Abstract
Internet of Things (IoT) as an emerging technology is based on the idea that smart things can connect to the Internet and exchange the collected data in a peer-to-peer paradigm. Due to its inherent features, IoT can be utilized in real-world scenarios and its expansion can improve human well-being. Internet of things is applied quite closely to humans and transmits serious information such as healthcare information, financial data, and private information through an insecure communication platform. Since almost all tasks are performed with minimal human intervention, and adversary may deploy its nodes among other legitimate elements of IoT, providing an effective mutual authentication is vital. In this Systematic Literature Review, authentication of IoT and its literature are reviewed systematically. In particular, it has endeavored that the collected literature covers the papers conducted from 2018 to 2022. Moreover, this study seeks to provide a comprehensive answer to six important Research Questions in the context of authentication of IoT that often engage the minds of scholars. It is hoped that this survey will be an effective guide for future research by addressing the relevant challenges, analyzing open issues, and providing future research directions.
Similar content being viewed by others
Data availability
Not applicable.
References
Navas, R.E., Cuppens, F., Boulahia Cuppens, N., Toutain, L., Papadopoulos, G.Z.: MTD, Where Art Thou? A systematic review of moving target defense techniques for IoT. IEEE Internet Things J. 8(10), 7818–7832 (2021). https://doi.org/10.1109/JIOT.2020.3040358
Kumar, V., Malik, N., Singla, J., Jhanjhi, N.Z., Amsaad, F.: Light weight authentication scheme for smart home IoT devices. Dep. Comput. Sci. Eng. 6(3), 37 (2022). https://doi.org/10.3390/cryptography6030037
Tange, K., De Donno, M., Fafoutis, X., Dragoni, N.: A systematic survey of industrial internet of things security: requirements and fog computing opportunities. IEEE Commun. Surv. Tutorials 22(4), 2489–2520 (2020). https://doi.org/10.1109/COMST.2020.3011208
Alsahlani, A.Y.F., Popa, A.: LMAAS-IoT: lightweight multi-factor authentication and authorization scheme for real-time data access in iot cloud-based environment. J. Netw. Comput. Appl. 192, 103177 (2021). https://doi.org/10.1016/J.JNCA.2021.103177
Chang, Z., Meng, Y., Liu, W., Zhu, H., Wang, L.: WiCapose: multi-modal fusion based transparent authentication in mobile environments. J. Inf. Secur. Appl. 66, 103130 (2022). https://doi.org/10.1016/J.JISA.2022.103130
Nandy, T., et al.: Review on security of internet of things authentication mechanism. IEEE Access 7, 151054–151089 (2019). https://doi.org/10.1109/ACCESS.2019.2947723
Ahmim, I., Ghoualmi-Zine, N., Ahmim, A., Ahmim, M.: Security analysis on ‘Three-factor authentication protocol using physical unclonable function for IoV.’ Int. J. Inf. Secur. 21(5), 1019–1026 (2022). https://doi.org/10.1007/s10207-022-00595-6
Ghasemi, F., Babaie, S.: A lightweight secure authentication approach based on stream ciphering for RFID-based Internet of Things. Comput. Electr. Eng. 102, 108288 (2022). https://doi.org/10.1016/j.compeleceng.2022.108288
Sahoo, S.S., et al.: A three-factor-based authentication scheme of 5G wireless sensor networks for IoT system. IEEE Internet Things J. 10(17), 15087–15099 (2023). https://doi.org/10.1109/JIOT.2023.3264565
Lien, C.W., Vhaduri, S.: Challenges and opportunities of biometric user authentication in the age of IoT: a survey. CM Comput. Surv. 56(1), 1–37 (2023). https://doi.org/10.1145/3603705
