This work is licensed under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.

1. Introduction

The history of the Internet of things is very old, but the term “Internet of Things (IoT)” was first used by Kevin Ashton in 1999. The word things refers to a physical object that can be a car, mobile, sensors, or any other appliance, etc., and the word internet refers to the fact that things are connected through the internet [1]. Nowadays, in the field of technology, IoT-based applications such as connected cars, smart healthcare, and environmental monitoring are making a revolution never seen before in the history of mankind. One of those domains in which IoT is making huge progress in agriculture. According to recent research, in 2050, the world population will be touching 9.8 billion which is atleast 25 percent increase from today’s number [2]. As a result, food consumption will increase, resulting in a 59 to 98 percent increase in demand for food supply by 2050 [3]. To cope with the needs of a greater food supply and to improve the agricultural yield with less amount of labor and resources, IoT-based agriculture applications can perform a very significant role.

Like other IoT-based systems, the core task of an IoT-based agriculture system is data. IoT-based agriculture systems must have the ability to collect data with precision, store it for further analysis, and act on it based on the gained insight [4]. The IoT-based agriculture system, which is shown in Figure 1, mainly consists of sensors and other smart objects that gather and monitor data such as humidity, soil moisture, and temperature. These sensors are connected to the main sensor post, called a gateway, through a specific network topology such as Zigbee and RFID. The information is stored on the database server. In the IoT, data processing is supported by decision support systems that monitor and analyze a huge amount of data. Such analysis helps in efficient decision-making for solving the problem. Bad weather forecasts and incorrect irrigation usually result in economic loss for farmers, so the use of a decision support system results in ineffective use of resources [5, 6]. The farmers can visualize the information gathered and can act on the situation accordingly. Not only can it assist the farmer in harvesting efficiently but it can also help save time and cost.

[figure(s) omitted; refer to PDF]

Use of IoT in agriculture leads to precision agriculture, which has many benefits, such as high productivity and reduced environmental effects due to less use of fertilizers and pesticides [6]. In recent times, advances in sensors have had a good impact on agriculture. These sensors measure soil moisture, temperature, humidity, water content, etc. Data collected from these sensors is analyzed, and then decisions are taken on that basis. The collected data from sensors in IoT-based agriculture is usually transferred over the network, which presents a greater security risk. Ensuring a secure and reliable transfer of information is one of the main goals of WSN in agriculture. Lack of secure data transfer will eventually lead to authentication, integrity, and confidentiality being compromised. Due to the fact that agriculture-based IoT applications cover a large land area and due to limitation of WSN, a specific mechanism should be used to ensure data security and privacy [5]. One approach is to use an authentication scheme that ensures that only an authentic/authorized person can access the data that results in integrity, authentication, and nonrepudiation.

The authentication schemes are normally based on public-key cryptosystem algorithms. One of the main applicable types of PKI is identity-based cryptography (IBC), which solves most of the problems possessed by public-key cryptography [7]. The IBC makes use of user identity to create user public key while private keys are generated by a private-key generator (PKG). So, authentication schemes which are based on IBC will be the most favourable need for IoT -based agriculture applications. These schemes are actually based on Rivest-Shamir-Adleman (RSA)/Discrete Logarithm problem. But due to resource conservative nature of sensor nodes, it is considered expensive. RSA algorithm [8] which is based on public-key cryptography requires large storage space due to the 1024 bit key size. Also, due to huge computation, it is not suitable for limited resourced sensors. But with improvements in elliptic curve cryptography (ECC), provides new ways to apply public-key cryptography with better performance [9]. Identity-based signature which rely on ECC only uses 160-bit key size, and its performance in terms of computation cost and communication overhead is better. But it is still not suitable for tiny resource constraint sensors. A better approach is another generalized form of elliptic curve called hyperelliptic curve (HEC) which only requires 80-bit key size while providing the same level of security as provided by RSA, bilinear pairing, and ECC. Based on this discussion, we can say HEC is a better choice for resource constraint sensors.

