Abstract
As smart cities evolve to meet sustainability goals; the proliferation of Internet of Things (IoT) devices presents both opportunities and challenges. Due to constrained nature of IoT, ensuring security in IoT enabled network is a challenge. However, growing urban population and exponential rise in IoT enabled devices make it challenging to implement and ensure security mechanisms. Several attacks such as device compromise, hijacking, tampering, man in the middle attack, replay attack, insider attack may lead to security breach. The reason behind these kinds of attacks is that an adversary has successfully obtained credentials for authentication. Several algorithms in smart cities domain have been proposed but most of them are computationally intensive schemes and some algorithms do not have password update feature. In this paper, we propose a 4-phase lightweight authentication algorithm for IoT devices in sustainable smart cities (SSC) utilizing elliptic curve cryptography (ECC) with password update phase and improved computational and communication cost. We perform a formal security analysis of the proposed algorithm using AVISPA tool and informal semantic analysis to demonstrate that our algorithm is secure against different types of attacks including MITM attack, insider attack, replay attack smart device capture attack and others. The proposed algorithm shows remarkable improvement having 1.248 ms computational time and 1036 bits communication cost. The performance analysis shows that the proposed algorithm is lightweight and shows 22.19%, 28.05% and 22.19% improvement in computation, communication and energy costs respectively as compared to the closest counterpart in existing state-of-the-art approaches.