A secure three-factor authentication scheme for IoT environments

Today, many users' extensive use of the Internet of Things (IoT) has made authentication an inevitable issue in the IoT. The currently existing authentication methods are subjected to many challenges by various factors such as the limited resources, the lack of authorization, and the need for a light-weighted authentication process. Therefore, it is essential to provide a security framework and protect the users' privacy at the lowest cost. This paper proposes a three-factor-based authentication scheme, called defense-in-depth, for the IoT environments on the blockchain platform. The proposed protocol applies mutual authentication with user authorization using smart card registration on a private blockchain without the need for a trustable server. The use of Elliptic-Curve Cryptography (ECC) and the analysis of the security of the proposed protocol using AVISPA tool, formal/informal security analysis altogether indicate that the proposed scheme is more secure and efficient in terms of computational and communications costs.