Based on the abovementioned limitations, we designed a scheme called identity-based authentication well suited for IoT-enabled agriculture. Some of the major features which denote the contributions of our research work in this paper are mentioned below:

(i) Firstly, we introduce the basic structure for identity-based authentication and afterward construct the scheme suitable for IoT-based agriculture

2. Preliminaries

2.1. Hyperelliptic Curve

Hyperelliptic curve (HEC) comes under the category of algebraic curves which was proposed by Neal Koeblitz. It is a generalized form of elliptic curve cryptography (ECC) and provides an alternative solution for elliptic curve cryptography [10]. For ECC, the genus is equal to 1, but for, HEC genus is ≥1.

Let $f_g$ be a finite field, and $g$ is the genus of HEC over that field having order $\text{g}\ge 2$. Hyperelliptic curve of $g\ge 2$ is shown in $$\begin{array}{}\text{(1)}& HEC:x^2+hyx=fy,\end{array}$$

where

(i) $hy$ is the polynomial, and the degree is $hy\le g$,

Note: The points on HEC are different as compared to ECC because these points do not form a group. They form an Abelian group which is called the Jacobian Group $J_{HEC}$ [11]. The order of $J_{HEC}$ is mentioned in $$\begin{array}{}\text{(2)}& {y_{t-1}}^{2g}\le J_{HEC}{f}_g\le {y_{t+1}}^{2g}.\end{array}$$

2.2. Divisor

Suppose $p$ is a set of points over hyperelliptic curve (HEC), and divisor $d$ is the finite sum of point’s $p$ over HEC [12]. This is mentioned in $$\begin{array}{}\text{(3)}& d=\sum _{p\in HEC}{m}_{p}p.\end{array}$$

Note: Under addition, the divisors form a group as shown in $$\begin{array}{}\text{(4)}& \sum _{p\in HEC}{m}_{p}p+\sum _{p\in HEC}{n}_{p}p=\sum _{p\in HEC}{m}_p+n_{p}p.\end{array}$$

2.3. Hyperelliptic Curve Discrete Logarithm Problem

Let us suppose we have a divisor $d$ which is selected from the Jacobian group $J_{HEC}$.A random private number $L$ is chosen from the finite field. $$\begin{array}{}\text{(5)}& d1=L.d.\end{array}$$

The problem of finding $L$ from Equation (5) is called as hyperelliptic curve discrete logarithm problem (HECDLP) [13].

Note: Hyperelliptic curve cryptography security depends upon solving HECDLP.

3. Related Work

In 2009, Du et al. [14] proposed a routing-driven scheme for key management in a heterogeneous sensor network. This scheme is based on the concept that a node only communicates with a small portion of nodes, and the communicating node only needs to establish communicating keys with its neighbors called c-neighbors. Elliptic curve cryptography is used in this scheme to maintain a good level of security by providing resistance against known attacks. The benefit of this scheme is that it reduces the communication overhead in key management. It also reduces storage space and energy consumption, but the major flaw is that H-sensor takes a lot of storage space. In 2011, Boujelben et al. [15] proposed a scheme for key management in heterogeneous sensor networks based on identity-based cryptography (IBC). IBC is a form of public-key cryptography in which a public key is generated from a unique known identifier likewise an email address or IP address or some other sort of identity. In a heterogeneous sensor network, using the concept of IBC a node can establish a secure key with any other nodes while only knowing the public identity of other nodes. This approach uses two types of keys (1) a pair-wise shared key between two communicating nodes and (2) a cluster key which is a shared key between all the nodes present in the cluster. The advantage of this scheme is that it provides good security by offering resilience against eavesdropping, replaying of the message, node capture attack, etc. The drawback of this scheme is that it lacks message identification. Moreover, its performance by means of energy consumption and computational cost is not efficient.

