A Multi-factor User Authentication and Key Agreement Protocol Based on Bilinear Pairing for the Internet of Things

The Internet of Things (IoT) presents a new paradigm of the future internet that intends to provide interactive communication between various processing object via heterogeneous networks. By increasing the IoT usage, establishing the security of IoT becomes a big concern. One of the security related issues is user authentication; that means before a user can access to the IoT nodes, the user and IoT node must authenticate each other. In this paper, a multi-factor user authentication and key agreement protocol, with reasonable computational time, applicable for IoT environments is proposed. To gain access to the services provided by IoT nodes, first, the gateway must authenticate the user and then, with help of the gateway, the IoT node can authenticate the user. The proposed protocol uses elliptic curve cryptography (ECC) and provides: (1) mutual authentication between the user and IOT node; (2) fresh shared session key; (3) multi-factor authentication; (4) several security requirements (i.e., non-repudiation, anonymity and untraceability, etc.). Formal verification of the proposed protocol using Burrows-Abadi-Needham logic shows that the protocol achieves the desired goals. Protocol simulation using Internet Security Protocols and Applications tool proves the security and robustness of the proposed protocol against well-known attacks. Finally, comparing the proposed protocol with other protocols shows that it is efficient in terms of computational time.