A Robust Anonymous Remote User Authentication Protocol for IoT Services

The Internet of Things (IoT), as one of the hottest topics, supports resource-constrained devices which can communicate with each other at any time. Moreover, the communication must be secure on public networks, and it is sometimes necessary to control remote devices using a secure protocol. Consequently, designing a lightweight protocol is one of the challenging points to be addressed. So far, several lightweight protocols have been proposed―this paper analyzes one of the current lightweight authentication protocols for the IoT. Based on the previous protocol, a secure protocol has been suggested that inherits the benefits of the previous one, while it is completely safe against the proposed attacks. The proposed protocol fulfils mutual authentication using BAN logic, as a broadly accepted formal method in security analysis. Moreover, the proposed protocol resists well-known attacks and its security, communication overhead, and time complexity have been compared with similar protocols that show its efficiency for IoT applications. In the proposed protocol, users and IoT nodes share a secret key in 3.122 ms with 528 bytes communication overhead.