# Toward Designing a Secure Authentication Protocol for IoT Environments

^{1}

^{2}

^{3}

^{4}

^{5}

^{6}

^{7}

^{8}

^{9}

^{10}

^{*}

## Abstract

**:**

## 1. Introduction

#### 1.1. Our Contributions

- We conduct the first independent security analysis of a recently proposed scheme [2], to the best of our knowledge;
- We demonstrate that assuming an adversary accesses long-term secrets and also monitors the messages transferred over the secure channel; it can retrieve the shared key at the end of the session.
- We demonstrate that an adversary with access to the user’s smartcard and the publicly transferred data on n subsequent sessions can extract the session key of $n-2$ sessions and also trace the user.
- We efficiently redesign Son et al.’s protocol to overcome the mentioned security flaws. Our cost analysis shows that the overhead of the new protocol is just 15.5%.

#### 1.2. Paper Organization

## 2. Preliminaries

#### 2.1. Notation

#### 2.2. Related Works

#### 2.3. Hash Function

- Collision Resistance: the computational complexity expected to find a pair $(M,{M}^{\prime})$ such that $M\ne {M}^{\prime}$ and $H\left(M\right)=H\left({M}^{\prime}\right)$ should be ${2}^{n/2}$.
- Preimage Resistance: given a message digest $Y\in {\{0,1\}}^{n}$, the expected computational complexity for finding a message M such that $H\left(M\right)=Y$ should be ${2}^{n}$.
- Second Preimage Resistance: given a message $M\in {\{0,1\}}^{*}$, the expected computational complexity to find a message ${M}^{\prime}\ne M$ such that $H\left(M\right)=H\left({M}^{\prime}\right)$ should be ${2}^{n}$.

