Ad Hoc Networks 146 (2023) 103159

Contents lists available at ScienceDirect

Ad Hoc Networks
journal homepage: www.elsevier.com/locate/adhoc

Survey paper

A comprehensive survey on authentication and secure key management in

internet of things: Challenges, countermeasures, and future directions
Patruni Muralidhara Rao a, B.D. Deebak a, b, *
a
School of Computer Science and Engineering, Vellore Institute of Technology, Vellore 632014, India
b
Department of Computer Engineering, Gachon University, Seongnam 13120, South Korea

A R T I C L E I N F O A B S T R A C T

Keywords: Critical infrastructures such as healthcare, intelligent transportation, and home automation adapt billions of
Security and privacy smart IoT devices to handle real-time data effectively in the digital era. The latest development in sensory and
Authentication communication technologies collaborate directly with modern applications to bridge networking services
Key-management
without human intervention. Most information systems enable the extension of digital technology to demonstrate
Internet of things
the potential use of next-generation network services and management. However, recent advancements open
Network Models
various opportunities, including repudiation, data tampering, and security threats in digital security and privacy.
Thus, this survey article chooses a systematic literature review to present a comprehensive survey on authen­
tication and key management in IoT. To discuss the major issues involved in IoT environments, this survey
categorizes the work progress into four modules: 1. Discuss the broad aspects of convergence technologies,
including healthcare, smart farming, intelligent transportation, etc., to address challenges such as security and
privacy in IoT; 2. Conduct a comprehensive review of state-of-the-art technologies to identify security re­
quirements, services, and challenges associated with modern IoT applications; 3. Present a systematic approach
to review various key agreement schemes based on network models and performance analysis to examine po­
tential vulnerabilities. 4. Show a thematic analysis to determine suitable corrective measurements dealing with
various security and privacy issues. Finally, this paper rationalizes significant progress, including research
challenges and future directions in IoT to promote new insights.

1. Introduction
Of late, the creation of Internet applications has become increasingly
important in people’s lives. However, optimized Internet usage ac­
cording to the level of program utilization might be a difficult task,
especially for researchers. Besides, the Internet of Things has been
created to connect real-world objects to the Internet (IoT).In the past
years, various definitions have been extracted from several organiza­
tions working with the IoT domain. IoT can be a collection of physical
things embedded with sensors and actuators with computational capa­
bilities to communicate between the devices and systems. With the fast
expansion of IoT, the secure incorporation of Wireless Sensor Networks
(WSN) is all-important to allow these smart devices to communicate
with each other. The WSN can be a strong IoT network that consists of
various nodes with typical characteristics and constraints deployed in
distant locations. These devices’ main functionalities are detecting
environmental monitoring changes and collecting and processing
various sensors’ data [1]. Due to the fast-growing evolving technologies,
securing IoT devices are highly preferred. Thus, secure authentication
and key agreement mechanisms are utilized to achieve the security re­
quirements like user anonymity, mutual authenticity, and perfect se­
crecy. IoT systems apply authentication and key agreement (AKA)
protocols to ensure authenticity and preserve the privacy of every
sensing unit. Each unit can provide standard access control to the
network and obtain the corresponding session key to establish secure
communication [2].
However, communication over insecure networks cannot handle
attackers due to the existence of unauthorised system information. This
system may perform a few malicious activities such as flooding and
denial of service to compromise the devices and network. As a result,
standard protection systems are essential to protect the network and
protect against various security vulnerabilities. Different cryptographic-
based protocols are employed to ensure system security and to evaluate
the performance requirements of the computing devices namely

* Corresponding author
E-mail address: deebak@gachon.ac.kr (B.D. Deebak).

