Design of a Secure Password-Based Authentication Scheme for M2M Networks in IoT Enabled Cyber-Physical Systems

The Internet of Things (IoT) forms a foundation for cyber-physical systems. We propose an efficient and secure authentication scheme for machine-to-machine (M2M) networks in IoT enabled cyber-physical systems. Smart objects and smart devices over CPS are capable of capturing a variety of multimedia contents; interact with each other and also with the physical world in a fully automatic manner without human interference. The proposed scheme allows any pair of entities in an M2M network to mutually authenticate each other and agree on a session key for communicating data in a secure and efficient way. The authentication process does not incorporate the M2M service provider, and hence eliminates the burden of managing the authentication of massive scale devices at the edge of the network. The burden of the authentication process is offloaded and distributed on the gateways under the authority of this M2M service provider. The proposed scheme requires the mobile user to hold only one secret key provided by the M2M service provider, by which, he can roam randomly in the M2M network and authenticate to any of the gateways in the domain Then, this authenticated gateway allows the mobile user to authenticate with any sensor node in the domain In the proposed scheme, the authentication process does not rely on any public key cryptographic operations. Authentication is achieved using very few hash invocations and symmetric key encryptions. Therefore, the scheme is suitable for environmental sensors which are limited in resources (computation, storage, and energy). We analyze the security of the proposed scheme using BAN logic, which is widely accepted as a framework for the assessment of authentication protocols and also using ProVerif. We assess the efficiency of the proposed scheme and compare with some recently proposed schemes.