ScPUAK: Smart card-based secure Protocol for remote User Authentication and Key agreement

Internet of Things (IoT) is a fast-growing trend in wireless communication where various connected objects become an everyday part of our lives. The richness of the network is leading to open challenges and exposure to various attacks. Thus, security remains a major concern. Our purpose for this paper is to propose a smart card-based protocol that enables mutual authentication between a user and a server and allows for the establishment of a secure session key. In this context, we use Elliptic curve cryptography (ECC) and other lightweight operations as hash function and exclusive OR (XOR). We perform an evaluation of our protocol using Burrows-Abadi-Needham (BAN) logic, Scyther verification tool and Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The results show that our solution is robust to most known attacks, suitable to IoT devices and more efficient compared to recent related protocols.