Abkenar, F.S., Ramezani, P., Iranmanesh, S., Murali, S., Chulerttiyawong, D., Wan, X., Jamalipour, A., Raad, R.: A survey on mobility of edge computing networks in IoT: state- of -the-art, architectures, and challenges. IEEE Commun. Surv. Tutorials 24(4), 2329–2365 (2022)
Al-Awami, S.H., Al-Aty, M.M., Al-Najar, M.F.: Comparison of IoT architectures based on the seven essential characteristics, (2023)
Lombardi, M., Pascale, F., Santaniello, D.: Internet of things: a general overview between architectures, protocols and applications. Inf. 12(2), 1–21 (2021). https://doi.org/10.3390/info12020087
Gharamaleki, M.M., Babaie, S.: A new distributed fault detection method for wireless sensor networks. IEEE Syst. J. 14(4), 4883–4890 (2020). https://doi.org/10.1109/JSYST.2020.2976827
Najafi, Z., Babaie, S.: A lightweight hierarchical key management approach for internet of things. J. Inf. Secur. Appl. 75, 103485 (2023). https://doi.org/10.1016/J.JISA.2023.103485
Afrashteh, M., Babaie, S.: A route segmented broadcast protocol based on RFID for emergency message dissemination in vehicular Ad-hoc Networks. IEEE Trans. Veh. Technol. (2020). https://doi.org/10.1109/TVT.2020.3041754
Almulhim, M., Islam, N., Zaman, N.: A lightweight and secure authentication scheme for IoT based e-health applications. Int. J. Comput. Sci. Netw. Secur. 19(1), 107–120 (2019)
Su, Y., Zhang, X., Qin, J., Ma, J.: Efficient and flexible multiauthority attribute-based authentication for IoT devices. IEEE Internet things J. 10(15), 13945–13958 (2023)
Al-Naji, F.H., Zagrouba, R.: A survey on continuous authentication methods in Internet of Things environment. Comput. Commun. 163(June), 109–133 (2020). https://doi.org/10.1016/j.comcom.2020.09.006
Alshawish, I., Al-Haj, A.: An efficient mutual authentication scheme for IoT systems. J. Supercomput. 78(14), 16056–16087 (2022). https://doi.org/10.1007/s11227-022-04520-5
Masud, M., Gaba, G.S., Kumar, P., Gurtov, A.: A user-centric privacy-preserving authentication protocol for IoT-Am I environments. Comput. Commun. 196, 45–54 (2022). https://doi.org/10.1016/J.COMCOM.2022.09.021
Shiri, A., Babaie, S., Hasan-Zadeh, J.: New active caching method to guarantee desired communication reliability in wireless sensor networks. J. Basic Appl. Sci. Res. 2(5), 4880–4885 (2012)
Deebak, B.D., Al-Turjman, F., Aloqaily, M., Alfandi, O.: An authentic-based privacy preservation protocol for smart e-healthcare systems in IoT. IEEE Access 7, 135632–135649 (2019). https://doi.org/10.1109/ACCESS.2019.2941575
Wazid, M., Das, A.K., Odelu, V., Kumar, N., Conti, M., Jo, M.: Design of secure user authenticated key management protocol for generic IoT networks. IEEE Internet Things J. 5(1), 269–282 (2018). https://doi.org/10.1109/JIOT.2017.2780232
Ramzan, M., Habib, M., Khan, S.A.: Secure and efficient privacy protection system for medical records. Sustain. Comput. Inform. Syst. 35, 100717 (2022). https://doi.org/10.1016/J.SUSCOM.2022.100717
Hajian, R., Erfani, S.H., Kumari, S.: A lightweight authentication and key agreement protocol for heterogeneous IoT with special attention to sensing devices and gateway. J. Supercomput. 78(15), 16678–16720 (2022). https://doi.org/10.1007/s11227-022-04464-w
Seddiqi, H., Babaie, S.: A new protection-based approach for link failure management of software-defined networks. IEEE Trans. Netw. Sci. Eng. (2021). https://doi.org/10.1109/TNSE.2021.3110315
Babaie, S.: Biometric authentication: an efficient option for Internet of Things applications during the COVID-19 pandemic. Acta Sci. Comput. Sci. 2(10), 1–2 (2020)
