Download presentation
Presentation is loading. Please wait.
Published byDwight Davidson Modified over 5 years ago
1
Lightweight IoT-based authentication scheme in cloud computing circumstance
Source: Future Generation Computer Systems Volume 91, February 2019, Pages Authors: Lu Zhou , Xiong Li , Kuo-Hui Yeh , Chunhua Su , Wayne Chiu Speaker: Yao-Zhu Zheng Date: 2018/11/22
2
Outline Introduction Proposed scheme Experimental results Conclusions
3
Introduction Server User Control Server Require Authentication
Response Server 2.Smart card User Control Server 1.Registration
4
Proposed scheme (1/13) Registration Authentication Password change
5
Proposed scheme (2/13) Registration
User registration Cloud server registration 2.Data for Authentication Server 1.Registration 2.Smart card User Control Server 1.Registration
6
Proposed scheme (3/13)
7
Proposed scheme (4/13) Registration – User registration
Control Server select (IDi , PIDi) , PWi , bi HPi = h(PWi ∥ bi) send (IDi , PIDi) to CS CS check IDi C1* = h(PIDi ∥ IDcs ∥ x ) C2* = h(IDi ∥ x ) store IDi in database, send(C1* , C2* , IDcs) to Ui C1 = C1* ⊕ HPi C2 = C2* ⊕ h(IDi ∥ HPi ) C3 = bi ⊕ h(IDi ∥ PWi ) Store (C1 , C2 , C3 , PIDi , IDcs) in smart card
8
Proposed scheme (5/13) Registration – Cloud server registration
Control Server Server send (SIDj ,PSIDj) to CS CS computes B1 = h(PSIDj ∥ IDcs ∥ x ) B2 = h(SIDj ∥ x ) store SIDj and send (B1 , B2 , IDcs) to Sj Sj store (B1 , B2 , SIDj, PSIDj, IDcs)
9
Proposed scheme (6/13) Authentication
Server M4 M3 User Control Server
10
Proposed scheme (7/13) Authentication
Ui Input IDi , PWi select ru, PIDinew bi = C3 ⊕ h(IDi ∥ PWi ) HPi = h(PWi ∥ bi) C1* = C1 ⊕ HPi C2* = C2 ⊕ h (IDi ∥ HPi ) D1 = C1* ⊕ ru D2 = h(ru ∥ PIDi ∥ IDcs) ⊕ IDi D3 = C2* ⊕ h (IDi ∥ HPi ) ⊕ PIDinew ⊕ h(ru ∥ IDi ) D4 = h(IDi ∥ PIDi ∥ PIDinew ∥ ru ∥ D3) M1 = {PIDi , D1 , D2 , D3 , D4} Pass M1 to Sj User
11
Proposed scheme (8/13) Authentication
Sj select PSIDjnew , rs D5 = B1 ⊕ rs D6 = h(rs ∥ PSIDj ∥ IDcs ) ⊕ SIDj D7 = B2 ⊕ PSIDjnew ⊕ h(rs ∥ PSIDj ) D8 = h(SIDj ∥ PSIDj ∥ PSIDjnew ∥ rs ∥ D7 ) M2 = {PIDi , D1 , D2 , D3 , D4 , PSIDj , D5 , D6 , D7 , D8} Pass M2 to CS Server
12
Proposed scheme (9/13) Authentication
CS ru = D1 ⊕ h(PIDi ∥ IDcs ∥ x ) IDi = D2 ⊕ h (ru ∥ PIDi ∥ IDcs) PIDinew = D3 ⊕ h(IDi ∥ x ) ⊕ h (ru ∥ IDi ) check IDi check D4 ?= h (IDi ∥ PIDi ∥ PIDinew ∥ ru ∥ D3) rs = D5 ⊕ h(PSIDj ∥ IDcs ∥ x ) SIDj = D6 ⊕ h(rs ∥ PSIDj ∥ IDcs ) PSIDjnew = D7 ⊕ h(SIDj ∥ x ) ⊕ h(rs∥ SIDj ) check SIDj check D8 ?= h (SIDj ∥ PSIDj ∥ PSIDjnew ∥ rs ∥ D7) Control Server
13
Proposed scheme (10/13) Authentication
CS select rcs SKcs = h (ru ⊕ rs ⊕ rcs) D9 = h(PSIDjnew ∥ IDcs ∥ x ) ⊕ h (rs ∥ PSIDjnew ) D10 = h(PSIDjnew ∥ rs ∥ PSIDj ) ⊕ (ru ⊕ rcs ) D11 = h(SKcs ∥ D9 ∥ D10 ∥ h (SIDj ∥ x ) ) D12 = h(PIDinew ∥ IDcs ∥ x ) ⊕ h(ru ∥ PIDinew ) D13 = h(PIDinew ∥ ru ∥PIDi ) ⊕ h(rs ⊕ rcs) D14 = h(SKcs ∥ D12 ∥ D13 ∥ h (IDi ∥ x ) ) M3 = {D9 , D10 , D11 , D12, D13 , D14} Pass M3 to Sj Control Server
14
Proposed scheme (11/13) Authentication
Sj (ru ⊕ rcs) = D10 ⊕ h(PSIDjnew ∥ rs ∥ PSIDj ) SKs = h (rs ⊕ ru ⊕ rcs) check D11 ?= h(SKs ∥ D9 ∥ D10 ∥ B2) B1new = D9 ⊕ h(rs ∥ PSIDjnew ) (B1 , PSIDj) = (B1new , PSIDjnew) M4 = {D12, D13, D14} Pass M4 to Ui Server
15
Proposed scheme (12/13) Authentication
Ui (rs ⊕ rcs) = D13 ⊕ h(PIDinew ∥ ru ∥ PIDi ) SKu = h (ru ⊕ rs ⊕ rcs) check D14 ?= h(SKu ∥ D12 ∥ D13 ∥ C2* ) C1new = D12 ⊕ h (ru ∥ PIDinew) ⊕ HPi (C1 , PIDi ) = (C1new , PIDinew ) User
16
Proposed scheme(13/13) Password change
Control Server User Ui send M5 to CS with password change request M5 = M1 CS computes ru , IDi , PIDinew and check IDi , D4 If pass, calculates D12 and D15 D12 = h(PIDinew ∥ IDcs ∥ x ) ⊕ h(ru ∥ PIDinew ) D15 = h(IDi ∥ , PIDi ∥ PIDinew ∥ ru ∥ D12) send M6 = {D12 , D15} to Ui smart card check D15 ?= h(IDi ∥ PIDi ∥ PIDinew ∥ ru ∥ D12) If so, Ui can input PWinew as a new password computes HPinew = h(PWinew ∥ bi) C1new = D12 ⊕ h(ru ∥ PIDinew) ⊕ HPinew C2new = C2* ⊕ h(IDi ∥ HPinew) C3new = bi ⊕ h(IDi ∥ PWinew) replace (C1, C2, C3, PIDi ) with (C1new, C2new, C3new, PIDinew )
17
Experimental results(1/2)
18
Experimental results(2/2)
Th = the one-way hash function TS = symmetric encryption/decryption algorithm The execution time of XOR operations can be neglected when comparing to Th and TS
19
Conclusions A new and robust authentication scheme for IoT-cloud architecture circumstances. An authentication scheme has high security and low cost.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.