The rapid advancement in the field of wireless sensor and cellular networks have established a rigid foundation for the Internet of Things (IoT). IoT has become a novel standard that incorporates various physical objects by allowing them to collaborate with each other. A large number of services and applications emerging in the field of IoT that include healthcare, surveillance, industries, transportation, and security. A service provider (SP) offers several services that are accessible through smart applications from any time, anywhere, and any place via the Internet. Due to the open nature of mobile communication and the Internet, these services are extremely susceptible to various malicious attacks, e.g., unauthorized access from malicious intruders. Therefore, to overcome these susceptibilities, a robust authentication scheme is the finest solution. In this article, we introduce a lightweight identity-based remote user authentication and key agreement scheme for IoT environment that enables secure access to IoT services. Our introduced scheme utilizes lightweight elliptic curve cryptography (ECC), hash operations, and XOR operations. The theoretical analysis and formal proof are presented to demonstrate that our scheme provides resistance against several security attacks. Performance evaluation and comparison of our scheme with several related schemes for IoT environment are carried out using the PyCrypto library in Ubuntu and mobile devices. The performance analysis shows that our scheme has trivial storage and communication cost. Hence, the devised scheme is more efficient not only in terms of storage, communication, and computation overheads but also in terms of providing sufficient security against various malicious attacks.

1. Introduction

In the last few years, wireless networks have experienced tremendous growth. Nowadays, there are enormous networks associating from the cellular systems to noninfrastructure wireless systems such as sensor networks, mobile ad hoc networks, and the Internet of Things (IoT). The communication security is the key element for the success of wireless sensor applications [1, 2], especially for sensitive applications that work in mission-critical and hostile areas. Therefore, the provision of reliable and efficient security in wireless networks has always been a challenging task due to various malignant attacks and resource-constrained environment. The hasty development of wireless communication and information technologies leads to a dramatic evolution of the Internet of Things (IoT) which is the combination of smart services and technologies that renders mutual communication among devices and users through the Internet. Since all data is shared between sensing devices and remote users via a network, therefore, it is necessary to design an efficient, secure, and lightweight remote-user authentication-based solution for an IoT environment. As far as the privacy and security of the network are concerned, mutual authentication is considered as a key element for safely accessing various IoT services. Hence, remote-user authentication becomes a vital component of various valuable services in mobile networks.

Besides confidentiality and authenticity, the exclusive features of the online valuable services raise various security questions for the remote authentication. In the environment of mobile networks where several invisible devices gather the client’s identity information, the anonymity of the client is necessarily required to make sure that the identity information of the requesting client is only known to the requested service provider (SP) and the client [35]. Simultaneously, when the anonymity of the client is provided, SP always wants the client’s nonrepudiation for preventing the clients from the denial of charges of their desired services. The efficiency in terms of both computation and communication is crucial for such kinds of remote-user authentication schemes, especially for IoT infrastructure.

The earliest schemes employed conventional public key cryptography (PKC) [610]. In these schemes, clients authenticate themselves to service providers using their signature. For hiding the real identity of the clients from eavesdropping, the clients’ signature and clients’ identifier are encrypted using mutual secret keys between the SP and clients. The certificate of clients’ public key needs to be delivered to the SP that enables the signature’s verification. On the other hand, a considerable disadvantage of this approach is on-demand verification and transmission of public key certificates that cause authentication latency [11] as well as a waste of unfavorable bandwidth. In addition, to attain the clients’ anonymity, encryption is required that adds to the scheme’s complexity. In order to remove the drawbacks that are due to public key certificates, the modern remote-user authentication schemes employ an identity-based cryptosystem (IBC) [1216].