https://doi.org/10.1016/j.adhoc.2023.103159
Received 5 June 2022; Received in revised form 25 December 2022; Accepted 21 March 2023
Available online 23 March 2023
1570-8705/© 2023 Elsevier B.V. All rights reserved.
P.M. Rao and B.D. Deebak
reliability, durability, and power consumption. However, traditional
cryptographic protocols cannot support less computing power, less
bandwidth consumption, less storage, and the battery capacity of WSNs.
Providing security and offering resource constraints of WSN are the most
crucial research aspects in IoT environments. Therefore, researchers
have focused more on various security protocols for emerging wireless
sensor networks (WSNs) and IoT technologies [3]. Indeed, the success of
proposing lightweight mechanisms in WSNs depends on the distinctive
features of sensor nodes. The resource constraints WSNs impose added
challenges for the design of security protocols. With the rapid growth of
WSNs, security improvements offer substantial benefits to deal with
security solutions based on the requirements of IoT applications. The
distinctive characteristics of WSNs are similar to distributed networks
and much more susceptible to malicious attacks. Safety is the necessary
aspect of each application that uses WSN mainly for the sensors
deployed in distant locations, including battlefields, airports, large in­
dustrial systems, critical buildings, and many more. WSN is a particular
category of wireless network and can impose specific unique charac­
teristics in addition to the typical integration of four basic components
such as user interface and device connectivity. As a result, the WSN
security protocols need to satisfy additional security conditions which
relate to security specifications and trustworthiness of data [4].
Advanced wireless communication has witnessed a technological revo­
lution in the development of IoT applications using centralized cloud
computing. Unfortunately, a centralized computing system explores a
high-cost efficiency application to manage network function,
computing, and storage which inflicts a few additional workloads on
radio access networks resulting in high latency issues. As a result, the
explosive growth in various end computing devices demands digital
transformation to meet the challenges of emerging IoT namely enhanced
security, capacity constraints, and resource constrained. Expanding
their computing services flexibly may use a new computing paradigm to
share and generate useful information without human intervention.
However, data communication over a public network conceives to be
insecure due to the subsistence of adversaries stealing the information of
unauthorised systems. Building a secure channel considers authentica­
tion and key agreement (AKA) to prevent adversary behaviors. More­
over, the end computing systems involve different delivery of services
such as software databases, storage, and networking via Internet con­
nectivity to set up an advanced network infrastructure. This infra­
structure leverages the scope of a custom-built network to offer a
seamless and cost-effective network that has an end-to-end service to
assess and monitor the degree of network connectivity. The network
infrastructure applies a protective measurement to prevent any unau­
thorised user access and to gain system access over the target infra­
structure. However, the computing trade-off between security and
performance needs a comprehensive analysis of various security mech­
anisms to understand the challenges of modern IoT architecture. The key
aspects of modern IoT are as follows:
Data Security in Modern IoT is an operative practice to protect digital
information from unauthorised systems which adopts the strategies of
robust data security to protect the information of the organization
against cyber activities. Accessing and securing information systems
utilizes physical hardware security to administer the logical security of
the application systems which include encryption solutions to manage
the policies and procedures of application security.
Data Integrity in Modern IoT is a protective scheme to maintain and
assure better accuracy in the completeness of a few sensitive assets of IT
operation. Most connected devices explore the cryptography primitives
such as message authentication codes and digital signatures to deal with
semi-trusted remote data storage which relies on the verification
mechanism to maintain data consistency.
Data Confidentiality in Modern IoT is a systematic solution to use a
branch of a cryptosystem to offer a certain level of hardware security
without compromising any additional resource consumption. Most
cryptographic solutions apply symmetric and asymmetric key
2
Ad Hoc Networks 146 (2023) 103159
encryption to protect the sensitive information of the IoT networks.
Data Validity in Modern IoT is the best practice to discover a data
validation network that has network intelligence to generate massive
amounts of IoT data varied at different levels of scalability which fulfill a
few desired requirements of the IoT applications namely monitoring
over the different processors and programming language with minimum
overhead.
Maintaining device connectivity inherits the salient features of
privacy-preserving technologies to explore the security evolution of
next-generation networks which systematically review the efforts of the
existing state-of-the-art approaches to examine the challenges of three-
layer architecture. This layered architecture considers physical,
connection, and service to classify its security requirements, vulnera­
bilities, attacks, and future directions. Particularly, the core issues of IoT
applications consider the interconnectivity of IoT devices to carry out a
holistic view of the security frameworks addressing the fundamental
challenges of authentication and key management in IoT.
1.1. review methodology
This survey uses electronic databases (e.g., IEEE Xplore, ScienceDir­
ect, Springer, ACM Digital library, and Wiley online library) to collect the
relevant research articles based on the inclusion and exclusion criteria
depicted in Fig. 1. This survey paper follows the combination of quali­
tative and quantitative systematic literature review mechanisms to the
problem statement. Pickering et al.’s [5] review approach carries
numerous advantages over narrative fashion. Their methods present a
comprehensive survey of identifying existing studies and highlight
research gaps. Moreover, we use online databases and other relevant
sources to find various reviews and research articles to meet specific
criteria. Then, we record all the studies’ information and summarize it in
a state-of-the-art table throughout the study. Various scientific papers
were collected from multiple online databases like IEEE Xplore (http
s://ieeexplore.ieee.org/Xplore/home.jsp), Science Direct (https://www
.sciencedirect.com/), ACM Digital Library (https://dl.acm.org/), Wiley
Online Library (https://onlinelibrary.wiley.com/), Google Scholar
(https://scholar.google.com/), Education Resources Information Center
(ERIC- https://eric.ed.gov/), and PubMed Central (https://www.ncbi.
nlm.nih.gov/pmc/) to conduct a comparative analysis. The search key­
words of the scientific articles include "security, privacy, architectures,
IoT environments, WSN for IoT environments, authentication, key
agreement, security protocols, and energy efficiency, etc." Fig. 2 depicts
the review mechanism’s systematic approach, and the steps are below
[6].
Most emerging technologies continue the course of their trajectory in
the deployment of large-scale IoT applications to address potential
challenges such as security and privacy. The prior generation has out­
lined the impact of strengths and weaknesses of the security frameworks
focusing on three major requirements namely security, privacy, integ­
rity, confidentiality, and validity. Most legacy systems have their own
futuristic technology to enhance the privacy preservation of next-
generation networks Thus, this paper mainly focuses on the security
concerns of IoT applications to investigate technical insights, protocol
deficiencies, and required enhancement. Providing seamless informa­
tion, the communication infrastructure relies on IoT applications to
store and analyze the essential components of the computing devices
such as sensors, device connectivity, cloud access, data analytics, and
user interface. The functional components of the devices integrate with a
heterogeneous network which issues a massive connection with discrete
quality of service (QoS) across the globe. Moreover, improving wireless
connectivity and autonomous systems broadens the scope of the
networking systems to identify the possible vulnerabilities infringed by
adversaries to attack the performance of the systems. The communica­
tion links and network vulnerabilities deliberately infiltrate the cyber
threats in the application programming interfaces to devise a few po­
tential benefits such as attacking the system infrastructure, stealing
P.M. Rao and B.D. Deebak Ad Hoc Networks 146 (2023) 103159

Fig. 1. Design flow of Related Articles Selection based on Inclusion and Exclusion criteria.

