Qi Cheng,Zhuo Zhao,Chingfang Hsu,Maoyuan Zhang,Qing Yang,Di Wu

DOI: https://doi.org/10.1155/2021/7703466

IF: 1.43

2021-01-01

Mathematical Problems in Engineering

Abstract:Although nowadays lots of group key agreement schemes have been presented, most of these protocols generate a secret key for a single group. However, in the IoT HCS, more and more communications are involved in multiple groups and users can join multiple groups to communicate at the same time. Therefore, applying the conventional public-key-based one-at-a-time group key establishment protocols has heavy computational cost or suffer from security vulnerabilities. At the same time, in an IoT HCS, a trusted KGC is usually not available and so more flexible self-organized multigroup keys generation will be desired by all group members. In order to address this issue, a practical scheme for efficient and flexible KGC-free polynomial-based multigroup key establishments for IoT HCS is proposed. The proposed protocol can generate multiple group keys for all group members at once, instead of generating one key each time for a single group; more importantly, there is no need for a trusted KGC in the process of group keys establishment and each user can join multiple groups at the same time using only one reserved share. Meanwhile, the security of the proposed protocol is discussed in detail. Finally, we compare this protocol with the latest related group key distribution protocols in performance analysis. The results show that this efficient and flexible KGC-free polynomial-based multiple group keys establishment protocol is more suitable for practical group key agreement in IoT HCS.

Qikun Zhang,Liang Zhu,Yongjiao Li,Zhaorui Ma,Junling Yuan,Jun Zheng,Shan Ai

DOI: https://doi.org/10.1002/int.22644

IF: 8.993

2021-08-31

International Journal of Intelligent Systems

Abstract:The application of intelligent computing in Internet of Things (IoTs) makes IoTs systems such as telemedicine, in-vehicle IoT, and smart home more intelligent and efficient. Secure communication and secure resource sharing among intelligent terminals are essential. A secure communication channel for intelligent terminals can be established through group key agreement (GKA), thereby ensuring the security communication and resource sharing for intelligent terminals. Taking into account the confidentiality level of the shared resources of each terminal, and the different permissions of the resource sharing of each terminal, a GKA protocol for intelligent IoTs is proposed. Compared with previous work, this protocol mainly has the following advantages: (1) The hidden attribute identity authentication technology can achieve the security of identity authentication and protect personal privacy from being leaked; (2) Only intelligent terminals satisfying the threshold required of the GKA can participate in the GKA, which increases the security of group communication; (3) Low-level group terminals can obtain new permissions to participate in high-level group communication if they meet certain conditions. High-level group terminals can participate in low-level group communication through permission authentication, which increases the flexibility and security of group communication; (4) The intelligent terminals in the group can use their own attribute permission parameters to calculate the group key. They can verify the correctness of the calculated group key through a functional relationship, and does not need to exchange information with other members in the same group. Under the hardness assumption of inverse computational Diffie-Hellman problem and discrete logarithm problem, it is proven that the protocol has high security, and compared with the cited literatures, it has good advantages in terms of computational complexity, time cost and communication energy cost.

computer science, artificial intelligence

Liang Kou,Yiqi Shi,Liguo Zhang,Duo Liu,Qing Yang

DOI: https://doi.org/10.32604/cmc.2019.03760

2019-01-01

Abstract:With the development of computer hardware technology and network technology, the Internet of Things as the extension and expansion of traditional computing network has played an increasingly important role in all professions and trades and has had a tremendous impact on people lifestyle. The information perception of the Internet of Things plays a key role as a link between the computer world and the real world. However, there are potential security threats in the Perceptual Layer Network applied for information perception because Perceptual Layer Network consists of a large number of sensor nodes with weak computing power, limited power supply, and open communication links. We proposed a novel lightweight authentication protocol based on password, smart card and biometric identification that achieves mutual authentication among User, GWN and sensor node. Biometric identification can increase the non-repudiation feature that increases security. After security analysis and logical proof, the proposed protocol is proven to have a higher reliability and practicality.

