Lightweight Secure Message Delivery for E2E S2S Communication in the IoT-Cloud System

The continuous increase in the use of smart devices and the need for E2E smart2smart (S2S) services in IoT systems play effective and contemporary roles in the field of communication, and a large amount of resources is required. Thus, IoTs and cloud computing must be integrated. One of the results of this integration is the increase in the number of attacks and vulnerabilities in the E2E S2S message delivery service of such an IoT-cloud system. However, none of the traditional security solutions can be sufficiently regarded as a secure and lightweight mechanism for ensuring that the security requirements for E2E S2S message transmission in the IoT-cloud system are fulfilled. This work aims to provide an efficient and secure, lightweight E2E S2S message delivery function, which includes the E2E S2S secure key and biometric parameter exchange function, a bio-shared parameter and bio-key generation function, secure lightweight E2E S2S communication negotiation and secure E2E S2S lightweight message delivery. The secure, lightweight cryptographic communication procedure is negotiated between a pair of smart devices during each E2E session to minimize the power consumption required of limited-energy devices. Such a negotiation process prevents known attacks by providing responsive mutual authentication. Lightweight message delivery by the two smart devices can satisfy the basic security requirements of E2E communication and ensure that the computational cost required for a real-time system is as low as possible.

Two of the most important real-life security challenges are the authentication and integrity of message delivery between a pair of smart devices that use IoT systems for cloud computing. Thus, the integrity and authentication of data transmitted between smart devices and the confidentiality of such data are essential. Security is a critical function of smart devices that use IoTs for cloud computing services [7], [9]. However, IoT systems were created with a large number of known attacks that hinder communication between smart devices and decrease the confidence of users; these known attacks include replay, forgery, parallel session, Man-In-The-Middle (MITM), reflection, offline guessing, online guessing, brute force, dictionary, statistical and visual attacks. Existing solutions are inapplicable to smart devices that use IoT-cloud systems due to the weaknesses of the proposed methods in terms of security requirements or the limits on computational costs that prevent smart devices in such IoT-cloud systems from selecting appropriate security methods [5]. In our work, we identify a suitable means of ensuring secure communication for energy-limited smart devices in an IoT-cloud system.

B. MECHANISM AND OBJECTIVE OVERVIEW
Our work focuses on overcoming the aforementioned problems by providing a method for the secure exchange of secret keys and users' biometric parameters for E2E S2S and cloud server negotiations. The secret keys are used to protect the biometric parameters and bio-key exchange function. Our work also provides a lightweight negotiation method for providing secure communication for each E2E session for a pair of smart devices. Without such negotiations, most solutions cannot prevent illegal or unauthorized users from using secure E2E S2S communications in the IoT-cloud system. Our work offers a secure and low-complexity E2E S2S message delivery function by adopting a powerful assurance factor as a one-time bio-key with MAC-SHA-1 via random mapping [12]- [15] and by embedding the summation of MAC-SHA-1 (MACLESS for short) in a low-complexity cover image through double-stegging [16] based on DWT steganography [17], [18] to maintain message authentication and integrity. Double-stegging increases the resistance of the system to common forms of attacks, and MACLESS further reduces the size of the embedded MAC; MACLESS is more efficient in processing the steganography operation than the MAC for energy-limited devices.

C. CONTRBUTIONS
This work provides the following contributions. First, the proposed scheme has a new E2E S2S low-complexity message delivery function to protect messages without losing integrity and authentication during the transmission of messages between a pair of smart devices for secure E2E communication in an IoT-cloud system. Second, our scheme establishes a secure, lightweight negotiation method for E2E S2S communications that offers responsive mutual authentication and secure E2E S2S lightweight message delivery. Hence, efficiency, reduced computational costs, and reduced energy consumption and memory size are achieved. Third, the message delivery function is computationally efficient and can be connected to the available infrastructure. It is also easy to deploy and manage. Fourth, the message delivery function integrates cryptographic MAC-SHA-1 and the secret bio-key of the smart device sender via random mapping, and then it embeds MACLESS as a summation of MAC-SHA-1 in a stego-image to authenticate the origin of the sender's message transmission. This scheme does not attract the attention of eavesdroppers because it conceal MACLESS in cover images via double-stegging based on DWT steganography; this feature also prevents replay and DoS attacks. Fifth, the proposed scheme does not require an expensive device to acquire biometric data, such as those from irises or fingerprints. Smart device users can use a simple scanner or mobile camera to obtain the handwritten signature. Finally, communication and signal processing attacks are prevented by the cryptanalysis mechanism.
The rest of this paper is structured as follows. Section II presents previously developed solutions related to the current problem. Section III provides an overview of the proposed scheme, and Section IV introduces the overall architecture of the secure message delivery function in detail. Section V presents a security analysis with respect to common attacks. Section VI describes the results, comparisons, and analyses in terms of performance and security. Section VII provides the conclusions.

II. RELATED WORKS
Many schemes that combine factors with cryptographic hash functions or digital signatures to ensure message authentication and integrity between two parties over the Internet have been developed. However, only a few researchers have developed secure lightweight methods that are compatible with limited-resource devices in an IoT system. This literature review focuses on related studies that developed secure message delivery methods in a lightweight manner.

A. LIGHTWEIGHT SOLUTIONS BASED ON DIGITAL SIGNATURES
Elliptic Curve Cryptography (ECC) is a reliable encryption method that is widely used in various fields of encryption an includes a digital signature algorithm called ECDSA [19]. ECDSA has many drawbacks, such as slow implementation and design flaws. In 2017, Javed et al. [20] proposed a low-complexity authentication mechanism by combining ElGamal and ECC to generate a pair of secret keys for encryption and decryption operations in S2S communications over IoTs. In 2018, Arif et al. [21] presented a solution for secure data transmission between a pair of smart devices over IoTs by providing an ECDSA with a limited cost and complexity. Given that the proposed method deals with complex numbers, it requires numerous processing sources, leading to increased energy consumption. In the same year, Mohseni-Ejiyeh et al. [22] proposed a lightweight scheme for data sharing between a pair of devices using 5G technology. In this scheme, a digital signature is used to meet the basic security requirements of data sharing. Particularly, MAC-SHA2 and ECC are utilized. However, this solution cannot provide identity anonymity. Hence, attackers can easily determine the user's identity. In the same year, Alizai et al. [23] proposed a secure authentication scheme based on the two-factor concept and digital signatures for E2E devices in IoTs. The first factor is the device capability, which is based on puzzles. The second factor is the timestamp, which can prevent attacks. ECC is used to ensure the confidentiality of the digital signatures and secure key exchange. However, the researchers did not provide a mutual authentication mechanism to prevent illegal devices from stealing sensitive authentication parameters. In 2019, Abro et al. [24] used ECC-ElGamal encryption to develop a lightweight authentication scheme by utilizing ECC with Public Key Infrastructure (PKI) to generate a secret key and exchange it between D2D devices over IoTs. Similarly, this solution does not consider mutual authentication, which plays a role in preventing spoofing and other attacks.