Fig. 2. Systematic Review Approach.

sensitive data, and accessing private information. To address cyber systems.

threats, the most critical approaches apply defensive strategies. They
always use preventive solutions to prevent unauthorised network access
which develops an appropriate communication pattern to minimize
system loss, processing power, and storage capacity. However, IoT ap­
plications still experience an inadequate solution including latency
constrained to meet the desired requirements of the communication
Emerging communication systems motivate learning analysis to
make the applications more reliable and secure which can even detect
any anomalous behavior to prevent data leakage and breaches. Detect­
ing any anomalous behavior necessitates high accuracy and efficiency to
standardize the process of centralized server and edge computing sys­
tems. However, massive data computing and sharing are still regarded as

3
P.M. Rao and B.D. Deebak
inefficient due to privacy and communication costs. It is worth noting
that preserving the privacy of IoT devices demands a proper trade-off to
address the challenges of the networks against malicious cyber activ­
ities. As a consequence, robust research is needed to highlight the issues
of centralized security and device authentication. Ogonji et al. [6]
comprehensively reviewed the security and privacy perceptions of IoT
applications to present a taxonomy of IoT threats. Stoyanova et al. [7]
summarized the main issues involved in IoT-based forensic in­
vestigations. Sikder et al. [8] presented a detailed study on sensor-based
security and threats to provide a formal taxonomy and to perform an
effective analysis of the vulnerability metrics. Mousavi et al. [9] iden­
tified a few significant characteristics such as existence, self-identity,
communication, interaction, and dynamicity to interrelate the
computing objects equipped with cryptographic algorithms to secure the
communication channels. Mirzaee et al. [10] evaluated the novel cyber
threats of smart grid networks associated with power systems to address
the challenging issues of security and privacy. Samaraweera and Chang
[11] reviewed different types of security mechanisms to identify and
evaluate the design issues of next-generation database systems. Liao
et al. [12] explored the systematic behavior of edge computing systems
and IoT to analyze security and forensic issues. Including confidentiality
and integrity of data.
Have the above implication and countermeasures been considered?
What are the security issues handled in IoT to achieve better perfor­
mance efficiency? What are the futuristic technologies chosen in prac­
tice to analyze the behavior of computing systems? What are the
challenging issues being encountered to protect the privacy of
computing systems? In order to drive these practical implications, the
applications of IoT and their relevant technologies were collected and
analyzed with three distinct aspects: 1. Examine the security mecha­
nisms of the computing device namely cyber threats and key agreement;
2. Analyze the data features of the computing device such as integrity
and confidentiality; and 3. Explore the privacy compliance and trust­
worthiness of IoT to understand the characteristics of physical layer
security. Thus, in this survey, three basic aspects are extensively orga­
nized to carry out a detailed analysis of the strengths and weaknesses of
security frameworks. They are as follows:
1. Why authentication and key agreement mechanisms are much
necessitated to solve the security and privacy issues of IoT
applications?
2. How the authentication and key agreement mechanisms are applied
in IoT devices such as inference, knowledge, and possession to verify
the device identity and to create a robust session?
3. What are the formidable challenges and IoT trends embedded with
intelligent sensing powered by smart computing to connect and ex­
change sensitive data with other computing devices?
Identify Database: Published academic research articles and jour­
nals can be obtained using various online databases, including Scopus,
Web of Science, Science Direct, Google Scholar, PubMed Central, and
Research Gate.
Find Keyword: Keywords used to search the relevant topic/article
using "Securing the Internet of Things Environments," "IoT," "Security
and Privacy in IoT," and "Authentication schemes for IoT Environments."
Time Stamp: It defines the selection of research works in the speci­
fied time duration. In this survey, we have considered the research
works from 2010 to date.
Name Exclusion Criteria: This survey specifically focused on
research articles published in English. However, we also consider blogs,
news, white papers, forums, and other related media for IoT security.
Search and Record: Most of the authentication schemes have been
considered to review their mechanisms. Every article is reviewed and
records the author’s information, publication, goal, and contributions
tabularly. Also, we categorize every article based on its type and
performance.
4
Ad Hoc Networks 146 (2023) 103159
Identify research gaps: This survey rigorously reviews various
research articles and identifies gaps based on the performance metrics.
1.2. device security in iot applications
The current IoT trend so-called connect the unconnected objects
deals with smart computing objects comprising sensing units and pro­
cessing power to associate with end computing systems which may
aggregate the data via wide area networks to fulfill the transmission
requirements of the application systems. The computing systems up­
grade the trade-off efficiency to interconnect the common objectives of
industrial and commercial sectors which understand the challenges of
intelligent systems. Of late, tremendous efforts have been initiated to
cover the scope of security-related issues in modern IoT. In modern IoT,
the major factors drive security vulnerabilities at a hardware level to
assess different types of computing applications namely application,
protocol, and network interface.
Exploiting the known vulnerabilities may set out a few counter­
measures against unsecured communication to resolve the loopholes in
the web interface and privacy breaches. Moreover, security patches and
updates are firmly concerned to protect the networking systems against
adversaries and to institutionalize the operating systems to handle the
severity of the risks such as data loss and denial of service. Most systems
distribute their network of physical objects through the protocol level to
connect and exchange data with another computing device via a dedi­
cated network connection. However, in most cases, the computing sys­
tems rely on the transmission protocol to share the user credentials with
four distinct components including sensors, device connectivity, data
processing, and network interface. The major significant attributes are
as follows:
Unsecured Network Infrastructure has an unpatched vulnerability
locally or globally to target the communication of IoT systems that gain
unauthorised access to identify the weaknesses of IoT devices.
Unsecure Communication Protocols find insecure communication be­