Qikun Zhang,Liang Zhu,Ruifang Wang,Jianyong Li,Junling Yuan,Tiancai Liang,Jun Zheng

DOI: https://doi.org/10.1002/int.22544

IF: 8.993

2021-06-22

International Journal of Intelligent Systems

Abstract:<p>Security communication and information sharing among mobile devices are important application technologies of the intelligent information system (IIS). Because IIS is vulnerable to attacks, so the security of information sharing among mobile devices is seriously threatened. Thence, it is necessary to establish a secure channel for communication among mobile devices of IIS over an opening network. Group key agreement (GKA) can establish a secure channel among mobile devices of IIS by encryption technology. Due to the resource-constraints of mobile devices, such as weak computing power, small storage capacity, and limited communication range. To address these issues, an asymmetric GKA protocol among terminals of IIS for mobile edge computing (GKA–IIS–MEC) network is proposed in this paper. Adopted asymmetric GKA to achieve the group secure communication mechanisms that message sender unfettered in this protocol; the protocol also uses edge computing environment to migrate the computation and communication loads of mobile devices of IIS to edge nodes, thereby ensuring that mobile devices have lightweight computation and communication loads; and the members participating in the GKA can verify whether the group session keys they calculated are correctness. Under the hardness assumption of bilinear inverse Diffie–Hellman problem, the proposed protocol is proven that it can resist negative attacks. After evaluating the performance of the protocol, GKA–IIS–MEC has higher efficiency than the referred works in terms of time cost, communication consumption, and computation consumption.</p>

computer science, artificial intelligence

Juyan Li,Zhiqi Qiao,Jialiang Peng

DOI: https://doi.org/10.1109/tii.2022.3176048

IF: 12.3

2022-09-21

IEEE Transactions on Industrial Informatics

Abstract:In the era of Industry 4.0, the Industrial Internet of Things (IIoT) has been applied to help physical entities to access real-time data in the network and share critical information. However, both the decentralization of IIoT and the heterogeneity of different devices constituting IIoT also pose a serious threat to secure communication between entities. Although the encryption technologies can ensure the confidentiality of communication data, the security of key becomes more important for devices in IIoT. Recently, some asymmetric group key agreement (AGKA) protocols have been proposed to negotiate a common encryption key for group members, and each group member holds its decryption key. However, the existing AGKA protocols fail to effectively control the access of agreement participants in IIoT. To solve this problem, in this article, we propose an AGKA protocol based on blockchain and attribute for IIoT. The proposed protocol not only realizes the access control of agreement participants but also realizes the automation of access control, the tamper resistance, and the nonrepudiation of the agreement process. The security and performance analysis of the proposed protocol show that it is more secure and effective compared with the existing AGKA protocols.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Tan Yu'an,Zheng Jiamin,Zhang Qikun,Zhang Xiaosong,Li Yuanzhang,Zhang Quanxin

DOI: https://doi.org/10.1049/cje.2018.02.015

IF: 1.019

2018-01-01

Chinese Journal of Electronics

Abstract:When the information is exchanged and transmitted among the group members in mobile cloud environment, the group members may distribute different security domains. The information exchanged among group members may have different secret levels in this environment. When a person has some secret information, he only wants to share these information with some people who have the appropriate level of security permissions, other than all the members in the group. Aiming at these needs, we propose a flexible Asymmetric group key agreement (AGKA) protocol that information exchange and transmission are specific-targeting. The paper adopts bilinear mapping and two-way anonymous authentication technology to hide personal identity authentication information, and uses storage and computing migration technology to reduce the resource consumption of mobile terminal, and also proposes the secret key factor oriented extraction and combinations technology to achieve multi-level three-dimensional complex space security information exchange requirements and meet the lightweight computing. The analysis proves that the protocol has good safety performance and low resource consumption.

