DMUAS-IoT: A Decentralised Multi-Factor User Authentication Scheme for IoT Systems

Abstract

The Internet of Things (IoT) has become the fundamental infrastructure of many intelligent applications, such as smart homes. IoT applications store distributes various information, including user authentication information, over a public channel that exposes it to security threats and attacks. Therefore, this study intends to protect authentication data communication through a decentralised multi-factor user authentication scheme for secure IoT applications (DMUAS-IoT). The scheme is secure and enables efficient user registration, login and authentication, and the user profile updating process where legitimate users can access the IoT system resources. DMUAS-IoT adopted PRESENT for face image encryption and elliptic curve cryptography for data exchange. The scheme security was verified using ProVerif and AVISPA, and mutual authentication was checked with BAN-Logic. The results show that the scheme is secure against man-in-the-middle and impersonation attacks, provides mutual authentication and has a low computation cost. Hence, the outcomes of this study could help secure user authentication data from attacks on applications involved with IoT and resource constraint environments.