Elliptic Curve Cryptography and Biometrics for IoT Authentication

The Internet of Things (IoT) is now present in every aspect of our daily lives because of its ability to offer remote services. Unfortunately, the insecure transmission of user data in open channels caused by this significant use of IoT networks makes it vulnerable to malicious use. Hence, the security of the user’s data is now a serious matter in an IoT environment. Since authentication may prevent hackers from recovering and using data transmitted between IoT devices, researchers have proposed many lightweight IoT authentication protocols over the past decades. Many of these protocols are built around two authentication factors. They cannot guarantee unlinkability and perfect forward secrecy, as well as withstand well-known attacks such as node capture, DOS attack, stolen verifier, Denning-Sacco attack, and GWN bypass. This paper proposes an Elliptic Curve Cryptography (ECC) -based authentication protocol that is anonymous and exploits three authentication factors to ensure all security services and withstand well-known attacks. Our provided protocol is secure and can resist known attacks, as demonstrated by both informal security analysis and formal security proof using ProVerif. Lastly, our protocol and other protocols are compared in terms of computational costs, communication costs, and security features.