Ebrahimpour, E., Babaie, S.: A Lightweight authentication approach based on linear feedback shift register and majority function for internet of things. Peer-to-Peer Netw Appl (2023). https://doi.org/10.1007/s12083-023-01498-6
Roy, P.K., Sahu, P., Bhattacharya, A.: FastHand: a fast handover authentication protocol for densely deployed small-cell networks. J. Netw. Comput. Appl. 205, 103435 (2022). https://doi.org/10.1016/J.JNCA.2022.103435
Abdussami, M., Amin, R., Vollala, S.: LASSI: a lightweight authenticated key agreement protocol for fog-enabled IoT deployment. Int. J. Inf. Secur. 21(6), 1373–1387 (2022). https://doi.org/10.1007/s10207-022-00619-1
Yin, X., Wang, S., Zhu, Y., Hu, J., Member, S.: A novel length-flexible lightweight cancelable fingerprint template for privacy-preserving authentication systems in resource-constrained IoT applications. IEEE Internet Things J. 10(1), 877–892 (2023). https://doi.org/10.1109/JIOT.2022.3204246
Sadhukhan, D., Ray, S., Biswas, G.P., Khan, M.K., Dasgupta, M.: A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography. J. Supercomput. 77(2), 1114–1151 (2021). https://doi.org/10.1007/s11227-020-03318-7
Ryu, R., Yeom, S., Kim, S.H., Herbert, D.: Continuous multimodal biometric authentication schemes: a systematic review. IEEE Access 9, 34541–34557 (2021). https://doi.org/10.1109/ACCESS.2021.3061589
Hameed, K., Garg, S., Amin, M.B., Kang, B.: A formally verified blockchain-based decentralised authentication scheme for the internet of things. J. Supercomput. 77(12), 14461–14501 (2021). https://doi.org/10.1007/s11227-021-03841-1
Kitchenham, B.: Procedures for performing systematic reviews, (2004). 10.1.1.122.3308
Gope, P., Sikdar, B.: Lightweight and privacy-preserving two-factor authentication scheme for IoT devices. IEEE Internet Things J. 6(1), 580–589 (2019). https://doi.org/10.1109/JIOT.2018.2846299
Das, A.K., Wazid, M., Kumar, N., Vasilakos, A.V., Rodrigues, J.J.P.C.: Biometrics-based privacy-preserving user authentication scheme for cloud-based industrial internet of things deployment. IEEE Internet Things J. 5(6), 4900–4913 (2018). https://doi.org/10.1109/JIOT.2018.2877690
Liu, Z., Guo, C., Wang, B.: A physically secure, lightweight three-factor and anonymous user authentication protocol for iot. IEEE Access 8, 195914–195928 (2020). https://doi.org/10.1109/ACCESS.2020.3034219
Liu, W., Wang, X., Peng, W.: Secure remote multi-factor authentication scheme based on chaotic map zero-knowledge proof for crowdsourcing internet of things. IEEE Access 8, 8754–8767 (2020). https://doi.org/10.1109/ACCESS.2019.2962912
Wu, F., Li, X., Xu, L., Vijayakumar, P., Kumar, N.: A novel three-factor authentication protocol for wireless sensor networks with IoT notion. IEEE Syst. J. 15(1), 1120–1129 (2021). https://doi.org/10.1109/JSYST.2020.2981049
Li, S., Zhang, T., Yu, B., He, K.: A provably secure and practical PUF-based end-to-end mutual authentication and key exchange protocol for IoT. IEEE Sens. J. 21(4), 5487–5501 (2021). https://doi.org/10.1109/JSEN.2020.3028872
Aman, M.N., Basheer, M.H., Sikdar, B.: Two-factor authentication for IoT with location information. IEEE Internet Things J. 6(2), 3335–3351 (2019). https://doi.org/10.1109/JIOT.2018.2882610
Liang, Y., Samtani, S., Guo, B., Yu, Z.: Behavioral biometrics for continuous authentication in the Internet-of-Things era: an artificial intelligence perspective. IEEE Internet Things J. 7(9), 9128–9143 (2020). https://doi.org/10.1109/JIOT.2020.3004077
