Cryptanalysis and improvement of an authentication scheme for IoT.

With the interference of various types of embedded devices, sensors and gadgets in day-to-day life, the buzzword internet of things (IoT) has become very popular. In the context of IoT environment, proper device authentication is important. Recently, Wang et al. (2017) introduced an authentication protocol for secure communication between the embedded device and the cloud server over IoT networks. They insisted that their protocol is secure from various attacks in the open network. However, we show that Wang et al.'s (2017) protocol is not secure against impersonation attack, replay attack and it does not provide device's anonymity. To conquer these problems, we design an improvement of Wang et al.'s (2017) protocol. We show that our protocol is secure against various attacks; specifically, it is free from the attacks pointed out in Wang et al.'s (2017) protocol. Through performance evaluation of our proposed protocol with the existing related protocols, we show that the proposed protocol is suitable for IoT environment.