Lightweight Security for IoT

Abstract

With the ever-increasing demand for IoT Devices which enable all objects to connect and exchange information in applications such as healthcare applications, Industry 4.0, smart cities and smart homes, etc. IoT devices play a crucial role in our day-to-day life like homes, offices, healthcare, wearable, and agriculture. With the development of IoT devices, securing device-to-device communication has attracted more and more attention and we need to ensure the privacy and security of data amongst these IoT devices. User authentication has emerged as a major security concern while connecting IoT devices and the cloud. Many authentication schemes like mutual authentication, group authentication have been proposed to ensure only authenticated users and with very high confidence we can rely on the decision-making process. Symmetric key based as well as Asymmetric key-based solutions have been proposed but due to the resource constraint nature of the IoT devices designing lightweight, robust, provably secure authentication schemes is a big challenge. This paper discusses the various authentication techniques designed for low-powered IoT devices and proposes a lightweight authentication scheme for IoT.

Keywords

IoT authentication lightweight Industry 4.0 and security

1 Introduction

The Internet of Things has become the most familiar and hyped expression for business and technology. A lot of attention is being paid to the Internet of Things as it has become an important part of our lives. It should not be doubted that we are living in the IoT era. As per Gartner, it is expected that by 2020 there will be a total of 50 billion connected devices under IoT. An intelligent and autonomous network gets formed with a wide collection of low-power consuming sensor nodes geographically placed to each other in an unfamiliar environment to gather data from the surroundings. The main motive behind this deployment is Task-specific processing ability and to collect data from their surroundings. The multifunctional and self-organizing nature of IoT devices makes them very special. These things play a very important role in many applications like smart homes, smart cities, wearable technology, medical system, Industry, and smart cars. The phrase Internet of Things was first introduced by Kevin Ashton while working with Procter and Gamble in 1999. He suggested that computers be empowered to gather data with their means. Moreover, in the real world, things matter more than ideas. In IoT system devices like RFID systems, embedded systems, wearable devices, and low-powered 802.15.4 devices are being used for data collection and sensing. Data gets transmitted from one device to another with the help of intermediary devices like fog, edge computing, or cloud [7]. Short-range wireless technologies like Wi-Fi, Zigbee, and Bluetooth are being used to connect IoT devices with edge devices [8]. Out of all these technologies, Bluetooth has features like low power consumption, moderate date rate, and unlicensed band, making it desirable for wearable sensor nodes [1]. To ensure M2M applications, many devices interoperate with the Internet and IETF has standardized the protocols for 6LOWPAN at various layers so that all such devices may communicate. IPV6 packets get transmitted over a wireless channel with the help of the 6LOWPAN protocol [10]. Sensor nodes are usually distributed in an unattended environment where power outlets are not available and eavesdropping during the transmission is easily possible. Thus, trust crises, threats, and security challenges exist along with the development of 6LOWPAN [5].

Some of the drawbacks of the existing schemes explain that the computing resources of the IoT devices cannot afford asymmetric key based solutions. While implementing symmetric key based solutions the key-exchange consumes too much energy of the communicating entities. Integrity of the data stored with cloud repository is also required to be maintained for effective usage by the authorized entities.

1.1 Motivation

An important issue related to the security of the IoT is a major concern for the sustainability as well as the life of the companies [5]. In an architecture where thousands of IoT nodes will exchange data simultaneously, the weakest point is the IoT node [10]. IoT is highly vulnerable to various types of attacks due to numerous reasons like unattended ness nature, wireless communication due to which MIM is the most used attack, limited energy, and computational power. Conventional security features like authentication, authorization, non-repudiation, data integrity and confidentiality are crucial for IoT functioning. According to Gartner in the past few years, 20–25% of organizations have suffered one or the other IoT attack which may threaten national security [9]. The broad implementation of IoT got affected because security and privacy concerns have not been addressed completely till now. To handle all the mentioned concerns, there is indeed a huge requirement for effective technology like cloud-based solutions so that information shall get accessed anywhere anytime. There are a few public or private servers providing services that are not accessible without proper authorization. Authentication is to be considered the first line of defence to achieve secure communication. Therefore, designing a secure and lightweight authentication protocol for IoT environments is a non-trivial task [13] because sensor nodes have weak calculation and storage abilities in addition to constrained resources. With excellent authentication data gets transmitted safely between two parties over a public channel [16]. Thus, it is much crucial to check the organization of a client before allowing access to a particular service [1]. It is carried out by sharing some credentials between two parties. Several authentication schemes have been proposed for IoT [1 –20]. Das et al. [11] proposed and emphasized two main aspects of D2D access control i.e., authentication to support legitimate access and key agreement which can be used for the exchange of data between two devices. It also ensures that authenticated clients can only communicate with authenticated servers as well as communicating parties can negotiate a key to be used for future communications over the Internet. One of the major challenges in designing an effective authentication protocol is to create a balance between security, privacy, and computational cost. Any device can be authenticated based on three different parameters a password that he knows, a smart card that he owns, and biometrics representing who he is [19]. Authentication takes place to withstand numerous security solutions such as man-in-the-middle attacks, replay, trace-ability attacks, user impersonation as well as sensor impersonation, etc. Figure 1 shows the interconnectivity of various types of devices under one common system named IoT.

Fig. 1

IoT Ecosystem, including major applications.

The majority of low-end IoT devices have limitations concerning resources like communication, small storage, and computation, and underpowered processors preventing them from efficiently evaluating cryptographic calculations, thus leading to more security challenges that need to be addressed, such as privacy preservation, authentication, and integrity of the data being traversed [3, 4]. Owing to these limitations and resource constraints IoT devices cannot perform conventional cryptographic calculations. Thus, these devices either have limited security or no security. The most common attacks include the fabrication of packets, cloning of the nodes, and eavesdropping thus privacy, availability, data authentication, and integrity represent the most important security parameters for service users and application users. All of these need to be taken into consideration while planning the security of applications and services. [9] Symmetric key Cryptography solutions are very energy efficient, but they have security disadvantages if a single node gets compromised then the entire network shall get compromised. Not only cyber-attacks can be performed on IoT devices of the companies but they also pose numerous threats to human lives through the data they collect and share over the unsecured network like health-related data for a patient if gets intercepted by some intruder will cause problems to the treatments of the patient. The computational overhead of symmetric ciphers is relatively less as compared to the asymmetric cipher because of which they are more suitable except for elliptical curve cryptography. Symmetric encryption is easy to deploy and has high efficiency. But major problem lies with the same key to be used at both ends and once the same is known to the third party, the communication data will be lost. Some of the design parameters to be considered while finalizing the type of encryption include Encryption Mode and Block Size, resource utilization, and encryption execution time.

1.2 Network model

The network model describes the communication of different entities in the system. The network model used in this model consisted of three different types of entities namely the IoT node, the gateway device, and the cloud server. Figure 2 represents the network model of our scheme. The IoT node a resource-constrained device gets registered and needs to be authenticated by the server. The gateway acts as an intermediator between the sensor node and the cloud server usually a router having more resources than the IoT node. The cloud server is very rich in resources and it is also assumed that the gateway device can directly communicate directly with the server. It is also assumed that a sensor node must be in the communication range of a minimum of one gateway device.

Fig. 2

Network model for proposed algorithm.

Before initiating the communication between the sensor node and the cloud server mutual authentication needs to be fulfilled by the server. Initially, the sensor node will share the details with the gateway and then the gateway will forward the details to the cloud server for the purposes of registration. Once the registration confirmation is received then the details will get stored in the local memory of the sensor node as well as the cloud server. Every time whenever sensor node wants to communicate with the server it will share the received confirmation details to prove the authenticity with the cloud server with the help of the gateway device. Finally, once verified the sensor node can start communicating with the cloud server.

1.3 Threat model

The threat model used is as follows:

The cloud is assumed to be a trusted node. However, an adversary can infiltrate the cloud’s database and steal all the data in it.

Channel can be intercepted and data exchanged can be obtained by the adversary, and he can apply replay attacks with the previously sent data.

We assume that the identity of the smart device can be compromised and the adversary can pretend itself as another device of the system and can communicate with the cloud.

Well known Dolev-Yao threat model will be used to ensure secure communication between two parties in an insecure channel.

