2690-6791ISSN (Online)
2769-786XISSN (Print)
Volume 17 , Issue 2 , PP: 311-324, 2025 | Cite this article as | XML | Html | PDF | Full Length Article
Sanâ Elaoudi 1 * , Marouane Sebgui 2 , Slimane Bah 3
Doi: https://doi.org/10.54216/JISIoT.170220
The rapid advancement of telecommunication infrastructures and endpoint technologies has led to a significant incorporation of Internet of Things devices in modern lifestyles. IoT involves a wide range of applications, such as connected video surveillance systems for security, wearable body sensors for health monitoring, and temperature sensors for environmental control in agricultural fields. These devices are essential for gathering and transmitting data in real-time. However, data acquisition and transmission processes are often exposed to serious security threats, particularly concerning data integrity, user privacy, and communication reliability. Conventional security mechanisms are typically inappropriate to resource constrained IoT devices. Thus, to overcome these challenges, extensive research has been devoted to developing secure communication frameworks, with a particular focus on robust authentication and key agreement protocols. Authentication is essential to guarantee the legitimacy of the information source, and many proposed AKA schemes rely on asymmetric cryptographic techniques. In this paper, we introduce an Enhanced Lightweight Cryptography-based Authentication Protocol for IoT devices, conceived to meet the computational constraints of IoT devices by employing simple XOR and hashing operations. The protocol enables mutual authentication between IoT devices and routers without the need to share credentials directly. Prior to authentication, an offline registration phase is conducted through an Authentication Server (AS), which generates unique key parameters based on the identifiers of the devices and routers. These parameters are securely distributed to both parties. Authentication is then performed using these pre-shared parameters in a computationally efficient yet secure manner that safeguards against common security threats. Theoretical analysis demonstrates that the proposed protocol is resistant to several common attacks, including man-in-the-middle, impersonation, session key disclosure, replay, and eavesdropping attacks. Additionally, the protocol ensures device anonymity and data privacy while maintaining lightweight performance suitable for constrained IoT environments.
IoT device , Modular exponentiation , Authentication and Key Agreement , Hash function , Cryptography
[1] B. Harjito and S. Han, "Wireless Multimedia Sensor Networks Applications and Security Challenges," in 2010 International Conference on Broadband, Wireless Computing, Communication and Applications, Nov. 2010.
[2] Kumar, U. Jain, M. Hussain, M. K. I. Rahmani, and A. S. Banga, "Mechanism for Device Authentication and Session Key Generation in Industrial Internet of Things Networks," IEEE Access, vol. 12, Jul. 2024.
[3] P. P. Ray, D. Dash, and N. Kumar, "Sensors for internet of medical things-State-of-the-art, security and privacy, issues, challenges and future directions," Computer Communications, vol. 160, pp. 111-131, Jul. 2020.
[4] S. Sathasivam and M. R. Vignesh, "Healthcare Sensors Issues, Challenges & Security Threats in Wireless Body Area Network: A Comprehensive Survey," International Journal of Trend in Scientific Research and Development (IJTSRD), vol. 5, no. 4, May-Jun. 2021.
[5] D. E. Kouicem, A. Bouabdallah, and H. Lakhlef, "Internet of things security: A top-down survey," Computer Networks, vol. 141, pp. 199-221, Aug. 2018.
[6] D. Chen, N. Zhang, N. Cheng, K. Zhang, Z. Qin, and X. Shen, "Physical Layer based Message Authentication with Secure Channel Codes," IEEE Transactions on Dependable and Secure Computing, vol. 17, no. 5, pp. 1-1, Sep.-Oct. 2020.
[7] Albalawi, A. Almrshed, A. Badhib, and S. Alshehri, "A Survey on the Authentication Techniques in Internet of Things," in 2019 International Conference on Computer and Information Sciences (ICCIS), Apr. 2019.
[8] X. Cheng, Z. Zhang, F. Chen, C. Zhao, T. Wang, and H. Sun, "Secure Identity Authentication of Community Medical Internet of Things," IEEE Access, vol. 7, Aug. 2019.
[9] M. Serror, S. Hack, M. Henze, M. Schuba, and K. Wehrle, "Challenges and Opportunities in Securing the Industrial Internet of Things," IEEE Transactions on Industrial Informatics, vol. 17, no. 5, pp. 2959-2971, May 2021.
[10] T. Nandy, M. Y. I. B. Idris, R. M. Noor, L. M. Kiah, L. S. Lun, and N. B. A. Juma'at, "Review on Security of Internet of Things Authentication Mechanism," IEEE Access, vol. 7, Oct. 2019.