#### 2.4. System Model

#### 2.5. SPP Description

## 3. Security Analysis of SPP

#### 3.1. Insider Adversary

#### 3.2. Key Recovery by an Insider Adversary

#### 3.3. Impersonation by the Insider Adversary

#### 3.4. The Lack of Perfect Secrecy

#### Traceability and Anonymity

## 4. Enhanced Protocol

#### 4.1. Initialization Phase

#### 4.2. Registration Phase

#### 4.3. Login and Authentication Phases

- 1.
- ${U}_{X}$ inputs $I{D}_{X}$ and $P{W}_{X}$ in $S{C}_{X}$. Then, $S{C}_{X}$ computes $r={A}_{X}\oplus H(I{D}_{X}\parallel P{W}_{X})$, $TI{D}_{X}={B}_{X}\oplus H(I{D}_{X}\parallel P{W}_{X}\parallel r)$, $PI{D}_{X}={C}_{X}\oplus H(TI{D}_{X}\parallel r)$, and checks $Aut{h}_{X}\stackrel{?}{=}H(I{D}_{X}\parallel P{W}_{X}\parallel r\parallel PI{D}_{X}\parallel TI{D}_{X})$. If they are equal, $S{C}_{X}$ generates ${a}_{X}\in {Z}_{P}$ and extracts the current timestamp ${T}_{1}$, and computes $HI{D}_{X}=H(I{D}_{x}\parallel r)$, ${M}_{1}=H(PI{D}_{X}\parallel H(HI{D}_{X}\parallel PW{D}_{X}))\oplus {a}_{X}$ and ${M}_{2}=H(TI{D}_{X}\parallel PI{D}_{X}\parallel {a}_{X}\parallel {T}_{1})$ and sends $(TI{D}_{X},{M}_{1},{M}_{2},{T}_{1})$ to $RS$.
- 2.
- When $RS$ receives the authentication request message $(TI{D}_{X},{M}_{1},{M}_{2},{T}_{1})$, verifies timestamp ${T}_{1}$ based on the current timestamp ${T}_{2}$ and given $TI{D}_{X}$ retrieves $H(HI{D}_{X}\parallel PW{D}_{X})$ from the stored $(TI{D}_{X},H(s\parallel TI{D}_{x})\oplus H(HI{D}_{X}\parallel PW{D}_{X}))$ in its memory and computes $PI{D}_{X}=H(TI{D}_{X}\parallel s)$ and ${a}_{X}=H(PI{D}_{X}\parallel H(HI{D}_{X}\parallel PW{D}_{X}))\oplus {M}_{1}$ to verify whether ${M}_{2}\stackrel{?}{=}H(TI{D}_{X}\parallel PI{D}_{X}\parallel {a}_{X}\parallel {T}_{1})$. Assuming it is valid, it generates ${b}_{X}\in {Z}_{P}$, computes $TI{D}_{X}^{new}=H(HI{D}_{X}\parallel PW{D}_{X})\oplus TI{D}_{X}\oplus {b}_{X}$, $PI{D}_{X}^{new}=H(TI{D}_{X}^{new}\parallel s)$, ${M}_{3}=H(H(HI{D}_{X}\parallel PW{D}_{X})\parallel PI{D}_{X})\oplus {b}_{X}$, ${M}_{4}=PI{D}_{X}^{new}\oplus H(TI{D}_{X}^{new}$$\parallel H(I{D}_{X}\parallel PW{D}_{X})\parallel {b}_{X})$, $SK=H(PI{D}_{X}\parallel {a}_{X}\parallel {b}_{X})$, and ${M}_{5}=H(SK\parallel PI{D}_{X}^{new}\parallel {T}_{2})$. Then it sends $({M}_{3},{M}_{4},{M}_{5},{T}_{2})$ to the user. The server also labelled $(TI{D}_{X},H(s\parallel TI{D}_{x})\oplus H(HI{D}_{X}\parallel PW{D}_{X}))$ as old and stores $(TI{D}_{X}^{new},H(s\parallel TI{D}_{x}^{new})\oplus H(HI{D}_{X}\parallel PW{D}_{X}))$ as the latest record for ${U}_{X}$.
- 3.
- ${U}_{X}$ verifies the received ${T}_{2}$ to compute ${b}_{X}=H(H(HI{D}_{X}\parallel PW{D}_{X})\parallel PI{D}_{X})\oplus {M}_{3}$, $TI{D}_{X}^{new}=H(HI{D}_{X}\parallel PW{D}_{X})\oplus TI{D}_{X}\oplus {b}_{X}$, $PI{D}_{X}^{new}={M}_{4}\oplus H(TI{D}_{X}^{new}\parallel H(HI{D}_{X}\parallel $$PW{D}_{X})\parallel {b}_{X})$, and $SK=H(PI{D}_{X}\parallel {a}_{X}\parallel {b}_{X})$, and checks whether ${M}_{5}\stackrel{?}{=}H(SK\parallel PI{D}_{X}^{new}\parallel {T}_{2})$. If they are equal, the session key is established. After that, ${U}_{X}$ computes ${B}^{new}=TI{D}^{new}\oplus H(HI{D}_{X}\parallel P{W}_{X}\parallel r)$, ${C}^{new}=PI{D}^{new}\oplus H(TI{D}^{new}\parallel r)$, and $Aut{h}^{new}=H(I{D}_{X}\parallel P{W}_{X}\parallel r\parallel PI{D}_{X}^{new}$$\parallel TI{D}_{X}^{new})$. Subsequently, ${U}_{X}$ updates $({B}_{X},{C}_{X},Aut{h}_{X})$ to $({B}^{new},{C}^{new},Aut{h}^{new})$ in $S{C}_{X}$.

#### 4.4. Password Change Phase

## 5. On the Security and Efficiency of the Enhanced Protocol

Protocol | User | Server |
---|---|---|

[GKK+, 2019] 76] | $3{T}_{mn}+4{T}_{hn}\approx 75\phantom{\rule{3.33333pt}{0ex}}\mathrm{ms}$ | $6{T}_{ms}+8{T}_{hs}\approx 15.345\phantom{\rule{3.33333pt}{0ex}}\mathrm{ms}$ |

[BKC+, 2022] [75] | $3{T}_{mn}+6{T}_{hn}+2{T}_{PUFn}\approx 87\phantom{\rule{3.33333pt}{0ex}}\mathrm{ms}$ | $3{T}_{ms}+8{T}_{hs}\approx 7.832\phantom{\rule{3.33333pt}{0ex}}\mathrm{ms}$ |

[SPP, 2021] [2] | $13{T}_{hn}\approx 39\phantom{\rule{3.33333pt}{0ex}}\mathrm{ms}$ | $8{T}_{hs}\approx 0.32\phantom{\rule{3.33333pt}{0ex}}\mathrm{ms}$ |