1.4 Security goals

Desirable security properties exhibited by a security protocol to be designated as robust as well as efficient include [2 , 9–11]:

Mutual Authentication and Secret-Key Exchange: Nodes communicating must perform mutual authentication and sharing of a secret key to protect their data from intruders.

Integrity and Freshness: Real content of the message gets devastated and may lead to non-desirable actions once alterations are applied to the original message.

Data Privacy: Any disclosure of confidential information carried out by IoT devices may disrupt business operations and may vary from benign to severe. Thus, security protocols need to ensure the privacy of the data even if the data gets stolen by an adversary.

Identity Anonymity: It is pretty much desirable to protect the identity of the devices as well as other network devices and should remain anonymous to prevent MITM attacks.

Lightweight Ness: Limited computations and communications must be performed by resource-deprived IoT devices side by side achieving the highest level of security.

The organization of the paper is as follows: Section 2 presents related recent work for authentication in IoT as well as illustrates various preliminaries such as security requirements, authentication protocols, the taxonomy of IoT authentication goals, and the ECC. The proposed lightweight authentication protocol is presented in Section 3. Finally, Section 4 concludes with future scope of the current study.

2 Related work

Important security essentials include data authentication along with integrity for users of services and applications which need to be taken into consideration while planning security and services for smart devices. Thus, the data transmitted between the smart devices need to ensure integrity and authentication as well as confidentiality. Well-known attacks like replay, forgery, parallel session, dictionary, Man in the middle, online-offline guessing, and various other attacks hinder the communication between smart devices and affect the confidence of the users of the smart devices. General and lightweight authentication frameworks were highlighted in smart cities for the Internet of Things (IoT). Device authentication is one of the fundamental concerns used for identifying the identity of IoT devices involved in communication and thus ensuring effective access control. Research efforts have been highlighted in the design of effective authentication of IoT devices. However, here, we highlight some of the research proposals for the authentication of IoT protocols.

A lightweight and mutual authentication-based approach was proposed by A. Esfahani et al. [5] for IIoT based on the hash function and XOR operations. The proposed scheme was divided into two phases one for the registration and the second for the authentication of the devices. Identity confidentiality and resistance against numerous attacks like the replay attack, the man-in-the-middle attack, the impersonation attack, and the modification attack were provided. Finally, the scheme was characterized by computational cost, communication, and storage overhead. Similarly, Y. Qiu [50] designed an enhanced mutual authentication scheme for devices in 6LoWPAN networks. Included three phases namely the pre-deployment phase, authentication and key-establishment phase, and handover phase. ECC was used for key agreements, and ECDH was used for security. Formal verification was done using AVISPA. User authentication and key agreement scheme based on biometric verification using fuzzy extraction techniques were proposed by J. Srinivas [52]. Three different factors were used to enhance the security including smart card, password, and biometrics information. Formal security verification was carried out with the help of the RoR model and AVISPA. A practical demonstration was carried out using NS2. Throughput and end-to-end delay are considered important network performance parameters. System timestamps were also used to avoid replay attacks. PBTree and chameleon authentication trees were combined to propose a PCAT to achieve a verifiable range query in data streaming in the study given by J. Xu [51]. Various phases were suggested like initialization, data appending, query, and verification. G. Gaba [32] proposed ECQV based lightweight key exchange platform for key generation amongst entities under Industry 4.0. The proposed scheme was tested on AVISPA and displayed strong resistivity against well-known potential attacks. The usage of symmetric as well as asymmetric key cryptography in addition to keyed-hash algorithms was done to achieve robustness. A third-party certificate issuing authority was used to conduct mutual authentication. S. Garg [14] presented an algorithm that relied on ECC, physically unclonable functions, hash functions, and, XOR operations. AVISPA was used to evaluate the security of the proposed scheme. Before initiating the transmission between any two nodes, the server will verify the nodes’ authenticity as per the proposed scheme. [72] Presented literature study on data offloading approaches at edge and fog nodes in IoT and related security issues.

S. S. Ullah [58] proposed an NDN-Based framework using a hyper elliptic curve cryptosystem to reduce cost by using a smaller key size compared to an elliptic curve cryptosystem. The algorithm was proposed to secure healthcare-related data. Four elements were considered network manager, consumer, provider, and routers with caching capability. For the computation of cost analysis bilinear pairing, point multiplication of bilinear pairing, exponentiation, and point multiplication of ECC were considered. The validity of the proposed scheme was done using AVISPA. The identity-based signature scheme was proposed in the study given by S. S. Ullah [12]. The main contribution was related to content poisoning attacks against NDN networks. Z. Xu [22] proposed a lightweight security authentication scheme to guarantee forward secrecy for body area networks without using asymmetric cryptography. ProVerif was used to analyse informal security. Dolev-Yao threat model was used to assume parties communicating over a secure channel. S. Banerjee [37] and B. H. Taher [6] highlighted the need for a secure and lightweight authentication mechanism for healthcare. Proposed three-factor authentication using the password, smart card, and biometrics of the user in the study without storing any information with the gateway node. [73] Highlighted mapping of unknown terrains through adaptive squashing function using simultaneous localization and were able to track target orientation angles more efficiently as compared to conventional fixed slope squashing function. In [16] both fingerprint and biometrics was used to enhance the security of the proposed approach with a perceptual hash function. Also, in [49] C. Wang proposed an enhanced three-factor user authentication scheme using ECC wherein the security was proved using BAN logic and heuristic analysis. RoR model with BAN logic was used for the system’s security and validation of the scheme was done using AVISPA. To avoid replay attacks, current timestamps are being used. In addition to these, registrations can be done dynamically. X. Lu [56] proposed a secure and lightweight data-sharing scheme for IoMT to ensure privacy, authorized access, and efficient integrity. M. A. Khan [47] presented a secure framework with a cloud framework using ECC and another smart key to enhance the system’s security. Authentication scheme using SHA-512 algorithm and using patient’s biometrics along with user name and password. The simulation was done using Java and NS3. Average encryption and decryption time was found to be much smaller than RSA and ECC. Three-factor authentication protocol for WMSN with forwarding secrecy using ECC was proposed by X. Li [53]. To handle the verification of local password contradiction and device loss attacks fuzzy verifier and honey list techniques were used. For biometric recognition, a fuzzy commitment scheme was adopted. Practical evaluations were done using NS-3. K. Park [35] proposed a lightweight authentication and key agreement scheme without using any server-based verification table. BAN logic was taken into consideration to ensure security against various potential attacks. Security verifications were done using AVISPA and the simulation study was done using NS2. A. K. Sahu [34] proposed a lightweight multi-party authentication and key establishment scheme for healthcare devices. Identity-based encryption a lattice-based cryptographic construct and SHA-3 were used to achieve security and are tested by Scyther. Z. Zhao [42] constructed a novel lightweight privacy-preserving data-sharing scheme. Lightweight computations were achieved using ECC, XOR, and hash functions. To generate public and private secrets a trusted authority is used. D. Kwon [33] and Z. Liu [36] used physically unclonable functions and biometrics to propose a three-factor-based mutual authentication scheme. The scheme [47] was secure enough against several security attacks and provided anonymity and perfect forward secrecy. BAN logic along with the RoR model and AVISPA was used for analysis and simulations whereas in [13] NS3 was used for simulations along with the RoR model for formal security analysis. D. Sadhukhan [26] proposed an ECC-based authentication scheme to preserve privacy and data confidentiality using three-factor authentication. Registration for all the devices was done on the gateway node. Certificate authority was used for the generation of the certificates for the communicating entities. During the study, the hash digest of the three parameters was calculated. The system model [47] comprises the user, gateway, and wearable device. CK-adversary and Dolev-Yao models were used for attack assumptions. In [13] the gateway node stores a single CRP for every device in comparison to storing a set of CRPs for every device as is done by other researchers. Whereas in [31] W. Liu proposed a multi-factor remote authentication scheme with the help of identity, password, and biometrics for crowdsourcing IoT applications. Proofing of the proposed scheme was done using chaotic map zero knowledge since it has a lower key size and computational overhead. Security proofing was done using RoR and BAN logic. Authentication can be done either by the server or the gateway in the proposed scheme. For simulation, the ProVerif tool was used by the researchers.