Hsu, Chingfang

DOI: https://doi.org/10.1007/s11277-023-10239-0

IF: 2.017

2023-03-09

Wireless Personal Communications

Abstract:Internet of Medical Things (IoMT) is mainly composed of patients, doctors and medical data collection equipment. In IoMT, the health data of patients is collected in real-time through mobile devices and stored in the network servers for access by legitimate medical personnel to facilitate monitoring, diagnosis and treatment services for patients. To securely transmit various types of data is the essential task of secure group communications for Internet of Things (IoMT). Collected data in IoMT have the particularity of being heterogeneous. At the same time, IoMT networks is exposed to some security threats caused by various attacks, as well as efficiency challenges caused by limited communication range and limited energy. Thus, how to securely group communicate and compute heterogeneous data between resource-constrained IoMT devices is a crucial problem to be solved. Due to the lightweight computational overhead required for group key agreement in resource-constrained environments, traditional protocols are not effectively applied by researchers in the IoMT. Based on symmetric binary polynomial and XOR operation, a lightweight and fast member authentication group key agreement is presented, which can be effectively applied in resource-constrained IoMT. The proposed scheme realizes the functions of membership authentication and group key negotiation, while improving the communication efficiency of group members. In terms of security, our scheme is resistant to both internal and external attacks and can satisfy all the defined security properties. Furthermore, using the logic XOR operation as the main operation method ensures that the computation cost in this protocol is lightweight. More importantly, in our proposal, the communication consumption at each group member end is not affected by the size of group, where the communication method between members is in a non-interactive and broadcast way. In consequence, our protocol provides a more efficient communication and computational process compared to recently proposed cryptographic schemes. Hence, this proposal is an excellent choice for solving membership authentication and group key agreement problems in resource-constrained IoMT systems.

telecommunications

Wenming Wang,Haiping Huang,Fu Xiao,Qi Li,Lingyan Xue,Jiansheng Jiang

DOI: https://doi.org/10.1016/j.sysarc.2021.102215

IF: 5.836

2021-09-01

Journal of Systems Architecture

Abstract:<p>Smart healthcare plays an important role in contemporary society while its security and privacy issues remain inevitable challenges. Authenticated key agreement (AKA) mechanism, as the foundation of secure communication, has been recognized as an important measure for solving this problem. Most existing AKA protocols utilize cloud-based centralized architecture, data privacy and security can be exposed easily once the centralized authority is attacked. In addition, most past solutions require the online registration center to assist mutual authentication and consume considerable amounts of resources. To address these drawbacks, a computation-transferable authenticated key agreement protocol without an online registration center for smart healthcare is designed. Specifically, the proposed protocol can realize mutual authentication and key agreement without the need for an online registration center, as well as being able to satisfy security and privacy protection requirements. By transferring partial computation tasks to the server, the proposed scheme incurs lower computation and communication overhead on the user side. Moreover, the proposed scheme adopts certificateless public key cryptography, which can solve the problems of certificate management and key escrow. Performance analysis indicates that the proposal reduces 9.9% of the computation overhead on the resource-limited terminal, which is suitable for low-power IoT applications, including smart healthcare.</p>

computer science, software engineering, hardware & architecture

Zhiguo Wan,Kui Ren,Wenjing Lou,Bart Preneel

DOI: https://doi.org/10.1109/WCNC.2008.459

2008-01-01

Abstract:Popularity of group oriented applications motivates research on security and privacy protection for group communications. A number of group key agreement protocols exploiting ID based cryptosystem have been proposed for this objective. Though bearing beneficial features like reduced management cost, private key delegation from ID based cryptosystem, they have not taken into account privacy issues during group communication. In wireless networks, the privacy problem becomes more crucial and urgent for mobile users due to the open nature of radio media. In this paper, we proposed an anonymous ID based group key agreement protocol for wireless networks. Based on ID based cryptosystem, our protocol not only benefits from the desirable features of ID based cryptosystem, but also provides privacy protection for mobile users. More important, in the proposed protocol, the computation cost for each group member is largely reduced to meet the computation capability restriction of mobile devices.

Guanglu Wei,Kai Fan,Kuan Zhang,Haoyang Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/jiot.2023.3323275

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:In recent years, the Internet of Things (IoT) has gained immense popularity in various aspects of work, learning, and daily life. Within the Internet of Things realm, there is a growing concern regarding communication security issues between users and servers. However, addressing the communication security between servers is equally imperative, which has not received as much attention. To this end, we propose a certificateless anonymous authenticated key agreement (AKA) algorithm based on Learning with Errors (LWE) and Inhomogeneous Small Integer Solution (ISIS) security assumptions. Our scheme provides strong resistance to quantum attacks and protects the privacy of communication servers. It also has constant communication costs and lower computational requirements than existing lattice-based anonymous AKA algorithms on the broadcast channel. Additionally, the proposed scheme eliminates the resource consumption of managing complex certificates and addresses the security risks associated with key escrow in the key generation center (KGC). Through security and performance analysis, we demonstrate that our approach can enhance the security of IoT-based healthcare systems while significantly improving communication efficiency. Our proposed scheme provides a promising solution to security issues related to server communication in IoT systems.

computer science, information systems,telecommunications,engineering, electrical & electronic

