1. Lightweight IoT-based authentication scheme in cloud computing circumstance
Source: Future Generation Computer Systems Volume 91, February 2019, Pages
Authors: Lu Zhou , Xiong Li , Kuo-Hui Yeh , Chunhua Su , Wayne Chiu
Speaker: Yao-Zhu Zheng
Date: 2018/11/22

2. Outline
Introduction
Proposed scheme
Experimental results
Conclusions

3. Introduction Server User Control Server Require Authentication
Response
Server
2.Smart card
User
Control Server
1.Registration

4. Proposed scheme
Registration
Authentication
Password change

5. Registration User registration Cloud server registration Server User
2.Data for Authentication
Server
1.Registration
2.Smart card
User
Control Server
1.Registration

6. Proposed scheme

7. Registration – User registration
Control Server
select (IDi , PIDi) , PWi , bi HPi = h(PWi ∥ bi) send (IDi , PIDi) to CS
CS check IDi
C1* = h(PIDi ∥ IDcs ∥ x )
C2* = h(IDi ∥ x )
store IDi in database, send(C1* , C2* , IDcs) to Ui
C1 = C1* ⊕ HPi
C2 = C2* ⊕ h(IDi ∥ HPi )
C3 = bi ⊕ h(IDi ∥ PWi )
Store (C1 , C2 , C3 , PIDi , IDcs) in smart card

8. Registration – Cloud server registration
Control Server
Server
send (SIDj ,PSIDj) to CS
CS computes B1 = h(PSIDj ∥ IDcs ∥ x ) B2 = h(SIDj ∥ x ) store SIDj and send (B1 , B2 , IDcs) to Sj
Sj store (B1 , B2 , SIDj, PSIDj, IDcs)

9. Authentication M1 M2
Server M4 M3
User
Control Server

10. Authentication
Ui Input IDi , PWi select ru, PIDinew bi = C3 ⊕ h(IDi ∥ PWi ) HPi = h(PWi ∥ bi) C1* = C1 ⊕ HPi C2* = C2 ⊕ h (IDi ∥ HPi ) D1 = C1* ⊕ ru D2 = h(ru ∥ PIDi ∥ IDcs) ⊕ IDi D3 = C2* ⊕ h (IDi ∥ HPi ) ⊕ PIDinew ⊕ h(ru ∥ IDi ) D4 = h(IDi ∥ PIDi ∥ PIDinew ∥ ru ∥ D3) M1 = {PIDi , D1 , D2 , D3 , D4} Pass M1 to Sj
User

11. Authentication Server
Sj select PSIDjnew , rs D5 = B1 ⊕ rs D6 = h(rs ∥ PSIDj ∥ IDcs ) ⊕ SIDj D7 = B2 ⊕ PSIDjnew ⊕ h(rs ∥ PSIDj ) D8 = h(SIDj ∥ PSIDj ∥ PSIDjnew ∥ rs ∥ D7 ) M2 = {PIDi , D1 , D2 , D3 , D4 , PSIDj , D5 , D6 , D7 , D8} Pass M2 to CS
Server

12. Authentication Control Server
CS ru = D1 ⊕ h(PIDi ∥ IDcs ∥ x ) IDi = D2 ⊕ h (ru ∥ PIDi ∥ IDcs) PIDinew = D3 ⊕ h(IDi ∥ x ) ⊕ h (ru ∥ IDi ) check IDi check D4 ?= h (IDi ∥ PIDi ∥ PIDinew ∥ ru ∥ D3) rs = D5 ⊕ h(PSIDj ∥ IDcs ∥ x ) SIDj = D6 ⊕ h(rs ∥ PSIDj ∥ IDcs ) PSIDjnew = D7 ⊕ h(SIDj ∥ x ) ⊕ h(rs∥ SIDj ) check SIDj check D8 ?= h (SIDj ∥ PSIDj ∥ PSIDjnew ∥ rs ∥ D7)
Control Server

13. Authentication Control Server
CS select rcs SKcs = h (ru ⊕ rs ⊕ rcs) D9 = h(PSIDjnew ∥ IDcs ∥ x ) ⊕ h (rs ∥ PSIDjnew ) D10 = h(PSIDjnew ∥ rs ∥ PSIDj ) ⊕ (ru ⊕ rcs ) D11 = h(SKcs ∥ D9 ∥ D10 ∥ h (SIDj ∥ x ) ) D12 = h(PIDinew ∥ IDcs ∥ x ) ⊕ h(ru ∥ PIDinew ) D13 = h(PIDinew ∥ ru ∥PIDi ) ⊕ h(rs ⊕ rcs) D14 = h(SKcs ∥ D12 ∥ D13 ∥ h (IDi ∥ x ) ) M3 = {D9 , D10 , D11 , D12, D13 , D14} Pass M3 to Sj
Control Server

14. Authentication Server
Sj (ru ⊕ rcs) = D10 ⊕ h(PSIDjnew ∥ rs ∥ PSIDj ) SKs = h (rs ⊕ ru ⊕ rcs) check D11 ?= h(SKs ∥ D9 ∥ D10 ∥ B2) B1new = D9 ⊕ h(rs ∥ PSIDjnew ) (B1 , PSIDj) = (B1new , PSIDjnew) M4 = {D12, D13, D14} Pass M4 to Ui
Server

15. Authentication
Ui (rs ⊕ rcs) = D13 ⊕ h(PIDinew ∥ ru ∥ PIDi ) SKu = h (ru ⊕ rs ⊕ rcs) check D14 ?= h(SKu ∥ D12 ∥ D13 ∥ C2* ) C1new = D12 ⊕ h (ru ∥ PIDinew) ⊕ HPi (C1 , PIDi ) = (C1new , PIDinew )
User

16. Password change Control Server User
Ui send M5 to CS with password change request
M5 = M1
CS computes ru , IDi , PIDinew and check IDi , D4
If pass, calculates D12 and D15
D12 = h(PIDinew ∥ IDcs ∥ x ) ⊕ h(ru ∥ PIDinew )
D15 = h(IDi ∥ , PIDi ∥ PIDinew ∥ ru ∥ D12)
send M6 = {D12 , D15} to Ui
smart card check D15 ?= h(IDi ∥ PIDi ∥ PIDinew ∥ ru ∥ D12)
If so, Ui can input PWinew as a new password
computes HPinew = h(PWinew ∥ bi)
C1new = D12 ⊕ h(ru ∥ PIDinew) ⊕ HPinew
C2new = C2* ⊕ h(IDi ∥ HPinew)
C3new = bi ⊕ h(IDi ∥ PWinew)
replace (C1, C2, C3, PIDi ) with (C1new, C2new, C3new, PIDinew )

17. Experimental results

18. Experimental results Th = the one-way hash function
TS = symmetric encryption/decryption algorithm
The execution time of XOR operations can be neglected when comparing to Th and TS

19. Conclusions
A new and robust authentication scheme for IoT-cloud architecture circumstances. An authentication scheme has high security and low cost.