The Journal of Supercomputing

, Volume 75, Issue 12, pp 8231–8261 | Cite as

A privacy-preserving code-based authentication protocol for Internet of Things

  • Noureddine ChikoucheEmail author
  • Pierre-Louis Cayrel
  • El Hadji Modou Mboup
  • Brice Odilon Boidje


The Internet of Things (IoT) is an upcoming technology that permits to interconnect different devices and machines using heterogeneous networks. One of the most critical issues in IoT is to secure communication between IoT components. The communication between the different IoT components is insecure, which requires the design of a secure authentication protocol and uses hardness cryptographic primitives. In 2017, Wang et al. proposed an improved authentication protocol based on elliptic curve cryptography for IoT. In this paper, we demonstrate that Wang et al.’s protocol is not secure. Additionally, we propose a privacy-preserving authentication protocol using code-based cryptosystem for IoT environments. The code-based cryptography is an important post-quantum cryptography that can resist quantum attacks. It is agreed in design several cryptographic schemes. To assess the proposed protocol, we carry out a security and performance analysis. Informal security analysis and formal security validation show that our protocol achieves different security and privacy requirements and can resist several common attacks, such as desynchronization attacks, quantum attacks, and replay attacks. Moreover, the performance evaluation indicates that our protocol is compatible with capabilities of IoT devices.


Authentication protocol Internet of Things Code-based cryptography Security Privacy 