tween the computing devices to authorize and access the authentic data
causing a high degree of vulnerability in modern IoT.
Inefficient Data Encryption takes access control of the network traffic
to read or process the encryption algorithms to decode the original
contents.
Isolated Process and Unauthenticated Scanning allows networking
systems to access or explore the IoT applications to inspect the behavior
of the target applications
Access Control and Device Identification exploit the known vulnera­
bilities to access the shared data which determines the mode of action
without authorized logging in controlled by a remote procedure call
using configured credentials.
Credentials Management Systems issue and manage the system cre­
dentials using public key infrastructure to evaluate the performance of
credential-based computing systems.
Of late, thousands of insecure devices are predominantly affected by
Botnets and came into DDoS attacks. Every IoT system can be a weapon
and target several rude attacks. Moreover, manipulating IoT systems can
be another major security threat [13]. The Internet of Things coins that
the "S" corresponds to security. However, every business’s use of IoT
devices has enormously increased to multiply the number every year.
Ultimately the entire data en route from various deployed sensors,
cameras, implanted devices, and voice assistants onto a connected
system.
Conversely, the IoT device security mechanism has failed in regu­
larizing the device adaption [14]. Therefore, the modernistic IoT
research directions have been exhaustively changing from necessity to
safety. Besides, the idea of safety-centric IoT-based solutions aimed to
diminish uncertain scenarios and problems. Currently, various case
studies have reported on the critical consequences of IoT on several
applications. For instance, autonomous and self-driving connected ve­
hicles in industries keep laborers away from hazardous places.
P.M. Rao and B.D. Deebak
Resultantly, in monitoring various environmental conditions such as air
pollution levels, chemical leaks in the water, toxic gasses in smoke, and
water pressure in pipelines to monitor water flow, etc.
Furthermore, these IoT systems can facilitate people with notifica­
tions of activities, thus monitoring and controlling resource consump­
tion utilization [15], making today’s lives easier. Generally speaking,
IoT plays a vital role in people-centric applications, which provide
various solutions based on enterprise requirements. For instance, to
diminish the response time while reacting to unexpected health issues,
including child death symptoms during sleep, increasing the daily needs
of aging, and physically challenging people from sudden situations.
Resultantly, implantable devices bring monitoring services, enabling the
alert system to improve emergency cases’ survival rates [16].
Moreover, IoT can also be responsible for providing every device
with identification and communication with other devices. However,
these devices can collect data, analyze, and make decisions without
human intervention. Therefore, these devices’ limitations raise several
challenges, such as connectivity challenges for many devices to establish
communication with others and security challenges in conjunction with
protecting IoT networks from various attacks. Hence, security is the
above requirement to safeguard its hardware, connected networks, and
IoT applications. Moreover, various conventional forms such as micro­
grids to allow distributed energy resources, self-driving cars to enable
the autonomous vehicular system, and smart city drowns to permit
surveillance mechanisms. These systems even depend on standard Su­
pervisory Control and Data Acquisition (SCADA) Mechanisms. Fig. 3
depicts the taxonomy of emerging IoT application domains.
Further, integrating these physical domains with cyber domains
raises the disclosure of various attacks’ successions. Subsequently,
SCADA supervisory control mechanisms can be targeted with critical
cyber-attacks resulting from incapacitating the physical devices, which
affects the supervisory control systems [17]. Indeed, IoT security and
privacy are significant difficulties while connecting with its network.
Various security requirements have been studied, including confidenti­
ality, integrity, mutual authentication, proper session key management,
and perfect secrecy [18]. Specifically, authentication is the most
important security need for IoT environments to establish reliable
network communication and secure data transmission.Scope of the
Survey
Modern IoT device has been demonstrated to be more susceptible to
critical infrastructure systems that can compromise the IoT devices to
launch massive security attacks against emerging technologies. The
development of computing methodologies realizes the significance of
Fig. 3. Taxonomy of emerging IoT application domains.
5
Ad Hoc Networks 146 (2023) 103159
IoT infrastructure to address crucial issues of application software and
protocols and to mitigate the risk involved in industrial IoT. Over a
decade, the world has rapidly witnessed the implications of the security
vulnerabilities inheriting the assessment features of industrial IoT such
as device hijacking, spoofing, and distributed denial of service. The
assessment features additionally include four core elements such as
intelligent assets, data communication, analytics, and applications to
evaluate the device constraints (i.e., computation power, energy ca­
pacity, and physical dispersion). The intensive research work discovers
the state-of-the-art approaches in modern IoT to envision the challenges
of the network infrastructure registered within the coverage region of
the system gateway.
Currently, the modern IoT is playing a crucial role in addressing the
broad aspects of convergence technologies, including healthcare, smart
grid, smart farming, intelligent transportation, smart cities,
manufacturing, aerospace, supply chain, etc. It has several technical,
political, and socioeconomic aspects to address challenges such as se­
curity, privacy, and risk assessments in IoT. It highlights the threat
models to administer real-time entities’ activities, including information
security, infrastructure, platform development, storage processing, and
management. This study focuses extensively on authentication and key
agreement mechanisms to evaluate the multicriteria techniques, such as
two-factor, three-factor, multi-factor, etc. Authors in [19] presented a
survey concerning major research studies conducted for IoT application
systems. Recent review works [7,20–24] focused on various smart
application systems’ security challenges and issues. Thus, in this survey,
we cover major viewpoints of modern IoT applications to conduct a
rigorous study on security and privacy issues. Fig. 4 shows the contri­
butions and structure of the survey paper.
- We demonstrate a rigorous review of the most up-to-date methods
that address the issues of modern IoT applications’ including security
and privacy.
- We present a comprehensive study on state-of-the-art technologies to
relate to the security requirements of IoT environments.