Mandal, S., Bera, B., Sutrala, A.K., Das, A.K., Choo, K.K.R., Park, Y.H.: Certificateless-signcryption-based three-factor user access control scheme for IoT environment. IEEE Internet Things J. 7(4), 3184–3197 (2020). https://doi.org/10.1109/JIOT.2020.2966242
Li, W., Wang, P.: Two-factor authentication in industrial Internet-of-Things: attacks, evaluation and new construction. Futur. Gener. Comput. Syst. 101, 694–708 (2019). https://doi.org/10.1016/j.future.2019.06.020
Vijayakumar, P., Obaidat, M.S., Azees, M., Islam, S.H., Kumar, N.: Efficient and secure anonymous authentication with location privacy for IoT-based WBANs. IEEE Trans. Ind. Inform. 16(4), 2603–2611 (2020). https://doi.org/10.1109/TII.2019.2925071
Li, X., Peng, J., Niu, J., Wu, F., Liao, J., Choo, K.K.R.: A robust and energy efficient authentication protocol for industrial internet of things. IEEE Internet Things J. 5(3), 1606–1615 (2018). https://doi.org/10.1109/JIOT.2017.2787800
Ghani, A., Mansoor, K., Mehmood, S., Chaudhry, S.A., Rahman, A.U., Najmus Saqib, M.: Security and key management in IoT-based wireless sensor networks: An authentication protocol using symmetric key. Int. J. Commun. Syst. (2019). https://doi.org/10.1002/dac.4139
Aghili, S.F., Mala, H., Shojafar, M., Peris-Lopez, P.: LACO: lightweight three-factor authentication, access control and ownership transfer scheme for E-health systems in IoT. Futur. Gener. Comput. Syst. 96, 410–424 (2019). https://doi.org/10.1016/j.future.2019.02.020
Rao, V., Prema, K.V.: Light-weight hashing method for user authentication in Internet-of-Things. Ad Hoc Netw. 89, 97–106 (2019). https://doi.org/10.1016/j.adhoc.2019.03.003
Lara, E., Aguilar, L., Sanchez, M.A., García, J.A.: Lightweight authentication protocol for M2M communications of resource-constrained devices in industrial internet of things. Sensors (Switzerland) (2020). https://doi.org/10.3390/s20020501
Li, J., et al.: A fast and scalable authentication scheme in IOT for smart living. Futur. Gener. Comput. Syst. 117, 125–137 (2021). https://doi.org/10.1016/j.future.2020.11.006
Jabbari, A., Mohasefi, J.B.: A secure and LoRaWAN compatible user authentication protocol for critical applications in the IoT environment. IEEE Trans. Ind. Inform 18(1), 56–65 (2022). https://doi.org/10.1109/TII.2021.3075440
Turkanović, M., Brumen, B., Hölbl, M.: A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion. Ad Hoc Netw. 20, 96–112 (2014). https://doi.org/10.1016/j.adhoc.2014.03.009
Malik, M., Dutta, M.: L-ECQV : lightweight ECQV implicit certificates for authentication in the Internet of Things. IEEE Access 11(March), 35517–35540 (2023). https://doi.org/10.1109/ACCESS.2023.3261666
Alwarafy, A., Al-Thelaya, K.A., Abdallah, M., Schneider, J., Hamdi, M.: A survey on security and privacy issues in edge-computing-assisted Internet of Things. IEEE Internet Things J. 8(6), 4004–4022 (2021). https://doi.org/10.1109/JIOT.2020.3015432
Navas, R.E., Cuppens, F., Boulahia Cuppens, N., Toutain, L., Papadopoulos, G.Z.: Physical resilience to insider attacks in IoT networks: Independent cryptographically secure sequences for DSSS anti-jamming. Comput. Netw. (2021). https://doi.org/10.1016/j.comnet.2020.107751
Il Bae, W., Kwak, J.: Smart card-based secure authentication protocol in multi-server IoT environment. Multimed Tools Appl. (2017). https://doi.org/10.1007/s11042-017-5548-2
Quamara M., Gupta, B.B., Yamaguchi, S.: An end-to-end security framework for smart healthcare information sharing against botnet-based cyber-attacks, In: Dig. Tech. Pap.: IEEE Int. Conf. Consum. Electron., vol. 2021-Janua, pp. 1–4, (2021). https://doi.org/10.1109/ICCE50685.2021.9427753.