Ours | $15{T}_{hn}\approx 45\phantom{\rule{3.33333pt}{0ex}}\mathrm{ms}$ | $10{T}_{hs}\approx 0.4\phantom{\rule{3.33333pt}{0ex}}\mathrm{ms}$ |

## 6. Conclusions and Future Works

## Author Contributions

## Funding

## Institutional Review Board Statement

## Informed Consent Statement

## Conflicts of Interest

## Abbreviations

IoT | Internet of Things |

KCI | Key Compromised Impersonation Attack |

ECC | Elliptic Curve Cryptography |

RFID | Radio Frequency IDentification |

TLS | Transport Layer Security |

SSL | Secure Sockets Layer |

PUF | Physically Unclonable Function |

BLE | Bluetooth Low Energy |

## References

- Bendavid, Y.; Bagheri, N.; Safkhani, M.; Rostampour, S. IoT Device Security: Challenging “A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function”. Sensors
**2018**, 18, 4444. [Google Scholar] [CrossRef] [PubMed][Green Version] - Son, S.; Park, Y.; Park, Y. A Secure, Lightweight, and Anonymous User Authentication Protocol for IoT Environments. Sustainability
**2021**, 13, 9241. [Google Scholar] [CrossRef] - Rajaram, S.; Maitra, T.; Vollala, S.; Ramasubramanian, N.; Amin, R. eUASBP: Enhanced user authentication scheme based on bilinear pairing. J. Ambient Intell. Humaniz. Comput.
**2020**, 11, 2827–2840. [Google Scholar] [CrossRef] - Chien, H.Y. SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity. IEEE Trans. Dependable Sec. Comput.
**2007**, 4, 337–340. [Google Scholar] [CrossRef] - Tian, Y.; Chen, G.; Li, J. A New Ultralightweight RFID Authentication Protocol with Permutation. IEEE Commun. Lett.
**2012**, 16, 702–705. [Google Scholar] [CrossRef] - Zhuang, X.; Zhu, Y.; Chang, C. A New Ultralightweight RFID Protocol for Low-Cost Tags: R
^{2}AP. Wirel. Pers. Commun.**2014**, 79, 1787–1802. [Google Scholar] [CrossRef] - Khokhar, U.M.; Najam-ul-Islam, M.; Shami, M.A. RCIA: A New Ultralightweight RFID Authentication Protocol Using Recursive Hash. IJDSN
**2015**, 2015, 642180:1–642180:8. [Google Scholar] - Khokhar, U.M.; Najam-ul-Islam, M.; Sarwar, S. A New Ultralightweight RFID Authentication Protocol for Passive Low Cost Tags: KMAP. Wirel. Pers. Commun.
**2017**, 94, 725–744. [Google Scholar] - Luo, H.; Wen, G.; Su, J.; Huang, Z. SLAP: Succinct and Lightweight Authentication Protocol for low-cost RFID system. Wirel. Networks
**2018**, 24, 69–78. [Google Scholar] [CrossRef] - Aghili, S.F.; Mala, H.; Kaliyar, P.; Conti, M. SecLAP: Secure and lightweight RFID authentication protocol for Medical IoT. Future Gener. Comput. Syst.
**2019**, 101, 621–634. [Google Scholar] [CrossRef] - Eghdamian, A.; Samsudin, A. A secure protocol for ultralightweight radio frequency identification (RFID) tags. In Proceedings of the International Conference on Informatics Engineering and Information Science; Springer: Berlin/Heidelberg, Germany, 2011; pp. 200–213. [Google Scholar]
- David, M.; Prasad, N.R. Providing strong security and high privacy in low-cost RFID networks. In Proceedings of the International conference on Security and Privacy in Mobile Information and Communication Systems; Springer: Berlin/Heidelberg, Germany, 2009; pp. 172–179. [Google Scholar]
- Liu, Y.; Ezerman, M.; Wang, H. Double verification protocol via secret sharing for low-cost RFID tags. Future Gener. Comput. Syst.
