A secure mutual authentication protocol for IoT environment

  • 10 Accesses


Rapid development in the field of Internet of Things (IoT) has made it possible to connect many embedded devices to the internet for the sharing of data. Since, the embedded device has limited storage, power, and computational ability, an integration of embedded devices with the large pool of resource such as cloud is required. This integration of technologies is expected to provide extraordinary growth in current and future promising applications of IoT. In this context, the security issues such as authentication and data privacy of devices are major issues of concern. The research motivation of the present work is to propose a secure mutual authentication protocol for IoT and cloud servers based on elliptic curve cryptography. In this work, the security properties of the proposed protocol have been formally verified by using Automated Validation of Internet Security Protocols and Applications tools and informally analyzed and compared with the related protocols in terms of various security attributes such as device privacy, impersonation attack, replay attack, password guessing attack, mutual authentication and so on. Moreover, the performance of the proposed protocol has also been evaluated in terms of computational, communication, storage overhead and total computational time. The security and performance analyses found the supremacy of the proposed protocol over the other related protocols.

This is a preview of subscription content, log in to check access.

Access options

Buy single article

Instant unlimited access to the full article PDF.

US$ 39.95

Price includes VAT for USA

Subscribe to journal

Immediate online access to all issues from 2019. Subscription will auto renew annually.

US$ 99

This is the net price. Taxes to be calculated in checkout.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7


  1. 1.

    Atzori L, Lera A, Morabito G (2010) The Internet of Things: a survey. Comput Netw 54:2787–2805

  2. 2.

    Al-Fuqaha A, Guizani M, Mohammadi M, Aledhari M, Ayyash M (2015) Internet of Things: a survey on enabling technologies, protocols, and applications. IEEE Commun Surv Tutor 17(4):2347–2376

  3. 3.

    Kouicem DE, Bouabdallah A, Lakhlef H (2018) Internet of Things security: a top-down survey. Comput Netw 141:199–221

  4. 4.

    Botta A, Donato WD, Persico V, Pescape A (2016) Integration of cloud computing and Internet of things: a survey. Future Gener Comput Syst 56:684–700

  5. 5.

    Sascha M, Sebastian W (2008) Secure communication in microcomputer bus systems for embedded devices. J Syst Archit 54:1065–1076

  6. 6.

    Debiao H, Sherali Z (2015) An analysis of RFID authentication schemes for Internet of Things in healthcare environment using elliptic curve cryptography. IEEE Internet Things J 2(1):72–83

  7. 7.

    Afreen R, Mehrotra SC (2011) A review on elliptic curve cryptography for embedded systems. J Comput Sci Inf Technol 3(3):84–103

  8. 8.

    Yang J, Chang C (2009) An ID-based remote mutual authentication with key agreement protocol for on elliptic curve cryptosystem. Comput Secur 28:138–143

  9. 9.

    Yoon EJ, Yoo KY (2009) Robust ID-based remote mutual authentication with key agreement protocol for mobile devices on ECC. In: Proceedings of the international conference on computational science and engineering, pp 633–640

  10. 10.

    Hafizul SK, Biswas GP (2011) A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve crypto systems. J Syst Softw 84(11):1892–1898

  11. 11.

    Chou CH, Tsai KY, Lu CF (2013) Two ID-based authenticated schemes with key agreement for mobile environments. J Supercomput 66(2):973–988

  12. 12.

    Farash MS, Attari MA (2014) A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks. J Supercomput 69:395–411

  13. 13.

    Liao YP, Hsiao CM (2014) A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol. Ad Hoc Netw 18:133–146

  14. 14.

    Peeters R, Hermans J (2013) Attack on Liao and Hsiao’s Secure ECC based RFID authentication scheme integrated with ID-verifier transfer protocol. Cryptology ePrint Archive. Report 2013/399

  15. 15.

    Moosavi SR, Nigussie E, Virtanen S, Isoaho J (2014) An elliptic curve-based mutual authentication scheme for RFID implants systems. Procedia Comput Sci 32:198–206

  16. 16.

    Khatwani C, Roy S (2015) Security analysis of ECC based authentication protocols. In: Proceedings of ieee international conference on computational intelligence and communication networks, pp 1167–1172

  17. 17.

    Abbasinezhad-Mood D, Nikooghadam M (2018) Efficient design of a novel ECC-based public key scheme for medical data protection by utilization of NanoPi fire. IEEE Trans Reliab 67(3):1328–1339

  18. 18.

    Abbasinezhad-Mood D, Nikooghadam M (2018) Efficient anonymous password-authenticated key exchange protocol to read isolated smart meters by utilization of extended chebyshev chaotic maps. IEEE Trans Ind Inf 4(11):4815–4828

  19. 19.

    Abbasinezhad-Mood D, Ostad-Sharif A, Nikooghadam M (2019) Novel anonymous key establishment protocol for isolated smart meters. IEEE Trans Ind Electron 67(4):2844–2851

  20. 20.

    Alshahrani M, Traore I (2019) Secure mutual authentication and automated access control for IoT smart home using cumulative Keyed-hash chain. J Inf Secur Appl 45:156–175

  21. 21.