B. LIGHTWEIGHT SOLUTIONS BASED ON KEYED MAC
The factors associated with a MAC allow for a secure exchange and transfer of data between parties and the verification of authentication, integrity, and confidentiality.
In 2008, Rabadi and Mahmud [25] suggested using the message anonymity concept. They attempted to maintain the authentication, anonymity, and integrity of message delivery from vehicle to vehicle using a timestamp as a factor for anonymous message provision. However, to retain the identity, this scheme uses a hardware registration device, and this leads to extra costs; additionally, each vehicle requires a shared symmetric key. Moreover, the protocol was not clarified in the security analysis. In 2011, Liu et al. [26] adopted the same concept to generate one-time message anonymity. They utilized a scheme consisting of a hash function, shared key, validity period and timestamp to achieve secure message transmission between two parties on the Internet. However, the authors did not discuss the attacks that the scheme could withstand. Naqvi and Akram [27] presented another concept in the same year. They aimed to increase the security and reliability of HMAC-MD5. To compute such a robust MAC, they utilized a key generated by MD6 to maintain randomization and make prediction by attackers difficult. This scheme can prevent birthday and exhaustive key search attacks, as discussed in the security analysis of the paper. In 2012, Chaisri et al. [28] proposed the concept of utilizing MD5 and DES to protect the document integrity of a fax. DES is used to encrypt and maintain the MD5 value. In this concept, the sender must embed the secret key of DES into the document to be faxed, and this is considered a major weakness. An attacker could extract the secret key and reuse it to decrypt the MAC. In addition, the attacker could use the hacked secret key to recreate a fake replica, and this could make the receiver believe that the legitimate sender sent it. In 2014, Shen and Liu [29] proposed a technique for handling digital images and documents. The researchers safeguarded the authentication code by utilizing a Markov chain to enhance content-based watermarking. A disadvantage of this scheme is that the least significant bits based on sequence mapping are applied to embed the authentication code on a cover image, resulting in limited embedding efficiency and many security problems. Another drawback is that the authentication code could be extracted by attackers. When the valid user logs out, an attacker could reuse the stolen key to log in as the legitimate user.
In 2016, Chen et al. [30] presented a mechanism for protecting M2M message transmission in IoTs on the basis of a trapdoor HMAC and a random number. However, this method has a problem, that is, the overhead of exchanging cryptographic keys leads to a high computational cost. In addition, the authors did not address the use of the advantages of cloud computing for message delivery amongst a set of smart devices in the IoT system. In 2019, Byoungjin Seok et al. [31] proposed device-to-device communication in a secure manner on the basis of Authentication Encryption with Associated Data (AEAD) and ECC for IoT devices. AEAD was applied to provide data confidentiality and integrity on the basis of an HMAC. The limitation of this scheme is that authentications between pairs of devices are provided without consideration of their mutual VOLUME 8, 2020 authentication. Moreover, it has an overhead in terms of key generation during device-to-device communication.
Khan et al. [32] developed an authentication and data confidentiality scheme in 2020. In this scheme, secure authentication is based on a user ID and password, with biometric parameters of patients and SHA-512 added for further security. Improved Elliptic Curve Cryptography (IECC) is also applied to securely send the collected information by sensors. However, mutual authentication was not considered in this study, and known attacks, such as replay and MITN, could occur due to this limitation.
Discussion: The limitations of existing works [25]- [32] can be viewed from different aspects. First, most of these solutions suffer from a computational overhead that is not supported by smart device resources with respect to performing ECC in the data delivery function. In contrast, our scheme uses ECC in the registration phase and a secure, lightweight negotiation method for E2E S2S communications to protect the shared key and biometric user parameters. In our work, ECC is not used for secure message delivery in the IoT-cloud phase of each session of E2E S2S communication in the IoT-cloud system. This phase is the most used one in terms of smart device communication and message delivery processes in real-world applications. Additionally, existing solutions have limited storage capabilities because smart devices have limited resources. Furthermore, in our work, we consider the massive data characteristics of cloud servers for the storage process, and this can allow smart devices to access extended storage at no cost. Second, these existing works did not sufficiently address the vulnerabilities of E2E S2S communication in an IoT-cloud system. In contrast, in our work, we carefully design the E2E S2S message delivery function on the basis of lightweight secure bio-keys that are generated and shared with a lightweight, well-designed mutual authentication to verify the origin of the sender. Hence, the threats of MITN attacks that impersonate the owner of the plaintext or cipher message being sent are prevented without needing to change or view the message. In addition, our work reduces the probability of other well-known attacks, as proven by the conducted security analysis.

III. SCHEME OVERVIEW
Despite the achievements of previous related studies, these studies failed to establish an applicable method for secure, lightweight message delivery between the sender and receiver in which E2E S2S communications can be used for IoT-cloud systems. We provide a low-complexity and secure solution for E2E S2S messaging in IoT-cloud system. Registration and key negotiation and secure message delivery in IoT-cloud phases make up the proposed solution. During the former step, which is performed only once, smart device users (the sender and receiver) register their identities and secure E2E S2S biometric user parameters for E2E S2S messaging in the IoT-cloud system. These parameters are a bio-shared vector Rv and shared key Shk generated based on the union of their handwritten signatures. Furthermore, a smart device user invokes the latter phase each time that he/she wants to launch a secure, lightweight E2E S2S communication negotiation and then enables the lightweight and secure message delivery function for sending an authenticated message to another user. Secure, lightweight message delivery is E2Eand S2S-based. It meets application requirements in terms of security, performance and scalability and enables the integration of IoT systems and cloud infrastructure. The architecture of the secure lightweight message delivery system for E2E S2S messaging in an IoT-cloud system is shown in Fig. 3.