**2019**, 90, 118–128. [Google Scholar] [CrossRef] - Avoine, G.; Carpent, X.; Hernandez-Castro, J. Pitfalls in Ultralightweight Authentication Protocol Designs. IEEE Trans. Mob. Comput.
**2016**, 15, 2317–2332. [Google Scholar] [CrossRef] - Avoine, G.; Carpent, X. Yet Another Ultralightweight Authentication Protocol That Is Broken. In Proceedings of the Radio Frequency Identification. Security and Privacy Issues—8th International Workshop, RFIDSec 2012, Nijmegen, The Netherlands, 2–3 July 2012; Revised Selected Papers. Hoepman, J., Verbauwhede, I., Eds.; Springer: Berlin/Heidelberg, Germany, 2012; Volune 7739, pp. 20–30. [Google Scholar]
- Avoine, G.; Carpent, X.; Martin, B. Privacy-friendly synchronized ultralightweight authentication protocols in the storm. J. Netw. Comput. Appl.
**2012**, 35, 826–843. [Google Scholar] [CrossRef] - Phan, R.C.W. Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI. IEEE Trans. Dependable Secur. Comput.
**2009**, 6, 316–320. [Google Scholar] [CrossRef][Green Version] - D’Arco, P.; Santis, A.D. On Ultralightweight RFID Authentication Protocols. IEEE Trans. Dependable Sec. Comput.
**2011**, 8, 548–563. [Google Scholar] [CrossRef] - Safkhani, M.; Rostampour, S.; Bendavid, Y.; Sadeghi, S.; Bagheri, N. Improving RFID/IoT-based generalized ultra-lightweight mutual authentication protocols. J. Inf. Secur. Appl.
**2022**, 67, 103194. [Google Scholar] [CrossRef] - Bagheri, N.; Safkhani, M.; Peris-Lopez, P.; Tapiador, J.E. Weaknesses in a new ultralightweight RFID authentication protocol with permutation—RAPP. Secur. Commun. Netw.
**2014**, 7, 945–949. [Google Scholar] [CrossRef] - Barrero, D.F.; Castro, J.C.H.; Peris-Lopez, P.; Camacho, D.; Rodríguez-Moreno, M.D. A genetic tango attack against the David-Prasad RFID ultra-lightweight authentication protocol. Expert Syst.
**2014**, 31, 9–19. [Google Scholar] [CrossRef][Green Version] - Trinh, C.; Huynh, B.; Lansky, J.; Mildeová, S.; Safkhani, M.; Bagheri, N.; Kumari, S.; Hosseinzadeh, M. A Novel Lightweight Block Cipher-Based Mutual Authentication Protocol for Constrained Environments. IEEE Access
**2020**, 8, 165536–165550. [Google Scholar] [CrossRef] - Hayajneh, T.; Ullah, S.; Mohd, B.J.; Balagani, K.S. An Enhanced WLAN Security System With FPGA Implementation for Multimedia Applications. IEEE Syst. J.
**2017**, 11, 2536–2545. [Google Scholar] [CrossRef] - Gao, L.; Lin, F.; Ma, M. Research on Ultra-Lightweight RFID Mutual Authentication Protocol Based on Stream Cipher. IEICE Trans. Commun.
**2021**, 104-B, 13–19. [Google Scholar] [CrossRef] - Vasudev, H.; Das, D. P
^{2}-SHARP: Privacy Preserving Secure Hash based Authentication and Revelation Protocol in IoVs. Comput. Netw.**2021**, 191, 107989. [Google Scholar] [CrossRef] - Paliwal, S. Hash-Based Conditional Privacy Preserving Authentication and Key Exchange Protocol Suitable for Industrial Internet of Things. IEEE Access
**2019**, 7, 136073–136093. [Google Scholar] [CrossRef] - Tanveer, M.; Alkhayyat, A.; Khan, A.U.; Kumar, N.; Alharbi, A.G. REAP-IIoT: Resource-Efficient Authentication Protocol for the Industrial Internet of Things. IEEE Internet Things J.
**2022**, 9, 24453–24465. [Google Scholar] [CrossRef] - Rezazadeh Baee, M.A.; Simpson, L.; Boyen, X.; Foo, E.; Pieprzyk, J. ALI: Anonymous Lightweight Inter-Vehicle Broadcast Authentication with Encryption. IEEE Trans. Dependable Secur. Comput.
**2022**, 1. [Google Scholar] [CrossRef] - Rostampour, S.; Bagheri, N.; Bendavid, Y.; Safkhani, M.; Kumari, S.; Rodrigues, J.J.P.C. An Authentication Protocol for Next Generation of Constrained IoT Systems. IEEE Internet Things J.
**2022**, 9, 21493–21504. [Google Scholar] [CrossRef] - Li, N.; Liu, D.; Nepal, S. Lightweight Mutual Authentication for IoT and Its Applications. IEEE Trans. Sustain. Comput.