Xu, Z., Xu, C., Liang, W., Xu, J., Chen, H.: A lightweight mutual authentication and key agreement scheme for medical internet of things. IEEE Access 7, 53922–53931 (2019). https://doi.org/10.1109/ACCESS.2019.2912870
Aghili, S.F., Mala, H., Kaliyar, P., Conti, M.: SecLAP: secure and lightweight RFID authentication protocol for Medical IoT. Futur. Gener. Comput. Syst. 101, 621–634 (2019). https://doi.org/10.1016/j.future.2019.07.004
Amin, R., Kumar, N., Biswas, G.P., Iqbal, R., Chang, V.: A light weight authentication protocol for IoT-enabled devices in distributed cloud computing environment. Futur. Gener. Comput. Syst. 78, 1005–1019 (2018). https://doi.org/10.1016/j.future.2016.12.028
Yang, S.K., Shiue, Y.M., Su, Z.Y., Liu, I.H., Liu, C.G.: An authentication information exchange scheme in WSN for IoT applications. IEEE Access 8, 9728–9738 (2020). https://doi.org/10.1109/ACCESS.2020.2964815
Burakgazi Bilgen, M., Abul, O., Bicakci, K.: Authentication-enabled attribute-based access control for smart homes. Int. J. Inf. Secur. 22(2), 479–495 (2023). https://doi.org/10.1007/s10207-022-00639-x
Thakare, A., Kim, Y.G.: Secure and efficient authentication scheme in IoT environments, In: Dep. Comput. Inf. Secur. Converg. Eng. Intell. Drone, Sejong Univ. Seoul 05006, Korea, 11(3), (2021)
Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols, In: 1st ACM Conf. Comput. Commun. Secur., pp. 62–73, (1993)
Garg, S., Kaur, K., Kaddoum, G., Choo, K.K.R.: Toward secure and provable authentication for internet of things: realizing industry 4.0. IEEE Internet Things J. 7(5), 4598–4606 (2020). https://doi.org/10.1109/JIOT.2019.2942271
Li, D., et al.: Blockchain-based authentication for IIoT devices with PUF. J. Syst. Archit. 130, 102638 (2022). https://doi.org/10.1016/J.SYSARC.2022.102638
Qureshi, M.A., Munir, A.: PUF-IPA: a PUF-based identity preserving protocol for Internet of Things authentication, In: 2020 IEEE 17th Annu. Consum. Commun. Netw. Conf. CCNC 2020, (2020). https://doi.org/10.1109/CCNC46108.2020.9045264
Huszti, A., Kovács, S., Oláh, N.: Scalable, password-based and threshold authentication for smart homes. Int. J. Inf. Secur. 21(4), 707–723 (2022). https://doi.org/10.1007/s10207-022-00578-7
Lohachab, A., Karambir: ECC based inter-device authentication and authorization scheme using MQTT for IoT networks. J. Inf. Secur. Appl. 46, 1–12 (2019). https://doi.org/10.1016/j.jisa.2019.02.005
Jangirala, S., Das, A.K., Vasilakos, A.V.: Designing secure lightweight blockchain-Enabled RFID-based authentication protocol for supply chains in 5G mobile edge computing environment. IEEE Trans. Ind. Inform. 16(11), 7081–7093 (2020). https://doi.org/10.1109/TII.2019.2942389
Atiewi, S., et al.: Scalable and secure big data IoT system based on multifactor authentication and lightweight cryptography. IEEE Access 8, 113498–113511 (2020). https://doi.org/10.1109/ACCESS.2020.3002815
Haseeb, K., Almogren, A., Din, I.U., Islam, N., Altameem, A.: SASC: secure and authentication-based sensor cloud architecture for intelligent internet of things. Sensors (Switzerland) (2020). https://doi.org/10.3390/s20092468
Azrour, M., Mabrouki, J., Guezzaz, A., Farhaoui, Y.: New enhanced authentication protocol for Internet of Things. Big Data Min. Anal. 4(1), 1–9 (2021). https://doi.org/10.26599/BDMA.2020.9020010
Dammak, M., Boudia, O.R.M., Messous, M.A., Senouci, S.M., Gransart, C.: Token-based lightweight authentication to secure IoT networks. In: 2019 16th IEEE Annu. Consum. Commun. Netw. Conf. CCNC 2019, (2019). https://doi.org/10.1109/CCNC.2019.8651825.
Sun, J., Khan, F., Li, J., Alshehri, M.D., Alturki, R., Wedyan, M.: Mutual authentication scheme for the device-to-server communication in the internet of medical things. IEEE Internet Things J. 8(21), 15663–15671 (2021). https://doi.org/10.1109/JIOT.2021.3078702
Zhou, H., Lv, K., Huang, L., Ma, X.: Quantum network: security assessment and key management. IEEE/ACM Trans. Netw. 30(3), 1328–1339 (2022). https://doi.org/10.1109/TNET.2021.3136943
Funding
Funding information is not applicable/no funding was received.
Author information
Authors and Affiliations
Contributions
SB contributed to conceptualization, methodology, validation, and writing—review and editing, and supervision. EE involved in searching, writing—original draft, and simulation.
Corresponding author
Ethics declarations
Conflict of interest
All authors have participated in (a) conception and design, or analysis and interpretation of the data; (b) drafting the article or revising it critically for important intellectual content; and (c) approval of the final version. This manuscript has not been submitted to, nor is under review at, another journal or other publishing venue.
Ethical approval
Not applicable.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Ebrahimpour, E., Babaie, S. Authentication in Internet of Things, protocols, attacks, and open issues: a systematic literature review. Int. J. Inf. Secur. 23, 1583–1602 (2024). https://doi.org/10.1007/s10207-023-00806-8
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-023-00806-8