IV. E2E S2S MESSAGE DELIVERY DETAILS
The following sections show in detail how E2E S2S message delivery can be easily tracked during both phases. We discuss the construction of our scheme, which further describes a property of an authenticated message for security and the prevention of tampering with a message exchange between a pair of smart device users in the IoT-cloud system.

A. REGISTRATION AND KEY NEGOTIATION PHASE OVERVIEW
The main components of the registration phase (i.e. cloud server or CS, smart device sender or SDS and smart device receiver or SDR) also use ECC [33] as the asymmetric key encryption/decryption function Enc(.)/Dec(.) to secure the passing of sensitive parameters among them. The reason for using ECC instead of other methods, especially RSA, is that it has high performance in limited-power devices, low time consumption and limited memory size [33]. In addition, ECC can only be executed once in the registration phase by these components when transmitting sensitive parameters (ID SDS , HS SDS , ID SDR , HS SDR , Rv and Shk) over an insecure channel to the CS and the initial part of the second phase called secure lightweight E2E S2S communication negotiation. Therefore, for secure communication, ECC is not needed in the whole process of secure E2E S2S lightweight message delivery but only in the registration phase and negotiation between pairs of smart devices.

1) DESIGN FOR SMART DEVICE REGISTRATION IN AN IOT-CLOUD SYSTEM
The variable n pertains to the number of smart devices in the IoT-cloud system. When a smart device user wants to send an authenticated message to a set of smart devices consisting of other user members, the smart device should create the registration phase. Such registration generates accounting parameters (ID SDS , HS SDS and Sk SDS for the sender and ID SDR , HS SDR and Sk SDR for the receiver). Furthermore, the CS initiates the shared biometric vector Rv and shared key Shk and keeps them secure in the cloud server. Then, it sends an encrypted version of Shk to a pair of users to maintain secure E2E S2S communication, especially secure message delivery, in the IoT-cloud system. Fig. 1 illustrates the negotiation request of the registration phase.
The pair of smart devices sends a request to the CS for initiating a registration session, especially a key exchange session, and generates a set of critical parameters to be exchanged in both private and public manners while maintaining a secure E2E S2S transmission in the IoT-cloud system. The architecture of the registration process for users' smart devices for lightweight and secure E2E S2S communication in IoT-cloud services is shown in Fig. 1 and described in the following steps.
• Secure key and biometric parameter exchange function The CSP, SDS and SDR run ECC to generate public keys (PU CS , PU SDS and PU SDR ) and private keys (PR CS , PR SDS andPR SDR ). The public keys can be exchanged amongst the CS, SDS and SDR through an unsecure channel. Public keys become ineffective when they are acquired by attackers. In particular, these keys are utilized to acquire secure handwritten signatures and achieve identity transmission from the SDS and SDR to the CS. Thus, the SDS andSDR encrypt their handwritten signatures and identities by applying the ECC encryption algorithms Enc PU CS (HS SDS ||ID SDS ) and Enc PU CS (HS SDR ||ID SDR ), respectively. They use PU CS and send them to the CS.
Upon receiving the encrypted sensitive parameters of the sender and receiver, the CS decrypts the received handwritten signatures and identities by using the private key PR CS and applying the ECC decryption algorithms Dec PR CS (Enc PU CS (HS SDS ||ID SDS )) = (HS SDS ||ID SDS ) and Dec PR CS (Enc PU CS (HS SDR ||ID SDR )) = (HS SDR || ID SDR ). Then, it saves these parameters securely and generates a bio-shared handwritten signature by combining the parameters (SHS = HS SDS HS SDR ) to compute the vector of features Rv = Fx(SHS) and the shared key Shk = Fx(SHS). The CS also generates a temporary biometric salt key for each session T (Sk SD i ) (Rv)−→ I i , E, where I i and E are the starting and end points, respectively, from the vector of the extracted features (Rv), and SD i refers to the SDS and SDR. In each message delivery session, I i and E are randomly selected. I i and E should be in the range of the feature vector length, which is 3060 bytes (I i and E Z 3060 ; I i = E). Afterwards, the CS sends the encrypted version of Shk and Sk SD i to the SDS and SDR.
Remark: The CS does not send Rv to prevent either of the two parties from obtaining the signature of the other party because this bio-shared vector Rv is the result of performing operations on the combined handwritten signatures of the two parties. Instead, the CS sends the biometric key Shk as a random part of Rv, and this keeps the biometric parameters unknown to both parties. Moreover, the secret key PR CS is kept secure only by the CS.
• Bio-shared parameter and bio-key generation FX refers to a function that employs a histogram of the LBP filter to perform feature extraction from normalized bio-shared handwritten signature data (SHS) and build a wide dimension range of 3060 bytes [15]. In detail, SHS is divided into 12 blocks that overlap by 60% [15]. Thereafter, the histograms of all the blocks are calculated and concatenated as follows: of adimension 12.255 = 3060. Hence, the vector features of a handwritten signature can be written as follows: Afterwards, Rv is saved securely only by the CS as Enc PU CS (Rv), and Shk is encrypted by the CS using the public keys PU SDS and PU SDR with ECC as Enc PU SDS (Shk) and Enc PU SDR (Shk). Then, the CS sends these cipher versions to the SDS and SDR. The received cipher Shk is decrypted by the SDS and SDR by using their private keys (PR SDS , PR SDR ) and by applying ECC as Dec PR SDS (Enc PU SDS (Shk)) and Dec PR SDR (Enc PU SDR (Shk)), respectively. The secure message delivery phase of the IoT-cloud system is invoked after the registration phase has been completed. Generally, in such a phase, the SDS/SDR can use bio-key Shk together with secret key Sk SDS / SDR , the temporary session key Sk T CS and a random number R T to generate a one-time variable or an anonymous authentication code. Then, a summation of the message authentication code (MACLESS) is provided. MACLESS and R T are subsequently embedded into a cover image via double-stegging based on DWT steganography. The cover image with the embedded MACLESS and R T along with the message are then ready for transmission. The message integrity of the sender SDS can be verified by comparing the embedded integrity value called MACLESS(Msg ) and the newly recomputed value MACLESS(Msg ) on the receiver side SDR, and this completes the secure message delivery phase. This phase is illustrated in the following subsection and in Fig. 3.
• Registration session for a smart device in the IoT-cloud system In the registration session, a smart device (SD i for short; referring to the SDS or SDR) should send a request message for the registration process Enc PU CS (HS SDi ) Enc PU CS (ID SDi ) to the CS. Enc(.) is an ECC asymmetric cryptographic encryption process. Upon receiving such a request from the SD i , the CS executes the decryption operation Dec PR CS (Enc PU CS (HS SDi ) Enc PU CS (ID SDi )) = HS SDi ID SDi to verify and store the plain text of the requested message parameters consisting of the identity of the smart device and the biometric parameter (handwritten signature) as a unique feature for each user. To clarify, the CS verifies whether the identities ID SDi and HS SDi are present in the IoT-cloud system. If both parameters are found, ID SDi and HS SDi are securely saved by the CS, and the verified or agreed-upon answer is sent to the other party SD i . Aside from a successful verification result, the CS also generates Rv and Shk, encrypts them as Enc PU SDi (Rv SDi ) and Enc PU SDi (Shk SDi ) and outputs the relevant bio-secret key Enc PU SDi (Sk SDi ). Afterwards, the CS sends the encrypted versions Enc PU SDi (Shk SDi ) and Enc PU SDi (Sk SDi ) to both smart devices. The smart devices decrypt these parameters to obtain plain text version Shk SDi = Dec PR SDi (Enc PU SDi (Shk SDi )) and For example, the smart devices SDS and SDR send a request to the CS consisting of their encrypted IDs together with handwritten signatures HS to initiate a registration session (Fig. 1). The CS saves their identities ID SDS and ID SDR , handwritten signatures HS SDS and HS SDR and private cryptographic keys, then generates the bio-shared vector Rv and bio-shared secret keys Shk and Sk SDi . It keeps Rv to itself and securely sends the others to the SDS and SDR.