**2017**, 2, 359–370. [Google Scholar] [CrossRef] - Bhattacharjya, A.; Zhong, X.; Li, X. A Lightweight and Efficient Secure Hybrid RSA (SHRSA) Messaging Scheme With Four-Layered Authentication Stack. IEEE Access
**2019**, 7, 30487–30506. [Google Scholar] [CrossRef] - He, D.; Chen, C.; Chan, S.; Bu, J. Secure and Efficient Handover Authentication Based on Bilinear Pairing Functions. IEEE Trans. Wirel. Commun.
**2012**, 11, 48–53. [Google Scholar] [CrossRef] - Jiang, Y.; Zhang, K.; Qian, Y.; Zhou, L. Anonymous and Efficient Authentication Scheme for Privacy-Preserving Distributed Learning. IEEE Trans. Inf. Forensics Secur.
**2022**, 17, 2227–2240. [Google Scholar] [CrossRef] - Patel, C.; Doshi, N. Secure Lightweight Key Exchange Using ECC for User-Gateway Paradigm. IEEE Trans. Comput.
**2021**, 70, 1789–1803. [Google Scholar] [CrossRef] - Ali, U.; Idris, M.Y.I.B.; Ayub, M.N.B.; Ullah, I.; Ali, I.; Nandy, T.; Yahuza, M.; Khan, N. RFID Authentication Scheme Based on Hyperelliptic Curve Signcryption. IEEE Access
**2021**, 9, 49942–49959. [Google Scholar] [CrossRef] - Yu, S.; Jho, N.; Park, Y. Lightweight Three-Factor-Based Privacy- Preserving Authentication Scheme for IoT-Enabled Smart Homes. IEEE Access
**2021**, 9, 126186–126197. [Google Scholar] [CrossRef] - Gabsi, S.; Kortli, Y.; Beroulle, V.; Kieffer, Y.; Alasiry, A.; Hamdi, B. Novel ECC-Based RFID Mutual Authentication Protocol for Emerging IoT Applications. IEEE Access
**2021**, 9, 130895–130913. [Google Scholar] [CrossRef] - Sharma, S.; Kaushik, B.; Rahmani, M.K.I.; Ahmed, M.E. Cryptographic Solution-Based Secure Elliptic Curve Cryptography Enabled Radio Frequency Identification Mutual Authentication Protocol for Internet of Vehicles. IEEE Access
**2021**, 9, 147114–147128. [Google Scholar] [CrossRef] - Abdaoui, A.; Erbad, A.; Al-Ali, A.K.; Mohamed, A.; Guizani, M. Fuzzy Elliptic Curve Cryptography for Authentication in Internet of Things. IEEE Internet Things J.
**2022**, 9, 9987–9998. [Google Scholar] [CrossRef] - Khor, J.H.; Sidorov, M.; Ho, N.T.M.; Chia, T.H. Public Blockchain-based Lightweight Anonymous Authentication Platform Using Zk-SNARKs for Low-power IoT Devices. In Proceedings of the IEEE International Conference on Blockchain, Blockchain 2022, Espoo, Finland, 22–25 August 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 370–375. [Google Scholar] [CrossRef]
- Zhang, R.; Xu, C.; Xie, M. Secure Decentralized IoT Service Platform Using Consortium Blockchain. Sensors
**2022**, 22, 8186. [Google Scholar] [CrossRef] - Chen, X.; Nguyen, K.; Sekiya, H. An experimental study on performance of private blockchain in IoT applications. Peer-to-Peer Netw. Appl.
**2021**, 14, 3075–3091. [Google Scholar] [CrossRef] - Adeli, M.; Bagheri, N.; Martín, H.; Peris-Lopez, P. Challenging the security of “A PUF-based hardware mutual authentication protocol”. J. Parallel Distrib. Comput.
**2022**, 169, 199–210. [Google Scholar] [CrossRef] - Cao, J.; Li, S.; Ma, R.; Han, Y.; Zhang, Y.; Li, H. RPRIA: Reputation and PUF-Based Remote Identity Attestation Protocol for Massive IoT Devices. IEEE Internet Things J.
**2022**, 9, 19174–19187. [Google Scholar] [CrossRef] - Aminian Modarres, A.M.; Sarbishaei, G. An Improved Lightweight Two-Factor Authentication Protocol for IoT Applications. IEEE Trans. Ind. Inform.
**2022**, 1–11. [Google Scholar] [CrossRef] - Cho, Y.; Oh, J.; Kwon, D.; Son, S.; Lee, J.; Park, Y. A Secure and Anonymous User Authentication Scheme for IoT-Enabled Smart Home Environments Using PUF. IEEE Access
**2022**, 10, 101330–101346. [Google Scholar] [CrossRef] - Li, S.; Zhang, T.; Yu, B.; He, K. A Provably Secure and Practical PUF-Based End-to-End Mutual Authentication and Key Exchange Protocol for IoT. IEEE Sensors J.
