A lightweight multi-factor secure smart card based remote user authentication

scheme for cloud-IoT applications

Geeta Sharma ∗​​ , Sheetal Kalra

Department of Computer Science and Engineering, Guru Nanak Dev University, Regional Campus, Jalandhar, Punjab, India
atform-as-a-Service) and IaaS (Infrastructure-as- a-Service) services which offer
utions for big data problems ​[3, 4] ​. It offers flexibility, elasticity and scalability
articleinfo ulting in cost economy in several pragmatic applications including rapid updat-
g of dynamic data. Of late, enormous business data of several big organisations is
​ vailable online 13 September
Article history: A ng shifted and governed by clouds such as
2018

Keywords: B ​ ig data Cloud computing

Internet of Things Remote user
authentication Session key
Corresponding author.
E-mail address: ​gsharma3210@gmail.com ​(G. Sharma).
Internet of Things consists of devices capable of sensing, com- munication
spread of cloud computing and ever increasing big data generated by Internet of Things (IoT), remote user
and computation. These devices are comprehensible, locatable, controllable and
oses the biggest challenge. Internet of Things is a paradigm where every device in the Internet Infrastructure (II)
d into a global dynamic expanding network. This paper proposes a novel remote user authentication scheme for
identifiable through the internet using RFID, wireless LAN, or other means ​[8] ​.
cations. The scheme is lightweight and robust to attacks and also has low computational overhead. The proposedThe data collected by these devices contribute to the big data. Cloud is the most
s the desired essential attributes of security. A formal verification performed using AVISPA tool confirmspromising
the & cost effective solution to connect, manage and track the IoT. Cloud
roposed scheme. models suitable for loT are: IaaS, for sensor, actuator busi- ness models and
resource access models. PaaS provide access to the IoT data and control services.
© 2018 Elsevier Ltd. All rights reserved.
SaaS, for monitoring services ap- plication domain. ​Fig. 1 ​demonstrates the cloud
based IoT architec- ture in which several IoT networks are connected to a cloud
server. This allows any remote user to access the data generated by IoT networks,
1. Introduction e.g., in many healthcare applications such a scenario is used. The remote user can
Amazon AWS, Microsoft Azure and IBM SmartCloud. MapReduce has emerged as
be the health professional and the IoT network is the network of things established
a key technique for processing cloud data ​[5–7] ​.
in the patient’s home. In such environment, authenticating remote user access
Cloud computing is a substantial transition from classical com- puting becomes crucial.
that believes in sharing resources than having personal de- vices. It facilitates
Remote user authentication is the process of verifying the legit- imacy of
sharing of resources in a cost effective and flexible manner ​[1] ​. Cloud computing
the remote user in an insecure network. Traditional sin- gle factor password based
proliferates the abilities of the hardware resources by sharing and optimal
authentication poses several drawbacks such as passwords are easily forgotten, they
application. The unprecedented growth of internet and network applications, the
are easy to guess, potential risk of security breach. Thus, single factor authentica-
amount of data being shared and dependence on these commu- nication channels
tion is insufficient to guarantee security. User authentication based on smart card
has expanded manifold. The term big data was coined by the magnitude of data
provides multi-factor authentication as a user who wants to successfully login
stored and processed on the in- ternet which exceeds the processing capacity of
requires to have a valid smart card and a password. The smart card is a portable
modern computer systems. The massive amount of structured and unstructured data
tamper proof plastic card which has low cost and inbuilt memory. The user inserts
is collected through various devices such as sensors, smart phones, RFID tags and
his smart card in a card reader and inputs credentials such as username and
mobile devices. Cloud computing is one the most promising technology for solving
password. The secured and approved communication is given to
big data problems ​[2] ​. Today, big data is cheaply and easily accessible to
organizations through pub- lic cloud infrastructure. The pay-as-you-go model of
s://doi.org/10.1016/j.jisa.2018.08.003 ​2214-2126/© 2018
cloud curtails investment by enabling zero expense on expensive computational and evier Ltd. All rights reserved.
storage hardware. Cloud dispenses SaaS (Software-as-a- Service), PaaS
Contents lists available at ​ScienceDirect
 Journal of Information Security and Applications