F. Wua [55] proposed a lightweight scheme for wearable devices communicating with the help of the cloud server. ProVerif was used to verify reachability and correspondence assertion. R. Amin [57] proposed architecture for the distributed cloud environments and smart cards were used to perform the authentication. For simulation purposes BAN logic and AVISPA were used by the researchers. A control server was used to connect cloud servers located in a distributed manner. Some of the parameters used for comparing the performance of the proposed scheme with existing schemes include computation cost, storage, communication overhead, and, communication mode. ProVerif simulator was also applied to measure the security strength. S. A. Chaudhry [30] proposed an Alaska-IoT protocol to ensure security against device impersonation and man-in-the-middle attacks. Formal validation of the proposed scheme was done using the RoR model. Timestamp was used to identify the freshness and verification of equalities. Some of the parameters for calculation of communication costs included were SHA-1 with 160-bit size, RSA and ECC with 1024 and 320 bits, and, the size of the timestamps was taken as 32 bits long. Y. Yilmaz [29] in 2019 with the combination of RC5 and ECC proposed a mutual authentication protocol. The functionality was verified on Zolertia RE-mote IoT devices. The elliptic curve digital signature algorithm was used for the validation of the server by the client and to ensure the integrity of the data. The elliptic curve Diffie-Hellman was employed to generate the secret key to be used with RC5. For experimental analysis energy consumption, RAM, ROM usage, and time of completion for implementing the protocol were taken into consideration. H. Huang [28] designed a lightweight pseudonym identity-based authentication protocol. The security of the protocol was analysed using AVISPA and Scyther. The proposed protocol was only dependent on hash functions and XoR operations due to energy-bound computing resources. Biometrics and passwords for a particular user were considered while registering with the cloud server. The four-way handshake was used for mutual authentication and key agreement between the designated three parties. Dolev-Yao adversary threat model is being used for evaluating threats. J. Yu [7] proposed a lightweight attribute-based encryption scheme for IoT devices. The scheme was dependent on ciphertext-policy encryption as well as key-policy attribute-based signature. In addition to this constant size signature and public verification, satisfaction was the key motive for the proposed approach. Fog nodes bear the computing overhead related to signature, verification, and decryption. Central authority was used for the generation of public parameters as well as for keeping the master secret key. B. Hammi in [27] presented a novel approach for OTP generation with the help of elliptic curve cryptography. The scheme was implemented using java and the results obtained were compared with a hash-based one-time password and time-based one-time password schemes. The integrity of the transmitted messages was also ensured in the proposed algorithm. A new key for every message was generated with the help of the elliptic curve Diffie-Hellman exchange algorithm. C. Trinh [25] proposed LBCbAP a lightweight CRAFT block cipher-based security protocol that converts a 64-bit PT into a 64-bit CT using a 128-bit secret key. GNY logic and the Scyther tool were used for the security analysis of the proposed scheme. T. Alladi [54] et al. for the authentication and attestation of electronic control units inside the Internet of Vehicles proposed a secure and lightweight scheme for the verification of firmware and software installed with these moving vehicles. PUFs scheme was used to collectively perform authentication and attestation. ECC is being used to protect privacy and enhance security. ProVerif was used for the verification of the proposed algorithm. H. Lee [24] et al. proposed a lightweight authentication scheme using XOR, hash algorithm, and symmetric cryptography for IoT devices. ProVerif tool used for formal security analysis in the proposed algorithm. BAN logic was taken into consideration for authentication proofing to ensure that the participating entities trust each other based on freshness, reliability, and the source of the message. B. Zhao [48] et al. proposed remote authentication of the identity of the ending devices using ePUF (Encrypted Physically Unclonable Function) which uses the metadata of the sensor node along with PUF. The identity-based encryption scheme was used which uses quadratic residues to encrypt the PUF authentication process. Some of the phases considered during the analysis include enrolment, MDS verification, session key creation, and the PUF verification phase. A. Shahidinejad [23] et al. introduced a three-layer lightweight scheme Light-Edge for IoT devices. The devices and the servers were registered with the trust centre for communication and at the trust centres, time and delay thresholds were also defined. Validation of the proposed approach was done using AVISPA. Mutual authentication was performed to meet the anonymity security requirements. In [16] Nan Li et al. proposed a public key-based n-pass lightweight mutual authentication scheme to balance the efficiency and the communication cost without affecting the security of the scheme for smart cities whereas P. Zhang et al. [19] proposed a tag-based authentication scheme for the physical layer. A novel public-key encryption scheme for smart city applications was used to find out the results. The proposed protocol was proven to perform better than RSA and the ECC. The Cooja simulator was used to conduct the experimental evaluations. [56] X. Lu et al. guaranteed medical user data privacy and authorized access by proposing a lightweight and secure scheme based on identity-based broadcast encryption. Computation cost and communication cost were calculated to evaluate the security of the proposed scheme. A security Mediator was used to overcome the burden of the patients. Albela et al. compared the two most used TLS algorithms i.e., ECDSA and RSA in terms of computational power, security, scalability, and throughput [18]. During the comparison, energy consumption and the average time transaction were measured when a 512-byte JSON file was downloaded 100 times. [38] A. Diro et al. The proposed scheme saved communication bandwidth and incurs less overhead. Outperformed TLS in terms of resource usage. Used a smaller number of handshakes because of which the number of transmitted messages decreased. [46] S. Zhang et al. in 2020 based on DLP and DHP proposed user authentication and key agreement scheme for underwater networks. The one-way hash function, BAN logic, Random Oracle model, and chaotic maps were used to accomplish the desired security. Two rounds of four messages were flown to ensure mutual authentication in the proposed algorithm. The proposed scheme claimed that it can meet seven security goals and ten requirements of security. [41] Nakkar et al. proposed an edge-based lightweight authentication protocol by reducing cloud dependency, and latency and messages related to session keys were broadcasted derived from hash functions. The proposed scheme was used for medical emergency applications and during the implementation clustering of the devices was done. The main disadvantage of the proposed scheme was related to the shared key which must be known to all devices in advance. Y. Chen [17] for mobile payments presented a lightweight and privacy-preserving protocol for IoT. The concept of batch verification was adopted to address the scalability issue. In the algorithm scheme of a unidirectional certificate less proxy re-signature along with public key encryption was proposed. Four different entities were used during the analysis like trusted system authority, app, merchant server, and the pay platform. Fog nodes-based resource-efficient security scheme proposed by the authors. N. Li et al. in [16] designed a public key encryption-based lightweight mutual authentication protocol for smart city applications. The proposed scheme takes the help of modulo addition, subtraction, and multiplication and avoids exponential computation. A balance was maintained between efficiency and communication cost. A certificate-less lightweight pairing-free protocol suitable with Zigbee 3.0 was proposed by P. Tedeschi et al. [15]. In the proposed scheme no certificate is required from a trusted third party. The proposed protocol helped in the reduction of latency, energy, and message overhead and improved scalability. The proposed algorithm like supports both CSMA and the TSCH protocol. [14] S. Garg et al. in 2020 proposed a hierarchical approach based on lightweight authentication and key agreement protocol for industry 4.0. AVISPA was used to validate the security protocol proposed using ECC. The server plays an important role in the mutual authentication of two devices in the proposed algorithm. Computational and communicational overhead was found to be reduced when compared with existing lightweight techniques. [74] proposed a deep learning-based brain tumour classification method technique. CNN was used to employ brain magnetic resonance image data whereas in [75] using Federative Learning the privacy of the patient’s data was maintained as well as an approach was proposed which combined different magnification factors histopathological images with information fusion. W. C. Wang et al. [60] Proposed SLATE for which the authentication was done using challenge-response pair. The proposed algorithm was found to be resistant against known attacks such as model building attacks and Boolean satisfiability attacks and was proved that the proposed algorithm performs better than common PUFs whereas L. Chen et al. and S. Banerjee presented a PUF-based entity authentication scheme to ensure trust between the devices. L. Chen took the help of Challenge-response pairs to represent reordered memory addresses to be used as challenges whereas S. Banerjee presented the protocol by utilizing bitwise X-OR operations and one-way hash functions. Different environmental conditions like temperature and magnetic field were used for the analysis. In the scheme, PUFs were considered as the signatures of the communicating devices. Raspberry Pi 3 is used during the analysis as a smart gateway in L. Chen’s algorithm and AVISPA was used by Banerjee. As proposed by S. Banerjee gateway node will act as an intermediator to authenticate two communicating devices. [12] M. Hossain et al. presented a P-HIP privacy-aware host identity protocol as a solution to uniquely identify HIP peers suitable for resource-limited IoT devices. A unique public key is computed every time a device communicates with another device. Authentication was ensured using ECQV-based cryptography as it unburdens from the computation overheads. No centralized certificate authority was considered as the total size of the certificates is much higher than the maximum transmission unit of IEEE 802.15.4. The proposed algorithm’s performance analysis demonstrated a reduction in computation, communication, and energy costs. A. K. Das et al. [11] proposed LACKA-IoT a certificate-based approach to ensure node authentication as well as key agreement. ECC and a one-way cryptographic hash function were used during the analysis along with the RoR model and AVISPA. The Dolev-Yao attack model as well as the network model was applied in the proposed algorithm. Parameters such as communication and computation costs, security, and functionality attributes were used for the purposes of the study. The clocks for all communicating devices were assumed to be synchronized. CNN based data security framework where hash of each data point was generated using Blockchain which will help in data leakage prevention was proposed in [76]. [43] S. Jebri et al. proposed ECC dependent identity-based encryption scheme for mutual authentication amongst IoT devices. Pseudonym-based cryptography was used for the generation of public and private keys. The authors validated the proposed scheme with the help of AVISPA. E. H. Teguig et al. [10] proposed to improve robustness against attacks like man-in-the-middle side-by-side ensuring key management and authentication with minimal computational time. Signature verification was also ensured in the proposed algorithm.

