A Review of Lightweight IoT Authentication Protocols From the Perspective of Security Requirements, Computation, Communication, and Hardware Costs

Abstract

Read online

The Internet of Things (IoT) is a broad area that encompasses various use cases. Numerous use cases include various IoT devices, which necessitate various cryptographic methods to provide distinct security requirements. Due to their limited resources, most IoT devices require lightweight cryptographic implementations. The requirements of use cases must be revealed to use cryptography effectively. Therefore, classifying the security requirements for these scenarios is beneficial when blueprinting a new system design. Authentication is the first level of security and is crucial for ensuring the secure exchange of information. Designing an IoT authentication protocol requires addressing both security requirements and physical constraints. This paper reviews and classifies the studies in IoT authentication published in the last decade. The studies are categorized into two main categories: the authentication factors and commonly preferred cryptographic primitives. Authentication factors include passwords, RFID, smart cards, and OTPs, while cryptographic primitives focus on techniques such as ECC and PUFs. Following the study selection, this review evaluates the provided security requirements alongside computational, communication, and hardware costs, while also considering application domains. It concludes by highlighting the most common approaches and identifying existing gaps in the literature. Additionally, it examines the trade-offs between attack resistance and protocol costs.

Keywords

• Authentication survey
• authentication review
• Internet of Things
• IoT security
• lightweight authentication
• IoT authentication