A Trusted Internet of Things Access Scheme for Cloud Edge Collaboration
Abstract
:1. Introduction
- (1)
- This article proposes a scheme based on two factor security authentication and key negotiation. By applying chaotic mapping technology, this scheme can securely protect communication between devices, cloud servers, and edge devices at lower computational and communication costs. This scheme protects the transmission of confidential messages and improves communication security by negotiating session keys.
- (2)
- To ensure security, this article adopts the BAN logic reduction method and the Scyther verification tool. After security verification, the results show that the protocol exhibits a high level of security. Through security analysis and performance comparison, the experimental results demonstrate that the scheme achieves enhanced security strength while simultaneously improving the efficiency of authentication.
2. Related Work
3. Preliminaries
3.1. System Model
3.2. Threat Model
- (1)
- Confidentiality: Communication between entities in the system should be protected, even if external attackers eavesdrop on the channel to obtain messages, they cannot recover the information in the ciphertext.
- (2)
- Privacy protection: User privacy data should be protected, and other entities in the system cannot access user privacy data,
- (3)
- Integrity: For all messages sent in the system, the receiver can verify whether the sender of the message is a legitimate user and can detect whether the message has been maliciously tampered with and replaced.
3.3. Cloud Edge Collaboration
3.4. Chebyshev Chaotic Mapping
- (1)
- Discrete Logarithmic Problem (DLP): Given the parameters x and y, it is difficult to find a positive integer n that satisfies .
- (2)
- Computational Diffie-Hellman Problem (CDHP): Given the parameters and , it is difficult to calculate .
4. Proposed Protocol
4.1. Initialization
4.2. Register
- IoT device registration
- (1)
- IoT device first selects a random number , then inputs the identity identifier , calculates , and sends the calculation result {} to the cloud server CSC through a secure channel.
- (2)
- After receiving {}, CSC in the cloud server center selects the random number and identity , calculates , , and initializes Count to 0. CSC stores {} in the registry and issues a smart card . CSC stores {} in and finally sends to
- (3)
- After receiving the smart card , inputs the password calculates , and then updates the information {} to the smart card .
- Edge Server Registration
- (1)
- The edge server selects a random number , calculates , and sends it to CSC.
- (2)
- After receiving {}, CSC selects the random number to calculate and , and returns them to . Finally, CSC stores {, }.
- (3)
- After receiving {, }, calculates and stores {, }.
4.3. Authentication and Key Negotiation
- (1)
- can be inserted into smart card , input identity and password , calculate , and then determine whether is equal to . This can determine whether the identity and password of are correct. If = is true, login is successful. Therefore, two-factor authentication ensures the user’s secure login. chooses randomly and the current timestamp , uses chaotic mapping to calculate , , , , and finally sends {} to the edge server .
- (2)
- When receives {} from , checks . If not established, will immediately terminate communication. If it is true, chooses randomly and , then uses chaotic mapping to calculate , , , , and finally sends {} to the cloud server CSC.
- (3)
- When CSC receives the message {} sent by , it checks . If not established, CSC will immediately stop communication. If it is true, CSC uses chaotic mapping to calculate , , and then determines whether and are true. If the above equation results are judged to be unequal, CSC will immediately terminate communication. If the above equations are equal, CSC selects the random number and timestamp , then calculates , session key , , and finally updates the counter Count = Count + 1 in the CSC storage table while sending {} to the edge server .
- (4)
- When receives the message {} returned by CSC, it first checks whether meets the requirements. Then uses chaotic mapping to calculate , session key , , and determines whether is equal to . If equal, verifies the identity of CSC and the session key is equal. Then returns {} to .
- (5)
- When receives messages {} sent by , it first checks . If is within the time threshold range, uses chaotic mapping to calculate , session key and determines whether is equal to . If they are not equal, immediately terminates communication. If they are the same, believes that and CSC are true and that the session key is equal, and then can communicate with CSC and through the session key.
