Certificateless-Signcryption-Based Three-Factor User Access Control Scheme for IoT Environment

User access control is a crucial requirement in any Internet of Things (IoT) deployment, as it allows one to provide authorization, authentication, and revocation of a registered legitimate user to access real-time information and/or service directly from the IoT devices. To complement the existing...

Full description

Saved in:
Bibliographic Details
Published in:IEEE internet of things journal Vol. 7; no. 4; pp. 3184 - 3197
Main Authors: Mandal, Shobhan, Bera, Basudeb, Sutrala, Anil Kumar, Das, Ashok Kumar, Choo, Kim-Kwang Raymond, Park, YoungHo
Format: Journal Article
Language:English
Published: Piscataway IEEE 01.04.2020
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects:
Access control
Authentication
Automated validation of Internet security protocols and application (AVISPA)
Biometrics
Computer networks
Digital signatures
Electronic devices
Encryption
Gateways
Internet of Things
Internet of Things (IoT)
key agreement
Passwords
security
Security management
Servers
signcryption
Silicon
Smart devices
user access control
ISSN:2327-4662, 2327-4662
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:User access control is a crucial requirement in any Internet of Things (IoT) deployment, as it allows one to provide authorization, authentication, and revocation of a registered legitimate user to access real-time information and/or service directly from the IoT devices. To complement the existing literature, we design a new three-factor certificateless-signcryption-based user access control for the IoT environment (CSUAC-IoT). Specifically, in our scheme, a user <inline-formula> <tex-math notation="LaTeX">U </tex-math></inline-formula>'s password, personal biometrics, and mobile device are used as the three authentication factors. By executing the login and access control phase of CSUAC-IoT, a registered user <inline-formula> <tex-math notation="LaTeX">(U) </tex-math></inline-formula> and a designated smart device <inline-formula> <tex-math notation="LaTeX">(S_{i}) </tex-math></inline-formula> can authorize and authenticate mutually via the trusted gateway node (GN) in a particular cell of the IoT environment. In our setting, the environment is partitioned into disjoint cells, and each cell will contain a certain number of IoT devices along with a GN. With the established session key between <inline-formula> <tex-math notation="LaTeX">U </tex-math></inline-formula> and <inline-formula> <tex-math notation="LaTeX">S_{i} </tex-math></inline-formula>, both entities can then communicate securely. In addition, CSUAC-IoT supports new IoT devices deployment, user revocation, and password/biometric update functionality features. We prove the security of CSUAC-IoT under the real-or-random (ROR) model, and demonstrate that it can resist several common attacks found in a typical IoT environment using the AVISPA tool. A comparative analysis also reveals that CSUAC-IoT achieves better tradeoff for security and functionality, and computational and communication costs, in comparison to five other competing approaches.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2327-4662
2327-4662
DOI:10.1109/JIOT.2020.2966242