A Secure ECC-Based Authentication Scheme to Resist Replay Attacks for the IoT

Because of the resource-constrained characteristic of IoT devices, it is difficult to achieve user authentication in IoT by using classical Internet’s authentication schemes. The reply attack is a classical attack on authentication protocols. The timestamp mechanism by maintaining clock synchronization is generally used in the exiting schemes for IoT. We propose a lightweight authentication scheme based on elliptic curve cryptography (ECC) in this paper. The proposed scheme introduces an improved challenge-response mechanism instead of the timestamp. Thus, storage and computation cost of generating and maintaining timestamp can be eliminated.