Physically Secure Lightweight Anonymous User Authentication Protocol for Internet of Things Using Physically Unclonable Functions

Soumya Banerjee; Vanga Odelu; Ashok Kumar Das; Samiran Chattopadhyay; Joel J. P. C. Rodrigues; Youngho Park

doi:10.1109/ACCESS.2019.2926578

IEEE Access (Jan 2019)

Physically Secure Lightweight Anonymous User Authentication Protocol for Internet of Things Using Physically Unclonable Functions

Soumya Banerjee,
Vanga Odelu,
Ashok Kumar Das,
Samiran Chattopadhyay,
Joel J. P. C. Rodrigues,
Youngho Park

Affiliations

Soumya Banerjee: Department of Information Technology, Jadavpur University, Salt Lake, India
Vanga Odelu: Department of Computer Science and Information Systems, Pilani Hyderabad Campus, Birla Institute of Technology & Science, Hyderabad, India
Ashok Kumar Das: ORCiD; Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad, India
Samiran Chattopadhyay: Department of Information Technology, Jadavpur University, Salt Lake, India
Joel J. P. C. Rodrigues: ORCiD; National Institute of Telecommunications, Santa Rita do Sapucaí, Brazil
Youngho Park: ORCiD; School of Electronics Engineering, Kyungpook National University, Daegu, South Korea

DOI: https://doi.org/10.1109/ACCESS.2019.2926578
Journal volume & issue: Vol. 7
pp. 85627 – 85644

Abstract

Read online

The Internet of Things (IoT) acts as an umbrella for the Internet-enabled devices for various applications, such as smart home, smart city, smart grid, and smart healthcare. The emergence of the immense economic potential necessitates a robust authentication mechanism that needs to be lightweight and suitable for real-time applications. Moreover, the physical integrity of these devices cannot be assumed as these are designed to be deployed in an unattended environment with minimum human supervision. A user authentication mechanism for the IoT, in addition to guaranteeing user anonymity and un-traceability functionality requirements, must also be resistant to device physical capture and related misuses. In this paper, we present a novel lightweight anonymous user authentication protocol for the IoT environment by utilizing “cryptographic one-way hash function”, “physically unclonable function (PUF)” and “bitwise exclusive-OR (XOR)” operations. The broadly accepted Real-Or-Random (ROR) model-based formal security analysis, formal security verification using the automated software verification tool, namely “automated validation of internet security protocols and applications (AVISPA)” and also non-mathematical (informal) security analysis have been carried out on the proposed scheme. It is shown that the proposed scheme has the ability to resist various well-known attacks that are crucial for securing the IoT environment. Through a detailed comparative study, we show that the proposed scheme outperforms other existing related schemes in terms of computation and communication costs, and also security & functionality features. Finally, a practical demonstration of the proposed scheme using the NS3 simulation has been provided for measuring various network performance parameters.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords