Abstract
Sensory data emanating from IoT for mission-critical applications warrants proper authentication and access control for its acceptance and usage. It becomes challenging to develop such efficient solutions to commensurate with the resource constraint nature of devices forming IoT. This paper presents an efficient scheme leveraging 3-factor authentication based upon user’s smart card, password, and a fuzzy commitment. The mutual authentication attained between the key agents like remote user, Gateway node, and IoT device, with low overheads, adds novelty to our proposed scheme. The scheme provides a lightweight dynamic key exchange scheme to maintain forward secrecy and time stamps to thwart replay attacks. Implementation of the scheme using Elliptical curve cryptography over the primary field has kept it lightweight and hardens the scheme leveraging Elliptical Curve Discrete Logarithm Problem (ECDLP). Automated validation using the Scyther tool and Burrows-Abadi-Needham (BAN) logic validates that the scheme is resilient against attacks as claimed in the proposed scheme. The results have been further reinforced by simulation of the scheme over NS3. We evaluate our scheme's performance and compare it with other related schemes in respect of communication, computational and energy costs and find it efficient.