IBC is another form of PKC. The IBC concept was introduced by Shamir [17] in 1984 which is swiftly evolved after Franklin and Boneh’s first identity-based security-provable encryption using pairings [18]. In the IBC concept, the identity (ID) of the client serves as a client’s public key, and the private key generator (PKG) generates the private key. In IBC, a pair of predefined private or public keys are generated on the basis of the user’s credentials such as phone, name, or email. By using the user’s unique credential or identity, the public key can be determined easily, whereas the private key generator is responsible for the generation of private keys. For communicant entities, PKG generates identity-based certificates and forwards it to the other communicants. The users involved in communication can perform encryption, generate a signature, and communicate with other users when they receive their identity-based key certificates. IBC ensures the effortless production of public and private keys. IBC removes the verification and transmission of the public key certificates; therefore, it has become a compelling substitute to conventional PKC [19]. Thus, IBC is efficient in terms of storage and transfer of certificates/public keys in comparison with the classical public key infrastructure. That is why, for a resource-constraint environment, IBC is proved to be appealing. The main advantage of IBC is there is no need of certificates. There is no need of preenrollment. In the traditional public key cryptography system, if the key is compromised, then the keys need to be revoked. Also, for the decryption of messages for the future, it allows postdating.

In identity-based remote-user authentication schemes, the client produces an authenticator by using his identity-based private key. The client is authorized by the SP only if verification of the client’s authenticator produces an absolute result. However, still, there are many issues that need to be resolved satisfactorily such as (i) some identity-based remote user authentication schemes consider the demand of the client’s anonymity; (ii) many of those schemes introduce identity-based signature (IBS) solution and further using it as an authenticator of the client, but it remains unclear why the introduced IBS is employed rather than employing other existing IBS schemes; and (iii) no thorough quantitative argument has been given about the performance merits of such identity-based schemes over the former PKC-based schemes. Aiming to resolve the abovementioned problems, in this article, we propose an identity-based remote-user authentication scheme that targets to deliver valuable services in mobile networks. The novelty of the proposed scheme yields in its way of realizing the client’s privacy without encryption operation.

1.1. Motivation

IoT serves the society with various opportunities in major fields of life, i.e., agriculture, warehousing, healthcare, and industry, that are accessible to everyone with flexibility and ease. However, this hasty development leads to the evolution of several challenges. Therefore, the fundamental motivational factors of our scheme are listed below: (i)IoT-based sensing devices serve with limited resources like memory, power, and battery. Therefore, an authentication scheme should have low communication and computation overheads(ii)Malicious attacks such as impersonation, replay, denial of services, and man-in-the-middle attacks have become enormous. Therefore, in order to resist against such attacks, the design of secure remote-user authentication scheme is the key necessity(iii)Furthermore, due to some components of IoT devices like actuators and sensors that deal with the crucial data of users, IoT-based applications must provide more safety and security

1.2. Our Contribution

In this article, we have proposed an identity-based anonymous three-party authenticated protocol for IoT infrastructure. The main contributions of this article are as follows: (1)We have presented a three-party identity-based authentication for the secure communications among users in an IoT infrastructure. The proposed identity-based scheme is designed using simple operations such as XOR, hash, and point multiplication(2)The proposed protocol enables mutual authentication between users and gateway for establishing and sharing the session key(3)User’s personal credentials such as email and phone are used to generate a public key(4)The proposed scheme ensures the secrecy of identity such that the identity is only revealed to gateway for authentication purpose. No adversary can get the identity

1.3. Paper Organization

The rest of the paper is organized as follows. The related work is discussed in Section 2. The preliminaries related to our paper are presented in Section 3. The generic security issues in IoT architecture are delineated in Section 4. Our introduced scheme and detailed description are given in Section 6. Section 7 presents the respective security analysis formally and informally. Thereafter, a performance comparison is highlighted in Section 8. In the end, concluding remarks are given in Section 9.

The password-based authentication key exchange (PAKE) scheme [2026] is one of the most generally known authentication key exchange (AKE) schemes, which can also be divided into three-party [2730], two-party, and so on. In the AKE schemes, the three-party authentication key exchange (3PAKE) scheme based on password has the features of easy system maintenance, simple password, and strong expansibility. The 3PAKE scheme is extensively used in the network of modern communication. However, it is determined that the password has low entropy secret value and also prone to password guessing attack, due to the built-in issues related to the password. Therefore, due to the various problems faced by PAKE schemes, this paper reviews the identity-based schemes and introduces a three-party identity-based authentication key exchange scheme for enhancing the security.