In 2014, Turkanovic et al. [16] designed a scheme for ad hoc wireless sensor network. It is built on the notions of IoT and is claimed lightweight by authors due to use of simple hash and XOR operations. Rather than just involving a gateway, this scheme allows the user to communicate directly with the sensor node for key agreement. It provides good resilience against replay attack and denial of service attack but at the same time lacks user anonymity and resistance against impersonation attack. Moreover, this scheme communication overhead and storage overhead is on the higher side. In 2016, Mehmood et al. [17] proposed an intercluster-based multiple key distribution scheme for wireless sensor network (WSN). Their proposed scheme focuses on improving the security of the cluster head in a wireless sensor network. For that purpose, the security implementation is done in two phases. Phase 1 involves the authenticity of the cluster head, and phase 2 involves the recovery process of the cluster head when cluster head functioning comes to a halt. The advantage of this scheme is that when a cluster head consumes more energy and its battery life is about to be drained, it shifts its management responsibility to another node and withdraw itself. The drawback of this scheme is that its security is still not enough because it is not resistant to attacks like replay attack, denial of service attack, and many more. Shen et al. [18] proposed a multilayer authentication protocol and a key establishment mechanism for a wireless body area network. The proposed scheme is based on ECC and hash-based media access control (MAC). The advantage of this scheme is that it provides security properties such as authentication, integrity and confidentiality, and resilience against key escrow. The drawback of this scheme is that it is susceptible to several attacks which include replay attack and sensor node attack. Wu et al. [19] pointed out the flaws in scheme [20] and presented a new scheme for the Internet of things- (IoT-) based WSN. This scheme is based on ECC and provides mutual authentication between the user, the sensor, and the gateway. This scheme provides several IoT security properties that come under confidentiality, integrity, authentication, authorization, and freshness. The drawback of this scheme is that its communication cost is higher which make this scheme inefficient for IoT-based applications.

In 2017, Wang et al. [21] found out that [22, 23] are not resistant enough against offline dictionary attack and impersonation attack and lack user anonymity and forward secrecy. The authors of [21] proposed an enhanced scheme that tackle abovementioned shortcomings, and their scheme security is proved using Burrows-Abadi-Needham (BAN) logic and heuristic analysis. Apart from providing resistance against several attacks, their scheme also provides user anonymity and forward security. The drawback of it is that it requires high computational cost and communication overhead. In 2018, Li et al. [24] proposed an ECC-based authentication protocol with privacy preservation for the Internet of Industrial Things (IIOT). Apart from privacy protection and bidirectional authentication, the proposed scheme also provides several security properties which include resistance against replay attack, impersonation attack, etc. This scheme lacks performance efficiency by means of communication overhead. In 2019, Harbi et al. [25] proposed a key management scheme to secure information exchange in Internet of things (IoT). The author was able to point out the flaws related to security in [17] and designed a new scheme based on identity-based encryption. The benefit [25] brings is that it provides data confidentiality and resists several known attacks. The drawback of [25] is that if the attacker gains access to the master key, all the session keys will be compromised. Yuan et al. [26] proposed a novel key management scheme for heterogeneous wireless sensor networks. Their scheme is based on the pairing-free identity-based digital signature algorithm which not only ensures identity authentication but also guarantees the security of the key establishment mechanism. The benefit of this scheme is that it keeps the information about the location of the starting node private. Moreover, this scheme also provides message authentication and provide protection against node capture attacks. The drawback of this scheme is its relatively high memory consumption. The computation and communication cost is relatively high which does not suite resource constraint WSN nodes.

4. Network Model

The proposed scheme network model is shown in Figure 2, which consists of three main components such as agriculture sensors, private key generator (PKG), and data user. The symbols used in the proposed scheme are illustrated in Table 1.

[figure(s) omitted; refer to PDF]

Table 1

Notations used in the proposed algorithm.

