communication cost of our protocol is 8$|Z_p^{*}|$ + 4$\left|T\right|$ + 3$\left|ID\right|$ + 6$\left|H\right|$ = 3168 bits; the communication costs of Huang et al.’s protocol [13] is 6$|Z_p^{*}|$ + 3$\left|T\right|$ + 3$\left|ID\right|$ + 8$\left|H\right|$ = 3392 bits; Zhou et al.’s protocol [23] is 15$|Z_p^{*}|$ + 3$\left|ID\right|$ + 6$\left|H\right|$ = 3936 bits; Martinez-Pelaez et al.’s protocol [24] is 14$|Z_p^{*}|$ + 3$\left|T\right|$ + 3$\left|ID\right|$ + 6$\left|E\right|$ + $\left|H\right|$ = 4160 bits; Wu et al.’s protocol [40] is 15$|Z_p^{*}|$ + 3$\left|ID\right|$ + 7$\left|H\right|$ = 4192 bits.

Table 6. Communication cost comparison.

Protocols	Rounds	Communication Cost
Huang et al. [13]	4	3392 bits $(+7.07\%)$
Zhou et al. [23]	4	3936 bits $(+24.24\%)$
Martinez-Pelaez et al. [24]	6	4160 bits $(+31.31\%)$
Wu et al. [40]	5	4192 bits $(+32.32\%)$
Ours	4	3168 bits

shows that the communication cost of our protocol was lower than that of the protocols of Huang et al. [13], Zhou et al. [23], Martinez-Pelaez et al. [24], and Wu et al. [40]. Figure 11 shows visually the communication costs per protocol.

According to the above comparison results, it can be conclude that there are some vulnerabilities to attacks in the protocols of Zhou et al. [23] and Martinez-Pelaez et al. [24], while other protocols have the same security as our proposed protocol, which can resist known attacks. Although the computational cost of our proposed protocol was slightly higher than that of Huang et al. [13] by 0.026 ms, the communication cost was lower than that of Huang et al. [13] by 224 bits $(7.07\%)$.

6. Conclusions

In this paper, we first described the necessity of combining the IoT with cloud computing. Simultaneously, we reviewed some AKA protocols designed in the IoT-enabled cloud computing environments and found that there are still some security problems. To address those problems, we proposed an SGX-based lightweight AKA protocol for IoT-enabled cloud computing. Our goal was to ensure data privacy and sustainable communication between the entities. In addition, the security of the proposed protocol was examined using the ROR model, the ProVerif tool, and informal security analysis. According to the comparison of the results of the security and performance, our proposed protocol can ensure sufficient security and reduce the communication cost by $7.07\%$ compared with the best one among the current protocols. The limitation is that the computational cost is slightly higher, but it is acceptable in practical application. Therefore, we will continue to enhance the security and performance of protocols in the IoT-enabled cloud computing environments in future work.