Bing Li,Guohe Zhang,Shaochong Lei,Haisheng Fu,Jinlei Wang

DOI: https://doi.org/10.1109/IEEECONF52377.2022.10013341

2022-01-01

Abstract:The quick development of the Internet of Things (IoT) makes the IoT devices become appealing targets of various cyberattacks. Authentication and key agreement (AKA) protocol are the most important measures to ensure the security of IoT. However, it is still quite challenging to devise proper AKA protocols for IoT because of the resource-constrained nature of IoT devices. In this paper, we have proposed a new lightweight AKA protocol for IoT based on elliptic curve cryptography (ECC). Our proposed AKA protocol can achieve mutual authentication and ECC-based session key establishment simultaneously. To enhance security and provide anonymity, our protocol uses the one-time password and dynamic identity information which are updated in every round of mutual authentication through a well-designed update operation. To assess our protocol, we carry out security and performance analyses. The obtained results show that our protocol with a high level of security has low complexity and small computational cost and is appropriate to be applied in resource-constrained IoT devices.

Zhang Qikun,Wang Bingli,Zhang Xiaosong,Yuan Junling,Wang Ruifang

DOI: https://doi.org/10.1049/cje.2020.02.020

IF: 1.019

2020-01-01

Chinese Journal of Electronics

Abstract:Group key agreement (GKA) is one of the key technologies for ensuring information exchange security among group members. While GKA is widely used in secure multi-party computation, safety of resources sharing, and distributed collaborative computing. It still has some security flaws and limitations. We proposes a Blockchain-based dynamic Group key agreement (BDGKA) protocol. In contrast to prior works, BDGKA differs in several significant ways: 1) anonymous identity authenticationit can prevent privacy leaks; 2) traceability-it can track illegal operating entities; 3) load balancing-it balances computation and communication to each node, avoiding the breakdown of single-point and network bottlenecks. This protocol is proven secure under the hardness assumption of decision bilinear DiffieHellman. The performance analysis shows that it is more efficient than the referred works.

Adhirath Kabra,Sumit Kumar,Gaurav S. Kasbekar

DOI: https://doi.org/10.48550/arXiv.2008.06890

2020-08-16

Abstract:Many Internet of Things (IoT) scenarios require communication to and data acquisition from multiple devices with similar functionalities. For such scenarios, group communication in the form of multicasting and broadcasting has proven to be effective. Group Key Management (GKM) involves the handling, revocation, updation and distribution of cryptographic keys to members of various groups. Classical GKM schemes perform inefficiently in dynamic IoT environments, which are those wherein nodes frequently leave or join a network or migrate from one group to another over time. Recently, the `GroupIt' scheme has been proposed for GKM in dynamic IoT environments. However, this scheme has several limitations such as vulnerability to collusion attacks, the use of computationally expensive asymmetric encryption and threats to the backward secrecy of the system. In this paper, we present a highly efficient and secure GKM protocol for dynamic IoT settings, which maintains forward and backward secrecy at all times. Our proposed protocol uses only symmetric encryption, and is completely resistant to collusion attacks. Also, our protocol is highly flexible and can handle several new scenarios in which device or user dynamics may take place, e.g., allowing a device group to join or leave the network or creation or dissolution of a user group, which are not handled by schemes proposed in prior literature. We evaluate the performance of the proposed protocol via extensive mathematical analysis and numerical computations, and show that it outperforms the GroupIt scheme in terms of the communication and computation costs incurred by users and devices.

Networking and Internet Architecture,Cryptography and Security

Hang Xu,Chingfang Hsu,Lein Harn,Janqun Cui,Zhuo Zhao,Ze Zhang

DOI: https://doi.org/10.1109/tsc.2023.3257569

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:With the increasing popularity and wide application of the Internet, the users (such as managers and data consumers) in the Industrial Internet of Things (IIoT) can remotely analyze and control real-time data collected by various smart sensor devices. However, there are many security and privacy issues in the process of transmitting collected data through public channels in IIoT environment. In order to against the illegal access by opponents, a novel anonymous user authentication and key agreement scheme based on hash and elliptic curve encryption is proposed in this paper, which not only uses a pseudonym tuple database in control nodes to realize the functions of user dynamic joining and anonymity protection, but also resists key loss and device capture attacks through fuzzy biometric extraction technology. In addition, the formal secure analysis of the proposed scheme is carried out using the BAN logic model and ROR model, which proves the security of the proposed scheme. Meanwhile, we also prove the scheme can against the described existing attacks and meet the design goals by a detailed informal security discussion. Compared with the latest similar IIoT authentication proposals, our solution has a very obvious advantage in communication efficiency and realizes more functions. Hence, our scheme is more suitable for the IIoT environment, and can also generate greater benefits.