The identity-based cryptography (IBC) [17] was developed in order to mitigate various issues associated with the conventional public key cryptography and PAKE schemes. The IBC applies the attributes of the user such as phone numbers or email addresses as public keys in order to diminish the difficulty of digital certificates, while the private key generator (PKG) creates the private keys. Therefore, the identification of user keys is critical and does not require to be revoked. Since then, the utilization of IBC remains popular for designing remote user authentication schemes. So, we review various identity-based schemes in order to find the research gap and security issues in the different infrastructures of the Internet of Things (IoT) such as edge and fog computing.

Roman et al. [31] presented the comparative summary of various security issues, challenges, and appropriate solutions for mobile edge computing (MEC) and fog computing. The readers who are interested in the details of privacy and security problems in the environment of fog computing for IoT, MEC, and mobile cloud computing (MCC) can consult [3235], respectively. The literature emphasized the requirement of a secure mechanism for authentication. Yang and Chang [36] proposed an identity-based authentication key agreement (AKA) scheme using elliptic curve cryptosystem (ECC) for mobile devices. However, Yoon and Yoo [37] analyzed that the scheme [36] cannot resist masquerading attack and does not offer perfect forward secrecy. A pairing-free AKA scheme based on identity is introduced by Cao et al. [38] with a minimum exchange of messages. However, Cao et al. [38] fail to offer the user untraceability and anonymity like Yang and Chang’s scheme.

Tsai and Lo [39] introduced another authentication scheme based on identity for the distributed services of MCC. Their scheme uses bilinear pairing which causes high computation, but bilinear computation is performed by the server, which has usually more computing power. However, Jiang et al. [40] analyzed that a server impersonation attack cannot be resisted by their scheme [39], and also, it does not offer an appropriate mechanism of mutual authentication. Jiang et al. did not propose any improved solution, although various solutions were proposed in [41, 42].

Yang et al. [43] introduced an ECC-based scheme having the features of user untraceability and anonymity for the environment of MCC. In their scheme, a number of pseudo-IDs are assigned to a user, as well as each pseudo-ID is assigned a family of secret keys. The Access Service Network Gateway (ASN-GW) executes the predistribution process of keys. However, for each registered user, the ASN-GW requires to engender a large number of pseudo-IDs. So, the corresponding secret keys and many pseudo-IDs need to be stored by the mobile user which is impractical due to the constrained resources of mobile devices and also includes scalability issues.

Ibrahim [44] introduced an authentication scheme for the environment of fog computing, in which fog node and fog user authenticate each other. In their scheme [44], the public key infrastructure (PKI) is used to establish the secure communication channel between mobile users and registration authority, while symmetric encryption is utilized to protect the communication between fog nodes and mobile users. In their scheme, all the fog users’ pregenerated secret keys are required to be stored by fog node which is also infeasible. Moreover, untraceability and anonymity are not guaranteed by their scheme. A mobile user authentication scheme is introduced by He et al. [45] for multiserver infrastructure. Their scheme uses self-certified public key cryptography which is basically identity-based cryptography. In 2017, a privacy-aware authentication scheme is introduced by Xiong et al. [46] for MCC services.

In 2019, Zhu and Geng [47] presented a three-party dynamic identity-based key exchange scheme. In 2019, Renuka et al. [48] crypt analyzed and found some attacks such as node capture, user phishing, and denial of service attacks in a three-factor authentication scheme devised by Das et al. [49] and presented an enhanced three-factor authentication scheme. Many other three-party schemes for the IoT environment have been presented [50, 51] but still lack major security features and not suitable for resource constraint environment. In 2020, Ramadan et al. [52] presented an identity-based authentication scheme for 5G systems. Kumar et al. [53] proposed an identity-based authentication scheme for cloud computing in 2020. Recently, Farjana et al. [54] presented identity-based schemes; moreover, many other schemes [5560] are presented recently. In general, the design of efficient and secure identity-based authentication schemes is still a challenging task. In this article, we propose the identity-based lightweight remote user authentication scheme for the IoT infrastructure in order to offer the secure and efficient communication, so that all the flaws in the discussed literature can be minimized.

3. Preliminaries

This section includes the basics of elliptic curve cryptography such as one-way hash function, collision resistance, and threat model. The common notations used throughout the research work in Table 1 are also given in this section.

