With the rapid development of modern smart technologies, Internet of things (IoT) has caught much attention from industry and IT community in terms of networking and communication aspects . In the future, IoT communication scenarios will be a combination of heterogeneous access technologies and services, which enables users to be exposed to a diverse network environment. The heterogeneity of IoT determines that information can flow among multiple transmission networks with different structures, providing various services on a common network platform. Like in all other communication and computer networks, security issues are always significantly important in the development of heterogeneous IoT (HIoT). In addition, key agreement and authentication mechanism play indispensable roles in the aspects of protecting user privacy and data security for HIoT scenario.
IoT is a popular notion  that has been widely used in industries such as healthcare and some critical infrastructures, as shown in Fig.1. Meanwhile, the diversity of IoT applications and heterogeneity of IoT communication infrastructures also have led to lots of security challenges [3, 4, 5, 6, 7, 8, 9, 10, 11, 12], exposing some threats of malicious attacks, data interception, user privacy leaking, unauthorized access, etc. These security flaws seriously affect HIoT’s development and application. Therefore, security and privacy become essential in HIoT.
In 2010, the EU Commission  identified security and privacy as a major IoT research challenge. Many researches [14, 15, 16, 17] focused on secure communication and privacy preservation for HIoT. Moreover, some other researches [18, 19, 20, 21] put forward countermeasures that were targeted at specific types of attacks. In 2017, Feng et al.  presented a replay-attack resistant authentication scheme, based on an improved challenge-response mechanism instead of the timestamp mechanism. In , a lightweight defensive algorithm for distributed denial of service attacks (DDOS) was proposed for IoT environment, which could protect the sensor nodes from the attacks of malicious requests effectively. In order to preserve user privacy, Kim-Kim’s scheme  adopted the one-time pseudonym identities synchronization mechanism that could maintain identities consistency between users and the server. However, the scheme was vulnerable to the de-synchronization attack. In 2015, Wang et al.  improved the Kim-Kim’s scheme, achieving superior privacy preservation.
Authentication and key agreement are the core technologies and the foundation of other security mechanisms. It enables legal authorized users to establish a reliable relationship between each other in HIoT. In 2009, a key establishment and authentication scheme based on combined public key (CPK) algorithm was proposed for the heterogeneous network, and it was proved to be efficient in terms of the mutual authentication . In 2013, Chu et al.  proposed an identity authentication scheme based on elliptic curve cryptographic (ECC), which innovatively used the encryption algorithm of public-private key pair to satisfy the security requirements of heterogeneous network. In 2016, Amin et al.  came up with a three-factor authenticated key agreement scheme for IoT and claimed that their scheme was secure. However, Arasteh et al.  showed that the scheme of Amin et al. was prone to replay attacks and DOS attacks.
Moreover, due to the resource-constrained nature of IoT devices, the secure schemes should be lightweight. In allusion to this requirement, some schemes [26, 27] were proposed to reduce the computation burden of participants. In 2016, Iqbal and Bayoumi  proposed a novel authentication and key agreement scheme, which offloaded the heavy cryptographic functions of resource-constrained sensors to the trusted neighboring sensors. In , a secure and lightweight mutual authentication and key agreement scheme was presented, in which the cryptographic functions were proved to be computationally lightweight and resist some known attacks. Although these schemes were lightweight in the IoT environment, they did not prove that they were applicable to heterogeneous IoT. In , Hou et al. proposed a secure and lightweight authentication and key agreement scheme based on CPK and ECC in HIoT environment. Unfortunately, this scheme used signature-to-encryption in a time-consuming way.
In this paper, we propose a novel and lightweight anonymous authentication and key agreement scheme for heterogeneous IoT, which is based on a signcryption algorithm between PKI and CLC environment. It provides more features of user anonymity, non-repudiation, key agreement fairness and lightweight. In addition, our scheme can be proved to resist replay attacks and DOS attacks. Therefore, it has wider application prospect in HIoT environment.