computer science, information systems, software engineering

Binbin Yu,Hongtu Li

DOI: https://doi.org/10.1177/1550147719879379

IF: 1.938

2019-09-01

International Journal of Distributed Sensor Networks

Abstract:Home-based multi-sensor Internet of Things, as a typical application of Internet of Things, interconnects a variety of intelligent sensor devices and appliances to provide intelligent services to individuals in a ubiquitous way. As families become more and more intelligent, complex, and technology-dependent, there is less and less need for human intervention. Recently, many security attacks have shown that Internet home-based Internet of Things have become a vulnerable target, leading to personal privacy problems. For example, eavesdroppers can acquire the identity of specific devices or sensors through public channels, which is not secure, to infer individual public life in the home area network. Authentication is the essential portion of many secure systems processing of verifying and declaring identity. Before providing confidential information, home-based-Internet of Things service authenticates users and devices. The communication and processing capabilities of intelligent devices are limited. Therefore, in home-based Internet of Things, lightweight authentication and key agreement technology are very important to resist known attacks. This article proposes an anonymous authenticated key agreement protocol using pairing-based cryptography. The protocol proposed in this article provides lightweight computation and ensures the security of communication between home-based multi-sensor Internet of Things network and Internet network.

computer science, information systems,telecommunications

Zheng Jiamin,Tan Yu'an,Zhang Xiaosong,Zhang Qikun,Zhang Quanxin,Zhang Changyou

DOI: https://doi.org/10.1049/cje.2018.07.002

IF: 1.019

2018-01-01

Chinese Journal of Electronics

Abstract:The terminals in mobile cloud computing have themselves the special characteristics, such as mobile flexibility, distributed in different domains, resource constraint and easily to be captured et al. The terminals in mobile cloud computing participated the collaborative computing, information exchange and sharing secrets may come from different domains, different networks or different clouds. For this complex network environment the paper proposes a Multi-domain lightweight Asymmetric group key agreement (ML-AGKA). It adopts the bilinear mapping and blind key technology to achieve an asymmetric group key agreement protocol among mobile terminals distributed in different domains, proposes a computation and communication migration technologies to ensure that the mobile terminals are lightweight computing and communication consumption. The protocol can also achieve anonymity and authentication. The protocol is proven secure under the Computational Diffe-Hellman (CDH) problem assumption and the performance analysis shows that the proposed protocol is highly efficient.

Huanhuan Lian,Yafang Yang,Yunlei Zhao

DOI: https://doi.org/10.1109/jiot.2022.3219524

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Password authenticated key exchange (PAKE) allows two parties with a shared password to establish a session key. In order to provide secure and private communication between devices in an Internet of Things (IoT) environment, the PAKE protocol is considered one of the most common and promising security methods. However, many existing PAKE proposals still face challenges in security and efficiency. First, both the terminals of participants may suffer from the compromise attack and precomputation attack, which will lead to the leakage of password. Second, the majority of the existing schemes cannot guarantee participants’ identity privacy. Third, most PAKE protocols are not suitable for IoT devices with limited computing capability because of a large number of exponential and pairing operations. To address these issues, we propose a strong symmetric PAKE protocol for IoT devices, which only requires 3 exponentiations per party. The proposed scheme can protect both parties from compromise and precomputation attacks, in which the password file relies on the identity and random salt. What’s more, our protocol guarantees the identity privacy, that is, the transmitted record and password file will not reveal the identity information. We further present a new security model for our protocol, and prove that the proposed scheme is secure under this model. Finally, we show the practicality of our PAKE via experiments and efficiency analysis.

