A Secure Mutual Authentication Protocol Based on Visual Cryptography Technique for IoT-Cloud

Ehui Brou Bernard; CHEN Chen; WANG Shirui; GUO Hua; LIU Jianwei

doi:10.23919/cje.2022.00.339

Volume 33 Issue 1

Jan. 2024

Turn off MathJax

Article Contents

Article Navigation > Chinese Journal of Electronics > 2024 > 33(1): 43-57

Brou Bernard Ehui, Chen CHEN, Shirui WANG, et al., “A Secure Mutual Authentication Protocol Based on Visual Cryptography Technique for IoT-Cloud,” Chinese Journal of Electronics, vol. 33, no. 1, pp. 43–57, 2024 doi: 10.23919/cje.2022.00.339

Citation:

Brou Bernard Ehui, Chen CHEN, Shirui WANG, et al., “A Secure Mutual Authentication Protocol Based on Visual Cryptography Technique for IoT-Cloud,” Chinese Journal of Electronics, vol. 33, no. 1, pp. 43–57, 2024 doi: 10.23919/cje.2022.00.339

Citation:

PDF( 4139 KB)

A Secure Mutual Authentication Protocol Based on Visual Cryptography Technique for IoT-Cloud

doi: 10.23919/cje.2022.00.339

Ehui Brou Bernard^1
,,
CHEN Chen^{1, 2
,},
WANG Shirui^{3, 4
,},
GUO Hua^{1, 2
,
,},
LIU Jianwei^1
,

1.
School of Cyber Sciences and Technology, Beihang University, Beijing 100191, China
2.
State Key Laboratory of Software Development Environment, Beihang University, Beijing 100191, China
3.
Sino-French Engineering School, Beihang University, Beijing 100191, China
4.
Beihang Hangzhou Innovation Institute Yuhang, Hangzhou 310051, China

More Information

Author Bio:
Brou Bernard Ehui received the M.S. degree in science degree in computer science and technology from Beijing Technology and Business University, Beijing, China, in 2018. He is currently working towards the Ph.D. degree in cyber security at Beihang University, Beijing, China. His research interests include the Internet of things, mutual authentication, wireless networks and cryptography. (Email: brou.ehui@yahoo.com)

Chen CHEN received the B.E. degree in computer science and technology from Beihang University, Beijing, China, in 2017. He currently is studying for the Ph.D. degree in Beihang University. His research direction focuses on security protocols and cryptography. (Email: chen4chen@buaa.edu.cn)

Shirui WANG received the B.S. degree at Beihang University in 2022. She is currently pursuing the M.S. degree in electronic information at the Sino-French Engineering School of Beihang University, China. The research interests include biometric encryption and security protocol. (Email: valleyxht@126.com)

Hua GUO received the Ph.D. degree from Beihang University, China, in 2011. She is currently an Associate Professor in School of Cyber Science and Technology, Beihang University, China. Her research interest includes cryptography and security protocol. (Email: hguo@buaa.edu.cn)

Jianwei LIU received the B.S. and M.S. degrees in electronics and information from Shandong University, Shandong, China in 1985 and 1988, respectively. He received the Ph.D. degree in communication and electronic systems from Xidian University Shaanxi, China in 1998. He is now a Professor of electronic and information engineering at Beihang University, Beijing, China. His current research interests include wireless communication networks, cryptography, and information & network security. (Email: liujianwei@buaa.edu.cn)
Corresponding author: Email: hguo@buaa.edu.cn
Received Date: 2022-10-04
Accepted Date: 2023-04-04

Available Online: 2023-07-01

Publish Date: 2024-01-05

Abstract

Abstract

Because of the increasing number of threats in the IoT cloud, an advanced security mechanism is needed to guard data against hacking or attacks. A user authentication mechanism is also required to authenticate the user accessing the cloud services. The conventional cryptographic algorithms used to provide security mechanisms in cloud networks are often vulnerable to various cyber-attacks and inefficient against new attacks. Therefore, developing new solutions based on different mechanisms from traditional cryptography methods is required to protect data and users’ privacy from attacks. Different from the conventional cryptography method, we suggest a secure mutual authentication protocol based on the visual cryptography technique in this paper. We use visual cryptography to encrypt and decrypt the secret images. The mutual authentication is based on two secret images and tickets. The user requests the ticket from the authentication server (AS) to obtain the permission for accessing the cloud services. Three shared secret keys are used for encrypting and decrypting the authentication process. We analyze the protocol using the Barrows-Abadi-Needham (BAN)-logic method and the results show that the protocol is robust and can protect the user against various attacks. Also, it can provide a secure mutual authentication mechanism.
- Internet of things,
- Visual cryptography,
- Security,
- Mutual authentication,
- IoT-cloud

FullText(HTML)

References(41)