The rest of this paper is organized as follows. In Section II, we discuss the secure HIoT’s system model. Section III demonstrates the proposed mutual authentication and key agreement scheme for HIoT. Sections IV and V present informal security and performance analysis respectively. At last, the conclusion is described in section VI.
In this section, there is a brief description of the HIoT’s system model and security assumptions.
A. System model
A typical scenario model of HIoT is illustrated in Fig. 2. It mainly consists of a gateway node (GWN), a user and a sensor node (SN).
The GWN is a trust third party that can distribute partial private key to the SN and the digital certificate to the user respectively. The SN in CLC is in charge of gathering data from environments and forwarding the data to the user in PKI via a secure channel.
B. Security assumptions
The security of the proposed scheme depends on the hardness of the following problems:
is a cyclic additive group, and is a cyclic multiplicative group. A large prime is the order of . is a bilinear map . is a generator of and .
Definition 1 (CDHP). Defining Computational Diffie-Hellman Problem (CDHP) is to compute when given .
Definition 2 (ECDLP). Defining Elliptic Curve Discrete Logarithm Problem (ECDLP) is to compute the integer when given .
Iii The Proposed Scheme
In this section, we propose a novel anonymous authentication and key agreement scheme based on a signcryption algorithm for HIoT, as shown in Fig. 3. The proposed scheme comprises three phases: system initialization, system registration, system authentication and key agreement phase.
A. System initialization phase.
1) The GWN selects the main private key randomly, and calculates the public key . Let be the security parameter of the system and be an identity space.
2) The GWN defines five secure cryptographic hash functions: , , , . Then, it publishes and keeps .
B. System registration phase.
This phase is divided into two steps: registration between the user and the GWN, registration between the SN and the GWN.
Step 1: Registration between the user in PKI environment and the GWN.
1) The user runs PKI-Key-Gen algorithm:
Select randomly as the private key ;
Compute as its public key;
Send the message to the GWN through a secure channel.
2) The GWN firstly computes the account information and the signature information , where and . Then, it returns the identity account management information to the user.
3) The user checks if the equation holds or not.
If it holds, the user stores , and regards as its identifier, which indicates the registration between the GWN and the user is successful;
Otherwise, the user aborts.
Step 2: Registration between the SN in CLC environment and the GWN.
1) The SN sends its identity to the GWN.
2) The GWN runs CLC-Partial-Private-Key-Gene algorithm:
Select randomly, compute , and obtain part of the private key ;
Return to the SN through a secure channel.
3) The SN checks if holds or not.
If it holds, the GWN is legal. Then, the SN selects and obtains the intact privacy key ;
Otherwise, the SN aborts.
4) The SN computes and sets as its intact public key. Then, it checks if .
If it holds, the SN stores , and regards as legal user’s identifier;
Otherwise, the SN aborts.
C. System authentication and key agreement phase.
1) The user runs the PKI-to-CLC heterogeneous signcryption algorithm:
Select a random number ;
Compute , , , ;
Obtain the ciphertext message ;
Calculate the account protection information ;
Send a service request message to the SN.
2) Then, the SN runs the PKI-to-CLC heterogeneous unsigncryption algorithm:
Check if , where is the current timestamp, and is the allowed transmission delay. If it holds, the message is fresh. The SN can carry on the subsequent steps. Otherwise, it terminates the authentication.
Compute , , ;
If , the SN receives . Otherwise, it returns for rejection;
Check if . If it does, the SN computes its own message digest . Otherwise, the SN aborts;
Calculate the session key ;
Calculate the message authentication code and send to the user.
3) Finally, the user does the following verification:
Calculate the message digest ;
Calculate the session key ;
Generate a new message authentication code . And it checks if . If it does, the authentication is successful. Otherwise, it is failed.
If mutual authentication is successful, the user and the SN could generate the same session key respectively. Therefore, they can communicate with each other securely in the future.