journal homepage: ​www.elsevier.com/locate/jisa

Journal of Information Security and Applications 42 (2018) 95–106
96 ​G. Sharma, S. Kalra / Journal of Information Security and Applications 42 (2018) 95–106
Chen et al. ​[23] ​analysed Sood et al. ​[21] ​and Song ​[20] ​and stated that the
ty enhancements sug- gested by authors are very sensitive and insecure to
al at- tacks. The author further revealed that the scheme proposed by Sood et
1] ​fails to ensure mutual authentication as the re- mote user never verifies the
macy of the server. Additionally, the scheme fails to detect invalid input.
s scheme is also in- secure and fails to resist offline password guessing attack.
tionally, Chen et al. ​[23] ​proposed an authentication mechanism to overcome
curity loopholes. In 2013, Kumari and Khan
24] ​found that the scheme proposed by Chen et al. ​[23] ​is vul- nerable to
mpersonation or insider attack. Additionally, proposed an improved scheme. In the
ame year, Li et al. ​[25] ​also found that Chen et al.’s scheme ​[23] ​failed to satisfy
Fig. 1. ​Cloud based IoT architecture.
erfect forward se- crecy and proposed an improved scheme. Jiang et al. ​[26]
howed that the scheme proposed by Chen et al. ​[22] ​is not worthy and is
the server and user in order to verify the authenticity to one an- other and to draw ulnerable to password guessing attack. Moreover, Jiang et al. ​[26] ​proposed an
the key session that may be used to transmit data securely ​[9] ​. The user nhanced scheme which remove the shortcom- ings of Chen et al.’s scheme. But,
authentication based on smart card is developed and designed in order to ensure the Mishra et al. ​[27] ​proved that Jiang et al.’s ​[26] ​scheme does not fully overcome the
authorized and se- cured communication ​[10,11] ​. This paper proposes a ound draw- backs and is insecure to password guessing attack, forgery attack. In
lightweight smart card based remote authentication scheme for cloud based IoT 014, Yang et al. ​[28] ​proposed a three-party authenticated key agreement using
applications. The proposed scheme is a lightweight authen- tication scheme which mart cards. The scheme is resilient to several network threats and needs fewer
uses XOR and hash function. The scheme achieves all essential security attributes. ounds of messages. In the same year, Jing et al. ​[29] ​analyses the security issues of
ayers of IoT: perception layer, transportation layer and application layer in de- tail.
The rest of the paper is organized as follows. ​Section 2 ​presents
The authors also discussed the issues faced in cross-layer het- erogeneous
related work in the field of smart card based authentication schemes. ​Section 3
ntegration and suggests a solution for them. The paper thoroughly analyses
discusses the security requirements and threat model for cloud-IoT applications. A
ecurity vulnerabilities of traditional network and IoT.
secure smart card based re- mote user authentication scheme is proposed in ​Section
4 ​. Security analysis of the proposed scheme based on the threat model is pre- In 2015, Ali et al. ​[30] ​proposed a scheme for Secure Data Shar- ing in
sented in ​Section 5 ​. The formal security proof using AVISPA tool is presented in Clouds (SeDaSC). The scheme ensures confidentiality of data, access control. The
Section 6 ​. ​Section 7 ​evaluates the performance of the proposed scheme. Finally, cheme forwards the data without reencrypt- ing. The scheme is resistant against
Section 8 ​concludes the paper. everal attacks, but lacks com- putational efficiency.
A key management scheme for cloud-assisted wireless body area
etworks in a distributed environment is proposed by Zhou et al. ​[31] ​. The scheme
2. Related work
s resistant against time and location based attacks. The scheme ensures user
nonymity and is suitable for en- ergy constrained WBANs as it is computationally
Several remote user authentication schemes using smart card have
fficient. In the same year, Zhou et al. ​[32] ​proposed another scheme for preserv-
been proposed in the literature. In 2006, Liao et al. ​[12] ​pre- sented a password
ng the privacy for cloud-assisted vehicular delay tolerant networks (DTNs). The
authentication scheme to achieve mutual au- thentication. Yoon and Yoo ​[13] ​in
xisting schemes in DTNs failed to preserve the pri- vacy as they are vulnerable to
2006 analysed that Liao et al. ​[12] ​fails to resist offline password guessing and
ehicle compromise attack and col- lusion attack. Zhou et al. ​[32] ​proposed an
playback threat. In 2007, Wang et al. ​[14] ​analysed the schemes proposed by Ku
nhanced scheme which ensures privacy of user from the cloud and transportation
and Chen ​[15] ​and Yoon et al. ​[16] ​and found that are vulnera- ble to forgery and
man- ager. In 2015, Kalra and Sood ​[33] ​proposed a secure scheme to authenticate
denial of service threats. Furthermore, Wang et al. ​[14] ​proposed an improvised
loud servers and IoT using Elliptic Curve Cryptogra- phy (ECC).
scheme. In 2009, Chung et al. ​[17] ​analysed Wang et al. ​[14] ​is vulnerable to
offline password guessing and impersonation attack. The authors proposed an im- In 2016, Sharma and Kalra ​[34] ​proposed an authentication scheme
which uses quantum identity to authenticate remote user and the cloud server. In
proved scheme. In 2009, Xu et al. ​[11] ​proved that the schemes proposed by Lee et
016, Yan et al. ​[35] ​analysed the se- curity issues of 5G in the context of
al. ​[18] ​and Chiu et al. ​[19] ​are insecure against forgery attack. Then, Xu et al. ​[11]
irtualized networking and software-defined networking. Further, the authors
propounded an impro- vised scheme to overcome the found security loopholes. In
roposed an architecture which employs cloud computing to deploy adap- tive trust
2010, Song ​[20] ​analysed Xu et al. ​[11] ​scheme and found it insecure against
valuation and security services over the virtualized networks. The scheme ensures
forgery and impersonation attack. Song proposed an en- hanced scheme. Sood et al.
rusted computing platform and achieves software-defined network security.
[21] ​proved Xu et al.’s ​[11] ​scheme is insecure to dictionary, forgery and
However, the scheme lacks practical implementation. In 2016, Wan et al. ​[36]
impersonation attack. An im- proved scheme was also proposed by the authors. In
roposed a software-defined Industrial Internet of Things (IIoT) architecture which
2011, Chen et al. ​[22] ​observed the scheme proposed by Wang et al. ​[14] ​and fails
manages physical devices and provides an interface for in- formation exchange.
to resist forgery, parallel session attack and proposed an en- hanced scheme. In
 The paper discusses the issues and its solution for software defined IIoT. ttribute-based encryption and proxy re-encryption. The scheme efficiently
ntegrates
In 2017, Fu et al. ​[37] ​proposed semantic search based on con- ceptual context-aware trust and reputation evaluation to propose a secure
graphs over encrypted outsourced data in clouding com- puting. The improved cheme. In the same year, Zhou et al. ​[39] ​proposed an architecture for mobile
scheme satisfies all the security attributes of searchable symmetric encryption.echnologies
In on cloud-based IoT. Zhou et al. ​[39] ​found that the scheme pro- posed
the same year, Yan et al. ​[38] ​proposed a scheme which governs data accessn in the literature is inappropriate for cloud-IoT networks. The authors proposed an
mproved authentication scheme which
cloud com- puting based on trust evaluated by the data owner. The scheme employs
G. Sharma, S. Kalra / Journal of Information Security and Applications 42 (2018) 95–106 ​97
nding exces- sive messages that cause breakdown of services. ii. ​Malicious user
efficiently preserved the privacy and address the challenging is- sues of secureack: ​In malicious user attack, the attacker sets up a legitimate user and tricks the
ver to access its re- sources. iii. ​User impersonation attack: ​In an impersonation
packet forwarding. But the scheme failed to provide availability to a large number
ack, an at- tacker records information being transmitted by an authentic
of users and lightweight solution. Wazid et al. ​[40] ​proposed an authentication
Table 1
scheme to tackle anti- counterfeiting of medicine in the IoT environment. The
Notations.
scheme au- thenticates the pharmaceutical products and employs near field
communication. Symbol Meaning

U ​i ​i t​ h user SR Server username ​i Unique

​
identity of user U ​i ​V Secret
3. Security requirements and threat model parameter known only to the Server PW ​i Strong
​
user password SC Smart
card R ​1 ​, R ​2 ​, R ​3 ​Secret random nonces p, q Large distinct primes such
As remote user authentication schemes are vulnerable to attack from that p ​= ​2q ​+ ​1 T ​1 ​, T ​2 ​, T ​3 ​Timestamps
adversaries, the scheme must be robust and secure to with- stand attacks. Security T Permissible time interval for the allowed delay S ​Key Shared session key AuthS
​
and privacy issues of cloud based IoT are exaggerated by the volume of the big Calculated to authenticate session key h( ​• ​) Hash operation ||
Key ​
data. Concatenation operation
XOR operation