**2021**, 21, 5487–5501. [Google Scholar] [CrossRef] - Lounis, K.; Zulkernine, M. T2T-MAP: A PUF-Based Thing-to-Thing Mutual Authentication Protocol for IoT. IEEE Access
**2021**, 9, 137384–137405. [Google Scholar] [CrossRef] - Xu, Y.; Lao, Y.; Liu, W.; Zhang, Z.; You, X.; Zhang, C. Mathematical Modeling Analysis of Strong Physical Unclonable Functions. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst.
**2020**, 39, 4426–4438. [Google Scholar] [CrossRef] - Shi, J.; Lu, Y.; Zhang, J. Approximation Attacks on Strong PUFs. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
**2020**, 39, 2138–2151. [Google Scholar] [CrossRef] - Zhang, J.; Shen, C.; Guo, Z.; Wu, Q.; Chang, W. CT PUF: Configurable Tristate PUF Against Machine Learning Attacks for IoT Security. IEEE Internet Things J.
**2022**, 9, 14452–14462. [Google Scholar] [CrossRef] - Juang, W.S.; Chen, S.T.; Liaw, H.T. Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards. IEEE Trans. Ind. Electron.
**2008**, 55, 2551–2556. [Google Scholar] [CrossRef] - Tsai, J.L.; Lo, N.W.; Wu, T.C. Novel Anonymous Authentication Scheme Using Smart Cards. IEEE Trans. Ind. Inform.
**2013**, 9, 2004–2013. [Google Scholar] [CrossRef] - Shunmuganathan, S.; Saravanan, R.D.; Palanichamy, Y. Secure and Efficient Smart-Card-Based Remote User Authentication Scheme for Multiserver Environment. Can. J. Electr. Comput. Eng.
**2015**, 38, 20–30. [Google Scholar] [CrossRef] - Odelu, V.; Das, A.K.; Goswami, A. A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards. IEEE Trans. Inf. Forensics Secur.
**2015**, 10, 1953–1966. [Google Scholar] [CrossRef] - Badhib, A.; Alshehri, S.; Cherif, A. A Robust Device-to-Device Continuous Authentication Protocol for the Internet of Things. IEEE Access
**2021**, 9, 124768–124792. [Google Scholar] [CrossRef] - Zhang, R.; Xiao, Y.; Sun, S.; Ma, H. Efficient Multi-Factor Authenticated Key Exchange Scheme for Mobile Communications. IEEE Trans. Dependable Secur. Comput.
**2019**, 16, 625–634. [Google Scholar] [CrossRef] - Ryu, J.; Oh, J.; Kwon, D.; Son, S.; Lee, J.; Park, Y.; Park, Y. Secure ECC-Based Three-Factor Mutual Authentication Protocol for Telecare Medical Information System. IEEE Access
**2022**, 10, 11511–11526. [Google Scholar] [CrossRef] - Liu, Z.; Guo, C.; Wang, B. A Physically Secure, Lightweight Three-Factor and Anonymous User Authentication Protocol for IoT. IEEE Access
**2020**, 8, 195914–195928. [Google Scholar] [CrossRef] - Chattopadhyay, A.; Khairallah, M.; Leurent, G.; Najm, Z.; Peyrin, T.; Velichkov, V. On the Cost of ASIC Hardware Crackers: A SHA-1 Case Study. In Proceedings of the Topics in Cryptology—CT-RSA 2021—Cryptographers’ Track at the RSA Conference 2021, Virtual Event, 17–20 May 2021; Proceedings. Paterson, K.G., Ed.; Springer: Berlin/Heidelberg, Germany, 2021; Volume 12704, pp. 657–681. [Google Scholar] [CrossRef]
- Aumasson, J.; Henzen, L.; Meier, W.; Naya-Plasencia, M. Quark: A Lightweight Hash. J. Cryptol.
**2013**, 26, 313–339. [Google Scholar] [CrossRef] - Bogdanov, A.; Knezevic, M.; Leander, G.; Toz, D.; Varici, K.; Verbauwhede, I. SPONGENT: The Design Space of Lightweight Cryptographic Hashing. IEEE Trans. Computers
**2013**, 62, 2041–2053. [Google Scholar] [CrossRef][Green Version] - Guo, J.; Peyrin, T.; Poschmann, A. The PHOTON Family of Lightweight Hash Functions. In Proceedings of the Advances in Cryptology—CRYPTO 2011—31st Annual Cryptology Conference, Santa Barbara, CA, USA, 14–18 August 2011; Proceedings. Rogaway, P., Ed.; Springer: Berlin/Heidelberg, Germany, 2011; Volume 6841, pp. 222–239. [Google Scholar] [CrossRef][Green Version]
- Bertoni, G.; Daemen, J.; Peeters, M.; Assche, G.V. On the Indifferentiability of the Sponge Construction. In Proceedings of the Advances in Cryptology—EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, 13–17 April 2008; Proceedings. Smart, N.P., Ed.; Springer: Berlin/Heidelberg, Germany, 2008; Volume 4965, pp. 181–197. [Google Scholar] [CrossRef][Green Version]