Iv The security analysis
Iv-a Mutual authentication
The scheme realizes mutual heterogeneous authentication between SNs and users. When a user starts the authentication phase with a SN, the SN has to verify the identity of the user. Thereby, it needs to verify the user’s legality by running the authentication phase of Section III. After verifying user’s legality, the user starts authenticating the SN. The user can also verify the SN’s legality by running the authentication phase of Section III. When the SN and the user are both proven to be legal, they also have completed the key agreement phase.
Iv-B Key agreement
Only the user and the SN can get the session key . The user does not send the account information to the SN directly. is hidden in the account protection information . If the private key of the SN is unavailable, anyone else can not obtain and . In other word, it is impossible for others to get the session key. Therefore, the session key is secure in our scheme.
Our scheme ensures the user’s anonymity via the masked identity . In system registration phase, the user sends the registration request message to the GWN. The GWN creates an account information for the user. Here, is not the real identity of the user. Namely, it is only the user’s identifier. When the user sends a service request message to the SN, the SN sends the corresponding service to the user with , but it does not know the real identity of the user. Because the SN can not derive the user’s identity information from . So our scheme achieves the user’s identity anonymity in system registration phase.
In system authentication phase, is not transmitted in plaintext and is hidden by the account protection information . Only the user and the SN can get . Even the GWN can not get the user’s real identity. Therefore, our scheme can provide the user’s identity anonymity.
The user sends the service request message to the SN, but in this process others can not forge the ciphertext message without obtaining the user’s intact private key due to the hardness of the problem under current conditions. Thereby, can only be generated by the user. When the authentication is successful, the SN will provide the corresponding services for the legal user. The user can not deny sending the service request messages to the SN. Similarly, anyone else is unable to impersonate the SN due to the lack of the SN’s private key. Therefore, the SN can not deny either that it had received the user’s service request messages or that it had provided the corresponding services for the user.
Iv-E Key agreement fairness
The SN calculates the session key and the message authentication code . Then it sends to the user. After receiving , the user calculates the message digest in order to get the session key . It computes the message authentication code . The SN and the user can get the session key and the message authentication code equally, and one participant does not have more privilege than the other. Therefore, the communication participants are in an equal position after the key agreement is completed. According to the above, fairness is ensured in our scheme.
Iv-F Anti-replay attacks
The SN is unable to identify the validity of the message from the user, because it does not know if the message had been received by itself. The attackers usually utilize the drawback to initiate a replay attack on the SN. Our scheme avoids this drawback by involving a timestamp to the user’s service request message effectively. After receiving the service request message, the SN can check the freshness of the message based on the judgment of the timestamp to identify if the message could be accepted. Therefore, our scheme can resist replay attacks.
Iv-G Denial of service attacks
In system registration phase, the GWN sends the account information to the user and the SN respectively through a secure channel. When the user initiates a service request for the SN, the SN utilizes the account protection information and own private key to compute . Then, it verifies if is equal to the received , so as to determine if it should accept the service request message from the user. Before generating a bogus service request, the attackers must calculate correctly ahead. However, they can not get the correct without the random number . Our scheme exploits to prevent attackers from abusing system resources to send a lot of invalid service request messages. Therefore, our scheme can resist denial of service attacks successfully.
V The performance evaluation
For quantitative analysis of our scheme, we use Ubuntu OS as the experimental platform to simulate the total running time. Let P denote the bilinear pairing operation, M denote the point multiplication operation in , E denote the exponential operation in , and H denote the hash operation separately.
TABLE I demonstrates the performance comparison between the proposed scheme and other related schemes. Note that SC denotes symmetric cryptography. Fig. 4 shows the total computation and communication costs of each scheme.
|Schemes||User(or Alice)||GWN(or PKG)||SN(or Bob)||Total time(ms)||Communication costs||Signcryption-based||Domains|
From TABLE I, we can clearly find that the scheme  does not involve signcryption algorithm, so it causes higher communication costs. Although the scheme  has a lower communication overhead, it is inefficient with higher computation complexity. Furthermore, the scheme in  has only proved that it satisfies confidentiality and unforgeability. Besides, it has the key escrow issue, causing a lot of storage space to be occupied for the resource-constrained sensor node side. For all above, our scheme is more applicable for heterogeneous IoT.