3.1. Elliptic Curve Cryptography (ECC)

There is a lot of public key cryptography techniques like Rivest Shamir Adleman (RSA), Diffie Hellman, and Digital Signature Algorithm (DSA). The majority of these techniques are heavy in computation. The ECC system’s robustness can be anticipated based on the complexity of ECDLP (Elliptic Curve Discrete Logarithm Problem). Suppose mod , ECC is based on random points chosen on an elliptic curve, whereas and mod for (large prime number). The curve is defined by both the points . The former equation must be verified by the points over . Through repetitive addition, scalar multiplication is achieved such as ( times), where is a point over and . The field parameters belongs to the field .

Definition 1. Discrete logarithm problem aimed at ECDLP.

Two specified random points , calculate a scalar such that . During the polynomial time , the benefits of is given as: . The supposition of ECDLP states that .

3.2. One-Way Hash Function

Hash functions are used to get an output () of fixed size. Hash functions can be applied to any random argument or string () of any size such as . A small change in can make a huge difference in resultant . Subsequent parameters should be found for a secure function of hash. (1)If is defined, then it is not difficult to calculate (2)If is defined, then it is impossible to find out (3)If is defined, then it is a tiresome task to know the specific input . The defined property is also referred to as collision resistance

Definition 2. Collision resistance characteristics aimed at hash function.

Hash function is secured by predefined collision resistance. The chances that an adversary can find out a couple as is defined as and , whereas is allowed to select a couple randomly. s advantage is determined over a random selection in polynomial time . Collision resistance is stated as , whereas is an adequately small value.

3.3. Identity-Based Cryptography (IBC)

IBC was introduced by Shamir in 1984 [17]. It is one of the types of public key cryptography. IBC has the following properties: (1)Identity-based cryptosystems use user’s personal credentials such as email, name, or phone number for deriving public/private keys(2)The public key is generated by predefined user’s identity or personal credentials(3)Third parties or trusted authorities as PKG are responsible for the generation of private keys(4)PKG generates identity-based certificates, and using these certificates, encryption, generation digital signatures, and mutual authentication are performed(5)IBC is cost-efficient in terms of transfer and storage of keys as compared to other traditional PKI systems

3.4. Threat Model

In order to understand the capabilities of an adversary, we have used Dolev-Yao’s [61] threat model. The capabilities of are as follows: (1) has full control over the public channel(2) can easily intercept the messages of all the participants during communication over the public channel(3) can be trusted or deceitful user of the system(4) can be an insider of the system(5)The identities are publicly known(6) cannot find or extract (’s private key)(7) cannot access the messages that are being transmitted over a secure channel

4. Security Issues in IoT

In the design of IoT applications, IoT’s security is the most important thing. Therefore, the major challenge which requires serious consideration is to provide strong security for IoT. In the Internet world, IoT has a very bright future. Thus, for the realization of services of modern technologies and their benefits, security requirements such as authentication and privacy are much important.

Therefore, subsequent issues must be handled with consideration.

4.1. Common Vulnerabilities in IoT Architecture

The devices of IoT existing in an abandoned environment require active inspection of every feasible condition in which the attacker can attack on devices of IoT. As per detailed scrutiny, we can wrap up the vulnerabilities of IoT as follows: (i)Impersonation Attack. A malignant hacker can masquerade as a service provider or a user by responding to an authentic request from old transmission between any two legal entities. Therefore, a malignant hacker can enjoy the same services as a legitimate user or service provider.(ii)Denial of Service Attack. The attacker by flooding the network with previous login requests or information exchanged between two entities can reduce the network’s performance and can make the services unavailable.(iii)Eavesdropping Attack. The attacker can listen to private communication on a public channel and can misuse it later to attack a user or server.(iv)Man-in-Middle Attack (MITM). The adversary can forge the message exchanged between the gateway and user, later using this information can impersonate as a legal gateway/server and user using different techniques.(v)Parallel Session Attack. An attacker can eavesdrop the messages between the system of IoT and then attempts to generate a session to get the old data.(vi)Gateway Node Bypassing Attack. To obtain IoT sensitive information and services without authentication of a gateway, an attacker can try to access the system by bypassing the gateway.(vii)Stolen Smart Device Attack. An attacker can derive the user’s personal data from smart devices and utilize it later to impersonate as a legitimate user of the network.(viii)Offline Guessing Attack. Using an offline dictionary attack, the adversary can attempt to get access to the system of IoT by guessing all possible passwords.

