A Lightweight Privacy Protection User Authentication and Key Agreement Scheme Tailored for the Internet of Things Environment: LightPriAuth

Different data are collected by diverse sensors under an Internet of things scenario, such as health data, environmental data, and traffic flow data. People can access data remotely via the Internet easily. Considering the importance and confidentiality of these data, it is necessary to ensure the data security. In this study, we propose an authentication and key establishment scheme for an Internet of things scenario based on low-capability devices. This scheme achieves many security features: user anonymity, sensor anonymity, forward secrecy, resistance to the loss of synchronization problem, and so on We verified these security features using AVISPA and ProVerif; both results show that the scheme is safe enough to achieve the security requirements. Besides, the experiment results elucidate that this scheme gains an advantage in computation and communication costs. It is because of the sole usage of XOR operations and hash functions as well as a minimal amount of asymmetric encryptions to fulfil forward secrecy.