Provable Secure Anonymous Device Authentication Protocol in IoT Environment

The inherent massive heterogeneous devices and open channels in the Internet of Things (IoT) present significant challenges for identity authentication between devices and cloud servers. For this issue, reliable protocols ensure the legality of participants and act as a crucial method to provide security for authentication. In previous research, schemes devised by researchers exhibit certain security vulnerabilities, making it challenging to withstand comprehensive network attacks, e.g., stolen device attacks, replay attacks, impersonation, etc. Additionally, some protocols have complex interaction processes, which incur significant computational redundancy and resource loss. Motivated by this, this article proposes an anonymous and certificateless lightweight authentication protocol (ACLAP) for device-to-server and device-to-device based on elliptic curve cryptography. It improves the communication quality between devices and cloud servers and solves the security risks in authentication. In the scheme, we utilize device users' passwords and biometric features as verification credentials without storing any trusted proofs on the cloud server. We address the issue of resource consumption caused by numerous devices in the IoT environment. From formal security analysis and comparisons with other works, our protocol has preferable security performance and effectively saves communication resources for authentication. Simulation results demonstrate the feasibility and practical significance of the scheme.