3.1. Security requirements

user and attempts to imitate as a legal user. If a malevolent en- tity is successful in
To strengthen the security, following key security requirements mustimpersonating as a legitimate user, he will get access to sensitive information of the
be taken into consideration for the cloud based IoT applica- tions. user. iv. ​Offline password guessing attack: ​An attacker may capture the transmitted
messages and attempts to decrypt secret informa- tion. The password of the user
i. ​Availability: ​Availability implies the resources must be accessi- ble to the
must be of high entropy, min- imising brute-force attack. v. ​Replay attack: ​A replay
legitimate user on demand. Availability of requested data stored in the cloud is the
attack is a network attack in which at- tacker records the messages and fraudulently
main issue to be tackled. In case of breach of security, cloud services must remain
repeats it as an authentic entity. vi. ​Stolen smart card attack: ​An attacker may steal
operational ​[16] ​. ii. ​Privacy: ​Privacy is the biggest obstacle that hampers users who
the smart card of the user and tries to obtain the stored secret information. vii
shift their private data into the cloud ​[17] ​. The confidential in- formation of users is
Man-in-the-middle attack: A ​ n attacker listens to the ongoing conversation of two
exposed to attacker, thus, giving rise to the threats stealing, forgery and loss of
authentic entities. Then, attacker acts as a legitimate entity with intercepted message.
control. iii. ​Governance: D ​ ata governance integrates the control and author- ity over
​ he entrusted entity who has authorized access
viii. ​Insider attack: T
data related rules of law, transparency, and account- abilities of individuals and
information systems to achieve busi- ness objectives. iv. ​Mutual authentication: may steal or modify the secret information. ix. ​Server spoofing attack: ​In
This is foremost requirement for IoT au- thentication. It is a two-way authentication spoofing attack, a malevolent user may masquerade as a legitimate entity by
process where both communicating parties authenticate each other. Mutual authen- altering the data and be- ing successful in gaining illegitimate advantage. x.
tication makes the scheme immune to spoofing and mimicking attacks. v. Parallel session attack: I​ n parallel session attack, the attacker starts a parallel
Anonymity: T ​ he attacker must not be able to trace the message being transmitted in session with the authentic entity using the in- formation collected by intercepting
place of a legitimate user. Anonymity is a key requirement to protect data from a transmitted messages and replaying the intercepted messages.
malevolent user. If the transmitted information does not achieve anonymity, then an
intruder can discover the encrypted message. vi ​Forward secrecy: T​ he attacker
cannot decrypt the messages us- ing previous transmitted information using current
4. Proposed scheme
information being transmitted.

This section proposes a lightweight remote user authentication scheme for

3.2. Threat model cloud-IoT applications. The scheme is secure against well-known security attacks
and consists of six phases namely, (a) Precomputation phase, (b) Registration
With the widespread acceptability of cloud and IoT has led to the phase, (c) Login phase, (d) Authentication phase, (e) Password change phase, (f)
evolution of numerous applications such as healthcare, which permits a remote user Smart card revocation phase. The notations used in the proposed scheme are listed
to access IoT data stored on the cloud. In order to breach the security, the attacker in ​Table 1 ​.
can resort to innumerable unfair means.

i. ​Denial of Service: ​A Denial of Service (DoS) attack occurs when the attacker
makes a resource inaccessible to users, such as to suspend services of a host 4.1. Precomputation phase
connected to the internet. In this at- tack, attacker floods the network with traffic by
 a private key. The pri- vate key is kept secret and public key is announced. The
The parameters are initialized by the server in offline mode. The server proposed scheme uses the lightweight cryptographic hash function and is defined
generates a prime U, an integer V such that U ​× V and“h: {0, 1} ∗​ ​→ ​{0, 1} l​ ,​ where ​l i​ s the output length of h( ​• ​)” .
​ ​≡ ​1(mod(p ​−​1)(q ​− ​1)) as:
computes V ​≡ ​U −​​ 1 ​(mod(p ​−​1)(q ​− ​1)). SR considers ​U a​ s the public key and ​V a​ s
98 ​G. Sharma, S. Kalra / Journal of Information Security and Applications 42 (2018) 95–106

Fig. 2. ​Registration phase.

4.2. Registration phase ep L1: ​The user U ​i inserts

​ his smart card into the card reader,
enters the identity username ​i ​and password PW ​i ​. ​Step L2: ​Smart
In this phase, the remote user registers itself with the server. To
rd SC computes Y ​i =
​ ​h(username ​i ||
​ PW ​i ).
​ To compute MID i​ ,​ MPW ​i ,​ SC
register, user U ​i submits
​ a registration request to the server SR. ​Fig. 2 ​shows the
tracts R ​1 ​= ​B ​i Y
​ ​i and
​ com- putes MID ​i =
​ ​h(R ​1 ​|| ​username ​i ​), MPW ​i =
​ ​h(R
registration process. The following steps are per- formed by U ​i ​to successfully
​PW ​i ).
​ ​Step L3: ​Further, SC computes X ​i =
​ ​h(username ​i ||​ MPW ​i )​ and
register.
extracts MV ​i ,​ MV ​i = ​ ​i X
​ Z ​ ​i .​ It computes A ​i =
​ ​h(username ​i
Step R1: ​The User U ​i chooses a unique identity username ​i ,​ password PW ​i of MPW ​i )​ and checks whether the stored A ​i is
​ ​ ​ equivalent to the
his/her choice. Next, the user gener- ates a random number R ​1 .​ Further, U ​i computed A ​i ​or not. If the condition holds true, the user passes the
computes a masked identity MID ​i =
​ ​h(R ​1 ||
​ username ​i )​ and a masked verification process and SC proceeds to the next step. Otherwise, login
password MPW ​i ​= ​h(R ​1 ​|| PW ​i ​). It then sends the message {MID ​i ​} to the request is aborted.
remote server SR via a secure channel. ​Step R2: ​After receiving the message, Step L4: ​After the successful verification, smart card SC at cur- rent timestamp
T ​1 generates a random nonce R ​2 .​ It com- putes Auth ​1 =
​ ​h(R ​2 ||
​ MV ​i ||
​ T ​1 ),
SR computes MV ​i = ​ V), using the private key ​V ​, stores pa- rameters
​ ​h(MID ​i || ​ ​

