A Lightweight Mutual Authentication Protocol for Secure IoT Communication in Resource-Constrained Environments

The rapid expansion of the Internet of Things (IoT) has enabled seamless connectivity among billions of resource-constrained devices, creating new opportunities in smart healthcare, industrial automation, smart cities, and cyber-physical systems. However, this connectivity introduces serious security challenges, particularly in the area of device authentication and secure communication. Mutual authentication is a fundamental requirement to ensure that both communicating entities verify each other before exchanging sensitive data. Traditional authentication mechanisms are often unsuitable for IoT environments due to their computational overhead, energy consumption, and communication latency. This paper proposes a lightweight mutual authentication protocol designed specifically for resource-constrained IoT environments. The proposed framework leverages efficient cryptographic primitives and physical unclonable functions (PUFs) to achieve secure, scalable, and low-overhead authentication. The protocol is evaluated conceptually against common IoT threats such as impersonation attacks, replay attacks, and man-in-the-middle attacks. Comparative analysis with existing state-of-the-art approaches demonstrates that the proposed solution significantly improves efficiency while maintaining strong security guarantees. The study also explores integration scenarios in Internet of Medical Things (IoMT) and edge-enabled IoT architectures.

Mutual authentication, Internet of Things, lightweight security, physical unclonable function

Alwarafy, K. A. Al-Thelaya, M. Abdallah, J. Schneider, and M. Hamdi, “A survey on security and privacy issues in edge-computing-assisted internet of things,” IEEE Internet of Things Journal, vol. 8, no. 6, pp. 4004–4022, 2021.

M. N. Aman, K. C. Chua, and B. Sikdar, “Mutual authentication in iot systems using physical unclonable functions,” IEEE Internet of Things Journal, vol. 4, no. 5, pp. 1327–1340, 2017.

A. Gatouillat, Y. Badr, B. Massot, and E. Sejdić, “Internet of medical things: A review of recent contributions dealing with cyber-physical systems in medicine,” IEEE Internet of Things Journal, vol. 5, no. 5, pp. 3810–3822, 2018.

Ghubaish, T. Salman, M. Zolanvari, D. Unal, A. Al-Ali, and R. Jain, “Recent advances in the internet-of-medical-things (iomt) systems security,” IEEE Internet of Things Journal, vol. 8, no. 11, pp. 8707–8718, 2021.

M. Islam, S. Nooruddin, F. Karray, and G. Muhammad, “Internet of things: Device capabilities, architectures, protocols, and smart applications in healthcare domain,” IEEE Internet of Things Journal, vol. 10, no. 4, pp. 3611–3641, 2023.

A. M. Joshi, P. Jain, and S. P. Mohanty, “iglu 3.0: A secure noninvasive glucometer and automatic insulin delivery system in iomt,” IEEE Transactions on Consumer Electronics, vol. 68, no. 1, pp. 14–22, 2022.

M. Kumar and S. Chand, “A lightweight cloud-assisted identity-based anonymous authentication and key agreement protocol for secure wireless body area network,” IEEE Systems Journal, vol. 15, no. 2, pp. 2779–2786, 2021.

S. M. Karunarathne, N. Saxena, and M. K. Khan, “Security and privacy in iot smart healthcare,” IEEE Internet Computing, vol. 25, no. 4, pp. 37–48, 2021.

S. L. Keoh, S. S. Kumar, and H. Tschofenig, “Securing the internet of things: A standardization perspective,” IEEE Internet of Things Journal, vol. 1, no. 3, pp. 265–275, 2014.

Butun, P. Österberg, and H. Song, “Security of the internet of things: Vulnerabilities, attacks, and countermeasures,” IEEE Communications Surveys Tutorials, vol. 22, no. 1, pp. 616–644, 2020.

G. Hatzivasilis, O. Soultatos, S. Ioannidis, C. Verikoukis, G. Demetriou, and C. Tsatsoulis, “Review of security and privacy for the internet of medical things (iomt),” in 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS), 2019, pp. 457–464.

G. Hatzivasilis, O. Soultatos, S. Ioannidis, C. Verikoukis, G. Demetriou, and C. Tsatsoulis, “Review of security and privacy for the internet of medical things (iomt),” in 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS), 2019, pp. 457–464.

F. Chen, Y. Tang, C. Wang, J. Huang, C. Huang, D. Xie, T. Wang, and C. Zhao, “Medical cyber–physical systems: A solution to smart health and the state of the art,” IEEE Transactions on Computational Social Systems, vol. 9, no. 5, pp. 1359–1386, 2022.