B. SECURE MESSAGE DELIVERY IN THE IOT-CLOUD PHASE
The following subsections illustrate the secure, lightweight E2E S2S communication negotiation and message delivery function for the IoT-cloud system. In the secure E2E S2S communication negotiation shown in Fig. 2, the CS and a pair of smart devices negotiate a request message via the CS and generate a temporary secret key Sk T CS for each session (T ) to allow for E2E S2S secure communication. The second part is designed for lightweight message delivery between a smart device sender SDS and smart device receiver SDR in an IoT-cloud system.

1) SECURE LIGHTWEIGHT E2E S2S COMMUNICATION NEGOTIATION
If a pair or set of smart devices wants to initiate and coordinate secure E2E communication in the IoT-cloud system to be used for launching a secure lightweight message delivery function later on, the S2S devices should generate and organize a set request to the CS for E2E communication in the IoT system. A secure set is established by performing the following steps.  • The CS generates lp as a large prime random number r T , computes d r T as (d r T ∈Z * lp ) and provides a one-time temporary session salt key (Sk T CS = d r T mod lp) for each session request message T. Then, it sends the encrypted versions Enc PU SDS (Sk T CS ) and Enc PU SDR (Sk T CS ) to the smart devices of the sender and receiver, respectively.
• Upon receiving the encrypted temporary session key, the SDS decrypts it by performing Dec PR SDS (Enc PU SDS (Sk T CS )). Then, the SDS uses its public key and the encryption function ECC of the CS to form an encrypted negotiation request Enc PU CS ((Sk T CS Sk SDS ) ID CS ID SDS ID SDR Shk). The SDS sends the encrypted request to the CS.
Remark: The shared bio-keys Shk and Sk SDS can help prove the origin of the request because the bio-features are generated by the combined handwritten signatures of the sender and receiver equations (1), (2), and such features are unique and cannot be generated by attacks. In addition, these features were previously protected with ECC encryption before they were sent to the SDS. All data sent from smart devices are  Otherwise, the CS sends a rejection response to the SDS.
• Similar to the same approach adopted by the CS, once the receiver SDR receives the session launch request, it decrypts the encrypted request, Sk SDS ) = Sk T CS . If Sk SDS matches Sk SDR as generated in the registration phase and Sk T CS is verified, then the check is complete, and Sk SDS and Sk SDR are considered symmetric keys. The SDR can decide whether to accept or reject the request delivered from the CS. If it is rejected, a rejection response is sent to the server CS, which in turn forwards the response to the SDS. In contrast, the SDR sends the encrypted response back to the CS as Enc PU CS ((Sk T CS Sk SDR ) ID CS ID SDS ID SDR Shk) by using the ECC encryption function. Discussion: The success of the negotiation plays an effective role in ensuring responsive mutual authentication between the SDS user and the IoT-cloud server, between the last and current SDR user, between the last user and the IoT-cloud server and most importantly between the SDS and SDR user by comparing Sk SDS , Sk SDR and Sk T CS to verify the origin of the request. This request results in secure E2E S2S communication over the IoT-cloud system. It also brings secure communication in terms of the credibility and legitimacy of the parties involved. Moreover, both parties obtain the secret key Sk T CS generated and sent by the server. Consequently, such a negotiation may greatly reduce attackers' attempts to impersonate the legitimacy of the sender and recipient and even attempts to counterfeit a server.

2) SECURE E2E S2S LIGHTWEIGHT MESSAGE DELIVERY
Many applications in our daily life, such as news and others, do not need message encryption to maintain confidentiality, but they need it to ensure authentication and integrity (Fig. 3). Given that smart devices have limited resources, especially in terms of processing costs, such messages do not need to be encrypted. Thus, the maintenance of energy consumption is the primary goal. Fig. 3 shows the mechanism of secure lightweight message transmission between a pair of smart devices in the IoT-cloud system.