  1. 1.
    Alamr AA, Kausar F, Kim J, Seo C (2018) A secure ECC-based RFID mutual authentication protocol for internet of things. J Supercomput 74(9):4281–4294CrossRefGoogle Scholar
  2. 2.
    Aman MN, Chua KC, Sikdar B (2017) Mutual authentication in IoT systems using physical unclonable functions. IEEE Internet Things J 4(5):1327–1340CrossRefGoogle Scholar
  3. 3.
    Armando A, Basin D, Boichut Y, Chevalier Y, Compagna L, Cuellar J, Drielsma PH, Heám PC, Kouchnarenko O, Mantovani J, Mödersheim S, von Oheimb D, Rusinowitch M, Santiago J, Turuani M, Viganò L, Vigneron L (2005) The AVISPA tool for the automated validation of internet security protocols and applications. In: International Conference on Computer Aided Verification. Springer, pp 281–285Google Scholar
  4. 4.
    Bernstein D (eds) T.L.: eBACS: ECRYPT benchmarking of cryptographic systems. Accessed 22 Nov 2017
  5. 5.
    Bernstein DJ (2006) Curve25519: new Diffie–Hellman speed records. In: Yung M, Dodis Y, Kiayias A, Malkin T (eds) Public key cryptography. PKC 2006. LNCS, vol 3985. Springer, pp 207–228Google Scholar
  6. 6.
    Bernstein DJ (2010) Grover versus McEliece. In: Sendrier N (ed) Post-quantum cryptography. PQCrypto 2010. LNCS, vol 6061. Springer, pp 73–80Google Scholar
  7. 7.
    Bernstein DJ, Chou T, Schwabe P (2013) McBits: fast constant-time code-based cryptography. In: Bertoni G, Coron JS (eds) Cryptographic hardware and embedded systems. CHES 2013. LNCS, vol 8086. Springer, pp 250–272Google Scholar
  8. 8.
    Bernstein DJ, Chuengsatiansup C, Lange T, van Vredendaal C (2016) NTRU prime.
  9. 9.
    Bernstein DJ, Lange T, Peters C (2011) Smaller decoding exponents: ball-collision decoding. In: CRYPTO 2011. LNCS, vol 6841. Springer, pp 743–760Google Scholar
  10. 10.
    Bormann C, Ersue M, Keranen A (2014) Terminology for constrained-node networks. RFC 7228 (Informational).
  11. 11.
    Bosmans J, Roy SS, Jarvinen K, Verbauwhede I (2016) A tiny coprocessor for elliptic curve cryptography over the 256-bit NIST prime field. In: 2016 29th International Conference on VLSI Design and 2016 15th International Conference on Embedded Systems (VLSID), pp 523–528Google Scholar
  12. 12.
    Butt TA, Afzaal M (2019) Security and privacy in smart cities: issues and current solutions. In: Al-Masri A, Curran K (eds) Smart technologies and innovation for a sustainable future. Springer, New York, pp 317–323CrossRefGoogle Scholar
  13. 13.
    Cayrel PL, Gueye CT, Mboup EHM, Ndiaye O, Persichetti E (2017) Efficient implementation of hybrid encryption from coding theory. In: El Hajji S, Nitaj A, Souidi EM (eds) Codes, cryptology and information security. C2SI 2017. LNCS, vol 10194. Springer, pp 254–264Google Scholar
  14. 14.
    Cayrel PL, Hoffmann G, Persichetti E (2012) Efficient implementation of a CCA2-secure variant of McEliece using generalized srivastava codes. In: Fischlin M, Buchmann J, Manulis M (eds) Public key cryptography. PKC 2012. LNCS, vol 7293. Springer, pp 138–155Google Scholar
  15. 15.
    Chang CC, Wu HL, Sun CY (2017) Notes on “secure authentication scheme for IoT and cloud server”. Pervasive Mobile Comput 38:275–278CrossRefGoogle Scholar
  16. 16.
    Cheon JH, Kim D, Lee J, Song Y (2016) Lizard: Cut off the tail! practical post-quantum public-key encryption from lwe and lwr. Cryptology ePrint archive, report 2016/1126.
  17. 17.
    Chikouche N, Cherif F, Cayrel PL, Benmohammed M (2017) RFID authentication protocols based on error-correcting codes: a survey. Wirel Pers Commun 96(1):509–527CrossRefGoogle Scholar
  18. 18.
    Chou T (2016) QcBits: constant-time small-key code-based cryptography. In: Gierlichs B, Poschmann AY (eds) Cryptographic hardware and embedded systems. CHES 2016. LNCS, vol 9813. Springer, pp 280–300Google Scholar
  19. 19.
    D-Wave Systems Inc.: The D-wave 2000Q quantum computer: technology overview. Last Accessed 1 Mar 2018
  20. 20.
    Daniel A, Lejla B et al (2015) Initial recommendations of long-term secure post-quantum systems. PQCRYPTO. EU. Horizon. 2020 ICT-645622Google Scholar
  21. 21.
    Das AK, Zeadally S, He D (2018) Taxonomy and analysis of security protocols for internet of things. Future Gen Comput Syst 89:110–125CrossRefGoogle Scholar
  22. 22.
    Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208MathSciNetCrossRefGoogle Scholar
  23. 23.
    El-hajj M, Fadlallah A, Chamoun M, Serhrouchni A (2019) A survey of internet of things (IoT) authentication schemes. Sensors 19(5):1141CrossRefGoogle Scholar
  24. 24.
    Evans D (2011) The internet of things how the next evolution of the internet is changing everything. CISCO white paper 1(2011):1–11Google Scholar
  25. 25.
    Ferrag MA, Maglaras LA, Janicke H, Jiang J, Shu L (2017) Authentication protocols for internet of things: a comprehensive survey. Secur Commun Networks 2017:6562953. CrossRefGoogle Scholar
  26. 26.
    Finiasz M, Sendrier N (2009) Security bounds for the design of code-based cryptosystems. In: Advances cryptology, asiacrypt 2009. LNCS, vol 5912. Springer, pp 88–105Google Scholar
  27. 27.
    Gope P, Sikdar B (2018) Lightweight and privacy-preserving two-factor authentication scheme for IoT devices. IEEE Internet Things J 6(1):580–589CrossRefGoogle Scholar
  28. 28.
    Jan M, Nanda P, Usman M, He X (2017) PAWN: a payload-based mutual authentication scheme for wireless sensor networks. Concurr Comput Pract Exp 29(17):e3986CrossRefGoogle Scholar
  29. 29.
    Kalra S, Sood SK (2015) Secure authentication scheme for IoT and cloud servers. Pervasive Mobile Comput 24:210–223CrossRefGoogle Scholar
  30. 30.
    Kumari S, Karuppiah M, Das AK, Li X, Wu F, Kumar N (2017) A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers. J Supercomput 74(12):6428–6453CrossRefGoogle Scholar
  31. 31.
