A lightweight biometric-assisted authentication approach for internet of things

The Internet of Things describes a connection between sensors, devices, and humans through a network, enabling seamless interaction among components and an end user. However, the rapid growth of this technology has caused some vulnerabilities, including exploits, attacks, and attempts to gain unauthorized access to network resources. However, it is necessary to unauthorized access attempts and protect users' privacy through the validation of identities. In this article, a biometric-assisted authentication approach based on the elliptic curve technique is presented for the Internet of Things, which consists of a four-layer architecture including users, smart devices, a manager node, and a gateway node. The proposed approach can provide mutual authentication between the authorized components of the network in four phases including setup, registration, login and authentication, and password update. Informal security analysis demonstrates that the proposed approach is robust against known attacks such as man-in-the-middle, replay, message forgery, and password guessing. Moreover, the Real or Random (ROR) model has been utilized to validate the formal security of the proposed approach. In addition, the results of the simulations conducted through the AVISPA tool indicate that the proposed approach is secure. Furthermore, the evaluation of communication cost, computation cost, and energy consumption reveal that the overhead of the proposed approach is negligible.