Lightweight IoT-based authentication scheme in cloud computing circumstance Source: Future Generation Computer Systems Volume 91, February 2019, Pages 244- 251 Authors: Lu Zhou , Xiong Li , Kuo-Hui Yeh , Chunhua Su , Wayne Chiu Speaker: Yao-Zhu Zheng Date: 2018/11/22

Outline Introduction Proposed scheme Experimental results Conclusions

Introduction Server User Control Server Require Authentication Response Server 2.Smart card User Control Server 1.Registration

Proposed scheme Registration Authentication Password change

Registration User registration Cloud server registration Server User 2.Data for Authentication Server 1.Registration 2.Smart card User Control Server 1.Registration

Proposed scheme

Registration – User registration Control Server select (IDi , PIDi) , PWi , bi HPi = h(PWi ∥ bi) send (IDi , PIDi) to CS CS check IDi C1* = h(PIDi ∥ IDcs ∥ x ) C2* = h(IDi ∥ x ) store IDi in database, send(C1* , C2* , IDcs) to Ui C1 = C1* ⊕ HPi C2 = C2* ⊕ h(IDi ∥ HPi ) C3 = bi ⊕ h(IDi ∥ PWi ) Store (C1 , C2 , C3 , PIDi , IDcs) in smart card

Registration – Cloud server registration Control Server Server send (SIDj ,PSIDj) to CS CS computes B1 = h(PSIDj ∥ IDcs ∥ x ) B2 = h(SIDj ∥ x ) store SIDj and send (B1 , B2 , IDcs) to Sj Sj store (B1 , B2 , SIDj, PSIDj, IDcs)

Authentication M1 M2 Server M4 M3 User Control Server

Authentication Ui Input IDi , PWi select ru, PIDinew bi = C3 ⊕ h(IDi ∥ PWi ) HPi = h(PWi ∥ bi) C1* = C1 ⊕ HPi C2* = C2 ⊕ h (IDi ∥ HPi ) D1 = C1* ⊕ ru D2 = h(ru ∥ PIDi ∥ IDcs) ⊕ IDi D3 = C2* ⊕ h (IDi ∥ HPi ) ⊕ PIDinew ⊕ h(ru ∥ IDi ) D4 = h(IDi ∥ PIDi ∥ PIDinew ∥ ru ∥ D3) M1 = {PIDi , D1 , D2 , D3 , D4} Pass M1 to Sj User

Authentication Server Sj select PSIDjnew , rs D5 = B1 ⊕ rs D6 = h(rs ∥ PSIDj ∥ IDcs ) ⊕ SIDj D7 = B2 ⊕ PSIDjnew ⊕ h(rs ∥ PSIDj ) D8 = h(SIDj ∥ PSIDj ∥ PSIDjnew ∥ rs ∥ D7 ) M2 = {PIDi , D1 , D2 , D3 , D4 , PSIDj , D5 , D6 , D7 , D8} Pass M2 to CS Server

Authentication Control Server CS ru = D1 ⊕ h(PIDi ∥ IDcs ∥ x ) IDi = D2 ⊕ h (ru ∥ PIDi ∥ IDcs) PIDinew = D3 ⊕ h(IDi ∥ x ) ⊕ h (ru ∥ IDi ) check IDi check D4 ?= h (IDi ∥ PIDi ∥ PIDinew ∥ ru ∥ D3) rs = D5 ⊕ h(PSIDj ∥ IDcs ∥ x ) SIDj = D6 ⊕ h(rs ∥ PSIDj ∥ IDcs ) PSIDjnew = D7 ⊕ h(SIDj ∥ x ) ⊕ h(rs∥ SIDj ) check SIDj check D8 ?= h (SIDj ∥ PSIDj ∥ PSIDjnew ∥ rs ∥ D7) Control Server

Authentication Control Server CS select rcs SKcs = h (ru ⊕ rs ⊕ rcs) D9 = h(PSIDjnew ∥ IDcs ∥ x ) ⊕ h (rs ∥ PSIDjnew ) D10 = h(PSIDjnew ∥ rs ∥ PSIDj ) ⊕ (ru ⊕ rcs ) D11 = h(SKcs ∥ D9 ∥ D10 ∥ h (SIDj ∥ x ) ) D12 = h(PIDinew ∥ IDcs ∥ x ) ⊕ h(ru ∥ PIDinew ) D13 = h(PIDinew ∥ ru ∥PIDi ) ⊕ h(rs ⊕ rcs) D14 = h(SKcs ∥ D12 ∥ D13 ∥ h (IDi ∥ x ) ) M3 = {D9 , D10 , D11 , D12, D13 , D14} Pass M3 to Sj Control Server

Authentication Server Sj (ru ⊕ rcs) = D10 ⊕ h(PSIDjnew ∥ rs ∥ PSIDj ) SKs = h (rs ⊕ ru ⊕ rcs) check D11 ?= h(SKs ∥ D9 ∥ D10 ∥ B2) B1new = D9 ⊕ h(rs ∥ PSIDjnew ) (B1 , PSIDj) = (B1new , PSIDjnew) M4 = {D12, D13, D14} Pass M4 to Ui Server

Authentication Ui (rs ⊕ rcs) = D13 ⊕ h(PIDinew ∥ ru ∥ PIDi ) SKu = h (ru ⊕ rs ⊕ rcs) check D14 ?= h(SKu ∥ D12 ∥ D13 ∥ C2* ) C1new = D12 ⊕ h (ru ∥ PIDinew) ⊕ HPi (C1 , PIDi ) = (C1new , PIDinew ) User

Password change Control Server User Ui send M5 to CS with password change request M5 = M1 CS computes ru , IDi , PIDinew and check IDi , D4 If pass, calculates D12 and D15 D12 = h(PIDinew ∥ IDcs ∥ x ) ⊕ h(ru ∥ PIDinew ) D15 = h(IDi ∥ , PIDi ∥ PIDinew ∥ ru ∥ D12) send M6 = {D12 , D15} to Ui smart card check D15 ?= h(IDi ∥ PIDi ∥ PIDinew ∥ ru ∥ D12) If so, Ui can input PWinew as a new password computes HPinew = h(PWinew ∥ bi) C1new = D12 ⊕ h(ru ∥ PIDinew) ⊕ HPinew C2new = C2* ⊕ h(IDi ∥ HPinew) C3new = bi ⊕ h(IDi ∥ PWinew) replace (C1, C2, C3, PIDi ) with (C1new, C2new, C3new, PIDinew )

Experimental results

Experimental results Th = the one-way hash function TS = symmetric encryption/decryption algorithm The execution time of XOR operations can be neglected when comparing to Th and TS

Conclusions A new and robust authentication scheme for IoT-cloud architecture circumstances. An authentication scheme has high security and low cost.