3) SMART DEVICE SENDER (SDS) SIDE
To send an authenticated message (Msg), the SDS generates a random number R T for each session T to be used in the generated MACLESS or limited-size, one-time, biometric message authentication code, i.e.
The SDS has to send R T to the SDR in a secure manner together with MAC-LESS. We propose to use double-stegging steganography for hiding MACLESS and R T in the limited size of a cover image to maintain the communication cost in the IoT-cloud system. The following discussion shows why we use stenography.
The SDS embeds MACLESS(Msg ) and R T into a cover image via the double-stegging steganography mechanism. This technique is performed to add extra security for concealing Msg . In particular, DWT is performed on the cover image as follows: co-cover = (LL, LH, HL, and HH). Afterwards, the embedding of Msg proceeds as follows.
Step 1: The coefficients for the first embedding can be selected from (LL, HL, LH, and HH) [13], [18]. In detail, the coefficients can be represented by [C ij ; i = 1, . . . , K ; j = 1, . . . , N ], and Msg = [Msg ij ; i = 1, . . . , K ; j = 1, . . . , N ; Msg ij = {0,1} is resized to the same dimension as that of C. For each embedding bit of MACLESS in the coefficients [C ij ], the first concealing process consists of comparing Msg ij with C ij to obtain modified C ij as follows: Step 2: The second embedding process consists of comparing the modified coefficients C ij with other selected coefficients from (LL, HL, LH, and HH) to obtain a modified C ij denoted as C ij . Single-level inverse DWT (IDWT) is then performed on C ij to obtain a stego-image. VOLUME 8, 2020 The two steps can be performed to embed 4 bytes, as this is the length of MACLESS, and the same process can be used to embed the random number R T .
For increased security, the SDS updates its secret key Sk SDS to obtain a one-time key periodically by using a simple operations (Sk SDS = (Sk SDS Sk T CS ) >R T ) for the next secure message delivery. Similarly, the CS and SDR must update (Sk SDS and Sk SDR ) upon receiving R T . Then, the SDS sends a package consisting of Msg and the stego-image, SDS Pack = {Msg, (Msg , R T ∈ Stego-image)}, to the CS. Discussion: Encryption is the ideal solution for securing a random number R T , but this brings us back to the limited processing power of smart devices. Steganography can hide critical data in an unquestionable way. Thus, we suggest using the double-stegging steganography method to embed the random number R T and a limited-size authentication code (MACLESS) in a low-dimensional and minimally-complex cover image simultaneously. Particularly, hiding limited-size data in a minimally-complex and low-dimensional image requires little computational time and maintains the communication cost, and this approach is compatible with limited-resource devices [34], [35]. This method prevents the attacker from discovering the presence of R T and MACLESS, which the attacker may reuse. It also provides security and hides the transmission of R T and MACLESS. We believe that sending data, such as MACLESS and R T , in a hidden manner distracts attackers; this procedure may even be better than encrypting and sending the data publicly. Moreover, hiding R T safely and effectively prevents attackers from extracting and obtaining it.
It also enables the message delivery mechanism to update the keys by using a simple, low-complexity operation. If the attacker guesses R T , it is useless because it is used only once for each message delivery in E2E S2S communication in the IoT-cloud system. Moreover, the attacker does not possess the secret keys Sk SDS and Sk SDR .

4) IoT-CLOUD SIDE
After receiving the package SDS Pack = {Msg, Msg , R T ∈ ST (Stego-image)}from the SDR, the CS stores it in the database securely. Given that the server can save massive amounts of data, the CS is used in our proposal for storage, thus allowing smart devices to reduce their storage operations and retrieve what they need from the stored data on the IoT-cloud server in the future. Similarly, the CS extracts R T from the cover image and updates both keys to form one-time keys (Sk SDR , Sk SDS ), which are stored during the registration phase by performing a simple operations (Sk SDS = (Sk SDS Sk T CS ) >R T ) and (Sk SDR = (Sk SDR Sk T CS ) >R T ). Then, the CS forwards SDS ack = {Msg, Msg , R T ∈ ST (Stego-image)} to the SDR.

5) SMART DEVICE RECEIVER (SDR) SIDE
Upon receiving the SDS package from the CS, the SDR verifies the message integrity and authentication by extracting the message document authentication code (MACLESS (Msg )) and random number R T . It is the opposite of the embedding process and is performed through the following steps.
Step 1: The first level of decoding is performed to recover the first modified coefficients C ij from the second modified coefficients C ij .
Step 2: The second level of decoding is performed to recover the original Msg ij from the first modified coefficients C ij as follows: The two steps can be performed to extract 4 bytes, which is the length of MACLEE, and the same process can be used to extract the random number R T .
Remark: This technique's important advantage is that the source image does not need to be present in the SDR for the successful extraction of MACLESS (Msg ) and R T . Therefore, nobody (unauthorised people or third parties) can detect or even observe the secret communication between pairs of smart devices except for the sender and receiver themselves; that is, no one will even suspect the existence of hidden information MACLESS (Msg ) and R T . The SDR computes

bytes. If
Msg matches the extracted Msg , then the SDR ensures the integrity and authentication of the message that the SDS has sent. Otherwise, the secure message delivery phase is terminated. Moreover, the SDR has to update its secret key Sk SDR by performing (Sk SDR = (Sk SDR Sk T CS ) >R T ) so that the key can be used in the next message delivery function.
Remark: During each iteration of E2E S2S message delivery, Sk SDS and Sk SDR are updated in the SDS and SDR, respectively. These keys are protected by R T for a specific session T i , and the secure E2E S2S lightweight message delivery function can easily prevent online and offline guessing attacks.

