A privacy-preserving code-based authentication protocol for Internet of Things

The Internet of Things (IoT) is an upcoming technology that permits to interconnect different devices and machines using heterogeneous networks. One of the most critical issues in IoT is to secure communication between IoT components. The communication between the different IoT components is insecure, which requires the design of a secure authentication protocol and uses hardness cryptographic primitives. In 2017, Wang et al. proposed an improved authentication protocol based on elliptic curve cryptography for IoT. In this paper, we demonstrate that Wang et al.'s protocol is not secure. Additionally, we propose a privacy-preserving authentication protocol using code-based cryptosystem for IoT environments. The code-based cryptography is an important post-quantum cryptography that can resist quantum attacks. It is agreed in design several cryptographic schemes. To assess the proposed protocol, we carry out a security and performance analysis. Informal security analysis and formal security validation show that our protocol achieves different security and privacy requirements and can resist several common attacks, such as desynchronization attacks, quantum attacks, and replay attacks. Moreover, the performance evaluation indicates that our protocol is compatible with capabilities of IoT devices.