    Li N, Liu D, Nepal S (2017) Lightweight mutual authentication for IoT and its applications. IEEE Trans Sustain Comput 2(4):359–370CrossRefGoogle Scholar
  32. 32.
    Liu Z, Wenger E, Großschädl J (2014) MoTE-ECC: energy-scalable elliptic curve cryptography for wireless sensor networks. In: Boureanu I, Owesarski P, Vaudenay S (eds) Applied cryptography and network security. LNCS, vol 8479. Springer, pp 361–379Google Scholar
  33. 33.
    Lyu C, Gu D, Zeng Y, Mohapatra P (2016) PBA: prediction-based authentication for vehicle-to-vehicle communications. IEEE Trans Depend Secure Comput 13(1):71–83CrossRefGoogle Scholar
  34. 34.
    Maarof A, Senhadji M, Labbi Z, Belkasmi M (2018) Authentication protocol for securing internet of things. In: Proceedings of the Fourth International Conference on Engineering & MIS 2018. ACM, pp 29:1–29:7Google Scholar
  35. 35.
    Mailloux LO, Lewis CD II, Riggs C, Grimaila MR (2016) Post-quantum cryptography: what advancements in quantum computing mean for it professionals. IT Prof 18(5):42–47CrossRefGoogle Scholar
  36. 36.
    McEliece RJ (1978) A public-key system based on algebraic coding theory. Tech. Rep. DSN progress report 44. Jet Propulsion LabGoogle Scholar
  37. 37.
    Merkle RC (1988) A digital signature based on a conventional encryption function. In: Pomerance C (ed) Advances in cryptology-CRYPTO ’87. LNCS, vol 293. Springer, pp 369–378Google Scholar
  38. 38.
    Misoczki R, Tillich JP, Sendrier N, Barreto PS (2013) MDPC-McEliece: new McEliece variants from moderate density parity-check codes. In: IEEE International Symposium on Information Theory Proceedings (ISIT). IEEE, pp 2069–2073Google Scholar
  39. 39.
    NIST: Post-Quantum Cryptography Standardization (2016). Last Accessed 15 May 2018
  40. 40.
    Ouafi K, Phan RCW (2008) Privacy of recent RFID authentication protocols. In: Chen L, Mu Y, Susilo W (eds) Information security practice and experience. ISPEC 2008. LNCS, vol 4991. Springer, pp 263–277Google Scholar
  41. 41.
    Roshan R, Sharma A, Rishi OP (2019) IoT platform for smart city: a global survey. In: Rathore VS, Worring M, Mishra DK, Joshi A, Maheshwari S (eds) Emerging trends in expert applications and security. AISC, vol 841. Springer, pp 197–202Google Scholar
  42. 42.
    Sakiyama K, Batina L, Preneel B, Verbauwhede I (2006) Superscalar coprocessor for high-speed curve-based cryptography. In: Goubin L, Matsui M (eds) Cryptographic hardware and embedded systems-CHES 2006. LNCS, vol 4249. Springer, pp 415–429Google Scholar
  43. 43.
    Saldamli G, Ertaul L, Kodirangaiah B (2018) Post-quantum cryptography on IoT: Merkle’s tree authentication. In: Proceedings of International Conference on Wireless Networks (ICWN’18), pp 35–41Google Scholar
  44. 44.
    Santoso FK, Vun NC (2015) Securing IoT for smart home system. In: 2015 IEEE International Symposium on Consumer Electronics (ISCE). IEEEGoogle Scholar
  45. 45.
    Sendrier N (2011) Decoding one out of many. In: Yang BY (ed) Post-quantum cryptography. PQCrypto 2011. LNCS, vol 7071. Springer, pp 51–67Google Scholar
  46. 46.
    Serpanos D, Wolf M (2018) Industrial internet of things. Springer, New York, pp 37–54Google Scholar
  47. 47.
    Shor P (1994) Polynomial-time algorithm for prime factorization and discrete logarithms on a quantum computer. In: Proceedings of the 35th Annual Symposium on Foundations of Computer Science, vol 124Google Scholar
  48. 48.
    Song T, Li R, Mei B, Yu J, Xing X, Cheng X (2017) A privacy preserving communication protocol for IoT applications in smart homes. IEEE Internet Things J 4(6):1844–1852CrossRefGoogle Scholar
  49. 49.
    Stern J (1989) A method for finding codewords of small weight. In: Cohen GD, Wolfmann J (eds) Coding theory and applications. LNCS, vol 388, pp 106–113Google Scholar
  50. 50.
    Sun X, Men S, Zhao C, Zhou Z (2015) A security authentication scheme in machine-to-machine home network service. Secur Commun Netw 8(16):2678–2686CrossRefGoogle Scholar
  51. 51.
    Team TA (2006) HLPSL tutorial the Beginner’s guide to modelling and analysing internet security protocols. Technical report. AVISPA projectGoogle Scholar
  52. 52.
    Tschofenig H, Pegourie-Gonnard M (2015) Performance of state-of-the-art cryptography on ARM-based microprocessors. In: Lightweight Cryptography Workshop 2015Google Scholar
  53. 53.
    von Maurich I, Güneysu T (2014) Towards side-channel resistant implementations of QC-MDPC McEliece encryption on constrained devices. In: Mosca M (ed) Post-quantum cryptography. LNCS, vol 8772. Springer, Cham, pp 266–282Google Scholar
  54. 54.
    von Maurich I, Oder T, Güneysu T (2015) Implementing QC-MDPC McEliece encryption. ACM Trans Embed Comput Syst 14(33):44Google Scholar
  55. 55.
    Wahaishi A, Samani A, Ghenniwa H (2015) Smarthealth and internet of things. In: Geissbühler A, Demongeot J, Mokhtari M, Abdulrazak B, Aloulou H (eds) Inclusive smart cities and e-health. ICOST 2015. Springer, New York, pp 373–378CrossRefGoogle Scholar
  56. 56.
    Wang KH, Chen CM, Fang W, Wu TY (2017) A secure authentication scheme for internet of things. Pervasive Mobile Comput 42:15–26CrossRefGoogle Scholar
  57. 57.
    Wang KH, Chen CM, Fang W, Wu TY (2018) On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags. J Supercomput 74(1):65–70CrossRefGoogle Scholar
  58. 58.
    Yan SY (2015) Quantum computing for elliptic curve discrete logarithms. Springer, New York, pp 173–228Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Computer Science DepartmentUniversity of M’silaM’silaAlgeria
  2. 2.Laboratoire Hubert CurienSaint-ÉtienneFrance
  3. 3.Laboratoire d’Algebre, de Cryptographie, de Géométrie Algébrique et ApplicationsUniversité Cheikh Anta Diop de DakarDakarSenegal

Personalised recommendations