ILAS-IoT: An improved and lightweight authentication scheme for IoT deployment

Abstract

In 2019, Banerjee et al. (IEEE Int Things J 6(5):8739-8752, 2019; 10.1109/JIOT.2019.2931372) proposed an authenticated key agreement scheme to facilitate the session establishment resulting into a session key between a user and a smart device for IoT based networks. As per their claim, the scheme of Banerjee et al. provides known security features and resist all known attacks using only lightweight symmetric key primitives. The analysis in this paper; however, shows that the scheme of Banerjee et al. cannot complete normally. The user in their scheme, after sending a request message may never receive the response from smart device. This incorrectness results into total in applicability of Banerjee et al.'s scheme. Moreover, it is also shown that their scheme has weaknesses against stolen verifier attack. Then an improved lightweight authentication scheme for IoT deployments (ILAS-IoT) is proposed in this article. ILAS-IoT performs the process correctly by increasing very little computation and communication overheads. The proposed ILAS-IoT also resists stolen verifier and all known attacks, which is evident from the formal and informal security analysis.