[45] L. Wang et al. published a Dynamic key generation algorithm based on a secure authentication scheme. The proposed algorithm ensures mutual authentication between fog devices as well as session-key updates. The proposed approach used physical layer Dynamic key generation, hash, and the symmetric key to achieve the targets. G. Gaba et al. [32] for the purposes of protecting distributed smart environments from unauthorized abuses proposed a robust and lightweight mutual authentication scheme. Certificates along with ECC were used during the analysis and supported the key agreement and mutual authentication amongst the communicating devices. Computational and communicational complexities were reduced. To evaluate the security strength against the Dolev-Yao model AVISPA was used. S. Ateiwi et al. proposed a multi-factor authentication for a hybrid cloud environment. In the proposed scheme data gets encrypted using RC6, Feistel encryption, and AES encryption scheme. With respect to accessing a particular file, multi-level authentication was proposed by the authors. Some of the parameters considered during the evaluation were security strength, encryption-decryption time, and computational time. The proposed architecture was implemented using the ns-3 simulator. An additional trusted authority was brought into the picture to approve or reject the requests of users made to access a particular file. A signature-based authentication scheme was presented by S. Challa et al. [9] Informal verification of the proposed algorithm was done using BAN logic and the formal verification was done using AVISPA. NS2 was also used to measure the impact on network performance parameters. The impact of varying the number of users was discussed with reference to throughput and end-to-end delay. A lightweight and secure session key establishment scheme was considered by S. Dey et al. [8]. A trusted third party was used to share the credentials so that a public key shall get generated between the communicating devices. Formal verification was done using HLSPL under AVISPA. A message sequence chart was also used to depict the message exchange between all the communicating devices.

2.2 Mutual authentication

Fagen [60] et al. in 2013 proposed a HOOSC an online-offline heterogeneous signcryption scheme to secure data transfer between the sensor node and the Internet host under which all heavy calculations are done in offline mode without the knowledge of the message and all light computations are done when the complete message is available. The proposed algorithm consisted of five phases setup, IBC users’ key generation, PKI users’ key generation, encryption algorithm to be run by sender offline, the sender will run online encryption algorithm once the complete message is available, unencrypt to be executed at the receiver end. End-to-end confidentiality, integrity, and authentication gets supported by a secure channel in addition to non-repudiation services get setup between an Internet host and a sensor node.

After deriving from F Constructed a machine M based on the machine D as follows

Distinct signatures ( ${(ID}_{S}^{*}, m)$ , h, θ, S) and ( ${(ID}_{S}^{*}, m)$ , h*, θ*, S*) are provided to M by running D.

V*=(h –h*) ^–1(θS –θ*S*)=1/(α+ ${\dot{ω}}_{s}$ ) Q = f (α)/(α+w_s) P gets computed by M.

Polynomial f as f (z)=ψ(z)(z + w_s)+ψ–1 for some polynomial $ψ (z) = Σ_{i = 0}^{q - 2} ψ_{i} z^{i}$ and some ψ–1 ∈ Z*p gets written when M uses long division.

Then f (z)/(z + w_s) was writtten as f (z)(z + w_s)=ψ(z)+(ψ–1)/(z + w_s) = $Σ_{i = 0}^{q - 2} ψ_{i} z^{i}$ + (ψ–1)/(z + w_s). Hence, M computed 1/(α+w_s) P = 1(ψ–1) (V* – $Σ_{i = 0}^{q - 2} ψ_{i}$ (xⁱP)).

Finally, the solution of q-SHDP (w_s, 1/(α+w_s) P) is displayed by M.

[61] Wei et al. in 2014 proposed a low-cost mutual authentication protocol for IoT devices. Simulations were done using Synopsys Design Compiler with SMIC library. The concept of mutual authentication along with a flexible key-management scheme was considered in the proposed solution. To reduce the cost of modular multiplication cost on large numbers low-cost multiplier architecture was also designed and a coupons injection protocol was proposed. Some of the drawbacks of the proposed scheme were storing coupons due to which the usage count of the tag will be restricted and the lack of security proof. ${PRNG (k}_{0}), y = r + (s \times {c) modq E}_{f} {(riP | | r}_{s} {| | Cert}_{Tag})$

Several security issues were discussed in the submission by K. Zhao et al. [62] as they elaborated on security concerns related to the perception layer. Some of the issues discussed include authentication, routing protocol, key management, and data fusion. Emphasized intelligent processing, reliable transmission, and comprehensive perception to be the important characteristics of IoT. Different types of attacks were also discussed concerning the perception layer. Layer wise Security measures for various attacks were also presented in the study.

An ECC-based low-power end-to-end mutual authentication protocol for transport layer secure communication was published by J. Granjal et al. in 2013 [63]. The concept of key agreement using an off-the-shelf platform was also targeted. Discussions included the security of the internet and overhead of the DTLS handshake from Internet-originated threats.

It was highlighted that the process of handshake requires more effort from the server than the client and is being mediated by a 6LoWPAN border router (6LBR). Other components like the CA server and AC server played important roles in the architecture. It was also highlighted that both ends use the same keying material. Also discussed various protocols used for the communication in IoT architecture as presented in Fig. 4. In [77] a multi-dimensional indoor localization model is proposed to optimize overall performance.

Fig. 4

Communication protocols in IoT [20].

[65] Adiga B. S. et al. in 2013 proposed an identity-based cryptosystem without allowing any key exchange and public-key infrastructure. Under this scheme, encryption is done at the wireless node level and decryption is performed at the level of centralized servers or gateways. The concept of super singular elliptic curves was used during the analysis. A novel prime generation algorithm was also proposed in the literature. For the computation, Tate Miller’s algorithm was used. Implementation was done using Java. S. Guichen [64] et al. highlighted the importance of ECC Cryptography concerning other public cryptosystems in IoT w.r.t. storage requirement, computing cost, and communication bandwidth. Security threats related to three different layers of IoT architecture were also discussed in the article as given in Fig. 3. RFID authentication protocols were categorized into three different classes Hash function and Pseudo-random number generator based shared key and random function-based and symmetric or asymmetric algorithms based.

Fig. 3

IoT security architecture [18].

The encryption process was displayed as follows.

X is represented by B as an element m in GF(p).

B identified k ∈ [1, n-1] to be the random number.

P₁=(x₁, y₁)=kP is calculated at the level of B

P₂=(x₂, y₂)=kQ is computed and it was assumed that if x₂ = 0, go to step 2.

B calculates c = m * x₂.

B finally sends (P₁, c) to A.

The decryption process was described as follows.

A compute the point Q_N = d Q₁ =(x₂, y₂), then x₂ is received.

A computes m = c.x₂^- 1 finally the message is received.

