An Improved Lightweight Two-Factor Authentication Protocol for IoT Applications

The Internet of things (IoT) is defined as a network of connected objects or devices that gather information and share or exchange them through communication systems. In many applications, maintaining the privacy and security of the exchanged data is of great importance. Therefore, protecting sensitive data against security threats is a major concern in IoT applications. Using multifactor authentication protocols is an efficient solution to provide these features. Recently, a two-factor authentication protocol using physical unclonable functions and wireless fingerprints has been proposed by Aman et al. In this article, we first analyze Aman et al.'s protocol and discuss its weaknesses and vulnerabilities. Then, we propose an improved two-factor authentication protocol to provide strong mutual authentication and overcome the mentioned issues. The informal security analysis of the proposed scheme demonstrates that it is resistant to several well-known attacks. We also perform a security analysis of the proposed scheme using Burrows–Abadi–Needham logic. We further evaluate the proposed protocol in terms of computational complexity and security features. The results demonstrate that our scheme has significantly better computational efficiency and provides better security features compared to Aman et al.'s protocol.