- We review several authentications and key agreement schemes to
address the current challenges in smart IoT.
- We have rigorously explored the security requirements, services,
threat model, and potential attacks.
- Finally, we evaluate the security measures of key management to
discuss open issues and effective countermeasures.
The remaining paper can be structured as follows: Section II
P.M. Rao and B.D. Deebak
Fig. 4. Major contributions of the paper.
discusses the detailed research background and state-of-the-art ap­
proaches for IoT environments. Section III explains the phases of the
authentication process to understand the core features of application
domains. Section IV reviews several authentication schemes based on
network models, cryptographic operations, and primary goals. Section V
analyses three basic key assessments such as security requirements,
application services, and potential challenges. Section V1 describes
various counteractants and performance analyses. Section VII shows
various research challenges and open issues in IoT environments. Sec­
tion VIII concludes the review work.
2. background
2.1. iot: the state-of-the-art
The IoT refers to the environment where physical devices are
coupled to interconnected networks and cyber-physical systems to offer
diverse services. Its goal is to create intelligent systems for managing
numerous applications like smart farming services, healthcare, supply
chain, and smart industrial systems. To digitize the process of physical
things, it collaborates with customers and business partners [8]. Sensors,
actuators, and networks are trained to visualize the production flow,
allowing the system to make definitive decisions. Sensor devices,
6
Ad Hoc Networks 146 (2023) 103159
machinery, network components, servers, cloud, and application soft­
ware are all available to satisfy the requirements of end-users. To fulfill
the legal limits of smart manufacturers, it also includes sensing, aggre­
gation, network, server/storage, access, and management.
Usually, the sensor node manages the data for a certain area, and the
collected data can be transferred to the gateway via a wireless
communication channel. The gateway has more powerful capabilities,
whereas the sensor node can be a resource-constrained device with
minimal computing power, storage, and resources. In various applica­
tions of WSN, including remote health care, users must be able to access
sensor data via a mobile device. Thus, the user’s identity can be a sig­
nificant security challenge for WSNs. Trusting the devices in a WSN for
the IoT can be critical to make the network well-function. Even a single
compromised node can turn malignant and trigger catastrophic failures
throughout the system [25]. The scheme’s purpose is that any two
parties (user, gateway, and sensor) to communicate. The WSN can suffer
from malicious attacks because of the open characteristic of wireless
communication channels [26].
Furthermore, the sensor node’s resource limitation does not support
public-key cryptographic algorithms, including RSA, especially for
WSNs. The security functionalities of IoT majorly depend upon the
different types of applications that it serves. The necessity for integrity
and confidentiality might be precisely related to the application’s
P.M. Rao and B.D. Deebak
security requirements. In addition to key management, user authenti­
cation is an underlying security mechanism to verify the users’ validity
between the entities connected in the network. Recently, various
authentication and key agreement schemes have been proposed to
address the security needs of WSNs. In the recent past, extensive
research has been carried out, especially to enable the quality of services
in IoT environments. Various review articles have highlighted security
and privacy issues relating to communication, location, and data pri­
vacy. The authors [27–34] have produced extensive reviews concerning
various security and privacy issues in IoT environments. Authors in
references [35–47] have produced extensive reviews based on crypto­
systems for sensor networks. Various cryptosystems have been consid­
ered based on asymmetric and symmetric [48] and lightweight
cryptographic mechanisms [31–34,49–51] to increase the security effi­
ciencies of WSNs.
2.2. iot architecture
The IoT has distinct ways of connecting devices, including a standard
Internet connection, including M2M and H2M alternatives. H2M and
M2M mechanisms support various applications to locate, identify, track,
control, monitor devices, and transmit data [52]. According to recent
advancements in IoT, researchers have categorized IoT architectures
into six types. (a) Typical Three-layer, (b) Middleware based, (c)
Service-oriented based, (d) Five-layer, (e) Cloud and Fog-Edge based,
and (f) Social IoT architectures. Fig. 5 depicts the collaborative layered
IoT architecture.
Perceptron Layer: It describes how data is collected from sensor
devices and delivered to the network layer. A set of internet-connected
devices could communicate through a wireless communication channel
to identify, detect, gather, and improve data services in this layer. Every
sensing device should be connected to the internet. As a result, it can
gather data from sensing devices and transmit it via a secure wireless
communication channel. Every IoT device requires a unique identity
(ID) to realize the alleged nature of the device present in the distributed
network. The data transfer can occur over a wireless communication
channel from a variety of locations. Data protection is essential for
monitoring and reporting intrusions. Currently, the perceptron layer’s
major security issues include protecting objects from unauthorised ac­
cess, unknown objects, DoS attacks, and routing assaults. Besides, an
unauthorised device should not operate in the place of an unauthorised
user. In addition, the sensing source has a low processing and storing
Fig. 5. IoT Layered Architecture.
7
Ad Hoc Networks 146 (2023) 103159
capacity. As a result, data security is required to deal with memory leaks
or other data threats.
Aggregation Layer: It connects intelligent hardware to the sensor or
controls the mechanical system, such as RFID, sensors, and actuators. It
can feed real-time data regularly to ease the automated process that
connects the server or storage to send or store sensitive data because
physical devices limit the sensors to use dedicated operating systems
[53] like Contiki, TinyOS, RIOT, etc. It uses IoT-OS as a distributed
platform to control software and hardware while allowing for central­
ized management.
Network Layer: It is an important aspect of the infrastructure in IoT
architecture. It is responsible for addressing and routing data packets
sent from one location to another using an IP address. The standard
protocols for the network layer are IPV4 and IPV6. Because IPV4 has
reached its limit and is no longer capable of processing transmissions
with the scalability required by IoT applications, the IPV6 standard has
been established to provide adequate address space to support many IoT
devices. For IoT device communication systems, a combination of short-
