A Lightweight ECC-Based Authentication Scheme for Internet of Things (IoT)

Internet of Things (IoT) enables the interconnection of physical and virtual objects that are managed by various types of hardware, software, and communication technologies. The large-scale deployment of IoT is actually enabling smart cities, smart factories, smart health, and many other applications and initiatives all over the world. Indeed, according to a recent Gartner study, 50 billion connected objects will be deployed by 2020. IoT will make our cities and daily applications smart. However, IoT technologies also open up multiple risks and privacy issues. Due to hardware limitations of IoT objects, implementing and deploying robust and efficient security and privacy solutions for the IoT environment remains a significant challenge. One-time password (OTP) is an authentication scheme that represents a promising solution for IoT and smart cities environments. We extend the OTP principle and propose a novel approach of OTP generation that relies on elliptic curve cryptography and isogeny in order to ensure IoT security. We evaluate the efficacy of our approach with a real implementation and compared its performance with two other approaches namely, hash message authentication code-based OTP and time-based OTP. The performance results obtained demonstrate the efficiency and effectiveness of our approach in terms of security and performance.