{MV ​i ,​ h( ​• ​)} in a smart card SC and is issued to the user U ​i via a secure Auth ​2 ​= ​h(MID ​i ​|| MV ​i ​|| T ​1 ​) R ​2 ​. The message {MID ​i ​, Auth ​1 ​, Auth ​2 ​, T ​1
​
} is sent to the server.
channel. ​Step R3: ​Upon receiving the smart card SC, user U ​i ​com- putes X ​i ​=
h(username ​i ||​ MPW ​i ),
​ Y ​i =
​ ​h(username ​i ||
​ PW ​i ),
​ Z ​i =
​ ​MV ​i X
​ ​i ,​ A ​i =
​
h(username ​i MPW
​ ​i ),
​ B ​i =
​ ​R ​1 Y
​ ​i .​ The computed parameter MV ​i is
​ deleted .4. Authentication phase
from the memory of the smart card by the user. U ​i ​stores {Z ​i ​, A ​i ​, B ​i ​, h( ​•
)} into the smart card SC. In this phase, the server and the user mutually authenticate each other.
After successful authentication, a shared secret ses- sion key is generated. The
4.3. Login phase workflow of the authentication phase is shown in ​Fig. 4 ​. The authentication
rocess consists of following steps:
In this phase, the user U ​i ​submits a login request to the server. ​Fig.
3 ​. summarizes the login phase. To initiate a session following steps are performed. Step A1: ​Upon receiving login message, the server SR gener- ates current
 timestamp T ​1 and
​ verifies if (T ​1 –
​ T ​1 )​ ​≤ △ ​T ?. This condition ensures it sends message {Auth ​3 ,​ Auth ​4 ,​ T ​2 }​ to U ​i .​ ​Step A4: U
​ pon receiving the
resilience against replay attacks. If the condition doesn’t hold, the authenticationmessage ​< A
​ uth ​ , Auth ​ , T ​ > ​, the SC firstly verifies the authenticity of
3​ 4​ 2​
process is terminated. Else, if the condition holds SR computes MV ​i = ​ ​h(MID timestamp.
​i SC generates current timestamp T 2​ ​. SC verifies if (T ​2 ​– T ​2 ​) ​≤ △
|| V) and extracts R 2​ ​from Auth 2​ ​, R 2​ ​= ​Auth 2​ ​h(MID ​i ​|| MV ​i ​||T 1​ ​). ​Step A2:T ?. If the condition fails, the session is terminated. Otherwise, SC computes R ​
3
Further, server computes Auth ​1 ​= ​h(R ​2 ​|| MV ​i ​|| T ​1 ​) and verifies if Auth ​1 ​? ​= = R ​ ​2 Auth ​3 ,​ S ​Key =
​ ​ ​h(MID ​i ||
​ R 2​ ||
​ ​R ​3 ||
​ T ​1 ||
​ T ​2 )​ and Auth ​4 =
​ ​h(S ​Key ||
​
Auth ​1 .​ If the verification holds, the remote server confirms that the user is a MV ​ || R ​ || T ​ || R ​ || T ​ ). It checks if Auth ​ ? ​= ​Auth ​ . If verification holds
i​ 3​ 1​ 2​ 2​ 4​ 4​
legitimate user and the process moves to the next phase. Otherwise, SR aborts
true, the user U ​i and​ the remote server SR is mutually authenticated and the
the authentication process. ​Step A3: ​SR generates a random R ​3 at ​ current process continues. Otherwise, the session is terminated.
timestamp T 2​ ​and computes a secret session key S Key ​ ​= h​ (MID ​i ​|| R 2​ ​|| ​R 3​ ​|| T
1 ||
​ T ​2 ),
​ Auth ​3 =
​ ​R ​2 R
​ ​3 ,​ Auth ​4 =
​ ​h(S ​Key ||
​ MV ​i ||
​ R ​3 ||
​ T ​1 ||
​ R ​2 ||
​ T ​2 ).
​ Then,

Fig. 3. ​Login phase.

authenticity of the user. SC computes Y ​i ​= ​h(username i​ ​|| PW i​ ​), extracts R ​1 ​=
Step A5: ​At current timestamp T ​3 ,​ SC computes AuthS ​Key = ​ ​h(S ​Key ||
​ MV ​i ||
​ B ​ Y ​ and computes MID ​ = ​h(R ​ || u
i​ i​ i​ 1 ​ ​ sername ​i ),
​ MPW ​i = ​ ​h(R ​1 ||
​ ​PW ​i ).
​ ​Step
MID ​i ||​ T ​2 ||​ T ​3 )​ and sends message {AuthS ​Key ,​ T ​3 }​ to the remote server SRP3: ​Further, SC computes X ​ = ​h(username ​ || MPW ​ )
i​ i​ i​
over a secure channel. ​Step A6: ​Upon receiving message, SR generates current
and extracts MV i​ ​= ​Z i​ ​X i​ ​. It computes A i​ ​= ​h(username i​
times- tamp T 3​ ​and verifies (T 3​ ​– T 3​ ​) ​≤ △ ​T. If the verifica- tion fails, the
MPW ​i )​ and verifies if the stored A ​i matches
​ with com- puted A ​i .​ If
session is aborted. Otherwise, it computes AuthS ​Key = ​ ​h(S ​Key ||
​ MV ​i ||
​ MID ​i ||
​
verification fails, the SC rejects the request of user U i​ and ​ terminates the
T ​2 ||​ T ​3 )​ and verifies if AuthS ​Key =
​ ​AuthS ​Key .​ If the condition holds true, the
session key S ​ is verified. After mutual authentication, all the mes- sages are process. Otherwise, SC asks for a new password PW ​i ∗​​ . Step
Key ​ ​ P3: ​The user

encrypted with the session key S ​Key .​ submits new password PW ​i ∗​ ​to the SC. Step P4: ​Upon receiving the new
​
password, SC com- putes MPW ​i ∗​ ​= ​h(R ​1 ||​ PW ​i ∗​​ ), X ​i ∗​ =
​
​h(username ​i ||​
4.5. Password change phase
MPW ​i ∗​​ ), Y ​i ∗​ ​= ​h(username ​i ||​ PW ​i ∗​​ ), Z ​i ∗​ ​= ​MV i​ X
​ ​i ∗​​ , A
​ ​i ∗​ ​= ​h(username ​i
The proposed scheme permits authorized user to update his password.MPW ​i ∗​​ ​ ​i ∗​​ . The smart card
), B ​i ∗​ ​= ​R ​1 Y
The smart card authenticates the user before initiating the password updating
process. The user can choose the password of his/her choice. This phase is essential replaces previously stored parameters {Z ​i ,​ A ​i ,​ B ​i }​ with {Z ​i ∗​​ , A
​ ​i ∗​​ , B ​i
as updating the password regularly helps in achieving high security. The steps
∗​
required to change the password are: }.

Step P1: ​The user inserts his smart card SC and enters his iden- 4.6. Smart card revocation phase

tity username ​i ​and old password PW ​i .​ ​Step P2: ​Before granting

In this phase, user recuperates the smart card which is stolen or lost. The
access to the user to update his pass- word, smart card SC verifies the
 server performs registration of the user again. The scheme is resistant tothe pri- vate key of SR. The server generates a new smart card SC new ​ ​for the
impersonation attack as it does not employ either of the previously used values such
registered user U ​i having
​ the parameters {MV ​i ,​ h( ​• ​)}and is sent to U ​i via ​ a
as password. Thus, the attacker fails to imitate as a legitimate user from extracted new ​
secure channel. ​Step S4: ​On receiving the smart card SC ​ , U i​ ​computes X ​i
values. The re- quired steps are:
= ​h(username ​i ||​ MPW ​i ),
​ Y ​i =
​ ​h(username ​i ||
​ PW ​i ),
​ Z ​i =
​ ​MV ​i X
​ ​i ,​ A ​i =
​

Step S1: ​User U ​i requests the server SR for the revocation of a smart card. h(username ​i MPW
​ ​i ),
​ B ​i =
​ ​R ​1 Y
​ ​i .​ The computed parameter MV ​i is
​ deleted
​
Before initiating the process, the server SR au- thenticates the credentials of ​ ​stores {Z ​i ​, A ​i ​, B ​i
from the memory of the smart card. Now, smart card SC new
user such as verifies imprinted biometrics or secret values known to U ​i .​ ​Step , h( ​• ​)}.
S2: ​If the revocation request of the user is successfully ver- ified, U ​i ​chooses a
password PW ​i of
​ his/her choice and gen- erates a random number R ​1 .​ U ​i
5. Security analysis based on threat model
computes a masked identity MID ​i ​= ​h(R ​1 ​|| username ​i ​) and a masked
Rigorous analysis based on the threat model of the proposed scheme has
password MPW ​i ​= ​h(R ​1 ​|| PW ​i ​). The user sends the message {MID ​i ​} to the
been performed. The analysis confirms that the pro- posed scheme is resistant
re- mote server SR via a secure channel. ​Step S3: ​The server receives the new
against all the major network attacks.
registration request mes- sage and computes MV ​i = ​ V), where ​V ​is
​ ​h(MID ​i ||
G. Sharma, S. Kalra / Journal of Information Security and Applications 42 (2018) 95–106 9​ 9
100 ​G. Sharma, S. Kalra / Journal of Information Security and Applications 42 (2018) 95–106
 Fig. 4. ​Authentication phase.