range and internet communication technologies has been deployed.
Bluetooth and Zigbee are real-time examples of short-range communi­
cation technologies primarily used to send data between physical de­
vices and the nearest gateway based on communication channel
capacity. Internet communication technologies that transfer informa­
tion over long distances include Wi-Fi, 4 G, and 5 G [54].
Service Layer: It is one of the specialized layers responsible for
authorizing and disallowing data services of the user’s application and
device apps, depending on the necessity for IoT infrastructure. Business
logic, service division, service integration, service implementation, and
service repository are all part of the service layer. Furthermore, albeit
IoT devices have limited storage space, cloud storage is a crucial service
layer component. As a result, this layer’s cloud storage security features,
including availability, immutability, scalability, and verified access.
Likewise, this layer enables secure end-to-end data transfer between IoT
devices and applications, including authentication, authorization,
identity, encryption, remote provisioning and activation, buffering,
synchronization, scheduling, group communication, and device man­
agement [55]. This layer combines a centralized network with the
application, operating system images, and private data to give a reliable
service.
Application Layer: It is one of the four-layered IoT architectures’
underlying layers, where data is retrieved, processed, and visualized.
The system first scans the requester’s node to identify the requester,
P.M. Rao and B.D. Deebak
after which the data can be securely stored in the cloud for analysis. It is
unnecessary to put up any additional server components for big data
processing because of the dispersed nature of IoT. Furthermore, the IoT
is causing a significant increase in the link of physical items, increasing
the use of smart devices across all application domains such as auto­
mation, monitoring, and controlling [56]. However, managing IoT
infrastructure and services is primarily concerned with security, privacy,
and performance efficiency [57]. It has certain constraints in order to
meet the above-mentioned primary challenges: 1. The developed IoT
applications and services do not use standard technologies; 2. There are
no standard network protocols for IoT-based application systems, such
as Wi-Fi, BLE, SigFox, LoRaWAN, and ZigBee; and 3. Resource usage in
processing power, data storage, bandwidth, and computation is
increasing [58].
3. Authentication and key agreement schemes in iot
environments
Of late, the association between physical devices has exponentially
increased, which prevailed. Various authentication schemes have been
introduced, especially to improve security efficiencies in the Network of
the Internet of Things (N-IoT) [59]. To analyze real-time data in the
physical world, the N-IoT has limited storage space and computational
power. Therefore, a lightweight mechanism with low-cost sensor nodes
is highly preferred to develop a secure and reliable authentication
mechanism. Similarly, remote user authentication schemes must pro­
vide standard security to withstand resource-constrained requirements.
Besides, resistance to various well-known attacks includes reply attacks,
smart card lost/fraud attacks, password guessing/detection, identity
verification, offline guessing, sensor-node impersonation attacks, sensor
capture attacks, MITM attacks, and stolen attacks verifier attacks as
shown in Fig. 6.
Therefore, as security becomes a challenge for WSNs, secure and
efficient authentication schemes are highly demanded. According to
various surveys, we found several authentications and key agreement
schemes for enabling secure communication between connected de­
vices. This study presents a thorough examination of several authenti­
cation systems for different sensor networks in the following
subsections. Also, we make the state-of-the-art comprehensive survey
emphasize various authentication schemes and their functional
requirements.
3.1. phases of authentication schemes
The user authentication mechanisms in IoT have the following
phases [60]. A typical process of authentication mechanism is depicted
Fig. 6. Understanding Authentication Mechanism Procedure in IoT Environments.
8
Ad Hoc Networks 146 (2023) 103159
in Fig. 7[A] – [E].
System Setup: In this phase, all the protocols required for the entire
protocol can be fetched from the gateway/base station.
Node/Sensor Registration: The gateway node must be registered
before deploying all the sensor nodes. Thus, the gateway keeps secret
information about all of the nodes that have been deployed.
User Registration: To obtain the sensor node data, the user must
register with the gateway node to assure legitimacy. Initially, the user
needs to enter credentials like username, password/biometric secretly to
the gateway. The user is then issued secure secret cards or mobile de­
vices by the gateway node
Login: The user’s login credentials are validated at this phase. A login
request has been sent and delivered for further action to the gateway
node after successful validation.
Authentication: In this phase, initially, the gateway node validates
the login request. The gateway node completes the request for authen­
tication to the presently accessed sensing node once the verification
passes. The sensing node can then confirm its findings, and the
authentication acknowledgement is sent to the user when the message is
received. Finally, the user the data from the sensor node is double-
checked. A session key can only be created among the user and sensor
nodes when mutual authentication has been completed. As a result, both
entities can communicate securely using the session keys.
Password change/update phase: this can be essential only if the user
wants to update their passwords and biometrics. The user does not
interact with the gateway node in this phase because the password up­
date can be done locally.
User smartcard revocation phase: this phase could be required when
an attacker loses or steals the smartcard. The revocation phase can
establish a new smart card with updated login information using an
authentication mechanism.
Dynamic node addition: this phase requires the addition of some
nodes that are physically captured by an assailant, while others are
fatigued due to battery failure.
3.2. secure authentication scheme for iot environments
Lamport (1981) introduced a password-authentication scheme over
unsecured communication [61]. Since then, numerous user authenti­
cation schemes like Identity-based, password-based, two-factor, three-­
factor, and multi-factor mechanisms have been entered to examine
security, computation, communication, and storage efficiencies. Zhu
et al. [62] initially proposed a smartcard-based wireless security scheme
with user anonymity. According to Lee and Hwang, the Zhu et al.
technique could not provide reciprocal authentication susceptible to
forgery attacks. Besides, Lee et al. [3] extended the Zhu et al. scheme to
P.M. Rao and B.D. Deebak Ad Hoc Networks 146 (2023) 103159