4.2. Security Feature Requirements in IoT

Many security features must be incorporated while designing the authentication schemes. The following is a list of important security features that can be exploited to design an efficient and secure scheme. (i)User Anonymity. The participant’s identity must be secured such that if an attacker tries to eavesdrop the message and intercept message during the login and authentication stage. If the identity is revealed, then the attacker can misuse it and the user’s privacy is breached.(ii)Mutual Authentication. Two participating entities must mutually authenticate each other to avoid security threats.(iii)Availability. Whenever a user requires to access the system, all IoT resources should be available.(iv)Confidentiality. The user’s personal and sensitive information must be protected and should be visible only to legitimate users.(v)Scalability. The system of authentication must be responsive to the modification occurring in the network, and the system should be allowed to grow dynamically according to the modifications that are being happened.(vi)Forward Secrecy. The access to entities in any authentication scheme is granted by sharing the session key. That is why the old session keys cannot be used to initiate a new session.(vii)Resistance to Attacks. A secure authentication scheme must resist the major security threats such as the Distributed Denial of Services (DDoS), MITM, impersonation, and stolen verifier attack.

5. System Setup

In an IoT infrastructure, gateway plays an important role to ensure the security in the network. Our presented model consists of two participants as shown in Figure 1, such as IoT nodes and gateway. In general, IoT nodes have limited resources in terms of computation, communication, and power. The IoT nodes aimed to communicate with each other by authenticating via a trusted gateway. As in Figure 1, IoT node (1) and IoT node (a) initiate a session by sending a login request to the gateway. The gateway is responsible for establishing a secure communication between IoT nodes. Once the IoT nodes are authenticated by the gateway, the IoT nodes can then securely communicate with each other. Due to the public nature and limited resources, the IoT nodes face several security and privacy challenges. The generic three-party IoT infrastructure for remote-user authentication is demonstrated in Figure 1. Suppose a remote user wants to communicate with another remote user, then they both have to pass the authentication process. For this purpose of authentication, each entity will be verified through gateway node . If both entities have been authenticated, then the sends a challenge message to both entities. Upon receiving the challenge message, each entity authenticates the and computes a session key. In the end, both users agreed on this common shared session key.

6. The Proposed Scheme

In this section, we elaborated on our proposed identity-based scheme which upholds user anonymity, user untraceability, perfect forward secrecy, key agreement, and mutual authentication. The introduced scheme comprises of these phases: Section 6.1 the registration phase and Section 6.2 the login and authentication phase. These two phases are described below in detail.

6.1. Registration Phase

If a user wants to communicate with another user , then they both have to pass the authentication process. For authentication, each entity will be verified by . If both entities are authenticated, then they can share the session key. The complete registration process of the user of the proposed scheme is described in detail in this subsection. Figure 2 shows the registration phase of the proposed scheme. The registration process consists of the following steps:

RG-Step 1. chooses his/her and the arbitrary number .

RG-Step 2. upon receiving the registration requests from , then calculates the following values:

RG-Step 3. On receiving Yi from GWN, Ui calculates the following values:

After calculating these values, stores in .

6.2. Login and Authentication Phase

The complete process of login and authentication of the introduced scheme as presented in Figure 3 is elaborated in this subsection which consists of the following steps:

AT-Step 1. Both and input their identity (), respectively. Then, calculates the following values on the basis of the credentials stored in tamper proof on-board memory of the mobile device [62, 63]:

Further computation generates a random number and calculates the following values:

whereas calculates the following values on the basis of the credentials entered during the registration process.

Further, generates a random number and computes the following values:

After calculating these values, and send login request and , respectively, towards the gateway.

AT-Step 2. After receiving login requests from , the calculates the following values for :

Also, calculate the following values for upon receiving the login request

Further, the generates and calculate the following values as:

AT-Step 3. After the calculation of the above values, sends and to and , respectively. then calculates the following values along with the session key:

Also, on the basis of the received parameters calculates the following values along with the session key:

Finally, computes a shared session key as:

Hence, both the entities and authenticate themselves via and consequently shared a session key for subsequent communication.