4.1. Agriculture Sensors

The agriculture sensor network consists of different types of sensors that gather and monitor a variety of data related to crops. These sensors are used in multiple ways likewise with drones, on the crop leaves or stems, and sometimes placed inside the soil. The node with a temperature sensor constantly monitors the temperature, while the node with a soil moisture sensor calculates the water level within the soil. Similarly, a node with a rain sensor detects the rainfall if there is the predictability of rainfall, a node with humidity sensors measures the humidity level in the air, and a node with a carbon dioxide sensor detects the level of carbon dioxide because it helps plants in photosynthesis. Apart from that, a node with a light sensor measures light intensity, a node with wind sensors detects the speed and direction of the wind, and a node with a leaf sensor measures the water level present inside the plant. For reliable and timely communication, a communication technology is deployed in the form of 5G or Sigfox which provides the ability of fast data transfer, wide coverage area and low energy consumption [27, 28]. The agricultural sensor nodes are connected to the controller which verifies the authenticity of data user when it receiver the request.

4.2. Private Key Generator

PKG is an arbitrator which core task is to create private and public key for controller and data users. The PKG has its own public and private master keys. Data user or controller provides its unique ID, which is combined with the master private key to create private keys. Afterwards, computing respective actor’s private keys, PKG generates public key for controller and data user.

4.3. Data User

The data user is responsible for the monitoring of data gathered by sensors. When a data user requires access to the data gathered by sensors, it approaches the controller. The controller firstly makes sure whether the data user is authorized. Authentication takes place between the data user and the controller for such purpose, and when the data user is found authentic, a secret key is shared between the two parties for exchange of information.

5. Proposed Identity-Based Authentication Scheme

In this section, we propose the identity-based authentication scheme that contains the following three parts:

(1) Setup: PKG selects a hyperelliptic curve with genus 2 that utilizes 80 bits key size. Further, it selects finite field $F^q$ from the hyperelliptic curve with the range of $q⪰2^{80}$ and two one way hash functions (${\mathcal{h}}_u,{\mathcal{h}}_v$). Then, it compute $\mathfrak{S}=\mathcal{z}.\mathcal{D}$, where $\mathcal{D}$ indicates the divisor of hyperelliptic curve and $\mathcal{z}$ and $\mathfrak{S}$ represent the private and public key of PKG

5.1. Correctness

Here, ${DS}^2$ can generate secrete key $\mathcal{K}=\zeta .{\gamma }_{{DS}^2}$ using the following steps $$\begin{array}{}\text{(6)}& \zeta .{\gamma }_{{DS}^2}=\ell .\mathcal{D}.{\gamma }_{{DS}^2}=\ell .{\gamma }_{{DS}^2}.\mathcal{D}=\ell .{\phi }_{{DS}^2}=\mathcal{K}.\end{array}$$

And it verifies $\psi$ as if $\zeta =\eta {\phi }_{{DS}^1}+\Phi .\mathcal{D}$ using the following steps $$\begin{array}{}\text{(7)}& =\eta {\phi }_{{DS}^1}+\Phi .\mathcal{D}=\frac{\ell }{\Phi +{\gamma }_{{DS}^1}}{\phi }_{{DS}^1}+\Phi .\mathcal{D}=\frac{\ell }{\Phi +{\gamma }_{{DS}^1}}{\gamma }_{{DS}^1}.\mathcal{D}+\Phi .\mathcal{D}=\frac{\ell }{\Phi +{\gamma }_{{DS}^1}}{\gamma }_{{DS}^1}+\Phi \mathcal{D}=\ell .\mathcal{D}=\zeta \end{array}$$

hence proved.

6. Security Analysis

In this section, we performed an informal security analysis of our schemes with existing schemes such as Du et al. [14], Boujelben et al. [15], Turkanovic et al. [16], Mehmood et al. [17], Shen et al. [18], Wu et al. [19], Wang et al. [21], Li et al. [24], Harbi et al. [25], and Yuan et al. [26]. The comparison of security performance of our scheme with different existing schemes is shown in Table 2 which clearly indicates that our scheme outperforms existing authentication schemes by providing essential security properties such as mutual authentication, device anonymity, and forward secrecy. Moreover, it also provides resistance against known attacks such as replay attack, eavesdropping attack, and denial of service attack.

