Secure and Lightweight User Authentication Scheme for Cloud-Assisted Internet of Things

Cloud-assisted Internet of Things (IoT) overcomes the resource-constrained nature of the traditional IoT and is developing rapidly in such fields as smart grids and intelligent transportation. In a cloud-assisted IoT system, users can remotely control the IoT devices and send specific instructions to them. If the users' identities are not verified, adversaries can pretend as legitimate users to send fake and malicious instructions to IoT devices, thereby compromising the security of the entire system. Thus, a sound authentication mechanism is indispensable to ensure security. At the same time, it should be noted that a gateway may connect to massive IoT devices with the exponential growth of interconnected devices in a cloud-assisted IoT system. The efficiency of authentication schemes is easily impacted by the computation capability of the gateway. Recently, several schemes have been designed for cloud-assisted IoT systems, but they have problems of one kind or another, making them not suitable for cloud-assisted IoT systems. In this paper, we take a typical scheme (proposed at IEEE TDSC 2020) as an example to identify the common weaknesses and challenges of designing a user authentication scheme for cloud-assisted IoT systems. In addition, we propose a new secure user authentication scheme with lightweight computation on gateways. The proposed scheme provides secure access between remote users and IoT devices with many ideal attributions, such as forward secrecy and multi-factor security. Meanwhile, the security of this scheme is proved under the random-oracle model, heuristic analysis, the ProVerif tool, and BAN logic. Compared with ten state-of-the-art schemes in security and performance, the proposed scheme achieves all the listed twelve security requirements with minimum computation and storage costs on gateways.