V. SECURITY ANALYSIS
We argue that the proposed scheme can withstand several threats, such as replay, forgery, parallel session, MITM, insider, reflection, online guessing, offline guessing, statistical and visual attacks, to E2E S2S communications in an IoT-cloud system. Our proposed scheme has several merits; it consists of a temporary session key Sk T CS and one-time biokeys Sk SDS and Sk SDR . For each session request, a one-time anonymous message authentication code, biometric key management and double-stegging based on DWT steganography are used to hide MACLESS without attracting the attention of eavesdroppers. Moreover, our work meets the requirements of secure M2M communication [36], [37]. h(Msg||Sk T CS ||Sk SDS ||Shk||R T ) = 4 bytes when the SDS sends a message (Msg) to SDR or vice versa in the IoT-cloud system. In detail, the mechanism for computing Sk SDS is based on the extracted features (Rv) of the combined bio-shared image of the handwritten signatures of the SDS and SDR (SHS = HS SDS HS SDR ) and the one-time random indexes generated by the CS (I i , E) during the registration phase. I i and E are the starting and end points, respectively, from the vector of the extracted features (Rv). We notice that I i and E are generated once for each SDS and SDR session. Moreover, the SDS and SDR perform (Sk SDS = (Sk SDS Sk T CS ) >R T ) and (Sk SDR = (Sk SDR Sk T CS ) >R T ) to update their secret keys to be used in the next round of message delivery. Therefore, this scheme provides bio-key management and a one-time biometric key.
Theorem 2: The proposed scheme can support a biometric MAC.
Proof: The biometric operator identifies a person based on particular physiological features, such as his/her handwritten signature. A handwritten signature is one of the most commonly used security measures in biometrics [15]. However, no previous scheme has focused on combining the biometric technique with MACs for E2E S2S communication in an IoT-cloud system. In contrast, in the proposed scheme, during the registration phase, the SDS and SDR send their handwritten signatures (HS SDS and HS SDR ) to the CS through a secure transmission using ECC. Afterwards, the CS saves (HS SDS , HS SDR ), generates bio-shared handwritten signatures (SHS = HS SDS HS SDR ) and extracts a vector of features (Rv = Fx(SHS)). Rv is then used to generate Shk, Sk SDS and Sk SDR , in the registration phase. During the secure E2E S2S lightweight message delivery phase, the SDS or SDR should generate a biometric MAC MACLESS (Msg ) = L i=1 h(Msg||Sk T CS ||Sk SDi ||Shk||R T ) = 4 bytes based on the biometric salt-key (Sk SDi ) (Rv)→I i , E when the SDS and SDR wish to send a message to each other. Hence, Sk SDi refers to the secret key of the SDS or SDR. Such a scheme can clearly provide a biometric MAC.
Theorem 3: The proposed scheme can robustly provide anonymity for the user message and authentication code.
Proof: Assume that the SDS/SDR tries to resend a similar user's message. The attacker often attempts to steal or eavesdrop on the sender's login request (Msg, Msg , R T , ST ). As long as the sender generates MACLESS (Msg ) = L i=1 h(Msg||Sk T CS ||Sk SDi ||Shk||R T ) once for each E2E S2S sender request, the attacker cannot use the same authentication code MACLESS for E2E S2S communication in the IoT-cloud system. A random number R T is generated once for each message delivery, and a one-time bio-key Sk SDi is selected and integrated with MAC-SHA-1 for each session request to generate an anonymous one-time message authentication code. In addition, Sk SDS and Sk SDR are updated each The proposed scheme can support the anonymity of user messages (Table 1).
Theorem 4: The proposed scheme supports a temporary, variable-length bio-salt key for each session.
Proof: In this work, the bio-key Sk SDi does not have a fixed length that depends on (Sk SDi ) ∈ (Rv) → I i , E, where I i and E change each session (Table 2). Similarly, Sk T CS is generated as a strong one-time key by applying (Sk T CS = d r T mod lp) and delivering it to the SDS and SDR for each E2E S2S session launch. Moreover, for each session, the secret keys are periodically updated using the random number R T . Consequently, the variable-length bio-salt key and continuous periodic update are difficult for the attacker to guess because they are not equal under different runs and constantly change when the SDS and SDR wish to exchange messages. Therefore, our proposed scheme provides flexible-length bio-keys, Sk SDS and Sk SDR , for each session launch.

