SLAK: secure lightweight scheme for authentication and key-agreement in internet of things

Internet of things connect unlimited number of heterogeneous devices in order to facilitate services and hence touching most of daily life fields. However, security concerns are a major obstacle to the development and rapid deployment of this high technology. Thus, securing the authentication process has become very important, as it is necessary to prove the legitimacy of the communication devices. Recently, researchers are proposing several mutual authentication and session key agreement protocols. In this regard, we propose our own improved protocol that relies on login, mutual authentication and the agreement of session key in a safety way to secure communications. For the security evaluation of the proposal, we use the authentication BAN logic and the widely used AVISPA tool. The results prove the achievement of mutual authentication and session key agreement securely, in addition to its safety against some known attacks as eavesdropping and replay attacks. For a performance evaluation, we compare the proposal with recent related works in terms of computational and communication costs. The results show the lightness of our protocol and thus its suitability to heterogeneous IoT devices.