H. Ning et al. [66] presented a hierarchical authentication scheme based on an aggregated proof that was specially designed for layered networks for Unit IoT and Ubiquitous IoT. Cryptographic primitives named homomorphism function and Chebyshev polynomials were considered for designing the APHA algorithm. To describe the relationships of the directed path descriptors homomorphism function was applied whereas Chebyshev maps were used for authentication. Sensors and the targets authenticated each other lying under the jurisdiction of unit data centers. Similarly, unit data centers and industrial data centers identified as legal entities under national data centers authenticated each other during the analysis. Some security properties were also highlighted and the final analysis was done using BAN logic to analyze design correctness. Some of the notations used during the study include:

nDC→ National Data Center

iDC→ industrial Data Center

DC_a→ ath unit Data Center

S_b,T_j→ bth Sensor and jth Target

Grouping considered at unit IoT includes (S_b, T_j, DC_a) and at ubiquitous IoT includes (DC_a, iDC, nDC).

The homomorphic function was defined as ${F : F (x) = g}_{2} {* (g}_{1} {(x))}^{k (p - 1) + 1} \mod n = C$

Similarly, $F^{- 1} ({.) = F}^{- 1} {(F (x)) = g}_{2}^{- 1} {(c \mod p) / 10}^{d} = x$

Chebyshev polynomial value was also calculated in l of degree m. The Recurrence relation for the Chebyshev polynomial used is $T_{0} {(m) = 1, T}_{1} (m) = m,$ $T_{l} (m) = \cos (l . \arccos (m)) l > = 2$

An integrated and intelligent architecture was proposed by T. D. Premila Bai [67] for IoT and Cloud computing. As per the study, this architecture will allow the public to access services via any distributed mode. ECC certificates were brought into implementation to achieve complete protection against security risks. An intelligent system, security gateway, IP/MPLS core, and integrated cloud IoT platform were the four layers used for implementation. Different levels of authentication were applied with the given architecture.

[68] L. Feng et al. proposed an ECC-based mutual authentication protocol for the RFID system. Computation complexity, storage capacity, and communication overhead were considered to analyze the efficiency of the proposed technique. The authentication process included three different phases namely authentication request, tag verification, and reader verification.

M. Mahmud Hossain et al. [69] analyzed IoT security challenges and problems. During the study security issues, requirements, attack surfaces, and challenges were also surveyed. Security requirements regarding information, access level, and function were also presented in the study. Table 1 highlights all such concerns taking into consideration different layers of the IoT network as well as different modes of getting connected to the IoT network.

Table 1

IoT attack surface [29]

Network	Surface for attack
Local Network	Machine to Machineex. TV and Refrigerator communicating with each other.
	Machine to Coordinatorex. Thermostat and Sensor Hub Interface
	Coordinator to Gateway ex. Sensor hub and Sensor Gateway Medium
	Machine to Controllerex. Smart TV interfacing with Smartphone
Public Network	Controller to IoT Service Providerex. home devices getting controlled remotely with a smartphone
	Service to Service ex. Payment services for medical IoT

Vulnerabilities related to surface, security, end device, and communication in addition to the categorization of attacks were done. Finally, some future research directions were also discussed which might be unnoticed or poorly addressed by the security researchers to contribute to the research community interested in developing new schemes for securing IoT. From Fig. 5 various security threats as well as assets can be seen as given in [29].

Fig. 5

Threat model [29].

J. Granjal [70] et al. presented a survey to secure communications in IoT. Analyzed existing technologies and opened challenges and strategies for future research scope. Security items and security modes in IEEE 802.15.4 were also discussed to understand semantic security and protection mechanisms. Vijayalakshmi [71] et al. proposed Track Sector Clustering-based key management protocol using Hyper Elliptic Curve Cryptography. Power-aware routing protocol was also used to increase the packet delivery ratio and reduce delay [78 –82]. Encryption is performed using HECC and given as: ${Encrypted Data : Dm + - - {K}_{A} {, E}_{d} {+ P}_{A}}$ and at the receiver end data gets decrypted using the equation: $D_{E} {= E}_{d} + μ P_{B} {- N}_{B} {(K) = E}_{d}$

Metrics used to analyze the performance of the proposed scheme were end-to-end delay, residual energy, average throughput, packet encryption time, [83 –87] and decryption time. Finally, the proposed scheme inferred 37% enhanced throughput.

3 Proposed algorithm

There will be IoT Devices; Cloud and fog gateway devices to be deployed for transmission of the data captured at individual IoT devices. Some layers will be considered like the remote layer which contains actual consumers and data producers, the device access control layer responsible for the registration of the user devices, the data service layer responsible for the transmission of encrypted data, and finally, the fog device layer acting as an interface between the remote layer and the device access control layer. Some of the steps to be followed for the implementation of lightweight security protocol for IoT include:

Fog gateway registration over Cloud Device- In this phase, every fog device available in the network gets registered with the cloud machine so that all communication from the sensor to the cloud will pass through the cloud. Also, every sensor will get itself registered to the cloud machine by sending a request via the cloud machine.

User device registration over Cloud Device via Fog gateway- With this step, every IoT user device will get registered over Cloud machine but for sending a request for registration it needs to forward the same via fog gateway. Next time any device changes its location and gets attached to some other fog machine then in that case only parameters required by the device will be for the fog machine not for the cloud as it has only changed connectivity with the fog machine, not with the cloud environment.

Login Request by the Device- Once successfully registered communication can only be started if a device gets successfully logged into the cloud machine.

Forgot Password Request by the Device- This option will be used so that if in case any device forgets its registration permanent id provided by the cloud machine then the device can request the same from the fog gateway machine.

4 Conclusion and future scope

In this paper, an analysis of various mutual authentication-based security-related techniques has been done. Also, an improved version of the lightweight security protocol taking into consideration the usage of the Fog gateway node has been proposed. The benefit of this implementation is that all registration parts, login phase, and forgot password phase will be implemented in the cloud but all requests will be processed through the gateway node to the cloud. If an IoT device changes its location in the future new registration won’t be required and with the help of a previously generated permanent ID device will be able to access the services of the cloud. In future, the proposed scheme can be applied to group-authentication as well as for mobile-IoT devices.

Funding

The authors extend their appreciation to the Deanship of Scientific Research at Imam Mohammad Ibn Saud Islamic University (IMSIU) for funding and supporting this work through Research Partnership Program no. RP-21-07-06 and Princess Nourah Bint Abdulrahman University Researchers Supporting Project number (PNURSP2023R440), Princess Nourah Bint Abdulrahman University, Riyadh, Saudi Arabia.

Institutional review board statement

In this section, you should add the Institutional Review

Data availability statement

Available on request to corresponding author.

Footnotes

Acknowledgments

Conflicts of interest

The authors declare no conflict of interest

References

Ian Akyildiz

, Weilian Su , Yogesh Sankar Subramaniam and Erdal Cayirci , A Survey on Sensor Networks, IEEE Communications Magazine, August (2002).

Ian Akyildiz

and Ismail Kasimoglu

, Wireless sensor and actor networks research challenges, Elsevier Ad Hoc Networks 2 (2004), 351–367.

Esfahani

, Mantas

, Matischek

, Saghezchi

F.B.

, Rodriguez

, Bicaku

, Maksuti

, Tauber

, Schmittner

and Bastos

, A Lightweight Authentication Mechanism for M2M Communications in Industrial IoT Environment, IEEE Internet of Things Journal (2007), 1–8.

Hammi

, Fayad

, Khatoun

, Zeadally

and Begriche

, A Lightweight ECC-Based Authentication Scheme for Internet of Things (IoT), IEEE Systems Journal 14(3) (2020), 3440–3450.

Esfahani

, Georgios Mantas , Rainer Matischek , Firooz Saghezchi

, Jonathan Rodriguez , Ani Bicaku , Silia Maksuti , Markus Tauber , Christoph Schmittner and Joaquim Bastos , A Lightweight Authentication Mechanism for M2M Communications in Industrial IoT Environment, IEEE Internet of Things Journal 6(1) (2017), 288–296. DOI: 10.1109/JIOT.2017.2737630

Bahaa Hussein Taher , Huiyu Liu , Firas Abedi , Hongwei Lu , Ali Yassin

and Alzahraa Mohammed

, A Secure and Lightweight Three-Factor Remote User Authentication Protocol for Future IoT Applications, Hindawi Journal of Sensors 2021 (2021), 1–18. Article ID 8871204.https://doi.org/10.1155/2021/8871204

Jiguo Yu , Suhui Liu , Shengling Wang , Yinghao Xiao and Biwei Yan , LH-ABSC: A Lightweight Hybrid Attribute-Based Signcryption Scheme for Cloud-Fog-Assisted IoT, IEEE Internet of Things Journal 7(9) (2020), 7949–7966.

