EPSAPI: An efficient and provably secure authentication protocol for an IoT application environment

With the increasing and rapid deployment of the Internet of Things (IoT), it has become necessary to design an efficient secure user authentication protocol to reduce security vulnerabilities and attacks that affect the performance of IoT applications. During the last decade, several authentication protocols have been proposed to provide secure communication between remote users and the IoT sensor nodes. Nevertheless, most of these contributions have serious security vulnerabilities and high computational overhead at the IoT sensor node side. In this article, we present a secure three-factor (i.e., password, biometrics, and smart device) user authentication and key agreement protocol (EPSAPI) based on the chaotic maps (CMs) and the fuzzy extractor to reduce the overhead on the IoT sensor node side. It satisfies the required security features and provides efficient communication and computational overheads for a restricted IoT environment. In addition, an informal and formal security analysis, including the Real-Or-Random (ROR) model, Burrows-Abadi-Needham (BAN) logic, and the popular simulation tool Automated Validation of Internet Security Protocols and Applications (AVISPA), concludes that the EPSAPI protocol is provably secure and can withstand all possible well-known attacks. Finally, the presented protocol is better than other recent protocols by performance comparison and it is practical by simulation study through the widely used tool NS-3.