References

[1]	Rose Karen, Eldridge Scott, and Chapin Lyman, “The internet of things: An overview,” The internet society (ISOC), vol. 80, pp. 1–50, 2015.
[2]	X. William, “GIV 2025 unfolding the industry blueprint of an intelligent world, ” Available at: https://www.huawei.com/minisite/giv/Files/whitepaper_en_2018.pdf, 2018.
[3]	A. Aich and A. Sen, “Study on cloud security risk and remedy,” International Journal of Grid and Distributed Computing, vol. 8, no. 2, pp. 155–166, 2015. doi: 10.14257/ijgdc.2015.8.2.15
[4]	R. Kalaiprasath, R. Elankavi, and R. Udayakumar, “Cloud security and compliance-a semantic approach in end to end security,” International Journal on Smart Sensing and Intelligent Systems, vol. 10, no. 5, pp. 482–494, 2017. doi: 10.21307/ijssis-2017-265
[5]	A. Hendre and K. P. Joshi, “A semantic approach to cloud security and compliance,” in Proceedings of 2015 IEEE 8th International Conference on Cloud Computing, New York, NY, USA, pp. 1081–1084, 2015.
[6]	A. B. Rabiah, K. K. Ramakrishnan, E. Liri, et al., “A lightweight authentication and key exchange protocol for IoT,” in Proceedings of the Workshop on Decentralized IoT Security and Standards, San Diego, CA, USA, pp. 1–6, 2018.
[7]	M. N. Aman, K. C. Chua, and B. Sikdar, “A light-weight mutual authentication protocol for IoT systems,” in Proceedings of 2017 IEEE Global Communications Conference, Singapore, Singapore, pp. 1–6, 2017.
[8]	Y. H. Chuang, N. W. Lo, C. Y. Yang, et al., “A lightweight continuous authentication protocol for the internet of things,” Sensors, vol. 18, no. 4, article no. 1104, 2018. doi: 10.3390/s18041104
[9]	R. K. Sheu, M. S. Pardeshi, and L. C. Chen, “Autonomous mutual authentication protocol in the edge networks,” Sensors, vol. 22, no. 19, article no. 7632, 2022. doi: 10.3390/s22197632
[10]	A. M. Abdul, S. Jena, and M. B. Raju, “Secure authentication protocol to cloud,” International Journal of Computer Sciences and Engineering, vol. 7, no. 5, pp. 1551–1557, 2019. doi: 10.26438/ijcse/v7i5.15511557
[11]	M. Naor and A. Shamir, “Visual cryptography,” in Proceedings of the Workshop on the Theory and Application of of Cryptographic Techniques, Perugia, Italy, pp. 1–12, 1995.
[12]	A. Walke, J. Bhanushali, A. Rajgor, et al., “Enhanced password processing scheme using visual cryptography and steganography,” International Journal on Recent and Innovation Trends in Computing and Communication, vol. 6, no. 4, pp. 35–37, 2018.
[13]	H. Y. Qin, T. Matsusaki, Y. Momoi, et al., “Dual visual cryptography using the interference color of birefringent material,” Journal of Software Engineering and Applications, vol. 10, no. 8, pp. 754–763, 2017. doi: 10.4236/jsea.2017.108041
[14]	T. Matsuzaki, H. Y. Qin, and K. Harada, “Color visual cryptography with stacking order dependence using interference color,” Open Journal of Applied Sciences, vol. 7, no. 7, pp. 329–336, 2017. doi: 10.4236/ojapps.2017.77026
[15]	R. I. Al-Khalid, R. A. Al-Dallah, A. M. Al-Anani, et al., “A secure visual cryptography scheme using private key with invariant share sizes,” Journal of Software Engineering and Applications, vol. 10, no. 1, pp. 1–10, 2017. doi: 10.4236/jsea.2017.101001
[16]	D. Devakumari and K. Geetha, “A survey of visual cryptographic method for secure data transmission,” International Journal of Advanced Research in Computer and Communication Engineering, vol. 6, no. 6, pp. 270–274, 2017. doi: 10.17148/ijarcce.2017.6647
[17]	P. Chouksey, R. Miri, K. Srinivas, et al., “A secret share and key generation based visual cryptography approach for retaining 2D and 3D RGB color using transposition,” Turkish Journal of Computer and Mathematics Education, vol. 12, no. 12, pp. 695–708, 2021.
[18]	Z. S. Xu, J. B. Xu, and L. D. Kuang, “A token-based authentication and key agreement protocol for cloud computing,” in Proceedings of the IEEE 6th International Conference on Smart Cloud, Newark, NJ, USA, pp. 38–43, 2021.
[19]	H. Al-Refai, K. Batiha, and A. M. Al-Refai, “An enhanced user authentication framework in cloud computing,” International Journal of Network Security & Its Applications, vol. 12, no. IJNSA, pp. 59–75, 2020. doi: 10.5121/ijnsa.2020.12204
[20]	Alshammari Abdulaziz, Alhaidari Sulaiman, Alharbi Ali, and Zohdy Mohamed, “Security threats and challenges in cloud computing,” 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), New York, NY, USA, pp. 46–51, 2017.
[21]	Kazuki Murakami, Ryota Hanyu, Qiangfu Zhao, and Yuya Kaneda, “Improvement of security in cloud systems based on steganography,” in Proceedings of 2013 International Joint Conference on Awareness Science and Technology & Ubi-Media Computing (iCAST 2013 & UMEDIA 2013), Aizu-Wakamatsu, Japan, pp. 503–508, 2013.