4.4. Password Modification
5. Security Evaluation
5.1. Security Proof
- (1)
- Protocol idealization
- (2)
- Protocol goal
- (3)
- Initial hypothesis
- (4)
- Proof of protocolAccording to , it gets:From and message meaning rule, we get:According to , and the random number validation rule, we obtain:According to , and the arbitration rules, we get:According to , it gets:From and message meaning rule, we get:According to , and the random number validation rule, we obtain:According to , and the arbitration rules, we get:According to , it gets:From and message meaning rule, we get:According to , and the random number validation rule, we obtain:According to , and the arbitration rules, we get:According to , we getAccording to , , and the arbitration rules, we get:According to , it gets:From and message meaning rule, we can get:According to , and the random number validation rule, we obtain:According to , and the arbitration rules, we get:According to , , we get:According to , and the arbitration rules, we get:
5.2. Scyther Verification
5.3. Security Analysis
- (1)
- Mutual authentication
- (2)
- Anonymity
- (3)
- Unlinkability
- (4)
- Replay attack
- (5)
- Man in the middle attack
- (6)
- Impersonation attack
- (7)
- Password guessing attacks
- (8)
- Verification Table Loss Attack
- (9)
- Privileged internal attack
- (10)
- IoT device compromise
- (11)
- Forward security
5.4. Security Comparison
6. Performance Analysis
6.1. Computation Overhead
6.2. Communication Overhead
7. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Saqib, M.; Moon, A.H. A systematic security assessment and review of internet of things in the context of authentication. Comput. Secur. 2023, 125, 103053. [Google Scholar] [CrossRef]
- Miao, J.; Huang, Y.; Wang, Z.; Wu, Z.; Lv, J. Image recognition of traditional Chinese medicine based on deep learning. Front. Bioeng. Biotechnol. 2023, 11, 1199803. [Google Scholar] [CrossRef]
- Sheik, S.A.; Muniyandi, A.P. Secure authentication schemes in cloud computing with glimpse of artificial neural networks: A review. Cyber Secur. Appl. 2023, 1, 100002. [Google Scholar] [CrossRef]
- Li, X.; Chen, T.; Cheng, Q.; Ma, S.; Ma, J. Smart applications in edge computing: Overview on authentication and data security. IEEE Internet Things J. 2020, 8, 4063–4080. [Google Scholar] [CrossRef]
- Shahidinejad, A.; Ghobaei-Arani, M.; Souri, A.; Shojafar, M.; Kumari, S. Light-edge: A lightweight authentication protocol for IoT devices in an edge-cloud environment. IEEE Consum. Electron. Mag. 2021, 11, 57–63. [Google Scholar] [CrossRef]
- Mei, Q.; Xiong, H.; Chen, Y.C.; Chen, C.M. Blockchain-enabled privacy-preserving authentication mechanism for transportation cps with cloud-edge computing. IEEE Trans. Eng. Manag. 2022. [Google Scholar] [CrossRef]
- Souri, A.; Zhao, Y.; Gao, M.; Mohammadian, A.; Shen, J.; Al-Masri, E. A trust-aware and authentication-based collaborative method for resource management of cloud-edge computing in social internet of things. IEEE Trans. Comput. Soc. Syst. 2023. [Google Scholar] [CrossRef]
- Miao, J.; Wang, Z.; Miao, X.; Xing, L. A secure and efficient lightweight vehicle group authentication protocol in 5G networks. Wirel. Commun. Mob. Comput. 2021, 2021, 4079092. [Google Scholar] [CrossRef]
- Babu, E.S.; Barthwal, A.; Kaluri, R. Sec-edge: Trusted blockchain system for enabling the identification and authentication of edge based 5G networks. Comput. Commun. 2023, 199, 10–29. [Google Scholar] [CrossRef]
- Xu, Y.; Zhou, Y.; Yang, B.; Qiao, Z.; Wang, Z.; Xia, Z.; Zhang, M. An Efficient Identity Authentication Scheme with Provable Security and Anonymity for Mobile Edge Computing. IEEE Syst. J. 2022, 17, 1012–1023. [Google Scholar] [CrossRef]
- Miao, J.; Wang, Z.; Xue, X.; Wang, M.; Lv, J.; Li, M. Lightweight and Secure D2D Group Communication for Wireless IoT. Front. Phys. 2023, 11, 433. [Google Scholar] [CrossRef]
- Jiang, X.; Dou, R.; He, Q.; Zhang, X.; Dou, W. EdgeAuth: An intelligent token-based collaborative authentication scheme. Softw. Pract. Exp. 2023. [Google Scholar] [CrossRef]
- Song, W.; Liu, M.; Baker, T.; Zhang, Q.; Tan, Y.A. A group key exchange and secure data sharing based on privacy protection for federated learning in edge-cloud collaborative computing environment. Int. J. Netw. Manag. 2023, 33, e2225. [Google Scholar] [CrossRef]