Fig. 7. [A] System Setup / Initialization Phase. [B] System Registration Phase. [C] System Authentication Phase. [D] Secret Key Update Phase. [E] Revocation / Re-
registration Phase.

9
P.M. Rao and B.D. Deebak Ad Hoc Networks 146 (2023) 103159

Fig. 7. (continued).

address the identified issues. Authors in ref [4] demonstrated that Lee
et al. technique cannot offer sufficient user anonymity to withstand a
forgery attack. Thus, they proposed an improved version. Subsequently,
Pickering et al. [5] observed that Chang et al. scheme could not provide
user anonymity to withstand attacks like impersonation, smartcard
stolen, sensor node spoofing, and stolen verifier attacks. As a result,
Pickering et al. presented an unlinkable authentication scheme to
address the weakness of Chang et al. scheme. Figs. 8 and 9 depict various
research articles published between 2014 and 2023 for the search

Fig. 9. Number of papers published [Index – Authentication and

Key Agreement].

keywords (1) security and privacy, and (2) authentication and key
agreement for IoT environments.

3.3. authentication schemes for WSN

Usually, WSN gather a large amount of sensitive information from

Fig. 8. Number of papers published from 2014 to 2023 [Index – Security various nodes. The remote operation of sensor nodes broadens their
and Privacy]. exposure to malicious attacks, including DoS/DDoS, sensor node key-

