An Authentication Protocol for Next Generation of Constrained IoT Systems

Abstract

With the exponential growth of connected Internet of Things (IoT) devices around the world, security protection and privacy preservation have risen to the forefront of design and development of innovative systems and services. For low-value IoT devices that identify and track billion of goods in various industries—such as radio-frequency identification (RFID) tags—this involves multiple challenges in very constrained environments. IoT devices aim to design low-cost, low-complexity infrastructure while enabling robust authentication protocols with reduced latency and energy consumption. Given these challenges, in this article, we present a new lightweight authentication protocol for IoT applications, employing an authenticated-encryption (AE) cryptosystem with associated data (AEAD). Since AEAD algorithms provide data confidentiality and message integrity simultaneously, security analysis [Real-or-Random (RoR) and Scyther] results prove the robustness of the proposed protocol against IoT threats. Furthermore, to measure the computation and communication cost, FPGA and ASIC simulations using four different AEAD candidates of National Institute of Standards and Technology (NIST) lightweight cryptography competition are executed. The implementation results [e.g., 4744 gate equivalent (GE) and 0.87-mw power] clearly show that our novel design can be applied to a wide range of constrained IoT devices complying with low-cost, lightweight, and high-speed requirements.