LAUSR

Internet of Things has remarkable effects in human’s daily life. It is important for users and sensors to securely access data collected by low-cost sensors via Internet in real-time IoT applications. There exist many authentication protocols for guaranteeing secure communication between users and sensors. However, in some protocols, the privacy of unattended sensors subjected to capture node attacks cannot be guaranteed. Moreover, the sensors subjected to physical tampering attacks can still execute normally the authentication process. Besides, an authentication protocol should be lightweight due to the restricted computing power and storage of the sensors. The idea of designing a more secure and lightweight authentication protocol engender this article. The proposed protocol can provide the physical security through physically unclonable function (PUF), require no additional phase to update challenge-response pairs (CRPs), and store a single CRP for each sensor. At the same time, the proposed protocol utilizes three factors, such as personal biometrics, smartcard and password, to strengthen the security contrasting with two factors, and manipulates some basic cryptographic operations, including bitwise-exclusive-OR (XOR) and hash function, to achieve the lightweight performance. Moreover, both formal security analysis based on Real-Or-Random (ROR) and informal security analysis demonstrate the security of the proposed protocol. Compared with the existing related protocols, the proposed protocol has the advantage in terms of security, functionality and computation costs. Finally, a NS3 simulation on measuring various network performance parameters indicates that the proposed protocol is practical in IoT environment.