5.1. Resistant to the forgery attack The proposed scheme is resistant to the replay attack. An ad-
y ​J ​may record the transmitted messages from the previous session and
The proposed scheme is resistant to user forgery attack. An smits messages later to the server. The scheme employs timestamp which
eavesdropper may intercept the ongoing communication between the legitimate s replay attack by detecting the delay in transmission time. Assume an
entities and submits again to act as an authentic user. Assume an adversary ​J sary retransmits the
records the message {MID ​i ​, Auth ​1 ​, Auth ​2 ​, T ​1 ​} sent by the user during the login ntercepted message. However, the proposed scheme resists the re- play attack as: ​J
phase. Adversary ​J ​can- not forge as an authentic user as to compute a valid login ecords the login request {MID ​i ​, Auth ​1 ​, Auth ​2 ​, T ​1 ​}. ​J ​starts a new session by
request, ​J ​must have prior knowledge of parameters PW ​i ​and R ​1 ​. These pa- ending Auth ​1 = ​ ​h(R ​2 ||
​ MV ​i ||
​ T ​1 ),
​ Auth ​2 =
​ ​h(MID ​i ||
​ MV ​i ||
​ T ​1 )​ R ​2 .​ Firstly,
rameters are never transmitted, so ​J c​ annot successfully generate a valid message. s the scheme employs timestamps, the requested will be aborted. ​J d​ ecrypting all
aram- eters using power analysis attack in real polynomial time is not possible,
5.2. Resistant to the replay attack hus causing delay in transmission which will be detected by the remote server.
 Secondly, Auth ​3 is
​ n adversary ​J ​records two messages: request message {MID ​i ,​ Auth ​1 ,​ Auth ​2 ,​ T ​1
encrypted using collision- resistant, secure one-way hash
function h( ​• ​). It is not possible to obtain MV ​i without
​ and response message {Auth ​3 ,​ Auth ​4 ,​ T ​2 }​ to guess the password PW ​i or
prior knowledge of the ​
private key ​V ​of the remote server SR. nique identity username ​i ​of the le- gitimate user. However, it is not possible for ​J
o generate valid
5.3. Resistant to the password guessing attack

The proposed scheme is resistant to password guessing attack. Assume

G. Sharma, S. Kalra / Journal of Information Security and Applications 42 (2018) 95–106 1​ 01
MID ​i ​|| V), Auth ​1 ​= ​h(R ​2 ​|| MV ​i ​|| T ​1 ​), Auth ​2 ​= ​h(MID ​i ​|| MV ​i ​|| T ​1 ​) R ​2 ​. In
PW ​i and
​ der to compute these parameters, ​J ​needs identity username ​i ,​ password PW ​i ,​
username ​i ,​ firstly, the parameters {username ​i ,​ PW ​i ,​ R ​1 ,​ R ​2 ,​ V} are
not known as they are neither transmitted nor stored in the smart card. Secondly,
V ​i ,​ secret key of server V, MPW ​i .​ These parameters are not stored on the smart
​• Even after stealing the smart card, none of the pa- rameters can be
the security parameters are encrypted by non-invertible one way hash function h(rd.
). ccessfully computed.

5.4. Resistant to the session key disclosure attack 8. Resistant to the server spoofing attack

The proposed scheme is resistant to session key disclosure at- tack. The proposed scheme is resistant to server spoofing attack. In order to
Assume an adversary ​J l​ istens to the ongoing communication and records login
itate as an authentic server SR, adversary ​J ​tries to forge a valid response
message {MID ​i ​, Auth ​1 ​, Auth ​2 ​, T ​1 ​}, authentica- tion request {Auth ​3 ​, Auth ​4 ​, Tssage {Auth ​3 ,​ Auth ​4 ,​ T ​2 }​ transmitted by the server. To generate a valid
​ and response {AuthS ​Key ,​ T ​3 }.
2} ​ Firstly, ​J c​ annot extract S ​Key from
​ AuthS ​Key as ​
​ ust have knowledge of the server’s private key ​V ,​ identity of user
ssage, ​J m
AuthS ​Key is
​ secured by the collision-resistant one-way hash function h( ​• ername
​). ​i ,​ masked pas- soword MPW ​i to
​ successfully compute Auth ​3 ,​ Auth ​4 as
​

Secondly, to success- fully generate S ​Key ,​ S ​Key =

​ ​h(MID ​i ||
​ R ​2 ||
​ ​R ​3 ||
​ T ​1 ||
​ T ​2 ),
th ​ = ​R ​2
​ ​J 3 ​
must have knowledge of the unique identity username ​i ,​ PW ​i ,​ random nonces R ​2 R ​3 ,​ Auth ​4 =
​ ​h(S ​Key ||
​ MV ​i ||
​ R ​3 ||
​ T ​1 ||
​ R ​2 ||
​ T ​2 ),
​ MV ​i =
​ ​h(MID ​i ||
​

and R ​3 ​. The parameters username ​i ​and PW ​i ​are never transmit- ted and cannot be
, R ​2 ​= ​Auth ​2 ​h(MID ​i ​|| MV ​i ​|| T ​1 ​). These parameters are never transmitted. So
extracted by adversary as they are encrypted by one-way hash function h( ​• ​). s impossible to generate a legal response mes- sage.
5.9. Resistant to the parallel session attack

5.5. Resistant to the insider attack

The proposed scheme is resistant to parallel session attack. As- sume an

The proposed scheme is resistant to insider attack. Assume an adversary ​J ​intercepts the login request message {MID ​i ​, Auth ​1 ​, Auth ​2 ​, T ​1 ​}
transmitted in previous session and transmits it again. As the scheme employs
adversary ​J ​at server SR attains masked identity MID ​i .​ The unique identity of the
timestamps, the timestamp is dif- ferent in every session. The eavesdropped
U ​i is
​ hashed with a random nonce i.e. MID ​i = ​ ​h(R ​1 ||
​ username ​i )​ in the message will surely be invalid in another session.
registration phase. However, ​J c​ annot success- fully derive identity username i​ ​and
R ​1 as
​ the hash function are irreversible, no malicious user can decrypt information 5.10. User anonymity
from the hash value. Moreover, MID ​i ​is not used to generate any parameter in the
authentication process. Thus, ​J c​ annot retrieve any parame- ter using parameter The proposed scheme ensures user anonymity. The eavesdrop- per may
MID ​i ​. listen to the ongoing exchange of messages between the user and the remote server.
The identity of the user must be kept secret from the eavesdropper. The proposed
scheme employs the masked identity MID ​i which
​ is random. Firstly, the identity of
5.6. Resistant to the denial of service attack
the user username ​i ​is never communicated. Thus, no eavesdropper can acquire the
The proposed scheme is resistant to denial of service attack. In the unique identity. However, even if an eavesdropper ob- tains MID ​i but
​ he cannot
proposed scheme, the remote server verifies the authenticity of username ​i ​and decrypt further messages using it as no authentication parameter uses MID ​i .​
password PW ​i of
​ the user. Furthermore, the pro- posed scheme uses timestamps Secondly, all parameters are protected using one-way hash function h( ​• ​), thus, it
which mitigates any momentous request. is impossible to retrieve information. Moreover, the identity of the user is con-
catenated with a random nonce thus, making it unique in every session.

