Lightweight IoT Mutual Authentication Scheme Based on Transient Identities and Transactions History

Robust authentication of Internet of Things (IoT) is a difficult problem due to the fact that quite often IoT nodes are resource-constrained and lack the storage and compute capability required by conventional security mechanisms. We propose, in the current paper, a new lightweight multi-factor authentication scheme for IoT nodes that combines temporary identities and challenge/response based on transactions history. The approach allows IoT nodes to anonymously and mutually authenticate in an unlinkable manner. We evaluate the efficiency of the proposed scheme, and establish the security of our protocol through informal security analysis and formally by using the automated validation of Internet security protocols and applications (AVISPA) toolkit.