H. Habibzadeh, K. Dinesh, O. Rajabi Shishvan, A. Boggio-Dandry, G. Sharma, and T. Soyata, “A survey of healthcare internet of things (hiot): A clinical perspective,” IEEE Internet of Things Journal, vol. 7, no. 1, pp. 53–71, 2020.

Sengupta, S. Ruj, and S. Das Bit, “A comprehensive survey on attacks, security issues and blockchain solutions for iot and iiot,” Journal of Network and Computer Applications, vol. 149, p. 102481, 2020.

Z. Tang, Z.-H. Sun, E. Q. Wu, C.-F. Wei, D. Ming, and S.-D. Chen, “Mrcg: A mri retrieval framework with convolutional and graph neural networks for secure and private iomt,” IEEE Journal of Biomedical and Health Informatics, vol. 27, no. 2, pp. 814–822, 2023.

V. P. Yanambaka, S. P. Mohanty, E. Kougianos, and D. Puthal, “Pmsec: Physical unclonable function-based robust and lightweight authentication in the internet of medical things,” IEEE Transactions on Consumer Electronics, vol. 65, no. 3, pp. 388–397, 2019.

X. Chen, D. He, M. K. Khan, M. Luo, and C. Peng, “A secure certificateless signcryption scheme without pairing for internet of medical things,” IEEE Internet of Things Journal, vol. 10, no. 10, pp. 9136–9147, 2023.

S. Singh, S. Bodapati, S. Patkar, R. Leupers, A. Chattopadhyay, and F. Merchant, “Pa-puf: A novel priority arbiter puf,” in 2022 IFIP/IEEE 30th International Conference on Very Large Scale Integration (VLSI-SoC), 2022, pp. 1–6.

M. A. Qureshi and A. Munir, “PUF-RAKE: A PUF-Based Robust and Lightweight Authentication and Key Establishment Protocol,” IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 4, pp. 2457–2475, 2022.

S. Roy, D. Das, A. Mondal, M. H. Mahalat, B. Sen, and B. Sikdar, “Plake: Puf based secure lightweight authentication and key exchange protocol for iot,” IEEE Internet of Things Journal, 2022.

Y. Zheng, W. Liu, C. Gu, and C.-H. Chang, “Puf-based mutual authentication and key exchange protocol for peer-to-peer iot applications,” IEEE Transactions on Dependable and Secure Computing, pp. 1–18, 2022.

O. Samuel, A. B. Omojo, A. M. Onuja, Y. Sunday, P. Tiwari, D. Gupta, G. Hafeez, A. S. Yahaya, O. J. Fatoba, and S. Shamshirband, “Iomt: A covid-19 healthcare system driven by federated learning and blockchain,” IEEE Journal of Biomedical and Health Informatics, vol. 27, no. 2, pp. 823–834, 2023.

X. Yang, X. Yi, I. Khalil, J. Luo, E. Bertino, S. Nepal, and X. Huang, “Secure and lightweight authentication for mobile-edge computing-enabled WBANs,” IEEE Internet of Things Journal, vol. 9, no. 14, pp. 12563–12572, 2022.

X. Yang, X. Yi, S. Nepal, I. Khalil, X. Huang, and J. Shen, “Efficient and anonymous authentication for healthcare service with cloud based WBANs,” IEEE Transactions on Services Computing, vol. 15, no. 5, pp. 2728–2741, 2022.

X. Yang, X. Yi, S. Nepal, I. Khalil, X. Huang, and J. Shen, “Efficient and anonymous authentication for healthcare service with cloud based WBANs,” IEEE Transactions on Services Computing, vol. 15, no. 5, pp. 2728–2741, 2022.

S. Singh, S. Bodapati, S. Patkar, R. Leupers, A. Chattopadhyay, and F. Merchant, “Pa-puf: A novel priority arbiter puf,” in 2022 IFIP/IEEE 30th International Conference on Very Large Scale Integration (VLSI-SoC), 2022, pp. 1–6.

S. Li, T. Zhang, B. Yu, and K. He, “A provably secure and practical puf-based end-to-end mutual authentication and key exchange protocol for iot,” IEEE Sensors Journal, vol. 21, no. 4, pp. 5487–5501, 2021.

A. Ray, Cybersecurity for Connected Medical Devices. Elsevier Inc., 2021.

GlobalData, “Leading medical companies in the internet of things (iot) theme,” 2023.