5.7. Resistant to the stolen smart card attack 5.11. Mutual authentication

The proposed scheme is resistant to stolen smart card attack. The The proposed scheme ensures mutual authentication. The au- thenticity of
smart card SC stores parameters {Z ​i ,​ A ​i ,​ B ​i ,​ h( ​• ​)}. Assume an adversary ​J i​ s the user is verified by the server and similarly, au- thenticity of the remote server is
successful in stealing the smart card and attempts submit a valid login request verified by the user before grant- ing any access. The proposed scheme mutually
{MID ​i ,​ Auth ​1 ,​ Auth ​2 ​, T ​1 ​}. For this, ​J ​has to successfully compute MV ​i ​= authenticates both the user U ​i ​and the server SR.
 previous sessions using the known parameter.
5.12. Key freshness
5.14. Freely select password
The proposed scheme ensures freshness of key. In the proposed scheme,
after mutual authentication session key S ​Key = ​ ​h(MID ​i ||
​ R ​2 ||
​ R ​3 ||
​ T ​1 ||
​ T ​2 )​ is The proposed scheme allows the user to freely choose a pass- word of
generated. The generated session key in- cludes a fresh random number R 3​ ​and his/her choice. Password is crucial from login and authen- tication perspective. The
password must be updated at regular in- tervals to ensure high security. In the
timestamps T ​1 ,​ T ​2 .​ Thus, in every session a unique and fresh key is generated.
proposed scheme, the user can update his/her password freely.

5.13. Perfect forward secrecy

5.15. No verification table

The proposed scheme ensures perfect forward secrecy. Assume an

In the proposed scheme, the server does not store any security parameter of
adversary ​J ​knows the secret key of the ​V ​of the server. How- ever, ​J c​ annot
user such as a password verification table. Even if an attacker breaches the security
successfully generate valid session key, S ​Key = ​ ​h(MID ​i ||
​ R ​2 ||
​ R ​3 ||
​ T ​1 ||
​ T ​2of
)​ to
the server, he/she still cannot attain any important security credentials. Thus, the
decrypt the messages communicated in previous sessions. The random nonces security R 2​ ​, of the proposed scheme cannot be breached.
R ​3 and
​ timestamps T ​ 1​ , T ​ 2​ are unique in every login session, thus ​
J ​ cannot obtain
102 ​G. Sharma, S. Kalra / Journal of Information Security and Applications 42 (2018) 95–106
Fig. 5. ​Role specification in HLSPL for the user of the proposed scheme.
G. Sharma, S. Kalra / Journal of Information Security and Applications 42 (2018) 95–106 1​ 03
Fig. 6. ​Role specification in HLSPL for the server of the proposed scheme.
104 ​G. Sharma, S. Kalra / Journal of Information Security and Applications 42 (2018) 95–106

6. Formal verification of proposed scheme using AVISPA

In this section, the formal security of the proposed scheme is

performed using Automated Validation of Internet Security Proto- cols and
Applications (AVISPA) ​[41] ​. The results validate that the proposed scheme is safe
and is secure against man-in-the-middle and replay attack.

6.1. Brief description of AVISPA

AVISPA is a security verification tool which verifies the secu- rity

of the authentication schemes from attacks. The code which is to be executed is
written in a modular and expressive for- mal language known as High Level
Protocol Specification Language (HLPSL). AVISPA is a tool which employs role
for each participant and each role is independent from the other. AVISPA provides
im- plementation in the form of four back ends: OFMC (On-the-fly
Model-Checker), TA4SP (Tree Automata based on Automatic Ap- proximations for
the Analysis of Security Protocols), CL-AtSe (Con- straint Logic based Attack
Searcher) and SATMAC (SAT based Model checker) ​[42] ​. To validate the scheme
using AVISPA the following steps are performed:

Step1: ​Firstly, the scheme is written in HLPSL. ​Step2: ​The HLPSL code is
translated in Intermediate Format (IF)
automatically using HLPSL2IF translator. ​Step3: ​The IF
specification is given as input to the back-ends.
After the execution of IF, the back-end shows the simulation re-
sults of the scheme by analysing to Output Format (OF), showing whether the
scheme is safe or unsafe. The back-ends also confirm the security attributes of the
scheme such as resilience against re- play attacks, authentication, and secrecy of
keys.
st. SR computes parameters and submits {Auth4’, Auth5’, T2’} to the user
SND operation and symmetric key SyKus. SR generates session key and
es it.
The role of environment and session of the proposed scheme are
n in ​Fig. 7 ​and ​Fig. 8 ​respectively. The environment role consists of the global
ants and a composition of sessions.
ig. 7. ​Role specification in HLSPL for the goal and environment of the proposed scheme.

6.2. Specification of proposed scheme in HLPSL code

There are two basic roles, user U ​i and

​ sever SR in the pro- posed
scheme. The user U ​i ​receives the start signal RCV(start) and updates the state from
0 to 1. Initially, in registration phase user U ​i transmits
​ registration request
messages {MVi} to the server SR. This request is sent using SND() operation along
with and sym- metric key SyKus. In the secret declaration, username is the secret
parameter that is only known to the user. ​Fig. 5 ​shows the HLPSL description for
the role of the initiator, the user U ​i .​
Further, the declaration secret ({V’, P’, Q’}, sub2, {SR}) indi-
cates that the server SR know the value of the parameter V, P and Q. The user U ​i
receives a smartcard with parameters {MVi’} by using RCV() operation and Fig. 8. ​Role specification in HLSPL for the session of the proposed scheme.
symmetric key SyKus. After this, user receives the authentication response message
RCV({Auth3’. Auth4’.T2’}_SyKus) from SR. After successful verification, user .3. Simulation results
gen- erates session key as Skey’ : ​= ​h(MIDi’.R2’.R3’.T1’.T2’). To verify the
generated session key, AuthSkey’ : ​= ​h(Skey’.MVi’.MIDi’.T2’.T3’) is generated Fig. 9 ​shows the results obtained after simulation of the pro- posed
by the user and is sent to the server using SND({AuthSkey’.T3’}_SyKus). cheme through CL-AtSe and OFMC. The results confirm that the proposed
Fig. 6 ​shows the HLPSL description for the role of the server SR. cheme is secure against all active and passive at- tacks. The output generated
The registration request message sent by the user, is received by the remote server onsists of following components.
using RCV({MID’}_SyKus). SR issues a smart card to the user. SR receives a
​ he section depicts whether the protocol is SAFE,
Ü ​SUMMARY: T
login request message {MID’, Auth1’, Auth2’, T1’} from the user and verifies the
 UNSAFE, or whether the analysis is INCONCLUSIVE. ​Ü ​DETAILSsection ​: depicts the amount of time taken by
This section depicts the analysis of the proposed scheme such as if the scheme is the back-end to execute the scheme. ​Ü ​ATTACK TRACE: ​This section
found vulnerable to any at- tack or not, model employed in the analysis, why thedepicts how (if any) attack is per-
analysis was inconclusive, etc. ​Ü ​PROTOCOL: T ​ his section depicts the name of formed on the scheme.
the scheme. ​Ü ​GOAL: ​This section depicts the goal of the analysis. ​Ü
BACKEND: ​This section depicts which e back-end is used. ​Ü ​STATISTICS: ​This

Fig. 9. ​The result of the analysis using CL-AtSe and OFMC of proposed scheme.