[11] Thakare and Y.-G. Kim, "Secure and Efficient Authentication Scheme in IoT Environments," Applied Sciences, vol. 11, no. 24, 2021.
[12] H. Xu, W. Yu, D. Griffith, and N. Golmie, "A Survey on Industrial Internet of Things: A Cyber-Physical Systems Perspective," IEEE Access, vol. 6, Dec. 2018.
[13] K. Sahu, S. Sharma, S. S. Tripathi, and K. N. Singh, "A Study of Authentication Protocols in Internet of Things," in 2019 International Conference on Information Technology (ICIT), Dec. 2019.
[14] P. Gope, A. K. Das, N. Kumar, and Y. Cheng, "Lightweight and Physically Secure Anonymous Mutual Authentication Protocol for Real-Time Data Access in Industrial Wireless Sensor Network," IEEE Transactions on Industrial Informatics, vol. 15, no. 9, pp. 5007-5017, Sep. 2019.
[15] M. Masud, G. S. Gaba, K. Choudhary, M. S. Hossain, M. F. Alhamid, and G. Muhammad, "Lightweight and Anonymity-Preserving User Authentication Scheme for IoT-Based Healthcare," IEEE Internet of Things Journal, vol. 9, no. 4, pp. 2649-2656, Feb. 2022.
[16] L. Nkenyereye, A. Thakare, P. Khataniar, R. Imandi, and P. K. B. N, "Lightweight Authentication Protocol for Smart Grids: An Energy-Efficient Authentication Scheme for Resource-Limited Smart Meters," Mathematics, vol. 13, no. 4, p. 580, 2025.
[17] N. Paliwal, "Hash-Based Conditional Privacy Preserving Authentication and Key Exchange Protocol Suitable for Industrial Internet of Things," IEEE Access, vol. 7, Sep. 2019.
[18] Z. Xu, C. Xu, W. Liang, J. Xu, and H. Chen, "A Lightweight Mutual Authentication and Key Agreement Scheme for Medical Internet of Things," IEEE Access, vol. 7, Apr. 2019.
[19] S. Khan, A. I. Alzahrani, O. Alfarraj, N. Alalwan, and A. H. Al-Bayatti, "Resource Efficient Authentication and Session Key Establishment Procedure for Low-Resource IoT Devices," IEEE Access, vol. 7, Nov. 2019.
[20] Esfahani, G. Mantas, R. Matischek, F. B. Saghezchi, J. Rodriguez, and A. Bicaku, "A Lightweight Authentication Mechanism for M2M Communications in Industrial IoT Environment," IEEE Internet of Things Journal, vol. 6, no. 1, pp. 288-296, Feb. 2019.
[21] Baruah and S. Dhal, "An Efficient Authentication Scheme for Secure Communication between Industrial IoT Devices," in 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT), Jul. 2020.
[22] F. Al-Turjman and B. D. Deebak, "Seamless Authentication: For IoT-Big Data Technologies in Smart Industrial Application Systems," IEEE Transactions on Industrial Informatics, vol. 17, no. 4, pp. 2411-2420, Apr. 2021.
[23] Badhib, S. AlShehri, and A. Cherif, "A Robust Device-to-Device Continuous Authentication Protocol for the Internet of Things," IEEE Access, vol. 9, Sep. 2021.
[24] P. Vadhan, "Cyclic Groups & Cryptographic Applications," Harvard University Lecture Notes, 2009.
[25] D. Santis, A. L. Ferrara, M. Flores, and B. Masucci, "Continuous Entity Authentication in the Internet of Things Scenario," MDPI, 2021.
[26] S. Rath, J. Ramalingam, and C.-C. Lee, "On Efficient Parallel Secure Outsourcing of Modular Exponentiation to Cloud for IoT Applications," Mathematics, vol. 12, no. 5, p. 713, 2024.
[27] M. A. Ferrag, L. A. Maglaras, H. Janicke, J. Jiang, and L. Shu, "Authentication Protocols for Internet of Things: A Comprehensive Survey," Security and Communication Networks, vol. 2017, 2017.
[28] P. Hao, X. Wang, and W. Shen, "A Collaborative PHY-Aided Technique For End-to-End IoT Device Authentication," IEEE Access, vol. 6, Jul. 2018.
[29] Alshawish and A. Al-Haj, "An efficient mutual authentication scheme for IoT systems," The Journal of Supercomputing, Apr. 2022.
[30] X. Wu, F. Ren, Y. Li, Z. Chen, and X. Tao, "Efficient Authentication for Internet of Things Devices in Information Management Systems," Wireless Communications and Mobile Computing, vol. 2021, 2021.
