RESEAP: An ECC-Based Authentication and Key Agreement Scheme for IoT Applications

Although the Internet of Things (IoT) provides many benefits for our life but it also raises many security threats. The main risk is the security of the transferred data comprising very critical information that its leakage compromises our privacy. In this regard, many security protocols have been introduced in literature, among which multi factor authentication protocols have been received considerable attention. in this paper, in the first step, the first third party security analysis of the newly proposed scheme denoted as ESEAP (designed by Kumari et al.) is presented. The provided analysis shows that this protocol has a number of security flaws including vulnerability to off-line password guessing attack, traceability attack, impersonation attack, insider attack and also desynchronization attack. For the second step, an enhanced protocol denoted as RESEAP is proposed in which we use physically unclonable function to improve its security. We prove the security of RESEAP informally and also formally in real or random model, which is a widely accepted security model to prove the security of a cryptographic protocol. While the security analysis confirms that RESEAP protocol has better security, its comparison with ESEAP also shows its higher efficiency.