期刊名称:International Journal of Distributed Sensor Networks
印刷版ISSN:1550-1329
电子版ISSN:1550-1477
出版年度:2018
卷号:14
期号:5
页码:1
DOI:10.1177/1550147718777654
出版社:Hindawi Publishing Corporation
摘要:The age of Internet of things gives rise to more challenges to various secure demands when designing the protocols, such as object identification and tracking, and privacy control. In many of the current protocols, a malicious server may cheat users as if it was a legal server, making it vital to verify the legality of both users and servers with the help of a trusted third-party, such as a registration center. Li et al. proposed an authentication protocol based on dynamic identity for multi-server environment, which is still susceptible to password-guessing attack, eavesdropping attack, masquerade attack, and insider attack etc. Besides, their protocol does not provide the anonymity of users, which is an essential request to protect users’ privacy. In this article, we present an improved authentication protocol, depending on the registration center in multi-server environments to remedy these security flaws. Different from the previous protocols, registration center in our proposed protocol is one of parties in authentication phase to verify the legality of the users and the servers, thus can effectively avoid the server spoofing attack. Our protocol only uses nonce, exclusive-OR operation, and one-way hash function in its implementation. Formal analysis has been performed using the Burrows–Abadi–Needham logic to show its security.
