Title: Secure session between an IoT device and a cloud server based on elliptic curve cryptosystem

Authors: Ting-Fang Cheng; Ying-Chin Chen; Zhu-Dao Song; Ngoc-Tu Huynh; Jung-San Lee

Addresses: Twain-CA Incorporation, 10F., No.85, Yanping S. Rd., Zhongzheng Dist., Taipei City 100, Taiwan ' Department of Information Engineering and Computer Science, Feng-Chia University, Taichung, 40724, Taiwan ' Department of Information Engineering and Computer Science, Feng-Chia University, Taichung, 40724, Taiwan ' Faculty of Information Technology, Ton Duc Thang University, Ho Chi Minh City, Vietnam ' Department of Information Engineering and Computer Science, Feng-Chia University, Taichung, 40724, Taiwan

Abstract: The internet of things (IoT) has brought the properties of convenience, intelligence, and manageability into our daily lives. Nevertheless, it also gives malicious attackers lots of opportunity to compromise our private information. Hence, the security issue over IoT has become an emergent and crucial research topic. Kalra and Sood (2015) proposed an authentication scheme for IoT device and cloud server. Unfortunately, Chang et al. (2017) have pointed out the weaknesses of Kalra and Sood's scheme and provided proper improvements. However, we have found that the improved version still exist potential risks. Thus, we aim to develop a brand-new ECC-based authentication mechanism for offering a secure session between an IoT device and a cloud server. In particular, the new method is proved secure under the examination of AVISPA, which is a formal verification tool.

Keywords: internet of things; IoT; wireless authentication; smart house; healthcare.

DOI: 10.1504/IJICS.2021.115348

International Journal of Information and Computer Security, 2021 Vol.15 No.1, pp.67 - 87

Received: 18 Jan 2018
Accepted: 01 May 2018
Published online: 01 Jun 2021 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article