Shreya Dey and Ashraf Hossain , Session-Key Establishment and Authentication in a Smart Home Network using Public Key Cryptography, IEEE Sensors Letters 3(4) (2019), 1–4. DOI: 10.1109/LSENS.2019.2905020

Sravani Challa , Mohammad Wazid , Ashok Kumar Das , Neeraj Kumar , Alavalapati Goutham RedDolev-Yao , Eun-Jun Yoon and Kee-Young Yoo , Secure Signature-Based Authenticated Key Establishment Scheme for Future IoT Applications, IEEE Access 5, 3028–3043. DOI: 10.1109/ACCESS.2017.2676119

10.

Teguig

E.H.

and Touati

, Security in Wireless Sensor Network and IoT: An Elliptic Curves Cryptosystem based Approach, IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), 2019, 526–530. DOI: 10.1109/UEMCON.2018.8796578

11.

Ashok Kumar Das , Mohammad Wazid , Animi RedDolev-Yao Yannam , Joel Rodrigues

J.P.C.

and Youngho Park , Provably Secure ECC-Based Device Access Control and Key Agreement Protocol for IoT Environment, IEEE Access 7 (2019), 55382–55397. DOI: 10.1109/ACCESS.2019.2912998

12.

Mahmud Hossain and Ragib Hasan , P-HIP: A Lightweight and Privacy-Aware Host Identity Protocol for Internet of Things, IEEE Internet of Things Journal 8(1) (2021), 555–571. DOI: 10.1109/JIOT.2020.3009024

13.

Fadi Farha , Huansheng Ning , Karim Ali , Liming Chen and Christopher Nugent , SRAM-PUF-Based Entities Authentication Scheme for Resource-Constrained IoT Devices, IEEE Internet of Things Journal 8(7) (2021), 5904–5913. DOI: 10.1109/JIOT.2020.3032518

14.

Sahil Garg , Kuljeet Kaur , Georges Kaddoum and Kim-Kwang Raymond Choo , Toward Secure and Provable Authentication for Internet of Things: Realizing Industry 4.0, IEEE Internet of Things Journal 7(5) (2020), 4598–4606. DOI: 10.1109/JIOT.2019.2942271

15.

Pietro Tedeschi , Savio Sciancalepore , Areej Eliyan and Roberto Di Pietro , LiKe: Lightweight Certificateless Key Agreement for Secure IoT Communications, IEEE Internet of Things Journal 7(1) (2020), 621–638. DOI: 10.1109/JIOT.2019.2953549

16.

Nan Li , Dongxi Liu and Surya Nepal , Lightweight Mutual Authentication for IoT and Its Applications, Journal of Latex Class Files 14(8) (2015), 359–370. DOI: 10.1109/TSUSC.2017.2716953

17.

Yanan Chen , Weixiang Xu , Li Peng and Hao Zhang , Light-Weight and Privacy-Preserving Authentication Protocol for Mobile Payments in the Context of IoT, IEEE Access 7 (2019), 15210–15221. DOI: 10.1109/ACCESS.2019.2894062

18.

Manuel Suarez-Albela , Tiago M. Fernandez-Carames , Paula Fraga-Lamas and Luis Castedo , A Practical Performance Comparison of ECC and RSA for Resource- Constrained IoT Devices, Global Internet of Things Summit (GIoTS) (2018), 1–6. DOI: 10.1109/GIOTS.2018.8534575

19.

Pinchang Zhang , Jun Liu , Yulong Shen , Hewu Li and Xiaohong Jiang , Lightweight Tag-Based PHY-Layer Authentication for IoT Devices in Smart Cities, IEEE Internet of Things Journal 7(5) (2020), 3977–3990. DOI: 10.1109/JIOT.2019.2958079

20.

Syed Sajid Ullah , Saddam Hussain , Abdu Gumaei , Mohsin Alhilal

, Bader Fahad Alkhamees , Mueen Uddin and Mabrook Al-Rakhami , A Cost-Effective Approach for NDN-Based Internet of Medical Things Deployment, Computers, Materials & Continua 70(1), 233–249. https://doi.org/10.32604/cmc.2022.017971

21.

Soumya Banerjee , Vanga Odelu , Ashok Kumar Das , Jangirala Srinivas , Neeraj Kumar , Samiran Chattopadhyay and Kim-Kwang Raymond Choo , A Provably Secure and Lightweight Anonymous User Authenticated Session Key Exchange Scheme for Internet of Things Deployment, IEEE Internet of Things Journal 6(5) (2019), 8739–8752. DOI: 10.1109/JIOT.2019.2923373

22.

Zisang Xu , Cheng Xu , Wei Liang , Jianbo Xu and Haixian Chen , A Lightweight Mutual Authentication and Key Agreement Scheme for Medical Internet of Things, IEEE Access 7 (2019), 53922–53931. DOI: 10.1109/ACCESS.2019.2912870

23.

Ali Shahidinejad , Mostafa Ghobaei-Arani , Alireza Souri , Mohammad Shojafar and Saru Kumari , Light-Edge: A Lightweight Authentication Protocol for IoT Devices in an Edge-Cloud Environment, IEEE Consumer Electronics Magazine 11(2) (2022), 57–63. DOI: 10.1109/MCE.2021.3053543

24.

Hakjun Lee , Dongwoo Kang , Jihyeon Ryu , Dongho Won , Hyoungshick Kim and Youngsook Lee , A three-factor anonymous user authentication scheme for Internet of Things environments, Journal of Information Security and Applications 52 (2020), 1–14. https://doi.org/10.1016/j.jisa.2020.102494

25.

Cuong Trinh , Bao Huynh , Jan Lansky , Stanislava Mildeova , Masoumeh Safkhani , Nasour Bagheri , Saru Kumari and Mehdi Hosseinzadeh , A Novel Lightweight Block Cipher-Based Mutual Authentication Protocol for Constrained Environments, IEEE Access 8 (2020), 165536–165550. DOI: 10.1109/ACCESS.2020.3021701

26.

Dipanwita Sadhukhan , Sangram Ray , Biswas

G.P.

, Khan

M.K.

and Mou Dasgupta , A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography, The Journal of Supercomputing 77, 1114–1151. https://doi.org/10.1007/s11227-020-03318-7

27.

Badis Hammi , Achraf Fayad , Rida Khatoun , Sherali Zeadally and Youcef Begriche , A Lightweight ECC-Based Authentication Scheme for Internet of Things (IoT), IEEE Systems Journal 14(3) (2020), 3440–3450. DOI: 10.1109/JSYST.2020.2970167

28.

Huihui Huang , Siqi Lu , Zehui Wu and Qiang Wei , An efficient authentication and key agreement protocol for IoT-enabled devices in distributed cloud computing architecture, EURASIP Journal on Wireless Communications and Networking (2021), 1–21. https://doi.org/10.1186/s13638-021-02022-1

29.

Yildiran Yilmaz and Halak , A Two-Flights Mutual Authentication for Energy-Constrained IoT Devices, 2019 IEEE 4th International Verification and Security Workshop (IVSW), (2019), 1–6. DOI: 10.1109/IVSW.2019.8854438

30.

Shehzad Ashraf Chaudhry , Khalid Yahya , Fadi Al-Turjman and Ming-Hour Yang , A secure and reliable device access control scheme for IoT based sensor cloud systems, IEEE Access 8 (2020), 139244–139254. DOI: 10.1109/ACCESS.2020.3012121

31.

Wenzheng Liu , Xiaofeng Wang and Wei Peng , Secure Remote Multi-Factor Authentication Scheme Based on Chaotic Map Zero-Knowledge Proof for Crowdsourcing Internet of Things, IEEE Access 8 (2019), 8754–8767. DOI: 10.1109/ACCESS.2019.2962912

32.