- Miao, J.; Wang, Z.; Wu, Z.; Ning, X.; Tiwari, P. A blockchain-enabled privacy-preserving authentication management protocol for Internet of Medical Things. Expert Syst. Appl. 2024, 237, 121329. [Google Scholar] [CrossRef]
- Amin, R.; Kumar, N.; Biswas, G.P.; Iqbal, R.; Chang, V. A light weight authentication protocol for IoT-enabled devices in distributed Cloud Computing environment. Future Gener. Comput. Syst. 2018, 78, 1005–1019. [Google Scholar] [CrossRef]
- Wazid, M.; Bagga, P.; Das, A.K.; Shetty, S.; Rodrigues, J.J.; Park, Y. AKM-IoV: Authenticated key management protocol in fog computing-based Internet of vehicles deployment. IEEE Internet Things J. 2019, 6, 8804–8817. [Google Scholar] [CrossRef]
- Wu, T.Y.; Guo, X.; Yang, L.; Meng, Q.; Chen, C.M. A Lightweight Authenticated Key Agreement Protocol Using Fog Nodes in Social Internet of Vehicles. Mob. Inf. Syst. 2021, 2021, 3277113. [Google Scholar] [CrossRef]
- Ma, M.; He, D.; Wang, H.; Kumar, N.; Choo, K.K.R. An efficient and provably secure authenticated key agreement protocol for fog-based vehicular ad-hoc networks. IEEE Internet Things J. 2019, 6, 8065–8075. [Google Scholar] [CrossRef]
- Eftekhari, S.A.; Nikooghadam, M.; Rafighi, M. Security enhanced three-party pairwise secret key agreement protocol for fog-based vehicular ad-hoc communications. Veh. Commun. 2021, 28, 100306. [Google Scholar] [CrossRef]
- Jia, X.; He, D.; Kumar, N.; Choo, K.K.R. Authenticated key agreement scheme for fog-driven IoT healthcare system. Wirel. Netw. 2019, 25, 4737–4750. [Google Scholar] [CrossRef]
- Thantharate, P.; Anurag, T. CYBRIA-Pioneering Federated Learning for Privacy-Aware Cybersecurity with Brilliance. In Proceedings of the 2023 IEEE 20th International Conference on Smart Communities: Improving Quality of Life using AI, Robotics and IoT (HONET), Boca Raton, FL, USA, 4–6 December 2023; pp. 56–61. [Google Scholar]
- Zhang, J.; Li, T.; Ying, Z.; Ma, J. Trust-Based Secure Multi-Cloud Collaboration Framework in Cloud-Fog-Assisted IoT. IEEE Trans. Cloud Comput. 2023, 11, 1546–1561. [Google Scholar] [CrossRef]
- Jiang, Q.; Zhang, N.; Ni, J.; Ma, J.; Ma, X.; Choo, K.K.R. Unified biometric privacy preserving three-factor authentication and key agreement for cloud-assisted autonomous vehicles. IEEE Trans. Veh. Technol. 2020, 69, 9390–9401. [Google Scholar] [CrossRef]
- Wang, C.; Wang, D.; Duan, Y.; Tao, X. Secure and Lightweight User Authentication Scheme for Cloud-Assisted Internet of Things. IEEE Trans. Inf. Forensics Secur. 2023, 18, 2961–2976. [Google Scholar] [CrossRef]
- Kaur, K.; Garg, S.; Kaddoum, G.; Guizani, M.; Jayakody, D.N.K. A lightweight and privacy-preserving authentication protocol for mobile edge computing. In Proceedings of the 2019 IEEE Global Communications Conference (GLOBE-COM), Waikoloa, HI, USA, 9–13 December 2019; pp. 1–6. [Google Scholar] [CrossRef]
- Hou, Y.; Garg, S.; Hui, L.; Jayakody, D.N.K.; Jin, R.; Hossain, M.S. A data security enhanced access control mechanism in mobile edge computing. IEEE Access 2020, 8, 136119–136130. [Google Scholar] [CrossRef]
- Lee, J.; Kim, D.; Park, J.; Park, H. A multi-server authentication protocol achieving privacy protection and traceability for 5g mobile edge computing. In Proceedings of the 2021 IEEE International Conference on Consumer Electronics (ICCE), Las Vegas, NV, USA, 10–12 January 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 1–4. [Google Scholar]
- Sun, H.; Tan, Y.A.; Li, C.; Lei, L.; Zhang, Q.; Hu, J. An edge-cloud collaborative cross-domain identity-based authentication protocol with privacy protection. Chin. J. Electron. 2022, 31, 721–731. [Google Scholar] [CrossRef]
- Challa, S.; Wazid, M.; Das, A.K.; Kumar, N.; Reddy, A.G.; Yoon, E.J.; Yoo, K.Y. Secure signature-based authenticated key establishment scheme for future IoT applications. IEEE Access 2017, 5, 3028–3043. [Google Scholar] [CrossRef]
- Jia, X.; He, D.; Li, L.; Choo, K.K.R. Signature-based three-factor authenticated key exchange for internet of things applications. Multimed. Tools Appl. 2018, 77, 18355–18382. [Google Scholar] [CrossRef]
- Wazid, M.; Das, A.K.; Odelu, V.; Kumar, N.; Conti, M.; Jo, M. Design of secure user authenticated key management protocol for generic IoT networks. IEEE Internet Things J. 2017, 5, 269–282. [Google Scholar] [CrossRef]
