A group key-based lightweight Mutual Authentication and Key Agreement (MAKA) protocol for multi-server environment

Use of Internet-of-Things (IoT)-based wireless applications has been exponentially increased nowadays and likely to accelerate in near future. Thus, a large volume of traffic needs to be managed at the application server. In such scenario, the traditional single-server architecture shows serious performance bottleneck and needs to be replaced by multiple servers. In addition, several security and design vulnerabilities may arise while accessing application data through various resource-constraint mobile devices. Thus, ensuring entity authentication, application data confidentiality and energy-efficient computations are essential. In this article, we introduce a group key-based lightweight Mutual Authentication and Key Agreement (MAKA) protocol for multi-server environment. The proposed protocol is designed using low-cost cryptographic primitives (such as hash function and symmetric key encryption/decryption) to address energy-efficiency requirements of the resource-constraint mobile devices. It reduces computational burden of the registration center by distributing the traffic load into a group of servers. Additionally, registration center needs not to maintain one-to-one communication with its users whenever a new server is added to the system. The protocol achieves various security and design properties which are verified both formally and informally. Finally, we compare our protocol with others to show its applicability in real-life implementations.