B. COMMUNICATION ATTACKS
Theorem 1: The proposed scheme can resist replay attacks.
Proof: An attacker performs this type of attack by eavesdropping on the rightfully transmitted SDS/SDR login request. When the smart device user logs out of the IoT-cloud system, the attacker attempts to impersonate the valid user by reusing this message. In our scheme, the user's login request each time must be identical to the CS parameters in the registration and key negotiation and secure message delivery phases in the IoT-cloud system (Sk T CS , Sk SDS , Shk, ). Moreover, Msg is generated once by using the user's one-time bio-key Sk SDi for each session T, and the distinct random number R T is generated once by the smart device sender and embedded into the stego-image (ST ) to be extracted later by the CS and the smart device receiver. Subsequently, Msg and R T are protected well and no longer valid.
Even if the attacker could derive the random number R T , the attacker would not know the authentication code Msg because the attacker does not have the secret bio-keys Sk SDi and Sk T CS generated based on the biometric parameters of both smart device users. In detail, in our secure E2E S2S communication method in an IoT-cloud system, attackers cannot generate valid MACLESS because we use the distinctto-distinct secret bio-keys Sk SDi and Sk T CS for each session T and securely keep these keys in the SDS, SDR and CS by using ECC. Our scheme also enjoys a mutual authentication mechanism in the secure E2E S2S communication negotiation process. Such mutual authentication can hinder the impersonating smart device that aims to derive sensitive parameters by using an illegal ID i . Therefore, an attacker cannot pass any replayed message for the verification of the CS and SDR. Consequently, the attacker fails to perform this type of attack.
Theorem 2: The proposed scheme can prevent parallelsession and forgery attacks.
Proof: If an attacker attempts impersonation, he/she can obtain access to a valid session message and Shk as the secret sensitive parameters of the secure message delivery function for E2E S2S communication in the IoT-cloud system. In the proposed scheme, these parameters, derived from users' biometric features Rv, Shk, SHS, HS SDS and HS SDR are securely transmitted and kept amongst the CS, SDS and SDR by using ECC during the registration phase. Therefore, an attacker does not have any knowledge of Rv, Shk, SHS, HS SDS and HS SDR to compute (Msg ) and fails to forge a valid session message; thus, he/she cannot perform forgery and parallel-session attacks. The proposed scheme can prevent forgery attacks. Theorem 3: The proposed scheme can resist MITM attacks. Proof: To perform this attack, the attacker tries to intercept the message between the SDS and SDR. The attacker takes advantage of the user logging out from the IoT-cloud system and reuses their message. In our work, pairs of smart devices wish to use the message delivery function to transmit a message (between the SDS and SDR). They must initiate the registration and secure lightweight E2E S2S communication negotiation phases. For instance, these phases can be used to generate a temporary, strong one-time key Sk T CS by applying (Sk T CS = d r T mod lp) and the user's one-time bio-keys Sk SDS and Sk SDR for each specific session T to form once-sensitive data SDS Pack = {Msg, MACLESS(Msg ) and R T ∈ ST (Stegoimage)} to be sent to the SDR for maintaining the integrity and authentication of the message delivery function. When the SDS/SDR logs out of the IoT-cloud system, the oncesensitive data become useless. An attacker eavesdropping on the transmission between the SDS and SDR finds that computing Msg might be useless, difficult or even impossible because the keys Sk T CS , Sk SDS and Sk SDR are only generated and used once each with a mechanism to update the user's keys Sk SDS and Sk SDR for each message delivery by a random number R T during each session of E2E S2S communication in the IoT-cloud system.
Moreover, our solution prevents MITM attacks by providing mutual authentication, as proven in the subsection ''Secure Lightweight E2E S2S Communication Negotiation''. For instance, the SDS can verify the origin of SDR by driving Sk SDR which is done by performing matching: ((Sk T CS Sk SDR ) Sk T CS ) = Sk SDR . Then, the SDS verifies whether it matches Sk SDS . If they are equal, then the security of the E2E S2S communication session is proven. An S2S device can launch a session for secure E2E S2S message delivery in the IoT-cloud system. Thus, our scheme can prevent MITM attacks.
Theorem 4: The proposed scheme does not attract the attention of eavesdroppers to MACLESS by using doublestegging.
Proof: The advantage of hiding information over cryptography alone is that the intended secret data do not arouse interest during data transfers between the SDS and SDR in the IoT-cloud system. Encrypted messages are visible and can thus attract attraction. Encryption only protects the contents of the data. By contrast, steganography hides the fact that secret data are being sent as well as the contents of these data. In the proposed scheme, the sensitive data SDS Pack = {Msg, ∈ ST (Stego-image)} are hidden in a cover image by using double-stegging based on DWT steganography St(MACLESS(Msg ), R T ). The double-stegging technique is used to increase the security of the concealed data. Therefore, the proposed scheme does not attract the attention of eavesdroppers, and the information remains unknown to possible attackers. Moreover, extracting data (Msg , R T ) from the stego-image is difficult because one selected coefficient carries MACLESS, and the concealment is performed twice. In addition, a distinct random number R T is generated and used only once for each message delivery procedure. Consequently, our scheme remains robust by not attracting the attention of eavesdroppers.
Theorem 5: The proposed scheme uses nonce parameters to deflect reflection attacks.
Proof: When a rightful SDS sends a login request to an SDR, an attacker attempts to eavesdrop on the login request (Msg, Msg , R T ) and replies with the same MAC of the SDS, , to the SDR. In the proposed scheme, an attacker cannot deceive the SDS or SDR because they do not possess the knowledge of the bio-vector Rv generated in the registration phase and securely kept in the CS. Moreover, for each session, Sk SDS and Sk SDR are generated once and constantly updated for use in the next session by applying (Sk SDS = (Sk SDS Sk T CS ) >R T ) and (Sk SDR = (Sk SDR Sk T CS ) >R T ), respectively. Hence, Sk SDi and R T are generated once to compute a one-time hashed value and a one-time MACLESS during secure message transmission for E2E S2S communication in the IoT-cloud system. In addition, an attacker does not acquire Rv to generate Sk SDi , which was previously sent from the CS to the SDS and SDR through the cryptographically-strong approach of ECC. Our proposed scheme can strongly withstand insider and reflection attacks. Theorem 6: The proposed scheme can withstand key guessing attacks.
Proof: The attacker may try to perform a guessing attack to guess the secret keys of both smart devices and the CS. Moreover, these keys are shared during the registration phase and protected using the ECC encryption operation of the SDS and SDR. When the attacker tries to use such an attack to obtain the secret keys of the SDS and SDR, the attacker must successfully pass the mutual authentication mechanism. In addition, the secret keys Sk T CS , Sk SDS and Sk SDR are only kept in the CS and corresponding smart devices (SDS and SDR) and are saved securely using ECC. Therefore, the proposed scheme can prevent online key guessing attacks.
Theorem 8: The proposed scheme can prevent brute force and dictionary attacks.
Proof: If we assume that the attacker attempts to damage our scheme by using possible combinations or an online guessing attack for obtaining the secret bio-key Sk SDi , the attacker or adversary fails to apply this attack because  he/she must try all possible combinations, totalling 2 3060 , to obtain the bio-key [(Sk SDi ) ∈ (Rv)→I i , E]; 2 3060 is a very large number of trials (Table 3), where 3060 is the length of the feature vector Rv. Moreover, Sk SDi is constantly changing and updated within a session T by (Sk SDi = (Sk SDi Sk T CS ) >R T ). Our work obviously prevents these attacks.

C. STEGANOGRAPHY ATTACKS
Theorem 1: The proposed scheme provides high-quality peak signal-to-noise ratios (PSNRs) for resisting visual attacks. Proof: Notably, the nature of steganography is to hide or embed sensitive information (Msg and R T ) by using a low-dimensional and minimally-complex cover image during a transmission between the SDS and SDR for E2E communication in the IoT-cloud system and vice versa. A visual attack attempts to extract the authentication and integrity value (Msg ) and random number R T by comparing the differences between a source image and a cover image. In the proposed scheme, we embed 4 bytes, which are the summation of 40 hexadecimal codes MACLESS(Msg ) bytes, instead of embedding the whole hashed value, which is a 40 hexadecimal sum. Thus, our scheme can reconstruct an image after embedding 4 bytes to closely resemble the source image; afterwards, we can accurately demonstrate the superiority of the quality of the reconstructed image. The reconstructed image does not attract the attention of an eavesdropper when he/she compares the cover image ST (MACLESS(Msg , R T )) transmitted between the SDS and SDR with the source image in the IoT-cloud system. The proposed scheme enhances the capability of the system to maintain integrity and improves the visual quality of stego-images. The high PSNR of the stego-image demonstrates that an attacker cannot detect the hidden parameters (Msg and R T ) (Table 4). Thus, our proposed scheme can strongly withstand visual attacks.