Table 2 ​Notations used in evaluation.

Notation Description

T ​H Computational
​
complexity to execute hash function T ​E ​Computational complexity to execute exponential

​ ​M ​Computational complexity to execute multiplication/division function T

function T ​ ​S Computational
​
complexity to
execute symmetric encryption/decryption functions

Table 3 ​A comparative summary: computational complexity.

Security attributes Song ​[20] ​Sood et al. ​[21] ​Chen et al. ​[23] ​Jiang et al. ​[26] ​Mishra et al. ​[27] ​Proposed scheme

Registration phase T ​E ​+ ​2T ​H ​2T ​E ​+ ​T ​H ​T ​H ​+ ​T ​E ​T ​H ​+ ​T ​E ​3T ​H ​6T ​H Login

​
phase 2T ​H +
​
​T ​S 2T
​
​H +
​
​2T ​M +
​
​3T ​E 2T
​
​H +
​
​2T ​M +
​
​2T ​E 2T
​
​H +
​
​T ​M +
​
​3T ​E 3T
​
​H +
​

T ​E ​7T ​H ​Authentication phase 6T ​H ​+ ​T ​S ​+ ​T ​E ​4T ​H ​+ ​T ​M ​+ ​2T ​E ​6T ​H ​+ ​T ​M ​+ ​T ​E ​6T ​H ​+ ​2T ​E ​6T ​H ​+ ​3T ​E ​9T ​H ​Password change phase 8T ​H ​+ ​2T ​S ​+ ​T ​E ​4T ​H

+ ​5T ​M ​+ ​7T ​E ​6T ​H ​+ ​5T ​M ​+ ​5T ​E ​6T ​H ​+ ​3T ​M ​+ ​7T ​E ​11T ​H ​+ ​4T ​E ​9T ​H

Table 4 ​A comparative summary: security features.

Security features Song ​[20] ​Sood et al. ​[21] ​Chen et al. ​[23] ​Jiang et al. ​[26] ​Mishra et al. ​[27] ​Proposed scheme