Table 2

Comparison of security performance.

S1: Resists replay attack, S2: Resists forward secrecy attack, S3: Resists DoS attack, S4: Resists eavesdropping attack, S5: Resists impersonation attack, S6: Provides device anonymity, S7: Provides mutual authentication, S8: Resists node capture attack.

6.1. Mutual Authentication

The scheme we introduced provides mutual authentication between controller and data user on the basis of signature which is generated by controller $\eta =\ell /\Phi +{\gamma }_{{DS}^1}$ and at the receiving using $\zeta =\eta {\phi }_{{DS}^1}+\Phi .\mathcal{D}$ and it passes through verification process. So, in this regard, we can say that our scheme meets the mutual authentication security requirement.

6.2. Device Anonymity

Our designed scheme provides device anonymity during the authentication and key management stages; the identity of the communicating devices is not included in the transmitted message. The intruder must obtain the private key ${\gamma }_{di}$ and solve the equation ${\gamma }_{di}=\mathcal{z}.{\mathcal{h}}_u{id}_{di}$ in order to retrieve the device’s identity, which is impossible in this case. So, from the above discussion, we can say that the proposed scheme provides the device anonymity property.

6.3. Replay Attack

In such attacks, the intruder intercepts the message transmitted between the controller and data user and then the intruder launches an attack by replaying that old intercepted message. But our scheme makes it impossible for an intruder to do so by using the fresh secret key at every section, hence ensuring the freshness of key, and it makes our scheme robust against replay attacks.

6.4. Forward Secrecy

Forward secrecy guarantees that if the private key of one of the communicating parties is compromised, it will not affect the secret key established for the communication. In our scheme, if an intruder gains access to the private key ${\gamma }_{di}$ of one of the communicating parties, he/she will not be able to generate secrete key $\mathcal{K}=\zeta .{\gamma }_{\text{di}}$ because that intruder needs to solve the HECDLP which is almost impossible. Thus, our schemes provide forward secrecy.

6.5. Nonrepudiation

The term nonrepudiation refers that a sender cannot deny the information it sent. In our scheme, the sender includes his signature $\eta$ with the transmitted message $\psi$ and only the legal controller or data user can compute the secrete key $\mathcal{K}$ and can pass the authentication. Hence, our mechanism provides nonrepudiation.

6.6. Denial of Service Attack

This type of attack occurs by increasing the flow of traffic to the intended server or party until it has fully crashed. Our scheme prevents such attacks by accepting the data received from the authenticated party. When controller receives message $\psi$ from data user, it checks the signature $\eta$ and $$accepts $\psi$ if $\zeta =\eta {\phi }_{{DS}^1}+\Phi .\mathcal{D}$; otherwise, it discards that request.

6.7. Eavesdropping Attack

Whenever there is an exchange of information during transmission in the network, there is a possibility that an intruder might gain access to information secretly. This threatens information confidentiality as well as integrity. Our scheme avoids this attack because information is encrypted using secrete key $\mathcal{K}$, and it is impossible for the intruder to gain access to secret key $\mathcal{K}$ because $\mathcal{K}$ is computed using a random private number $\ell$.

6.8. Sybil Attack

In such an attack, an attacker usually guesses the identity of a device from the message that is being transmitted over the network. However, in our scheme, the attacker cannot do so because the message $\psi$ only contains $\eta ,\zeta$, where $\eta =\ell /\Phi +{\gamma }_{\text{di}}$ and does not include information regarding identity of transmitting device, thus providing stability against Sybil attack.

6.9. Impersonation Attack

In such attack, the attacker impersonates the identity of the another participant in the network. In our scheme, in order to impersonate another node, the intruder will require to forge a signature $\eta$ and for doing so he/she needs $\ell$ which is not feasible because of HECDLP.