- Mironov, I. Hash Functions: From Merkle-Damgård to Shoup. In Proceedings of the Advances in Cryptology—EUROCRYPT 2001, International Conference on the Theory and Application of Cryptographic Techniques, Innsbruck, Austria, 6–10 May 2001; Proceeding. Pfitzmann, B., Ed.; Springer: Berlin/Heidelberg, Germany, 2001; Volume 2045, pp. 166–181. [Google Scholar] [CrossRef][Green Version]
- Bagheri, N.; Gauravaram, P.; Knudsen, L.R.; Zenner, E. The suffix-free-prefix-free hash function construction and its indifferentiability security analysis. Int. J. Inf. Sec.
**2012**, 11, 419–434. [Google Scholar] [CrossRef][Green Version] - Banerjee, S.; Odelu, V.; Das, A.K.; Chattopadhyay, S.; Park, Y. An Efficient, Anonymous and Robust Authentication Scheme for Smart Home Environments. Sensors
**2020**, 20, 1215. [Google Scholar] [CrossRef][Green Version] - Safkhani, M.; Bagheri, N.; Ali, S.; Hussain Malik, M.; Hassan Ahmed, O.; Hosseinzadeh, M.; Mosavi, A.H. Improvement and Cryptanalysis of a Physically Unclonable Functions Based Authentication Scheme for Smart Grids. Mathematics
**2023**, 11, 48. [Google Scholar] [CrossRef] - Hosseinzadeh, M.; Ali Naqvi, R.; Safkhani, M.; Tightiz, L.; Majid Mehmood, R. Secure Authentication in the Smart Grid. Mathematics
**2023**, 11, 176. [Google Scholar] [CrossRef] - Dolev, D.; Yao, A.C. On the security of public key protocols. IEEE Trans. Inf. Theory
**1983**, 29, 198–207. [Google Scholar] [CrossRef] - Canetti, R.; Krawczyk, H. Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In Proceedings of the Advances in Cryptology—EUROCRYPT 2001, International Conference on the Theory and Application of Cryptographic Techniques, Innsbruck, Austria, 6–10 May 2001; Proceeding. Pfitzmann, B., Ed.; Springer: Berlin/Heidelberg, Germany, 2001; Volume 2045, pp. 453–474. [Google Scholar] [CrossRef][Green Version]
- Lansky, J.; Rahmani, A.M.; Ali, S.; Bagheri, N.; Safkhani, M.; Hassan Ahmed, O.; Hosseinzadeh, M. BCmECC: A Lightweight Blockchain-Based Authentication and Key Agreement Protocol for Internet of Things. Mathematics
**2021**, 9, 3241. [Google Scholar] [CrossRef] - Provos, N.; Mazières, D. A Future-Adaptable Password Scheme. In Proceedings of the FREENIX Track: 1999 USENIX Annual Technical Conference, Monterey, CA, USA, 6–11 June 1999; USENIX: Berkeley, CA, USA, 1999; pp. 81–91. [Google Scholar]
- National Institute of Standards and Technology. Federal Information Processing Standard (FIPS) 180-2, Secure Hash Standard; a Revision of FIPS 180-1. 2002. Available online: https://www.federalregister.gov/documents/2002/08/26/02-21599/announcing-approval-of-federal-information-processing-standard-fips-180-2-secure-hash-standard-a (accessed on 22 December 2022).
- Bagheri, N.; Kumari, S.; Camara, C.; Peris-Lopez, P. Defending Industry 4.0: An Enhanced Authentication Scheme for IoT Devices. IEEE Syst. J.
**2022**, 16, 4501–4512. [Google Scholar] [CrossRef] - Garg, S.; Kaur, K.; Kaddoum, G.; Choo, K.K.R. Towards Secure and Provable Authentication for Internet of Things: Realizing Industry 4.0. IEEE Internet Things J.
**2019**, 7, 4598–4606. [Google Scholar] [CrossRef]

Symbol | Description |
---|---|

${U}_{X}$ | The user X |

$RS$ | The remote server |

$I{D}_{{}_{X}}$ | The unique identifier of ${U}_{X}$, of low entropy domain |

$PW{}_{X}$ | The secret password of ${U}_{X}$, of low entropy domain |

$r,t$ | The random numbers produced by ${U}_{X}$ and $RS$, respectively |

$PW{D}_{X}$ | A parameter that computed as $PW{D}_{X}=H(P{W}_{x}\parallel r)$ by ${U}_{X}$ |

$S{C}_{X}$ | A smartcard of ${U}_{X}$, issued by $RS$ |

$TI{D}_{X}$ | Temporary identifier of ${U}_{X}$ |

$PI{D}_{X}$ | Temporary secret identifier of ${U}_{X}$ |

$H(\xb7)$ | A one-way cryptographic hash function |

${a}_{x},{b}_{x}$ | Fresh random numbers generated at each session, respectively by ${U}_{X}$ and $RS$ |

s | $RS$’s permanent secret key |

$SK$ | Shared key between ${U}_{X}$ and $RS$ |

Protocol | Protocol Class | Reference of Its Security Analysis |
---|---|---|

[4] | ultralightweight | [16,17,18,19] |

[5] | ultralightweight | [19,20] |

[6] | ultralightweight | [19] |

[7] | ultralightweight | [19] |

[8] | ultralightweight | [19] |

[9] | ultralightweight | [19] |

[10] | ultralightweight | [19] |

[11] | ultralightweight | [15] |

[12] | ultralightweight | [21] |

[13] | ultralightweight | [19] |

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |

© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Hosseinzadeh, M.; Malik, M.H.; Safkhani, M.; Bagheri, N.; Le, Q.H.; Tightiz, L.; Mosavi, A.H. Toward Designing a Secure Authentication Protocol for IoT Environments. *Sustainability* **2023**, *15*, 5934.
https://doi.org/10.3390/su15075934

**AMA Style**

Hosseinzadeh M, Malik MH, Safkhani M, Bagheri N, Le QH, Tightiz L, Mosavi AH. Toward Designing a Secure Authentication Protocol for IoT Environments. *Sustainability*. 2023; 15(7):5934.
https://doi.org/10.3390/su15075934

**Chicago/Turabian Style**

Hosseinzadeh, Mehdi, Mazhar Hussain Malik, Masoumeh Safkhani, Nasour Bagheri, Quynh Hoang Le, Lilia Tightiz, and Amir H. Mosavi. 2023. "Toward Designing a Secure Authentication Protocol for IoT Environments" *Sustainability* 15, no. 7: 5934.
https://doi.org/10.3390/su15075934