ECCbAP: A secure ECC-based authentication protocol for IoT edge devices

Abstract

Despite continuous efforts, designing both a resource-efficient and secure authentication protocol for Internet of Things (IoT) edge devices is still a great challenge for the industry. To address these concerns, in this paper, we present a new and more efficient method of providing secure communication between IoT edge devices and cloud servers, using a secure Elliptic Curve Cryptography (ECC)-based authentication protocol — ECCbAP. First, we evaluate four existing secure authentication protocols and analyze their security level against traceability and man-in-the-middle attacks and prove their vulnerabilities. Next, we propose our new scheme and examine its security via both informal and formal methods, e.g. BAN logic and Scyther tool, against well-known IoT threats. The results show that not only does ECCbAP provides a greater security compared with other protocols evaluated in this paper, but it is also more resource-efficient, which renders it more appropriate for the constrained environment like Radio Frequency Identification (RFID) tags or Bluetooth Low Energy (BLE) sensors.