Gurjot Singh Gaba , Gulshan Kumar , Himanshu Monga , Tai-Hoon Kim , Madhusanka Liyanage and Pardeep Kumar , Robust and Lightweight Key Exchange (LKE) Protocol for Industry 4.0, IEEE Access 8 (2020), 132808–132824. DOI: 10.1109/ACCESS.2020.3010302

33.

DeokKyu Kwon , YoHan Park and YoungHo Park , Provably Secure Three-Factor-Based Mutual Authentication Scheme with PUF for Wireless Medical Sensor Networks, Sensors (2021), 1–27. https://doi.org/10.3390/s21186039

34.

Amiya Kumar Sahu , Suraj Sharma and Deepak Puthal , Lightweight Multi-party Authentication and Key Agreement Protocol in IoT-based E-Healthcare Service, ACM Transactions on Multimedia Computing, Communications, and Applications 17(2s), 1–20. https://doi.org/10.1145/3398039

35.

Kisung Park , Sungkee Noh , Hyunjin Lee , Ashok Kumar Das , Myeonghyun Kim , Youngho Park and Mohammad Wazid , LAKS-NVT: Provably Secure and Lightweight Authentication and Key Agreement Scheme Without Verification Table in Medical Internet of Things, IEEE Access 8 (2020), 119387–119404. DOI: 10.1109/ACCESS.2020.3005592

36.

Zhenhua Liu , Changbo Guo and Baocang Wang , A Physically Secure, Lightweight Three-Factor and Anonymous User Authentication Protocol for IoT, IEEE Access 8 (2020), 195914–195928. DOI: 10.1109/ACCESS.2020.3034219

37.

Soumya Banerjee , Ashok Kumar Das , Samiran Chattopadhyay , Sajjad Shaukat Jamal , Joel Rodrigues

J.P.C.

and Youngho Park , Lightweight Failover Authentication Mechanism for IoT-Based Fog Computing Environment, Journal of Electronics (2021), 1–24. https://doi.org/10.3390/electronics10121417

38.

Abebe Diro , Haftu Reda , Naveen Chilamkurti , Abdun Mahmood , Noor Zaman and Yunyoung Nam , Lightweight Authenticated-Encryption Scheme for Internet of Things Based on Publish-Subscribe Communication, IEEE Access 8 (2020), 60539–60551. DOI: 10.1109/ACCESS.2020.2983117

39.

Soumya Banerjee , Vanga Odelu , Ashok Kumar Das , Samiran Chattopadhyay , Joel Rodrigues

J.P.C.

and Youngho Park , Physically Secure Lightweight Anonymous User Authentication Protocol for Internet of Things Using Physically Unclonable Functions, IEEE Access 7 (2019), 85627–85644. DOI: 10.1109/ACCESS.2019.2926578

40.

Gurjot Singh Gaba , Gulshan Kumar , Himanshu Monga , Tai-Hoon Kim and Pardeep Kumar , Robust and Lightweight Mutual Authentication Scheme in Distributed Smart Environments, IEEE Access 8 (2020), 69722–69733. DOI: 10.1109/ACCESS.2020.2986480

41.

Mouna Nakkar , Riham Altawy and Amr Youssef , Lightweight Broadcast Authentication Protocol for Edge-Based Applications, IEEE Internet of Things Journal 7(12) (2020), 11766–11777. DOI: 10.1109/JIOT.2020.3002221

42.

Zhuo Zhao , Chingfang Hsu , Lein Harn , Qing Yang and Lulu Ke , Lightweight Privacy-Preserving Data Sharing Scheme for Internet of Medical Things, Journal of Wireless Communications and Mobile Computing 2021, 1–13. https://doi.org/10.1155/2021/8402138

43.

Sarra Jebri , Mohamed Abid and Ammar Bouallegue , Ammar Bouallegue, LTAMA-Algorithm: Light and Trust Anonymous Mutual Authentication Algorithm for IoT, IEEE 87th Vehicular Technology Conference (VTC Spring), (2018), 1–5. DOI: 10.1109/VTCSpring.2018.8417686

44.

Saleh Atiewi , Amer Al-Rahayfeh , Muder Almiani , Salman Yussof , Omar Alfandi , Ahed Abugabah and Yaser Jararweh , Scalable and Secure Big Data IoT System Based on Multifactor Authentication and Lightweight Cryptography, IEEE Access 8 (2020), 113498–113511. DOI: 10.1109/ACCESS.2020.3002815

45.

Lin Wang , Haonan An and Zhuo Chang , Security Enhancement on a Lightweight Authentication Scheme With Anonymity Fog Computing Architecture, IEEE Access 8 (2020), 97267–97278. DOI: 10.1109/ACCESS.2020.2996264

46.

Shuailiang Zhang , Xiujuan Du and Xin Liu , A Secure Remote Mutual Authentication Scheme Based on Chaotic Map for Underwater Acoustic Networks, IEEE Access 8 (2020), 48285–48298. DOI: 10.1109/ACCESS.2020.2979906

47.

Mohammad Ayoub Khan , Mohammad Tabrez Quasim , Norah Saleh Alghamdi and Mohammad Yahiya Khan , A Secure Framework for Authentication and Encryption Using Improved ECC for IoT-Based Medical Sensor Data, IEEE Access 8 (2020), 52018–52027. DOI: 10.1109/ACCESS.2020.2980739

48.

Bo Zhao , Pengyuan Zhao and Peiru Fan , ePUF: A Lightweight Double Identity Verification in IoT, Tsinghua Science and Technology 25(5) (2020), 625–635. DOI: 10.26599/TST.2019.9010072

49.

Chenyu Wang

I.D.

, Guoai Xu and Jing Sun , An Enhanced Three-Factor User Authentication Scheme Using Elliptic Curve Cryptosystem for Wireless Sensor Networks, MDPI Journal of Sensors (2017), 1–20. https://doi.org/10.3390/s17122946

50.

Yue Qiu and Maode Ma , A Mutual Authentication and Key Establishment Scheme for M2M Communication in 6LoWPAN Networks, IEEE Transactions on Industrial Informatics 12(6) (2016), 2074–2085. DOI: 10.1109/TII.2016.2604681

51.

Jian Xu , Qingyu Meng , Jun Wu , James Xi Zheng , Xuyun Zhang and Suraj Sharma , Efficient and Lightweight Data Streaming Authentication in Industrial Control and Automation Systems, IEEE Transactions on Industrial Informatics 17(6) (2021), 4279–4287. DOI: 10.1109/TII.2020.3008012

52.

Jangirala Srinivas , Ashok Kumar Das , Mohammad Wazid and Neeraj Kumar , Anonymous Lightweight Chaotic Map-Based Authenticated Key Agreement Protocol for Industrial Internet of Things, IEEE Transactions On Dependable And Secure Computing 17(6) (2020), 1133–1146. DOI: 10.1109/TDSC.2018.2857811

53.

Xiong Li , Jieyao Peng , Mohammad Obaidat

, Fan Wu , Muhammad Khurram Khan and Chaoyang Chen , A Secure Three-Factor User Authentication Protocol With Forward Secrecy for Wireless Medical Sensor Network Systems, IEEE Systems Journal 14(1) (2020), 39–50. DOI: 10.1109/JSYST.2019.2899580

54.

Rashid

, Parah

S.A.

, Wani

A.R.

and Gupta

S.K.

, Securing E-Health IoT Data on Cloud Systems using Novel Extended Role Based Access Control Model, Internet of Things (IoT): Concept and Applications, Springer International Publishing, Springer Nature Switzerland AG, (2020), 473–489. DOI: 10.1007/978-3-030-37468-6_25

55.

Tejasvi Alladi , Sombuddha Chakravarty , Vinay Chamola and Mohsen Guizani , A Lightweight Authentication and Attestation Scheme for In-Transit Vehicles in IoV Scenario, IEEE Transactions on Vehicular Technology 69(12) (2020), 14188–14197. DOI: 10.1109/TVT.2020.3038834

56.

Fan Wua , Xiong Li , Lili Xu , Saru Kumari , Marimuthu Karuppiahe and Jian Shen , A lightweight and privacy-preserving mutual authentication scheme for wearable devices assisted by cloud server, Journal of Computers & Electrical Engineering 63 (2017), 168–181. https://doi.org/10.1016/j.compeleceng.2017.04.012

57.