In recent time, the security and privacy issues of HIoT have drawn much attention from all walks of life. In order to solve these problems for HIoT, this paper proposes an anonymous mutual authentication and key agreement scheme based on a proper signcryption algorithm. The proposed scheme not only possesses the features of anonymity, non-repudiation, key agreement fairness, but also can resist replay attacks and DOS attacks. Additionally, the scheme is highly lightweight with lower computation and communication overhead. What’s more, it is innovatively designed to shift between the PKI and CLC environment. As a consequence, our scheme has a better scalability to be more applicable for heterogeneous IoT.
-  I. Yaqoob, E. Ahmed, I. A. T. Hashem, A. I. A. Ahmed, A. Gani, M. Imran, and M. Guizani, “Internet of things architecture: Recent advances, taxonomy, requirements, and open challenges,” IEEE Wireless Communications Magazine, vol. 24, no. 3, pp. 10–16, 2017.
-  F. Wu, L. Xu, S. Kumari, and X. Li, “A privacy-preserving and provable user authentication scheme for wireless sensor networks based on internet of things security,” Journal of Ambient Intelligence and Humanized Computing, vol. 8, no. 1, pp. 101–116, 2017.
-  X. Du and H. H. Chen, “Security in wireless sensor networks,” IEEE Wireless Communications Magazine, vol. 15, no. 4, pp. 60–66, 2008.
-  X. Du, M. Guizani, Y. Xiao, and H. H. Chen, “Defending dos attacks on broadcast authentication in wireless sensor networks,” in Proc. of IEEE International Conference on Communications, 2008, pp. 1653–1657.
-  ——, “A routing-driven elliptic curve cryptography based key management scheme for heterogeneous sensor networks,” IEEE Transactions on Wireless Communications, vol. 8, no. 3, pp. 1223–1229, 2009.
-  Y. Xiao, V. K. Rayi, B. Sun, X. Du, F. Hu, and M. Galloway, “A survey of key management schemes in wireless sensor networks,” Computer Communications, vol. 30, no. 11-12, pp. 2314–2341, 2007.
-  X. Du, Y. Xiao, M. Guizani, and H. H. Chen, “An effective key management scheme for heterogeneous sensor networks,” Ad Hoc Networks, vol. 5, no. 1, pp. 24–34, 2007.
-  Y. Xiao, X. Du, J. Zhang, F. Hu, and S. Guizani, “Internet protocol television (iptv): the killer application for the next generation internet,” IEEE Communications Magazine, vol. 45, no. 11, pp. 126–134, 2007.
-  X. Du and F. Lin, “Designing efficient routing protocol for heterogeneous sensor networks,” in Proc. of the 24th IEEE International Performance, Computing, and Communications Conference (IPCCC), 2005.
-  X. Du and D. Wu, “Adaptive cell-relay routing protocol for mobile ad hoc networks,” IEEE Transactions on Vehicular Technology, vol. 55, no. 1, pp. 270–277, 2006.
-  X. Du, “Qos routing based on multi-class nodes for mobile ad hoc networks,” Ad Hoc Networks, vol. 2, no. 3, pp. 241–254, 2004.
-  D. Mandala, F. Dai, X. Du, and C. You, “Load balance and energy efficient data gathering in wireless sensor networks,” in Proc. of the First IEEE International Workshop on Intelligent Systems Techniques for Wireless Sensor Networks, in conjunction with IEEE MASS’06, 2006.
-  H. Sundmaeker, P. Guillemin, P. Friess, and S. Woelfflé, “Vision and challenges for realizing the internet of things,” International Journal of Systematic & Evolutionary Microbiology, vol. 73, no. 1, pp. 55–70, 2010.
-  M. Turkanović, B. Brumen, and M. Hölbl, “A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion,” Ad Hoc Netwoeks, vol. 20, no. 2, pp. 96–112, 2014.