6.10. Node Capture Attack

This kind of attack involves capturing the sensor node to gain keys that can be further utilized for eavesdropping on the network traffic. Such an intrusion endangers the confidentiality and integrity of the network. Our scheme makes it impossible for an attacker to obtain information about an uncaptured node by using the information of the captured node since each sensor has its own unique private key ${\gamma }_{di}$, and a pair of devices communicating have a secret shared key $\mathcal{K}$. Thus, one node capture does not impact the communication between other sensor nodes because of need to compute $\ell$ which is impossible due to HECDLP.

7. Performance Comparison

In this section, we compare our scheme with existing schemes in terms of computational cost and communication overhead.

7.1. Computational Cost

In this section, we compare the computational cost of our proposed scheme with existing authentication schemes which include Mehmood et al. [17], Shen et al. [18], Wu et al. [19], Wang et al. [21], Li et al. [24], Harbi et al. [25], and Yuan et al. [26]. For that purpose, we have only considered major operations such as scalar multiplication of elliptic curve (SM), pairing operation (P), and hyperelliptic curve divisor multiplication (HECDM) because these operations are assumed to be costly. Table 3 shows the comparison with existing schemes with respect to major operations being used. Our scheme has a lower computational cost because we have not used scalar multiplication of elliptic curve and pairing operations. We have made use of hyperelliptic curve cryptography due to which our scheme saved a lot of computational cost. Moreover, Table 4 and Figure 3 also indicate the computational cost comparison in milliseconds (ms). We did so by keeping in mind the experimental results produce in [29], the observations are made by using these system specifications

(i) Intel Core i74510U CPU

Table 3

Computational cost comparison with respect to major operations used.

Table 4

Comparison of computational cost in milliseconds.

[figure(s) omitted; refer to PDF]

The authors of [29] indicate that scalar multiplication (SM) of elliptic curve takes 0.97 ms, pairing operation (P) takes 14.90 ms, and hyperelliptic curve divisor multiplication (HECDM) takes 0.48 ms [30].

7.1.1. Computational Cost Reduction

To calculate the reduction in computational cost, the formula shown in Equation (8) is used [31, 32]. $$\begin{array}{}\text{(8)}& \frac{Existingscheme-Proposedscheme}{Existingscheme}\ast 100.\end{array}$$

(i) Computational cost reduction from Mehmood et al. [17] is $36.59-2.4/36.59\ast 100=93\%$

7.2. Communication Overhead

In this section, we compare our scheme with existing schemes such as Mehmood et al. [17], Shen et al. [18], Wu et al. [19], Wang et al. [21], Li et al. [24], Harbi et al. [25], and Yuan et al. [26] in term of extra bits that a message is carrying with it. For achieving this, we have assumed that the length of elliptic curve $q=160$ bits, bilinear pairing $G=1024\text{bits}$, hyperelliptic curve $n=80\text{bits}$. Table 5 and Figure 4 clearly indicate that the communication overhead of our scheme is far less than other existing schemes. Moreover, we also calculated the communication overhead reduction our scheme achieved.

Table 5

Communication overhead comparison in bits.

[figure(s) omitted; refer to PDF]

7.2.1. Communication Overhead Reduction

To calculate the reduction in communication overhead, Equation (8) is used.

(i) Communication overhead reduction from Mehmood et al. [17] is $480-240/480\ast 100=50\%$

8. Conclusion

This paper presents a cost-effective identity-based authentication scheme for the IoT-enabled agriculture. To enhance the efficiency of this identity-based authentication scheme, we have made use of HECC, which gives our scheme the potential to be cost-effective. This scheme ensures security properties such as authentication, forward secrecy, and nonrepudiation. The detailed security analysis of our proposed schemes proves that it is resistant against several security attacks such as replay attack and eavesdropping attack. We carried out a detailed performance analysis, and the results indicate that our scheme is more efficient than existing schemes in terms of communication overhead and computational cost. Moreover, we validated the security of our scheme using Scyther, which is a tool for validation of security protocols. The validation results prove that our scheme is secure and is a well-suited choice for IoT-enabled agriculture applications.