An Improved Lightweight PUF–PKI Digital Certificate Authentication Scheme for the Internet of Things

Prosanta and Biplab presented a lightweight two-factor authentication scheme for the Internet of Things (IoT) devices based on the physical unclonable function (PUF). Their presented scheme was based on the fuzzy extractor and analyzed various security reasonings, such as mutual authentication, session key agreement, privacy and protection against impersonation, message tampering, and replay attacks. In this article, we present sufficient security analysis to demonstrate that the scheme has various security and privacy issues in its setup and authentication phases. We propose a highly secure and robust authentication protocol based on a public key infrastructure (PKI) digital certificate based on two certificate authorities (CAs) for cloud IoT systems. The proposed authentication method is verified and validated using the Tamarin prover and supported with a detailed security and performance analysis discussion. The scheme security and privacy attributes are compared with other IoT authentication schemes. The analysis has proved that the proposed authentication scheme is more secure and highly reliable as compared to the Prosanta and Biplab authentication scheme.