Secure session between an IoT device and a cloud server based on elliptic curve cryptosystem

作     者：Cheng, Ting-Fang Chen, Ying-Chin Song, Zhu-Dao Huynh, Ngoc-Tu Lee, Jung-San 

作者机构：Twain-CA Incorporation 10F. No.85 Taipei City100 Taiwan Department of Information Engineering and Computer Science Feng-Chia University Taichung40724 Taiwan Faculty of Information Technology Ton Duc Thang University Ho Chi Minh City Viet Nam 

出 版 物：《International Journal of Information and Computer Security》 (Int. J. Inf. Comput. Secur.)

年 卷 期：2021年第15卷第1期

页      面：67-87页

核心收录：

学科分类：081203[工学-计算机应用技术] 08[工学] 0835[工学-软件工程] 0813[工学-建筑学] 0811[工学-控制科学与工程] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

主　　题：Internet of things 

摘      要：The internet of things (IoT) has brought the properties of convenience, intelligence, and manageability into our daily lives. Nevertheless, it also gives malicious attackers lots of opportunity to compromise our private information. Hence, the security issue over IoT has become an emergent and crucial research topic. Kalra and Sood (2015) proposed an authentication scheme for IoT device and cloud server. Unfortunately, Chang et al. (2017) have pointed out the weaknesses of Kalra and Sood s scheme and provided proper improvements. However, we have found that the improved version still exist potential risks. Thus, we aim to develop a brand-new ECC-based authentication mechanism for offering a secure session between an IoT device and a cloud server. In particular, the new method is proved secure under the examination of AVISPA, which is a formal verification tool. © 2021 Inderscience Enterprises Ltd.. All rights reserved.