Zhishuo Zhang,Wen Huang,Ying Huang,Yongjian Liao,Zhun Zhang,Shijie Zhou

DOI: https://doi.org/10.1109/jiot.2023.3349005

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Authenticated Key agreement protocol (AKA) is one of the essential components for reliable secure communication in Industrial Internet-of-Things (IIoT) communication model. Recently, Srinivas et al. proposed a three-factor elliptic curve cryptosystem (ECC)-based AKA protocol called UAP-BCIoT for WSN-based intelligent transportation system (ITS). In this paper, we first find out that their protocol has a security weak point inherently called master secret disclose and key forgery defect which makes their protocol susceptible to variant impersonation attacks. To overcome the deficiency of their protocol, we construct an improved ECC-based three-factors (credential, password and biometric) tripartite authenticated key agreement protocol among managers Ui, domain gateway DG and IIoT nodes INj with identity dynamic revocation and online updating (IDR-OU-TAKA) for secure communication in IIoT. Unlike the vast majority of previous GWN-assisted MAKA protocols that only negotiate the session key between Ui and INj, our IDR-OU-TAKA protocol can selectively achieve Ui DG INj tripartite key negotiation according to Ui’s IPv6 addresses, meaning that any two parties can use the session key to establish a secure channel which can achieve isolation security within the IIoT domain. Besides, in our proposed IDR-OU-TAKA, the overdue or corrupted manager can be immediately revoked by dynamically maintaining the revocation list and the identity of manager can be securely updated online through an open channel. We give rigorous security proof based on real-or-random (ROR) model and the non-mathematical (informal) security analysis to our proposed IDR-OU-TAKA protocol. Finally, we conduct a comprehensive comparison and evaluation to our proposed IDR-OU-TAKA protocol with other state-of-art MAKA protocols in terms of security and functionality features, communication, and computation costs which clearly indicate that our protocol is more practical and suitable for IIoT.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shan Gao,Junjie Chen,Bingsheng Zhang,Kui Ren,Xiaohua Ye,Yongsheng Shen

DOI: https://doi.org/10.23919/cje.2023.00.192

IF: 1.019

2024-01-01

Chinese Journal of Electronics

Abstract:In modern industrial control systems (ICSs), when user retrieving the data stored in field device like smart sensor, there exists two main problems: one is lack of the verification for identification of user and field device; the other is that user and field device need exchange a key to encrypt sensitive data transmitted over the network. We propose a comprehensive authentication and key agreement framework that enables all connected devices in an ICS to mutually authenticate each other and establish a peer-to-peer session key. The framework combines two types of protocols for authentication and session key agreement: The first one is an asymmetric cryptographic key agreement protocol based on transport layer security handshake protocol used for Internet access, while the second one is a newly designed lightweight symmetric cryptographic key agreement protocol specifically for field devices. This proposed lightweight protocol imposes very light computational load and merely employs simple operations like one-way hash function and exclusive-or (XOR) operation. In comparison to other lightweight protocols, our protocol requires the field device to perform fewer computational operations during the authentication phase. The simulation results obtained using OpenSSL demonstrates that each authentication and key agreement process in the lightweight protocol requires only 0.005 ms. Our lightweight key agreement protocol satisfies several essential security features, including session key secrecy, identity anonymity, untraceability, integrity, forward secrecy, and mutual authentication. It is capable of resisting impersonation, man-in-the-middle, and replay attacks. We have employed the Gong-Needham-Yahalom (GNY) logic and automated validation of Internet security protocols and application tool to verify the security of our symmetric cryptographic key agreement protocol.

Kexian Liu,Jianfeng Guan,Xiaolong Hu,Jing Zhang,Jianli Liu,Hongke Zhang

2024-11-14

Abstract:To meet the diverse needs of users, the rapid advancement of cloud-edge-device collaboration has become a standard practice. However, this complex environment, particularly in untrusted (non-collaborative) scenarios, presents numerous security challenges. Authentication acts as the first line of defense and is fundamental to addressing these issues. Although many authentication and key agreement schemes exist, they often face limitations, such as being tailored to overly specific scenarios where devices authenticate solely with either the edge or the cloud, or being unsuitable for resource-constrained devices. To address these challenges, we propose an adaptive and efficient authentication and key agreement scheme (AEAKA) for Cloud-Edge-Device IoT environments. This scheme is highly adaptive and scalable, capable of automatically and dynamically initiating different authentication methods based on device requirements. Additionally, it employs an edge-assisted authentication approach to reduce the load on third-party trust authorities. Furthermore, we introduce a hash-based algorithm for the authentication protocol, ensuring a lightweight method suitable for a wide range of resource-constrained devices while maintaining security. AEAKA ensures that entities use associated authentication credentials, enhancing the privacy of the authentication process. Security proofs and performance analyses demonstrate that AEAKA outperforms other methods in terms of security and authentication efficiency.

Cryptography and Security