A Lightweight Authentication and Key Agreement Protocol for IoT Based on ECC

Abstract

The quick development of the Internet of Things (IoT) makes the IoT devices become appealing targets of various cyberattacks. Authentication and key agreement (AKA) protocol are the most important measures to ensure the security of IoT. However, it is still quite challenging to devise proper AKA protocols for IoT because of the resource-constrained nature of IoT devices. In this paper, we have proposed a new lightweight AKA protocol for IoT based on elliptic curve cryptography (ECC). Our proposed AKA protocol can achieve mutual authentication and ECC-based session key establishment simultaneously. To enhance security and provide anonymity, our protocol uses the one-time password and dynamic identity information which are updated in every round of mutual authentication through a well-designed update operation. To assess our protocol, we carry out security and performance analyses. The obtained results show that our protocol with a high level of security has low complexity and small computational cost and is appropriate to be applied in resource-constrained IoT devices.