    Li X, Niu J, Bhuiyan MZA, Wu F, Karuppiah M, Kumari S (2018) A robust ECC based provable secure authentication protocol with privacy preserving for Industrial Internet of Things. IEEE Trans Ind Inf 14(8):3599–3609

  22. 22.

    Alcaide A, Palomar E, Montero-Castillo J, Ribagorda A (2013) Anonymous authentication for privacy-preserving IoT target-driven applications. Comput Secur 37:111–123

  23. 23.

    Lin X-J, Sun L, Qu H (2015) Insecurity of an anonymous authentication for privacy-preserving IoT target-driven applications. Comput Secur 48:142–149

  24. 24.

    Dhillon PK, Kalra S (2017) Secure multi-factor remote user authentication scheme for Internet of Things environments. Int J Commun Syst 6:e3323

  25. 25.

    Ostad-Sharif A, Arshad H, Nikooghadam M, Abbasinezhad-Mood D (2019) Three party secure data transmission in IoT networks through design of a lightweight authenticated key agreement scheme. Future Gener Comput Syst 100:82–892

  26. 26.

    Waquar A, Raza A, Abbas H, Khan MK (2013) A framework for preservation of cloud users’ data privacy using dynamic reconstruction of metadata. J Netw Comput Appl 36:235–248

  27. 27.

    Distefano S, Merlino G, Puliafito A (2015) A utility paradigm for IoT: the sensing cloud. Pervasive Mob Comput 20:127–144

  28. 28.

    Persson P, Angelsmark O (2015) Calvin—merging cloud and IoT. Procedia Comput Sci 52:210–217

  29. 29.

    Stergiou C, Psannis KE, Kim B-G, Gupta B (2018) Secure integration of IoT and cloud computing. Future Gener Comput Syst 78:964–975

  30. 30.

    Chatterjee S, Samaddar SG (2020) A robust lightweight ECC-based three-way authentication scheme for IoT in cloud. In: Elçi A, Sa P, Modi C, Olague G, Sahoo M, Bakshi S (eds) Smart computing paradigms: new progresses and challenges Advances in intelligent systems and computing, vol 767. Springer, Singapore

  31. 31.

    Kalra S, Sood SK (2015) Secure authentication scheme for IOT and cloud servers. Pervasive Mob Comput 24:210–223

  32. 32.

    Chang C-C, Wu H-L, Sun C-Y (2017) Notes on secure authentication scheme for IOT and cloud servers. Pervasive Mob Comput 38:275–278

  33. 33.

    Wang K-H, Chen C-M, Fang W, Wu T-Y (2017) A secure authentication scheme for internet of things. Pervasive Mob Comput 42:15–26

  34. 34.

    Kumari S, Karuppiah M, Das AK (2018) A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers. J Supercomput 74:6428–6453

  35. 35.

    Bhubaneswari S, Ananth NV (2018) Enhanced mutual authentication scheme for cloud of things. Int J Pure Appl Math 119(15):1571–1583

  36. 36.

    Hankerson D, Menezes A, Vanstone S (2004) Guide to elliptic curve cryptography. Springer, New York

  37. 37.

    Mahto D, Khan DA, Yadav DK (2016) Security analysis of elliptic curve cryptography and RSA. In: Proceedings of the world congress on engineering, pp 1–4

  38. 38.

    Wu F, Xu L, Kumari S, Li X (2018) An improved and provably secure three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Netw Appl 11(1):1–20

  39. 39.

    Panda PK, Chattopadhyay S (2019) An improved authentication and security scheme for LTE/LTE-a networks. J Ambient Intell Hum Comput.

  40. 40.

    Vigano L (2006) Automated security protocol analysis with the AVISPA tool. Electron Notes Theor Comput Sci 155:61–86

  41. 41.

    [Online]. AVISPA: automated validation of internet security protocols and applications. Accessed Jan (2018).

  42. 42.

    Wazid M, Das AK, Odelu V, Kumar N, Conti M, Jo M (2018) Design of secure user authenticated key management protocol for generic IoT networks. IEEE Internet Things J 5(1):269–282

  43. 43.

    Dolev D, Yao AC (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208

  44. 44.

    Secure hash standard (1995) Nat. Inst. Standards Technol. (NIST), USA, Tech. Rep. FIPS PUB: 180-1

  45. 45.

    Panda PK, Chattopadhyay S (2019) A modified PKM environment for the security enhancement of IEEE 802.16e. Comput Standard Interface 61:107–120

  46. 46.

    Challa S, Wazid M, Das AK, Kumar N, Reddy AG, Yoon E-J, Yoo K-Y (2017) Secure signature based authenticated key establishment scheme for future IOT applications. IEEE Access 5:3028–3043

Download references

Author information

Correspondence to Prabhat Kumar Panda.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Panda, P.K., Chattopadhyay, S. A secure mutual authentication protocol for IoT environment. J Reliable Intell Environ (2020).

Download citation


  • Authentication
  • Cloud server
  • Elliptic curve cryptography
  • Internet of Things
  • Security