Provably Secure Authentication Protocol for Mobile Clients in IoT Environment Using Puncturable Pseudorandom Function

The Internet of Things (IoT) is a framework of various services and smart technologies that mutually communicate information between mobile devices and users or just between devices with the help of Internet connectivity. The dramatic progression of IoT helps numerous network applications and communication technologies to introduce state-of-the-art communication models for enabling interaction among mobile server, clients, and various other smart entities. Now-a-days, online mobile services have gained huge attention by providing ample convenience to the distant users. However, it is necessary to secure the information, being exchanged among mobile clients and server. Therefore, a large number of authentication protocols have been presented but majority of them are unsuitable to fulfill novel security requirements and standards. Moreover, they are incompatible for the IoT environment due to higher computation and communication complexity. Consequently, there is a dire need of developing an adequate, reliable, and cost-effective authentication protocol. In this article, we introduce a novel identity-based key agreement protocol using the puncturable pseudorandom functions for mobile clients in the IoT environment. The proposed PSK-MC protocol enables two mobile clients to accomplish mutual authentication via server. The proposed protocol is evaluated formally and informally to determine its security strength. The formal security analysis is presented using the widely used random oracle model. Moreover, all the cryptographic operations used at mobile client side are executed on a mobile device, while the operations used at the server side are implemented on a desktop machine to get the experimental results to determine computation cost. The performance analysis reveals the fact that our protocol is comparatively better than related protocols by exhibiting least communication and computation overhead.

Automated summary

The Internet of Things has brought convenience to mobile services, but it is essential to ensure information security. Current authentication protocols are mostly inadequate for meeting new security requirements, highlighting the need for the development of protocols suitable for the IoT environment.