A Secure Three-Factor Anonymous User Authentication Scheme for Internet of Things Environments
Internet of Things (IoT) is composed of various kinds of devices such as cars, electrical appliances, machines and sensors. With IoT technologies, devices can exchange information through the network, people are allowed to get information collected by devices without interacting with them, and autom...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2021-06-01
|
| Series: | Symmetry |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2073-8994/13/7/1121 |
| id |
doaj-396678e0a65e462b947243a6ffb16c95 |
|---|---|
| record_format |
Article |
| spelling |
doaj-396678e0a65e462b947243a6ffb16c952021-07-23T14:08:57ZengMDPI AGSymmetry2073-89942021-06-01131121112110.3390/sym13071121A Secure Three-Factor Anonymous User Authentication Scheme for Internet of Things EnvironmentsYa-Fen Chang0Wei-Liang Tai1Po-Lin Hou2Kuan-Yu Lai3Department of Computer Science and Information Engineering, National Taichung University of Science and Technology, Taichung 40401, TaiwanDepartment of Information Communications, Chinese Culture University, Taipei 11114, TaiwanDepartment of Computer Science and Information Engineering, National Taichung University of Science and Technology, Taichung 40401, TaiwanDepartment of Computer Science and Information Engineering, National Taichung University of Science and Technology, Taichung 40401, TaiwanInternet of Things (IoT) is composed of various kinds of devices such as cars, electrical appliances, machines and sensors. With IoT technologies, devices can exchange information through the network, people are allowed to get information collected by devices without interacting with them, and automatic operations for devices are realized. Because of the variety of IoT devices, some of them possess limited computational capability. On the other hand, data transmission in IoT networks is usually through a public channel. To ensure efficiency and security for IoT environments, Lee et al. proposed a three-factor authentication scheme with hash function and XOR operation. They claimed their scheme possessed superior properties and could resist common attacks. After analyzing their scheme, we find that their scheme is vulnerable to five flaws. In this paper, how these found flaws threaten Lee et al.’s scheme is shown in detail. Then, we propose an improvement to overcome the found flaws and preserve the advantages by employing ECC.https://www.mdpi.com/2073-8994/13/7/1121Internet of Things (IoT)authenticationreplay attackdenial-of-service attackuser untraceabilityelliptic curve cryptography (ECC) |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Ya-Fen Chang Wei-Liang Tai Po-Lin Hou Kuan-Yu Lai |
| spellingShingle |
Ya-Fen Chang Wei-Liang Tai Po-Lin Hou Kuan-Yu Lai A Secure Three-Factor Anonymous User Authentication Scheme for Internet of Things Environments Symmetry Internet of Things (IoT) authentication replay attack denial-of-service attack user untraceability elliptic curve cryptography (ECC) |
| author_facet |
Ya-Fen Chang Wei-Liang Tai Po-Lin Hou Kuan-Yu Lai |
| author_sort |
Ya-Fen Chang |
| title |
A Secure Three-Factor Anonymous User Authentication Scheme for Internet of Things Environments |
| title_short |
A Secure Three-Factor Anonymous User Authentication Scheme for Internet of Things Environments |
| title_full |
A Secure Three-Factor Anonymous User Authentication Scheme for Internet of Things Environments |
| title_fullStr |
A Secure Three-Factor Anonymous User Authentication Scheme for Internet of Things Environments |
| title_full_unstemmed |
A Secure Three-Factor Anonymous User Authentication Scheme for Internet of Things Environments |
| title_sort |
secure three-factor anonymous user authentication scheme for internet of things environments |
| publisher |
MDPI AG |
| series |
Symmetry |
| issn |
2073-8994 |
| publishDate |
2021-06-01 |
| description |
Internet of Things (IoT) is composed of various kinds of devices such as cars, electrical appliances, machines and sensors. With IoT technologies, devices can exchange information through the network, people are allowed to get information collected by devices without interacting with them, and automatic operations for devices are realized. Because of the variety of IoT devices, some of them possess limited computational capability. On the other hand, data transmission in IoT networks is usually through a public channel. To ensure efficiency and security for IoT environments, Lee et al. proposed a three-factor authentication scheme with hash function and XOR operation. They claimed their scheme possessed superior properties and could resist common attacks. After analyzing their scheme, we find that their scheme is vulnerable to five flaws. In this paper, how these found flaws threaten Lee et al.’s scheme is shown in detail. Then, we propose an improvement to overcome the found flaws and preserve the advantages by employing ECC. |
| topic |
Internet of Things (IoT) authentication replay attack denial-of-service attack user untraceability elliptic curve cryptography (ECC) |
| url |
https://www.mdpi.com/2073-8994/13/7/1121 |
| work_keys_str_mv |
AT yafenchang asecurethreefactoranonymoususerauthenticationschemeforinternetofthingsenvironments AT weiliangtai asecurethreefactoranonymoususerauthenticationschemeforinternetofthingsenvironments AT polinhou asecurethreefactoranonymoususerauthenticationschemeforinternetofthingsenvironments AT kuanyulai asecurethreefactoranonymoususerauthenticationschemeforinternetofthingsenvironments AT yafenchang securethreefactoranonymoususerauthenticationschemeforinternetofthingsenvironments AT weiliangtai securethreefactoranonymoususerauthenticationschemeforinternetofthingsenvironments AT polinhou securethreefactoranonymoususerauthenticationschemeforinternetofthingsenvironments AT kuanyulai securethreefactoranonymoususerauthenticationschemeforinternetofthingsenvironments |
| _version_ |
1721285609270542336 |