[22]	A. Y. AlKhamese, W. R. Shabana, and I. M. Hanafy, “Data security in cloud computing using steganography: A review,” in Proceedings of 2019 International Conference on Innovative Trends in Computer Engineering, Aswan, Egypt, pp. 549–558, 2019.
[23]	S. M. J. Islam, Z. H. Chaudhury, and S. Islam, “A simple and secured cryptography system of cloud computing,” in Proceedings of 2019 IEEE Canadian Conference of Electrical and Computer Engineering, Edmonton, Canada, pp. 1–3, 2019.
[24]	A. Arora, A. Khanna, A. Rastogi, et al., “Cloud security ecosystem for data security and privacy, ” in Proceedings of the 7th International Conference on Cloud Computing, Data Science & Engineering-Confluence, Noida, India, pp. 288–292, 2017.
[25]	K. Fan, Q. Luo, K. Zhang, et al., “Cloud-based lightweight secure RFID mutual authentication protocol in IoT,” Information Sciences, vol. 527, pp. 329–340, 2020. doi: 10.1016/j.ins.2019.08.006
[26]	M. Adeli, N. Bagheri, S. Sadeghi, et al., “χperbp: A cloud-based lightweight mutual authentication protocol, ” Peer-to-Peer Networking and Applications, in press.
[27]	K. Nimmy and M. Sethumadhavan, “Novel mutual authentication protocol for cloud computing using secret sharing and steganography,” in Proceedings of the Fifth International Conference on the Applications of Digital Information and Web Technologies, Bangalore, India, pp. 101–106, 2014.
[28]	C. Vorugunti, M. Sarvabhatla, and G. Murugan, “A secure mutual authentication protocol for cloud computing using secret sharing and steganography,” in Proceedings of 2014 IEEE International Conference on Cloud Computing in Emerging Markets, Bangalore, India, pp. 1–8, 2014.
[29]	S. R. Department, “Internet of Things - Number of connected devices worldwide 2015-2025,” Available at: https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide, 2016-11-27.
[30]	R. Dirk, “Visual cryptography,” Available at: https://www.ciphermachinesandcryptology.com/en/visualcrypto.htm, 2022-02-25.
[31]	G. Ateniese, C. Blundo, A. De Santis, et al., “Visual cryptography for general access structures,” Information and computation, vol. 129, no. 2, pp. 86–106, 1996. doi: 10.1006/inco.1996.0076
[32]	Z. Zhou, G. R. Arce, and G. Di Crescenzo, “Halftone visual cryptography,” IEEE Transactions on Image Processing, vol. 15, no. 8, pp. 2441–2453, 2006. doi: 10.1109/TIP.2006.875249
[33]	J. A. Kumar and G. Ganapathy, “A modified approach for Kerberos authentication protocol with secret image by using visual cryptography,” International Journal of Applied Engineering Research, vol. 12, no. 21, pp. 11218–11223, 2017.
[34]	Y. Zheng and C. H. Chang, “Secure mutual authentication and key-exchange protocol between PUF-embedded IoT endpoints,” in Proceedings of 2021 IEEE International Symposium on Circuits and Systems, Daegu, Korea, pp. 1–5, 2021.
[35]	P. K. Panda and S. Chattopadhyay, “A secure mutual authentication protocol for IoT environment,” Journal of Reliable Intelligent Environments, vol. 6, no. 2, pp. 79–94, 2020. doi: 10.1007/s40860-020-00098-y
[36]	W. Li, X. L. Li, J. T. Gao, et al., “Design of secure authenticated key management protocol for cloud computing environments,” IEEE Transactions on Dependable and Secure Computing, vol. 18, no. 3, pp. 1276–1290, 2021. doi: 10.1109/tdsc.2019.2909890
[37]	M. A. Kiran, S. K. Pasupuleti, and R. Eswari, “A lightweight two-factor mutual authentication scheme for cloud-based IoT,” in Proceedings of the 4th International Conference and Workshops on Recent Advances and Innovations in Engineering, Kedah, Malaysia, pp. 1–6, 2019.
[38]	M. A. Al Sibahee, S. F. Lu, Z. A. Abduljabbar, et al., “Lightweight secure message delivery for E2E S2S communication in the IoT-cloud system,” IEEE Access, vol. 8, pp. 218331–218347, 2020. doi: 10.1109/access.2020.3041809
[39]	V. Odelu, A. K. Das, and A. Goswami, “A secure biometrics-based multi-server authentication protocol using smart cards,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 9, pp. 1953–1966, 2015. doi: 10.1109/tifs.2015.2439964
[40]	A. G. Reddy, E. J. Yoon, A. K. Das, et al., “Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment,” IEEE Access, vol. 5, pp. 3622–3639, 2017. doi: 10.1109/access.2017.2666258
[41]	D. B. He, S. Zeadally, N. Kumar, et al., “Efficient and anonymous mobile user authentication protocol using self-certified public key cryptography for multi-server architectures,” IEEE Transactions on Information Forensics and Security, vol. 11, no. 9, pp. 2052–2064, 2016. doi: 10.1109/TIFS.2016.2573746