Enhanced Authentication Protocol for the Internet of Things Environment
Chien‐Ming Chen, Xuanang Li, Shuangshuang Liu, Mu‐En Wu, Saru Kumari
Abstract
The Internet of Things (IoT) is among the most promising technologies of the future, and its development has garnered attention worldwide. However, the rise of the IoT has been accompanied by a proportionate increase in security concerns regarding communication between IoT entities. Recently, Alzahrani et al. proposed an identity-based authentication and key agreement protocol for an IoT environment, wherein a physically unclonable function was employed. They claimed that their protocol can resist various types of attacks; however, after thorough analysis, we determined it to be ineffective against privileged internal attacks, physical IoT device capture attacks, stolen-verifier attacks, and known temporary information exposure attacks. To resolve these security weaknesses, we propose a new authentication and key agreement protocol. In addition, we demonstrate that the proposed protocol is provably secure in real-or-random (ROR) model and Burrows–Abadi–Needham (BAN) logic, resisting known attacks while incurring low communication and computation costs.