Authors: Ting-Fang Cheng; Ying-Chin Chen; Zhu-Dao Song; Ngoc-Tu Huynh; Jung-San Lee
Addresses: Twain-CA Incorporation, 10F., No.85, Yanping S. Rd., Zhongzheng Dist., Taipei City 100, Taiwan ' Department of Information Engineering and Computer Science, Feng-Chia University, Taichung, 40724, Taiwan ' Department of Information Engineering and Computer Science, Feng-Chia University, Taichung, 40724, Taiwan ' Faculty of Information Technology, Ton Duc Thang University, Ho Chi Minh City, Vietnam ' Department of Information Engineering and Computer Science, Feng-Chia University, Taichung, 40724, Taiwan
Abstract: The internet of things (IoT) has brought the properties of convenience, intelligence, and manageability into our daily lives. Nevertheless, it also gives malicious attackers lots of opportunity to compromise our private information. Hence, the security issue over IoT has become an emergent and crucial research topic. Kalra and Sood (2015) proposed an authentication scheme for IoT device and cloud server. Unfortunately, Chang et al. (2017) have pointed out the weaknesses of Kalra and Sood's scheme and provided proper improvements. However, we have found that the improved version still exist potential risks. Thus, we aim to develop a brand-new ECC-based authentication mechanism for offering a secure session between an IoT device and a cloud server. In particular, the new method is proved secure under the examination of AVISPA, which is a formal verification tool.
Keywords: internet of things; IoT; wireless authentication; smart house; healthcare.
International Journal of Information and Computer Security, 2021 Vol.15 No.1, pp.67 - 87
Received: 18 Jan 2018
Accepted: 01 May 2018
Published online: 01 Jun 2021 *