7. Security Analysis

This section presents the formal and informal security analysis of the proposed scheme. We have used Real-Or-Random (ROR) [64] in order to prove the security of the proposed scheme. Furthermore, informal security analysis shows that the proposed scheme provides resilience against all known attacks.

7.1. Informal Security Analysis

The security of the proposed scheme is analyzed informally in this section. The informal security analysis represents the proposed scheme’s correctness and ensures that it resists various attacks.

7.1.1. Identity Security

The abundance of resource-constrained devices among the advanced communication infrastructures has made the existing protocol incompatible for diverse real-time applications like IoT and smart grid. Therefore, the demand for lightweight solutions is on the peak, IBC is one of them. It is a new way to solve these problems without any complex computation. That is why it has grabbed the attention of the researchers. For achieving confidentiality, the personal information for identification should be sent via a secure channel. The respective has the private key corresponding to his/her own . Also, identity security includes the availability of identity. If a ’s identity is revoked by , even then, the has control over his and the relevant claims, which states that the still can use his/her in other applications.

7.1.2. Key Agreement

After completing the successful process of mutual authentication, a common session key is shared between the users. This shared session key is established through . Hence, our scheme offers a successful key agreement.

7.1.3. Mutual Authentication

In our introduced scheme, the can authenticate by verifying . The values are only known to valid , as an adversary cannot calculate all these values. So, only legitimate user can be authenticated by . Likewise, authenticates the other user. Similarly, user can also authenticate by verifying . The values are only known to valid . As adversary cannot calculate all these values, so only the legitimate can be authenticated by . Likewise, other users can authenticate . Thus, it is proved that our introduced scheme offers mutual authentication between users and .

7.1.4. User Anonymity

During the login and authentication stage, the identity of of user is not transmitted in plain text; instead, the pseudoidentity is sent over the public channel. Furthermore, the identity of is not stored in temper proof onboard memory/storage. That is why adversary cannot retrieve the identity of without having the private key. So, our proposed scheme provide user anonymity.

7.1.5. User Untraceability

During the design of the authentication scheme, untraceability is considered as an important factor. The proposed scheme provides user’s untraceability because in each login session computes unique it is clear that does not transmit the same dynamic identity instead every time session-specific random number is used to calculate . So, it cannot be guessed by any adversary that two different sessions are established by the same or different users.

7.1.6. Perfect Forward Secrecy

In our introduced scheme, if is able to know the secret parameters such as the secret key of , even then, he cannot determine the former session keys. In the proposed scheme, arbitrary numbers are used to compute the valid value of that is further used in the computation of . Due to the usage of random numbers, different session keys are generated in each session. So, even after getting the secret parameter, the adversary cannot guess the previous session keys.

7.1.7. Backward Secrecy

In the introduced scheme, if is able to find the secret parameters of , even then, he cannot find the future sessions. In the proposed scheme, the calculation of valid requires arbitrary number . Due to these random numbers, the session key is specific for every session; thus, cannot find future session keys.

7.1.8. Privileged Insider and Stolen Verifier Attack

During the registration phase, transmit and through the private channel to , where arbitrary number is generated by . Furthermore, for s identity, no table is preserved, for authentication uses his secret key. Thus, no insider can get access to the user’s identity and credentials. Hence, the introduced scheme resists stolen verifiers and privileged insider attacks.

7.1.9. User Masquerading Attack

Suppose tries to masquerade a legal by means of sending a legal login request message on behalf of to the . In order to produce an original login message , the adversary needs to calculate valid . It is not possible for the adversary to calculate because does not know of . Likewise, the other user is also secured from impersonating by an adversary. So, the proposed scheme has the ability to withstand the user masquerading attack.

7.1.10. Masquerading Attack

Suppose an attacker tries to impersonate a legal server by means of sending a legal challenge message on the behalf of to the user. In order to produce an original challenge message , the adversary needs to calculate the valid . However, this operation is computationally expensive because for determining , it needs a private key of . So, the proposed scheme has the ability to withstand the user masquerading attack.

7.1.11. Man-in-the-Middle Attack (MITM)

Suppose forges the login message sent by to , still, any tampering in the login request message will easily be identified while determining . requires the user’s identity which is unknown to adversary. Likewise, the other user is also secure against this attack. So, the proposed scheme is secured against MITM.

