Secure authentication scheme for IoT and cloud servers

Internet of Things (IoT) is an upcoming platform where information and communication technology connect multiple embedded devices to the Internet for performing information exchange. Owing to the immense development of this technology, embedded devices are becoming more sophisticated every day and are being deployed in various arenas of life. An important advancement in today's technology is the ability to connect such devices to large resource pools such as cloud. Integration of embedded devices and cloud servers brings wide applicability of IoT in many commercial as well as Government sectors. However, the security concerns such as authentication and data privacy of these devices play a fundamental role in successful integration of these two technologies. Elliptic Curve Cryptography (ECC) based algorithms give better security solutions in comparison to other Public Key Cryptography (PKC) algorithms due to small key sizes and efficient computations. In this paper, a secure ECC based mutual authentication protocol for secure communication of embedded devices and cloud servers using Hyper Text Transfer Protocol (HTTP) cookies has been proposed. The proposed scheme achieves mutual authentication and provides essential security requirements. The security analysis of the proposed protocol proves that it is robust against multiple security attacks. The formal verification of the proposed protocol is performed using AVISPA tool, which confirms its security in the presence of a possible intruder. (C) 2015 Elsevier B.V. All rights reserved.