Provably secure ECC-based device access control and key agreement protocol for IoT environment

Ashok Kumar Das, Mohammad Wazid, Animi Reddy Yannam, Joel J.P.C. Rodrigues, Youngho Park

Research output: Contribution to journalArticlepeer-review

92 Citations (Scopus)


For secure communication between any two neighboring sensing devices on the Internet of Things (IoT) environment, it is essential to design a secure device access control and key agreement protocol, in which the two phases, namely, 'node authentication' and 'key agreement' are involved. While the node authentication allows two sensing devices to authenticate each other using their own pre-loaded secret credentials in memory, the key agreement phase permits to establish a secret key between them if the mutual authentication is successful. In this paper, we propose a new certificate-based 'lightweight access control and key agreement protocol in the IoT environment, called LACKA-IoT,' that utilizes the elliptic curve cryptography (ECC) along with the 'collision-resistant one-way cryptographic hash function.' Through a detailed security analysis using the formal security under the 'Real-Or-Random (ROR) model,' informal (non-mathematical) security analysis, and formal security verification using the broadly used 'Automated Validation of Internet Security Protocols and Applications (AVISPA)' tool, we show that the LACKA-IoT can protect various known attacks that are needed for a secure device access control mechanism in the IoT. Furthermore, through a comparative study of the LACKA-IoT and other relevant schemes, we show that there is a better tradeoff among the security and functionality features and communication and computational costs of the LACKA-IoT as compared to other schemes. Finally, the 'practical demonstration using the NS2 simulation' has been carried out on the LACKA-IoT to measure various network parameters.

Original languageEnglish
Article number8698231
Pages (from-to)55382-55397
Number of pages16
JournalIEEE Access
Publication statusPublished - 01-01-2019
Externally publishedYes

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)


Dive into the research topics of 'Provably secure ECC-based device access control and key agreement protocol for IoT environment'. Together they form a unique fingerprint.

Cite this