7.1.12. Replay Attack

If intercepts the request message of and later replays the intercept message, the calculation of and includes a random number which is session specific. Because of the random number, the values of the entities will always be different for every session. Hence, a replay attack is not possible on the proposed scheme.

7.1.13. Parallel Session Attack

Suppose the scheme’s parallel session is tried to be constructed by , but this scenario is not possible in the proposed scheme as a unique identity is utilized. Therefore, even one valid session cannot be run by to masquerade a legitimate user. Thus, a parallel session attack can be efficiently resisted by the proposed scheme.

7.1.14. No Clock Synchronization

In the proposed scheme, session-specific random numbers are used in every session instead of a time stamp. So, no clock synchronization is required.

7.2. Formal Security Analysis

In this subsection, we prove that our scheme is AKA-Secure if the ECDHP is a hard problem. We present this proof under the (BRP) [64, 65] and Abdalla et al.’s [66] security model.

Theorem 2. Let the proposed scheme be denoted as . If is an attacker who builds at most queries, queries, queries, queries and succeed the game having benefit , then an algorithm that should be existed, which can efficiently resolve hard problem on group having benefit , where

Proof. Suppose, for the base point and elliptic group there exists an instance , we make a challenge who wishes to calculate using as a function. The function that is taken as an arbitrary oracle in the proposed scheme is referred to as hash h(.). In order to record the hash queries and their answer, maintains a hash list and is referred to as a To make it simple, we use three transcripts between entities, which are as follows: After simulating the scheme, answers the queries questioned by as follows: (i)Hash Query. after getting the hash query with input m from , scans the returns to if entry ; otherwise, selects randomly and gives back to and adds in to (ii)Send Query. (1) simulates s response in the following way after getting : selects a random numbers and computes , , and returns back as response(2)Upon the reception of query assume that is in accurate state. response is simulated by as follows: selects random numbers and computes , , and returns back as response(3)Upon getting , suppose that is in true state, then the response of query is simulated by as follows: computes , , and Furthermore, generates and computes , and response back with .(4)After receiving query and assuming as a correct state, simulates response as follows: computes , and verifies . Furthermore, generate and compute , , and return as response(5)In the end, the session key is shared among the participants if checks and are hold true. Otherwise, the session will be terminated(iii)Execute Query. While getting execute query , simulates the send query as follows: returns , and as an answer. (iv)Corrupt Query. (1)On getting a query , responds (2)On receiving query , responds all information stored in temper proof onboard storage/memory(v)Reveal query: after getting a query , responds if the instance is accepted; otherwise, will be responded.(vi)Test query: upon the reception of query , toss up a coin . The right session key will be returned if . Otherwise, an arbitrary value of the same size will be returned.

A game sequence is defined next. For every game , assume is an event that wins the game, which means predicted successfully. The following is the description:

Game. This game is the original attack game constructed by (BRP) [64, 65] and Abdalla et al.’s [66] security model, where the hash functions are modeled as a random oracle. According to the definition, we got:

Game . is similar to , but the difference is that hash queries are entertained by scanning the by . remains indistinguishable from until the queries are answered similarly in . Hence, we got

Game . is similar to . But, the difference is that simulation terminates if subsequent events occur: (i)Event_1. Collision of hash queries during simulation.(ii)Event_2. Collision on the simulation of transcripts

As per the concept of birthday paradox, we got . For transcript , the collision probability of is , while the probability of collision on the transcript is . We got:

Game . is almost similar to , but the difference is that, may know the authentication value and without knowing the hash oracle. Thus, we got

Game . In , is modified as follows: (i) scans for . If the entries exist, then calculate (ii) verifies the legitimacy of . If it holds, then scans for in the list. Otherwise, the session aborts. will succeed if guess the authentication parameters without a hash oracle. So

GAME . In , the is modified as follows: (i) randomly chooses and computes , , and and stores in (ii) randomly selects and computes , , and and stores in

Now, the updated is indistinguishable from until asks a hash oracle on , whose probability is . So

GAME : In this game, if asks a hash query for then test query will be terminated.