- Banerjee, S.; Odelu, V.; Das, A.K.; Srinivas, J.; Kumar, N.; Chattopadhyay, S.; Choo, K.K.R. A provably secure and lightweight anonymous user authenticated session key exchange scheme for Internet of Things deployment. IEEE Internet Things J. 2019, 6, 8739–8752. [Google Scholar] [CrossRef]
- Kumar, D.; Jain, S.; Khan, A.; Pathak, P.S. An improved lightweight anonymous user authenticated session key exchange scheme for Internet of Things. J. Ambient. Intell. Humaniz. Comput. 2020, 14, 5067–5083. [Google Scholar] [CrossRef]
- Sadhukhan, D.; Ray, S.; Biswas, G.P.; Khan, M.K.; Dasgupta, M. A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography. J. Supercomput. 2021, 77, 1114–1151. [Google Scholar] [CrossRef]
- Liu, Z.; Guo, C.; Wang, B. A physically secure, lightweight three-factor and anonymous user authentication protocol for IoT. IEEE Access 2020, 8, 195914–195928. [Google Scholar] [CrossRef]
- Miao, J.; Wang, Z.; Ning, X.; Xiao, N.; Cai, W.; Liu, R. Practical and secure multifactor authentication protocol for autonomous vehicles in 5G. Softw. Pract. Exp. 2022. [Google Scholar] [CrossRef]
- He, D.; Wang, D. Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst. J. 2014, 9, 816–823. [Google Scholar] [CrossRef]
- Fang, H.; Xiao, Z.; Wang, X.; Xu, L.; Hanzo, L. Collaborative Authentication for 6G Networks: An Edge Intelligence Based Autonomous Approach. IEEE Trans. Inf. Forensics Secur. 2023, 18, 2091–2103. [Google Scholar] [CrossRef]
- Zhang, L. Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos Solitons Fractals 2008, 37, 669–674. [Google Scholar] [CrossRef]
- Zhao, X.; Li, D.; Li, H. Practical Three-Factor Authentication Protocol Based on Elliptic Curve Cryptography for Industrial Internet of Things. Sensors 2022, 22, 7510. [Google Scholar] [CrossRef]
- Xu, H.; Hsu, C.; Harn, L.; Cui, J.; Zhao, Z.; Zhang, Z. Three-factor anonymous authentication and key agreement based on fuzzy biological extraction for Industrial Internet of Things. IEEE Trans. Serv. Comput. 2023, 16, 3000–3013. [Google Scholar] [CrossRef]
Feature | [23] | [40] | [18] | [29] | [37] | [24] | [41] | Our |
---|---|---|---|---|---|---|---|---|
Mutual authentication | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Anonymity | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Unlinkability | ✘ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Replay attack | ✓ | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✓ |
Man in the middle attack | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Counterfeit attack | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Session key negotiation | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Resist offline dictionary attack | ✘ | ✘ | ✘ | ✘ | ✘ | ✘ | ✘ | ✓ |
Message integrity | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Verification Table Loss Attack | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
IoT device compromise | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Privileged internal attack | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Forward security | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Entity | CSC | ||
---|---|---|---|
Platform | Smart phone | Laptop | Desktop |
Processor | Hisilicon Kirin 980 | Intel Core i7 processor | Intel Core i7 processor |
Memory | 4 GB | 16 GB | 32 GB |
Operating system | Android 11 | Windows 10 | Windows 10 |
Operation | CSC | ||
---|---|---|---|
0.93 | 0.62 | 0.54 | |
0.85 | 0.51 | 0.46 | |
2.16 | 1.75 | 1.32 | |
2.16 | 1.75 | 1.32 | |
0.0098 | 0.0062 | 0.0031 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Zhu, W.; Zhou, C.; Jiang, L. A Trusted Internet of Things Access Scheme for Cloud Edge Collaboration. Electronics 2024, 13, 1026. https://doi.org/10.3390/electronics13061026
Zhu W, Zhou C, Jiang L. A Trusted Internet of Things Access Scheme for Cloud Edge Collaboration. Electronics. 2024; 13(6):1026. https://doi.org/10.3390/electronics13061026
Chicago/Turabian StyleZhu, Wenlong, Changli Zhou, and Linmei Jiang. 2024. "A Trusted Internet of Things Access Scheme for Cloud Edge Collaboration" Electronics 13, no. 6: 1026. https://doi.org/10.3390/electronics13061026
APA StyleZhu, W., Zhou, C., & Jiang, L. (2024). A Trusted Internet of Things Access Scheme for Cloud Edge Collaboration. Electronics, 13(6), 1026. https://doi.org/10.3390/electronics13061026