Theorem 2:
The proposed scheme is impervious against statistical attacks.
Proof: A statistical attack is typically attempted to extract hidden critical data [MACLESS (Msg ), R T ] from a cover image (ST) during E2E S2S transmission in the IoT-cloud system. Attackers attempt to statistically analyse the frequency of data in colour by using steganographic methods that work on stego-images. The DWT used to embed MACLESS in an image terminates statistical attacks [16], [29]. However, in the worst-case scenario, when an adversary successfully extracts critical data from the cover image via a statistical attack, the data in the new MACLESS encoding form cannot be understood or recovered. In addition, MACLESS is used only once for the message authentication code of each session. Thus, the expiration time is limited.
Theorem 3: The proposed scheme is robust against image-processing modifications and modification attacks.
Proof: Combining DWT with steganography to hide MACLESS St(MACLESS(Msg ), R T ) provides high robustness and imperceptibility [30]. Hence, we employ DWT in the proposed scheme to achieve robustness against different types of signal processing modifications, such as scaling, rotation, cropping, noise, or compression loss [29]. Thus, extracting or corrupting the secret data ((Msg ), R T ) becomes difficult for an attacker. In summary, our scheme simultaneously provides concealment, robustness, and imperceptibility to safeguard MACLESS in contrast with the schemes in previous works. Our proposed scheme can resist modification attacks.

VI. RESULTS AND DISCUSSION
This section demonstrates a comparative security analysis in terms of security features and a performance evaluation based on the cost of one calculation of the two phases of our scheme compared with the costs of other schemes in existing studies.

A. COMPARATIVE SECURITY ANALYSIS
This section provides a comparison of the security features presented and discussed before in Section V with those of recent related works, as shown in Table 5. Such a comparison is useful for judging the functionality and competence of the proposed method. Table 5, shows that the proposed method provides secure communication in the IoT-cloud system, biometric key management, biometric MACs, authentication code anonymity for each session, and a temporary variable-length bio-salt key for each session, while other methods do not. Additionally, only our method and the method of Chen et al. [30] provide mutual authentication, which is essential for preventing MITM and reply attacks; these attacks are threats to the proposed schemes in the works of Mohseni-Ejiyeh et al. [22], Alizai et al. [23], and Abro et al. [24]. The proposed work can prevent parallel session, forgery, brute force and dictionary attacks, to which the schemes of Mohseni-Ejiyeh et al. [22], Alizai et al. [23], Abro et al. [24], and Chen et al. [30] are vulnerable. Unlike the proposed work, the schemes of Mohseni-Ejiyeh et al. [22], Abro et al. [24], and Chen et al. [30] lack multi-factor authentication, which is a strong aspect of authentication provided by the method of Alizai et al. [23]. In addition, our scheme uses a double-stegging mechanism to hide the important parameters for the communication process between smart devices in the IoT-cloud system, and this is not provided by other methods.

B. PERFORMANCE AND IMPLEMENTATION ANALYSIS
A performance analysis of our work is estimated by comparing it with Byoungjin Seok et al. [31]'s scheme, as shown in Table 6. The notations used are illustrated at the end of this table along with their evaluated time costs in milliseconds. Although our scheme is less efficient than [31]'s scheme in the registration phase, our scheme overcomes that of [31] in terms of the computation time of the secure message delivery between D2D or E2E S2S devices in the IoT-cloud phase, as seen in Table 6. For the comparison to be fair, giving guaranteed security in the registration phase for our proposed method using asymmetric ECC, the computational cost is reasonable. In addition, as we explained previously, the registration phase is carried out only once. The secure lightweight E2E S2S communication negotiation mechanism costs additional time before the messages start to be sent between the two parties, but it is very effective in providing mutual authentication between devices that want to communicate with each other. Mutual authentication provides better security features, such as the prevention of illegal devices, replay attacks, spoofing attacks, and MITM attacks, than the method of [31], see Table 5. for details. Additionally, such a negotiation mechanism is needed only once for each message delivery session; then, both parties can send an unlimited number of messages whenever they want during each session. Secure E2E S2S lightweight message delivery requires 0.0433 s, which is considered a reasonable time cost, while providing high security by using double-stegging to keep sensitive parameters confidential. Therefore, our scheme can be considered efficient for E2E S2S secure message delivery in IoT-cloud systems.

VII. CONCLUSION
We present a lightweight E2E S2S communication scheme that differs from those of previous works to ensure secure message delivery in IoT-cloud systems. We develop our scheme based on two features. The first is secure, lightweight E2E S2S communication negotiation, which is important for providing mutual authentication and an organized, secure group of smart devices. The second is secure E2E S2S lightweight message delivery, which is used to securely send a message between a pair of smart devices. The proposed model can achieve higher efficiency than that of [31] because the time required for secure message delivery for E2E S2S devices in an IoT-cloud system is 0.0433 s. Thus, the secure message delivery process in this scheme requires minimal time consumption and is compatible with energy-constrained devices, which are practical choices for secure E2E S2S communication. Additionally, our work can provide mutual authentication for the prevention of MITM attacks and can prevent well-known threats such as replay, forgery, parallel session, reflection, offline guessing, online guessing, brute force, dictionary, statistical and visual attacks, as proven by the conducted security analysis. This technique can also be used to maintain message authentication, verify the integrity of received messages, and prove the origin or identity of the sender. Overall, our scheme is simple to use, and it is secure. He is currently a Professor with the School of Cyber Science and Engineering, Huazhong University of Science and Technology. He has authored more than 120 articles published in related international conference proceedings and journals and holds more than 20 patents. His current research interests include information security, quantum computing, and artificial intelligence.
ZAID AMEEN ABDULJABBAR received the bachelor's and master's degrees in computer science from Basrah University, Iraq, in 2002 and 2006, respectively, and the Ph.D. degree in computer engineering from the Department of Computer Science and Technology, Huazhong University of Science and Technology, China, in 2017. His research interests include cloud security, searchable encryption systems, similarity measures, the Internet of Things, secure computation, biometric, and soft computing. He has published regular articles in many IEEE International Conferences and High-quality articles in SCI journals, and has got the Best Paper Award and published in the 11th International Conference on Green, Pervasive, and Cloud Computing (GPC16), Xian, China, in May 2016. He has always served as a Reviewer for several prestigious journals, and has served as the PC Chair/PC member for more than 20 international conferences.