The probability of obtaining the session key here is , So has no advantage in The resultant of all equations that we got is:

8. Functionality Comparison and Performance Analysis

In this section, we compared our proposed scheme with related schemes [6773] in terms of resource utilization (storage, communication, and computation cost) and security functionality. The detailed description is as follows.

8.1. Computational Overhead Comparison

We have evaluated our scheme and related schemes to determine the computational efficiency. For this purpose, we have considered hash function and point multiplication PM. Cryptographic operations have been implemented at the server end on a desktop device, whereas operations at end are implemented using a mobile device. The specifications of both devices are listed in Tables 2 and 3.

The time taken by hash and point multiplication on the system is 0.001032 and 0.002672 milliseconds (ms), respectively, whereas the time taken by hash and point multiplication on the system is 4 and 8 milliseconds (ms), respectively. The computation cost of the related and proposed schemes [6773] is presented in Table 4. Table 4 shows that the proposed scheme requires 44.0094 ms for computation. The time required by [6773] is also mentioned in Table 4.

If we present the Table 4 results graphically we can observe the proposed scheme is efficient in terms of computation as compared to [67, 68, 7173] and slightly greater than [69, 70].

In Figure 4, the vertical axis (-axis) shows the time required in millisecond (ms), whereas schemes are presented on horizontal axis (-axis). Figure 4 visually demonstrates the total time taken for the computation of the operations.

8.2. Communicational Overhead Comparison

We compared our proposed scheme with the related schemes [6773] in terms of communicational expenses in this subsection. The communication structure of the proposed and related schemes [6773] is demonstrated in Table 5 on the basis of scheme architecture. The communication structure in Table 5 shows the way in which communicating entities interact with each other and how they exchange messages. In Table 5, the symbol represents : users, : sensor node, : trusted authority, : server.

Considering the communication structure demonstrated the Table 5, we computed the communication cost as presented in Table 6. For conventional comparison, we assumed identities (, ), random numbers, and point multiplication require 160 bits respectively, whereas we assumed 256 bits for hash, secrete, and public keys (). The total bits required for communication by the proposed scheme is 2016 bits, whereas Table 6 shows the proposed scheme requires the least number of bits as compared to the related schemes [6773].

The time taken for communication stated in Table 6 is graphically presented in Figure 5. The bits required for communication are displayed on the vertical axis (-axis) and the schemes on the horizontal axis (-axis). The proposed scheme requires less number of bits than [6773] for communication.

8.3. Storage Overhead Comparison

The number of bits required to store parameters in smart devices (i.e., temper proof onboard memory/storage) is referred to as storage cost. In this subsection, we have compared our scheme with related schemes [6773] for evaluating the storage efficiency. Table 7 depicts the storage cost comparison of proposed and related schemes. It is evident from the table that the proposed scheme’s storage cost is equal to [67] and less than [6873].

The storage cost mentioned in Table 7 is graphically presented in Figure 6. In Figure 6, the vertical axis (-axis) presents the number of bits, whereas the horizontal axis (-axis) presents the schemes. Figure 6 clearly shows that the proposed scheme’s storage cost is less from [6873] and equals to [67].

8.4. Security Functionality

In this subsection, we have discussed the proposed and related schemes in terms of security functionality. It is clear from Table 8 that the proposed scheme provides aided security as compared to related schemes.

Upon evaluating Tables 4, 68 we can state that the proposed scheme is efficient in terms of resource utilization; also, the proposed scheme provides aided and reliable security features. Thus, minimum resource utilization and enhanced security features make the proposed authentication scheme efficient and suitable for the underlying infrastructure.

9. Conclusion

We have proposed an identity-based three-party lightweight remote user authentication scheme, for an IoT environment. We have demonstrated with the help of informal security analysis that the proposed scheme does not let any attacker to penetrate the system. We have shown that the proposed scheme has a vigorous capability to resist various attacks. In addition, formal security proof of the proposed scheme is given using Real-Or-Random (ROR); it shows that there exists secure mutual authentication between the remote users through a gateway in IoT infrastructure. Furthermore, the storage, computation, and communication cost of our scheme is far less than various related schemes. Hence, our proposed scheme is more efficient and reliable for IoT infrastructure as compared to various existing schemes.

Data Availability

No data were used to support this study.

Conflicts of Interest

The authors declare that they have no conflicts of interest.