Lightweight multi-factor mutual authentication protocol for IoT devices

Abstract

The Internet-of-Things (IoT), which refers to the interconnection of heterogeneous devices, has gained a lot of interest lately, and it witnessed a large growth in the number of IoT devices due to the importance of such systems in today’s communication networks. On the other hand, the authentication of entities (devices) is a major concern and a main security challenge in IoT systems since any weakness in the identification or authentication process will allow a compromised entity to establish communication, inject false data and launch dangerous attacks leading to system malfunction. Currently, most IoT authentication mechanisms are based on single-factor cryptographic solutions. These techniques are not practical for IoT devices that have limited computational capabilities. In this paper, we propose a lightweight and secure multi-factor device authentication protocol for IoT devices. The scheme is based on two concepts, configurable physical unclonable functions (PUF) within IoT devices, and channel-based parameters. It uses few and simple cryptographic operations such as the bit-wise exclusive-OR operation and a one-way hash function. The unique PUF value serves as the mutual secret identifier between a pair of users, which frequently changes for every session. Moreover, the proposed protocol exploits the random channel characteristics to provide high robustness against different kinds of attacks, while maintaining low complexity. To the best of the authors’ knowledge, this is the first work that combines physical layer security with PUFs to authenticate communicating devices, dynamically. Security and performance analysis prove the security and efficiency of the proposed protocol, which is designed with minimum overhead in terms of computations and communication costs. © 2019, Springer-Verlag GmbH Germany, part of Springer Nature.