Provides mutual authentication Yes No Yes Yes Yes Yes Resists malicious user attack No No No No No Yes Provides forward secrecy No Yes Yes Yes Yes Yes Resists
user anonymity No No No No Yes Yes Resists replay attack Yes No No Yes Yes Yes Resists online password guessing attack No No No No No Yes Resists insider attack
No No No No Yes Yes Provides smart card revocation No No No No Yes Yes Resists hidden server attack No No No No No Yes Resists server spoofing attack No No
No No No Yes Resists offline password guessing attack No No No No No Yes
shows the notations used in the evaluation. ​Table 3 ​shows the comparative
alysis in terms of computational complexity of the schemes. It is evident from the
7. Performance evaluation mparison that the proposed scheme is very efficient. The scheme is lightweight
it uses only XOR
In this section, the performance of the proposed scheme is evaluated and one-way hash, whose computational cost is negligible. The related schemes
with other related schemes in terms of computation cost. The comparison confirms employ encryption/decryption operations, which are very expensive in terms of cost
that the proposed scheme is more efficient as compared with other schemes. ​Table as compared to hash op- eration. The proposed scheme takes the computational cost
 of 6T ​H ,​ 7T ​H and 9T ​H in schemes is shown in ​Table 4 ​. The proposed scheme satisfies all security
​ ​ registration, login and authentication phase respectively.
requirements and resists security threats.
The comparative analysis of security features with other re- lated existing
G. Sharma, S. Kalra / Journal of Information Security and Applications 42 (2018) 95–106 1​ 05
106 ​G. Sharma, S. Kalra / Journal of Information Security and Applications 42 (2018) 95–106
012;27(February(2)):377–89 . ​[24] ​Kumari S , Khan M . Cryptanalysis and improvement of ‘a robust
mart– card-based remote user password authentication scheme’. Int J Commun Syst
8. Conclusion 013;27(12):3939–55 . ​[25] ​Li X , Niu J , Khan MK , Liao J . An enhanced smart card based remote
ser password authentication scheme. J Netw Comput Appl 2013;36(Septem- ber(5)):1365–71 . ​[26]
The convergence of cloud computing and IoT has led to the ad- ang Q , Ma J , Li G , Li X . Improvement of robust smart-card-based password
authentication scheme. Int J Commun Syst 2013;28(2):383–93 . ​[27] ​Mishra D , Das AK
vancement of numerous applications which permit users to access data anywhere at
Chaturvedi A , Mukhopadhyay S . A secure password-based authentication and key agreement scheme
any time. Thus, authenticating remote user is of paramount importance. This paper sing smart cards. J Inf Secur Appl 2015;23(August):28–43 . ​[28] ​Yang H , Zhang Y , Zhou Y , Fu X ,
proposes a lightweight multi- factor secure smart card based remote user iu H , Vasilakos AV . Provably secure three– party authenticated key agreement protocol using smart
authentication scheme. The rigorous security analysis confirms the security of the ards. Comput Netw 2014;58(January):29–38 . ​[29] ​Jing Q , Vasilakos AV , Wan J , Lu J , Qiu D .
pro- posed scheme against multiple security attacks. The simulation of the scheme ecurity of the Internet of Things:
perspectives and challenges. Wireless Netw 2014;20(November(8)):2481–501 . ​[30] ​Ali
in AVISPA shows its resilience to several attacks. A comprehensive evaluation of
M , Dhamotharan R , Khan E , Khan SU , Vasilakos AV , Li K , Zomaya AY .
performance confirms that the pro- posed scheme ensures better security as SeDaSC: secure data sharing in clouds. IEEE Syst J 2017;11(June(2)):395–404 . ​[31]
compared with other re- lated schemes proposed in the literature. hou J , Cao Z , Dong X , Xiong N , Vasilakos AV . 4S: A secure and privacy-pre- serving key
management scheme for cloud-assisted wireless body area net- work in m-healthcare social networks.
References nf Sci 2015;314(September):255–76 . ​[32] ​Zhou J , Dong X , Cao Z , Vasilakos AV . Secure and
rivacy preserving protocol for cloud-based vehicular DTNs. IEEE Trans Inf Forensics Secur
015;10(June(6)):1299–314 . ​[33] ​Kalra S , Sood SK . Secure authentication scheme for IoT and cloud
[1] ​Duan Q , Yan Y , Vasilakos AV . A survey on service-oriented network virtualiza- tion toward ervers. Per-
convergence of networking and cloud computing. IEEE Trans Netw Serv Manage
vasive Mobile Comput 2015;24(December):210–23 . ​[34] ​Sharma G , Kalra S . Identity
2012;9(December(4)):373–92 . ​[2] ​Armbrust M , Fox A , Griffith R , Joseph AD , Katz R , Konwinski
ased secure authentication scheme based on quantum key distribution for cloud computing.
A , Lee G , Pat- terson D , Rabkin A , Stoica I , Zaharia M . A view of cloud computing. Commun
eer-to-Peer Netw Appl 2016:1–15 Nov . ​[35] ​Yan Z , Zhang P , Vasilakos AV . A security and trust
ACM 2010;53(April(4)):50–8 . ​[3] ​Dou W , Zhang X , Liu J , Chen J . HireSome-II: towards
amework for vir- tualized networks and software-defined networking. Secur Commun Netw
privacy-aware cross-cloud service composition for big data applications. IEEE Trans Parallel Distrib
016;9(November(16)):3059–69 . ​[36] ​Wan J , Tang S , Shu Z , Li D , Wang S , Imran M , Vasilakos
Syst 2015;26(February(2)):455–66 . ​[4] ​Hao F , Min G , Chen J , Wang F , Lin M , Luo C , Yang LT .
AV . Software-de- fined industrial internet of things in the context of industry 4.0. IEEE Sens J
An optimized computa- tional model for multi-community-cloud social collaboration. IEEE Trans Serv
016;16(October(20)):7373–80 . ​[37] ​Fu Z , Huang F , Ren K , Weng J , Wang C . Privacy-preserving
Comput 2014;7(July(3)):346–58 . ​[5] ​Zhang X , Yang LT , Liu C , Chen J . A scalable two-phase
mart semantic search based on conceptual graphs over encrypted outsourced data. IEEE Trans Inf
top-down specializa- tion approach for data anonymization using mapreduce on cloud. IEEE Trans
orensics Secur 2017;12(August(8)):1874–84 . ​[38] ​Yan Z , Li X , Wang M , Vasilakos AV . Flexible
Parallel Distrib Syst 2014;25(February(2)):363–73 . ​[6] ​Zhang X , Liu C , Nepal S , Yang C , Dou W ,
ata access control based on trust and reputation in cloud computing. IEEE Trans Cloud Comput
Chen J . A hybrid approach for scalable sub-tree anonymization over big data using MapReduce on
017;5(July(3)):485–98 . ​[39] ​Zhou J , Cao Z , Dong X , Vasilakos AV . Security and privacy for
cloud. J Comput Syst Sci 2014;80(August(5)):1008–20 . ​[7] ​Meng S , Dou W , Zhang X , Chen J .
oud-based IoT:
Kasr: a keyword-aware service recommenda- tion method on mapreduce for big data applications.
IEEE Trans Parallel Distrib Syst 2014;25(December(12)):3221–31 . ​[8] ​Yan Z , Zhang P , Vasilakos challenges. IEEE Commun Mag 2017;55(January(1)):26–33 . ​[40] ​Wazid M , Das AK ,
AV . A survey on trust management for Internet of Khan MK , Al-Ghaiheb AA , Kumar N , Vasilakos AV . Secure authentication scheme for medicine
nti-counterfeiting system in IoT environ- ment. IEEE Internet Things J 2017;4(October(5)):1634–46 .
Things. J Netw Comput Appl 2014;42(June):120–34 . ​[9] ​Lee CC , Li LH , Hwang
41] ​Armando A , Basin D , Cuellar J , Rusinowitch M , Viganò L . Avispa: Auto- mated validation of
MS . A remote user authentication scheme using hash
nternet security protocols and applications. ERCIM News 2006;64(January) . ​[42] ​Dolev D , Yao A .
functions. ACM SIGOPS Operating Syst Rev 2002;36(October(4)):23–9 . ​[10] ​Tsai CS , Lee CC , n the security of public key protocols. IEEE Trans Inf Theory
Hwang MS . Password authentication schemes: current status
1983;29(March(2)):198–208 .
and key issues. IJ Netw Secur 2006;3(September(2)):101–15 . ​[11] ​Xu J , Zhu W-T
, Feng D-G . An improved smart card based password authentication scheme with provable security.
Comput Stand Interfaces 2009;31(4):723–8 . ​[12] ​Liao I-E , Lee C-C , Hwang M-S . A password
authentication scheme over insecure
networks. J Comput Syst Sci 2006;72(4):727–40 . ​[13] ​Yoon EJ , Yoo KY .
Drawbacks of Liao et al.’s Password Authentication Scheme. In: InInternational conference on next
generation web services practices. IEEE; 2006. p. 101–8. Sep 25 . ​[14] ​Wang XM , Zhang WF , Zhang
JS , Khan MK . Cryptanalysis and improvement on two efficient remote user authentication scheme
using smart cards. Comput Stand Interfaces 2007;29(July(5)):507–12 . ​[15] ​Ku W-C , Chen S-M .
Weaknesses and improvements of an efficient password based remote user authentication scheme using
smart cards. IEEE Trans Con- sum Electron 2004;50(1):204–7 . ​[16] ​Yoon E-J , Ryu E-K , Yoo K-Y .
Further improvement of an efficient password based remote user authentication scheme using smart
cards. IEEE Trans Con- sum Electron 2004;50(2):612–14 . ​[17] ​Chung HR , Ku WC , Tsaur MJ .
Weaknesses and improvement of Wang et al.’s re- mote user password authentication scheme for
resource-limited environments. Comput Stand Interfaces 2009;31(June(4)):863–8 .
[18] ​Lee SW , Kim HS , Yoo KY . Improvement of Chien et al.’s remote user au- thentication scheme
using smart cards. Comput Stand Interfaces 2005;27(Jan- uary(2)):181–3 . ​[19] ​Lee NY , Chiu YC .
Improved remote authentication scheme with smart card.
Comput Stand Interfaces 2005;27(January(2)):177–80 . ​[20] ​Song R . Advanced smart
card based password authentication protocol. Comput
Stand Interfaces 2010;32(October(5)):321–5 . ​[21] ​Sood SK , Sarje AK , Singh K . An
improvement of Xu et al.’s authentication scheme using smart cards. In: Proceedings of the third annual
ACM Bangalore conference. ACM; 2010. p. 15. Jan 22 . ​[22] ​Chen TH , Hsiang HC , Shih WK .
Security enhancement on an improvement on two remote user authentication schemes using smart cards.
Future Gener Comput Syst 2011;27(April(4)):377–80 . ​[23] ​Chen BL , Kuo WC , Wuu LC . Robust
smart-card-based remote user password authentication scheme. Int J Commun Syst