Chunka

, Banerjee

and Gupta

S.K.

, A secure communication using multifactor authentication and key agreement techniques in internet of medical things for COVID-19 patients, Concurrency and Computation: Practice and Experience, Wiley 35(7) (2023), 01–22. https://doi.org/10.1002/cpe.7602

58.

Xiuqing Lu and Xiangguo Cheng , A Secure and Lightweight Data Sharing Scheme for Internet of Medical Things, IEEE Access 8 (2019), 5022–5030. I.D. 10.1109/ACCESS.2019.2962729

59.

Ruhul Amin , Neeraj Kumar , Biswas

G.P.

, Iqbal

and Victor Chang , A light weight authentication protocol for IoT-enabled devices in distributed Cloud Computing environment, Future Generation Computer Systems 78(Part 3) (2018), 1005–1019. https://doi.org/10.1016/j.future.2016.12.028

60.

Bhagat

, Kumar

, Gupta

S.K.

and Chaube

M.K.

, Lightweight Cryptographic Algorithms Based on Different Model Architectures: A Systematic Review and Futuristic Applications, Concurrency and Computation: Practice and Experience, Wiley 35(1) (2022), 01–27. https://doi.org/10.1002/cpe.7425

61.

Syed Sajid Ullah , Insaf Ullah , Hizbullah Khattak , Muhammad Asghar Khan , Muhammad Adnan , Saddam Hussain , Noor Ul Amin and Muazzam Khan Khattak

, A Lightweight Identity-Based Signature Scheme for Mitigation of Content Poisoning Attack in Named Data Networking With Internet of Things, IEEE Access 8 (2020), 98910–98928. I.D. 10.1109/ACCESS.2020.2995080

62.

Wei-Che Wang , Yair Yona , Yizhang Wu , Suhas Diggavi

and Puneet Gupta , SLATE: A Secure Lightweight Entity Authentication Hardware Primitive, IEEE Transactions on Information Forensics and Security 15 (2020), 276–285. DOI: 10.1109/TIFS.2019.2919393

63.

Fagen Li and Pan Xiong , Practical Secure Communication for Integrating Wireless Sensor Networks into the Internet of Things, IEEE Sensors Journal 13(10) (2013), 3677–3684.

64.

Kumar

, Chaube

M.K.

, Nenavath

S.N.

, Gupta

S.K.

and Tetarave

S.K.

, Privacy Preservation and Security Challenges: A New Frontier Multimodal Machine Learning Research, International Journal of Sensor Networks Inderscience 39(4) (2022), 227–245.

65.

Srivastava

, Gupta

S.K.

, Najim

, Sahu

, Aggarwal

and Mazumdar

B.D.

, DSSAM: Digitally Signed Secure Acknowledgement Method for Mobile Ad-hoc Network, EURASIP Journal on Wireless Communications and Networking, Springer, 2021 12 (2021), 1–29.

66.

Lili Wei , Zhaotong Luo , Qiang Qu , Qing He and Jingwei Xu , A Low-cost PKC-based RFID Authentication Protocol and Its Implementation, 2014 10th International Conference on Computational Intelligence and Security (2014), 415–419.

67.

Kai Zhao and Lina Ge , A Survey on the Internet of Things Security, 2013 Ninth International Conference on Computational Intelligence and Security, pp. 663–667.

68.

Jorge Granjal , Edmundo Monteiro and Jorge Sá Silva , End-to-end transport-layer security for Internet-integrated sensing applications with mutual and delegated E lustering Isolated Nodes to Enhan CC public-key authentication, IEEE Conference of Networking (2013).

69.

Shen Guichen and Yu Zhen , Application of Elliptic Curve Cryptography in Node Authentication of Internet of Things, 2013 Ninth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, pp. 452–455.

70.

Adiga

B.S.

, Rajan Ravishankara Shastry

M.A.

, Shivraj

V.L.

and Balamuralidhar

, Lightweight IBE Scheme for Wireless Sensor Nodes, IEEE Ants (2013).

71.

Ning

, Liu

and Yang

L.T.

, Aggregated-Proof Based Hierarchical Authentication Scheme for the Internet of Things, IEEE Transactions on Parallel and Distributed Systems 26(3) (2015), 657–667.

72.

Syed

, Gupta

S.K.

, Alsamhi

S.H.

, Rashid

and Liu

, A survey on recent optimal techniques for securing unmanned aerial vehicles applications, Transactions on Emerging Telecommunications Technologies, Wiley 32(7) (2020), 1–34.

73.

Premila Bai

T.D.

and Albert Rabara

, Design and Development of Integrated, Secured and Intelligent Architecture for the Internet of Things and Cloud Computing, 2015 3rd International Conference on Future Internet of Things and Cloud, pp. 817–822.

74.

Li Feng and Yao

, RFID System Mutual Authentication Protocols Based on ECC, 2015 IEEE 12th Intl Conf on Ubiquitous Intelligence and Computing (UIC-ATC-ScalCom), pp. 1644–1649.

75.

Md. Hossain

, Fotouhi

and Hasan

, Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things, IEEE 11th World Congress on Services, New York, NY, USA, pp. 1–8.

76.

Kumar

, Kumar

, Chaube

M.K.

, Gupta

S.K.

and Saket

R.K.

, Role of Mathematical Modelling and Learning Techniques for Privacy Preservation, GMSARN International Journal 17(1) (2023), 96–110.

77.

Jorge Granjal , Edmundo Monteiro and Jorge Sá Silva , Security for the Internet of Things: A Survey of Existing Protocols and Open Research issues, IEEE Communication Surveys & Tutorials, pp. 1–20.

78.

Dr. Vijayalakshmi

, Sharmila

and Shalini

, Hierarchi-cal Key Management Scheme using Hyper Elliptic Curve Cryptography in Wireless Sensor Networks, 2015 3rd International Conference on Signal Processing, Communication and Networking (ICSCN), pp. 1–5.

79.

Bali

M.S.

, Gupta

, Koundal

, Zaguia

, Mahajan

and Pandit

A.K.

, Smart Architectural Framework for Symmetrical Data Offloading in IoT, Symmetry 13 (1889), 1889. https://doi.org/10.3390/sym13101889

80.

Singh

K.J.

, et al., Map Making in Social Indoor Environment Through Robot Navigation Using Active SLAM, in IEEE Access 10 (2022), 134455–134465. DOI: 10.1109/ACCESS.2022.3230989

81.

Srivastava

, Kumar

, Gupta

S.K.

, Rashid

and Umrao

L.S.

, Novel Technique to Detect Network Error or Modification of Votes during Transmission in Online Voting System, Journal of Discrete Mathematical Sciences and Cryptography, Taylor & Francis 24(3) (2021), 729–743. DOI: 10.1080/09720529.2020.1794514

82.

Haq

A.U.

, Li

J.P.

, Khan

, et al., DACBT: Deep Learning approach for classification of brain tumors using MRI data in IoT healthcare environment, Science Rep 12 (2022), 15331. https://doi.org/10.1038/s41598-022-19465

83.

Haq

A.U.

, et al., DEBCM: Deep Learning-Based Enhanced Breast Invasive Ductal Carcinoma Classification Model in IoMT Healthcare Systems, IEEE Journal of Biomedical and Health Informatics, pp. 1–12, 2022.

84.

Agbley

B.L.Y.

, et al., Federated Fusion of Magnified Histopathological Images for BreastTumor Classification in the Internet of Medical Things, IEEE Journal of Biomedical and Health Informatics. doi: 10.1109/JBHI.2023.3256974

85.

Khan

and Altayar

, Industrial internet of things: Investigation of the applications, issues, and challenges, International Journal of Advanced Applied Sciences 8(1) (2021), 104–113.

86.

Khan

, et al., Secure Smart Healthcare Monitoring in Industrial Internet of Things (IIoT) Ecosystem with Cosine Function Hybrid Chaotic Map Encryption, Scientific Programming 2022(Article ID 8853448) (2022), 22.

87.

Keshta

, Soni

, Bhatt

M.W.

, Irshad

, Rizwan

, Khan

, Maaliw

R.S.

, Soomar

A.M.

and Shabaz

, Energy efficient indoor localisation for narrowband internet of things, CAAI Transactions on Intelligence Technology, (2023), 1–14.