A multi-device user authentication mechanism for Internet of Things

The advent of the Internet of Things (IoT) enables different customized services to ease the day-to-day life activities of users by utilizing information attained through the internet connectivity of low-powered sensing devices. Due to device diversity and resource constraints of participating devices, IoT is vulnerable to security attacks. Consequently, authentication is the fundamental measure for using IoT services in the context of network security. IoT devices' resource captivity makes designing robust and secure authentication mechanisms challenging. Besides, existing user authentication mechanisms are designed assuming a user always accesses an IoT environment using a particular device. However, nowadays, most users employ multiple devices to access the internet; subsequently, it needs an authentication mechanism to handle this diversity. This paper addresses this limitation and proposes a new One-Time Password (OTP)-based user authentication scheme supporting user access from multiple devices in an IoT environment. We verify the proposed scheme using widely used BAN logic, AVISPA tool, and informal security analysis, guaranteeing that our scheme preserves the necessary security features. Comparative performance analysis shows that our scheme achieves comparable computation, storage, and communication costs concerning existing works. Moreover, simulation results demonstrate that the proposed method also sustains satisfactory network performance.