Signature-based three-factor authenticated key exchange for internet of things applications

Internet of Things (IoT) is one of several technology trends, and IoT applications are found in a wide range of industry sectors such as healthcare and critical infrastructure. Authenticated key exchange schemes play an important role in protecting user and data privacy and ensuring the security of data-in-transit in IoT infrastructure (e.g. via user identification and provision of secure communication). However, designing secure authenticated key exchange (AKE) schemes remain a challenging task. In this paper, we reveal that Challa et al.'s three-factor AKE scheme is vulnerable to a number of known attacks. Then, we present an improved signature-based three-factor authenticated key exchange protocol and prove its security under the extended model of Bellare et al. (Tecnologia Electronica E Informatica 1807:139-155, 2000). A comparative summary is also presented, which demonstrates that our proposed scheme is sufficiently lightweight for IoT deployment and outperforms those of Challa et al. (IEEE Access 5:3028-3043, 2017) and Turkanovi et al. (Ad Hoc Netw 20(2):96-112, 2014), in terms of security features, computation and communication costs.