Abstract

The rapid advancement of telecommunication infrastructures and endpoint technologies has led to a significant incorporation of Internet of Things devices in modern lifestyles. IoT involves a wide range of applications, such as connected video surveillance systems for security, wearable body sensors for health monitoring, and temperature sensors for environmental control in agricultural fields. These devices are essential for gathering and transmitting data in real-time. However, data acquisition and transmission processes are often exposed to serious security threats, particularly concerning data integrity, user privacy, and communication reliability. Conventional security mechanisms are typically inappropriate to resource constrained IoT devices. Thus, to overcome these challenges, extensive research has been devoted to developing secure communication frameworks, with a particular focus on robust authentication and key agreement protocols. Authentication is essential to guarantee the legitimacy of the information source, and many proposed AKA schemes rely on asymmetric cryptographic techniques. In this paper, we introduce an Enhanced Lightweight Cryptography-based Authentication Protocol for IoT devices, conceived to meet the computational constraints of IoT devices by employing simple XOR and hashing operations. The protocol enables mutual authentication between IoT devices and routers without the need to share credentials directly. Prior to authentication, an offline registration phase is conducted through an Authentication Server (AS), which generates unique key parameters based on the identifiers of the devices and routers. These parameters are securely distributed to both parties. Authentication is then performed using these pre-shared parameters in a computationally efficient yet secure manner that safeguards against common security threats. Theoretical analysis demonstrates that the proposed protocol is resistant to several common attacks, including man-in-the-middle, impersonation, session key disclosure, replay, and eavesdropping attacks. Additionally, the protocol ensures device anonymity and data privacy while maintaining lightweight performance suitable for constrained IoT environments.