A secure and efficient three-factor authentication protocol for IoT environments

Abstract

The Internet of Things (IoT) is an information carrier based on the Internet and traditional telecommunications network, which enables all ordinary physical objects that can be independently addressed to form an interconnected network. User authentication protocol is an essential technology for security and privacy in the IoT environment. This paper analyzes the security of Mirsaraei et al.'s three-factor authentication scheme for IoT environments (Mirsaraei et al., 2022 [31]), and finds that the scheme cannot provide users with untraceability, perfect forward secrecy or the resistance of key compromise impersonation attack. The article improves Mirsaraei et al.'s scheme and proposes a three-factor authentication protocol with perfect forward secrecy using elliptic curve cryptosystem, which retains the general process of Mirsaraei et al.'s scheme. The formal security analysis of the proposed protocol is carried out by ROR (Real-or-Random) model, and the formal security verification of the proposed protocol is implemented by Proverif tool. The cryptoanalysis results demonstrate that the proposed protocol makes up for the shortcomings of Mirsaraei et al.'s scheme in security and can resist more malicious attacks as opposed to recent schemes. Moreover, the performance analysis using MIRACL (Multiprecision Integer and Rational Arithmetic C/C++ Library) shows that, the proposed protocol has great advantages over analogical three-factor authentication schemes in terms of computational overhead and communication overhead.