-  Y. Xu and F. Liu, “Hybrid key management scheme for preventing man-in-middle attack in heterogeneous sensor networks,” in Proc. of 2017 3rd IEEE International Conference on Computer and Communications (ICCC), 2017, pp. 1421–1425.
-  F. Wei, P. Vijayakumar, J. Shen, R. Zhang, and L. Li, “A provably secure password-based anonymous authentication scheme for wireless body area networks,” Computers & Electrical Engineering, vol. 65, pp. 322–331, 2018.
-  M. S. Farash, M. Turkanović, S. Kumari, and M. Hölbl, “An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the internet of things environment,” Ad Hoc Networks, vol. 36, no. P1, pp. 152–176, 2016.
-  Y. Feng, W. Wang, Y. Weng, and H. Zhang, “A replay-attack resistant authentication scheme for the internet of things,” in Proc. of 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC), 2017, pp. 541–547.
-  C. Zhang and R. Green, “Communication security in internet of thing: preventive measure and avoid ddos attack over iot network,” in Proc. of the 18th Symposium on Communications & Networking, 2015, pp. 8–15.
-  K. K. Kim and M. H. Kim, “An enhanced anonymous authentication and key exchange scheme using smartcard,” in Proc. of the 15th international conference on Information Security and Cryptology, 2012, pp. 487–494.
-  D. Wang, N. Wang, P. Wang, and S. Qing, “Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity,” Information Sciences, vol. 321, no. C, pp. 162–178, 2015.
-  Y. Li, Z. Wu, and Q. Liu, “Key establishment and authentication scheme for heterogeneous integrated network based on cpk,” Journal of Computer Applications, vol. 29, no. S2, pp. 72–75, 2009.
-  F. Chu, R. Zhang, R. Ni, and W. Dai, “An improved identity authentication scheme for internet of things in heterogeneous networking environments,” in Proc. of 2013 16th International Conference on Network-Based Information Systems(NBIS), 2014, pp. 589–593.
-  R. Amin, S. K. H. Islam, G. P. Biswas, M. K. Khan, L. Lu, and N. Kumar, “Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks,” Computer Networks, vol. 101, no. C, pp. 42–62, 2016.
-  S. Arasteh, S. F. Aghili, and H. Mala, “A new lightweight authentication and key agreement protocol for internet of things,” in Proc. of 2016 13th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC), 2016, pp. 52–59.
-  Z. Mahmood, H. Ning, and A. Ghafoor, “Lightweight two-level session key management for end user authentication in internet of things,” in Proc. of 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), 2016, pp. 323–327.
-  M. Sarvabhatla and C. S. Vorugunti, “A secure biometric-based user authentication scheme for heterogeneous wsn,” in Proc. of 2014 Fourth International Conference of Emerging Applications of Information Technology, 2014, pp. 367–372.
-  M. A. Iqbal and M. Bayoumi, “A novel authentication and key agreement protocol for internet of things based resource-constrained body area sensors,” in Proc. of 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW), 2016, pp. 315–320.
-  A. M. I. Alkuhlani and S. B. Thorat, “Lightweight anonymity-preserving authentication and key agreement protocol for the internet of things environment,” in Proc. of Smart Secure Systems - IoT and Analytics Perspective, 2018, pp. 108–125.
-  H. Hou, K. Huang, and G. Liu, “Cpk and ecc-based authentication and key agreement scheme for heterogeneous wireless network,” in Proc. of 2008 International Conference on Computer Science and Software Engineering, 2008, pp. 1015–1019.
-  C. Wang, C. Liu, S. Niu, L. Chen, and X. Wang, “An authenticated key agreement protocol for cross-domain based on heterogeneous signcryption scheme,” in Proc. of 2017 13th International Wireless Communications and Mobile Computing Conference (IWCMC), 2017, pp. 723–728.
-  M. Luo, Y. Luo, Y. Wan, and Z. Wang, “Secure and efficient access control scheme for wireless sensor networks in the cross-domain context of the iot,” Security and Communication Networks, vol. 2018, pp. 1–10, 2018.