10
P.M. Rao and B.D. Deebak
impersonation, password key updates, smartcard stolen attacks, and
many more. To protect WSNs from various security attacks, a secure,
robust, and highly accessed authentication scheme can be required. Das
[58] designed smartcard-based and password-based authentication
schemes, especially for WSNs, to demonstrate that their scheme can be
less vulnerable to various potential attacks. Unfortunately, He et al. [63]
showed that the Das scheme cannot resist three primary attacks:
privileged-insider, key impersonation, and secret essential disclosure.
Consequently, their scheme provides enhanced security against Das [58]
scheme to protect from such vulnerabilities and declared that their
scheme could prevent several security attacks.
In 2010, Kahn et al. [64] found the Das scheme’s security weak­
nesses: lack of password key-update and mutual authentication. An
improved version to prevent the above issues was presented, which is
better than the Das authentication scheme. Chen et al. [65] proved that
Das [58] scheme could not resist various potential attacks. Therefore,
Chen et al. proposed an enhanced mutual-authentication mechanism for
WSNs. Vaidya et al. [66] described that [58,64,65] schemes are entirely
free from sensor node impersonation, smart- card stolen, and other at­
tacks. To withstand these attacks, Vaidya et al. designed a robust
authentication system for WSNs. Hsieh et al. [67] and Kim et al. [68]
demonstrated that the Vaidya et al. system was vulnerable to hostile
insider assaults, MITM, DoS/DDoS, Offline password guessing, and
impersonation attacks. Subsequently, their work produced an enhanced
authentication scheme to resist these vulnerabilities for WSNs. Turka­
novic et al. [69] and Yuan et al. [70] designed a robust authentication
mechanism for WSNs based on IoT. Their schemes suggested a
hash-based authentication technique for various ad hoc WSNs to provide
efficient security measures. Hence, their method claimed that the
designed protocol is safe against several malicious attacks and provided
a password change facility, password protection, mutual authentication
among all parties, and dynamic node addition. On the other hand, Chang
et al. [71] mentioned Turkanovic et al. [69] scheme could not resist user
impersonation, smartcard loss, sensor node spoofing, and stolen verifier
attacks. Their work suggested a novel remote-authentication mechanism
tailored to WSNs to avoid security flaws. Fig. 10 depicts the authenti­
cation system for cloud-enabled IoT environments.
Subsequently, He et al. [72] and Farash et al. [73] described a few
vulnerabilities in the Turkanovic et al. [69] mechanism, such as a stolen
smartcard, user traceability, secret and session keys, key-impersonate
disclosure, and key-impersonate and MITM attacks. As a result, their
scheme defines a robust authentication system to defeat the Turkanovic
et al. [69] system complications. Subsequently, Lu et al. [74]
crypt-analyzed the Amin et al. mechanism and proved that it could be
susceptible to user impersonation, session key temporary information,
and offline/online password-guessing attacks. Therefore, their scheme
claims to be highly secure and robust for WSN environments. Conse­
quently, Li et al. [75] proposed a 3FA anonymous authentication strat­
egy for WSN-IoT that uses a fuzzy commitment scheme to handle the
user’s biometric data. Also, Li et al. assured the proposed scheme
withstands several known attacks and obtains certain functionalities.
Fig. 10. Authentication for Cloud-enabled IoT Environment.
11
Ad Hoc Networks 146 (2023) 103159
As a result, an improved biometric-based authentication framework
and a key-agreement mechanism were developed, which is particularly
useful in multi-server scenarios. Amin et al. [43] devised an
anonymity-preserving 3FA with a key exchange scheme to withstand
SSTPI attacks. But recently, Singh et al. [76] analyzed the scheme of
Amin et al. system and discovered that it has session leaks and is
vulnerable to offline guessing attacks. Singh et al. demonstrated a robust
authentication mechanism for WMSN using MAC functions and sym­
metric encryption to overcome these issues. Their scheme adopts
OTCODE as a one-time activation code that is more secure than using a
password. Their scheme provides a low-cost and fast authentication for
real-time use.
Wireless communication technologies are becoming highly
demanding, primarily utilized in various applications, including IoT,
vehicle tracking, health care, and cloud computing environment. With
the help of WSN, a vehicle driver can access several useful information
for comfortable driving circumstances including vehicle speed, acci­
dents, emergencies, and traffic congestion. As a result, because infor­
mation can be transmitted over a public channel, a driver or traffic
controller may be subject to various attacks. Hence, vehicular commu­
nications are becoming exposed, as well. To withstand these issues,
secure and robust mutual authentication mechanisms are highly
demanded. Mohit et al. [44] designed a secure authentication technique
employing WSN for vehicular communication to achieve reciprocal
authentication. Then Yu et al. [77] described that Mohit et al. authen­
tication scheme could not withstand desynchronization, MITM, session
key agreement, secure mutual authentication, and useranonymity. To
prevent the above flaws, they devised a novel secure
mutual-authentication scheme for vehicular communications. Shim
et al. [78] devised an advanced, reliable- authentication scheme, chiefly
to secure vehicular sensor networks, and stated that their scheme could
withstand various attacks including chosen-message attacks (CID-CMA).
Subsequently, Liu et al. [79] described that Shim et al. [78] scheme does
not prove that this scheme can secure a weaker attack level, including
the no message assault and adaptive chosenidentity (CID-NMA).
Therefore, Liu et al. [79] used a different approach and proposed an
enhanced scheme to secure against CID-CMA.
4. analysis of authentication schemes based on network models
This section reviewed several authentication schemes based on
network models, cryptographic operations, and primary goals, including
Secure Authentication; Key Management; Formal Security Analysis
Lightweight; Efficient; 2FA; 3FA MFA. Network models include WSN for
medical things, vehicular things, multimedia networks, industrial
things, body area networks, and multi-gateway networks. Table 2 and 3
depicts various authentication schemes and their cryptosystems for
distinct sensor networks. Most of these existing authentication schemes
were designed with the help of secure hashing, password-based, bio­
metric-based, bitwise XOR, smartcard-based, and ECC cryptographic
solutions. The references in [39,51,73] achieved better security features,
whereas schemes of [40,44,74] could not achieve common security
features, including secure key management and efficiency. However,
most of these schemes failed to prove lightweight authentication and
efficiency because of their cryptographic primitives and deployment
environments.
Consequently, authors in reference [47,80–99] have designed their
authentication schemes to withstand known attacks, achieve efficiency,
and secure session key management. However, these schemes do not
provide high-level security as most schemes could not use multi-factor
authentication except for reference [86]. The authors in reference [47,
86,94,97,99] not achieved lightweight authentication, whereas authors
in reference [36,38,49,51,70,80–85,87–93,95–98,100] achieved light­
weight authentication. Besides, formal verification plays a vital role in
an authentication scheme to determine a high level of security. The
authors in references presented in Table 3 have formally verified except
P.M. Rao and B.D. Deebak Ad Hoc Networks 146 (2023) 103159

the schemes in [36,44]. The authentication and key agreement schemes elliptic curve. Also, this primitive extends its property into an elliptic
provide better security functionalities if they formally and informally curve Schnorr multi-signature to modify the signed property at least by
verify all requirements. Thus, these verification methods show the in­ 2
3 n + 1.
abilities of the proposed security mechanisms. The verification of the
security mechanisms depends upon the threat model. 4.2. threat model

According to the Dolev Yao threat model, various adversary capa­

4.1. cryptographic primitives
bilities and direct implications have been determined [109]. This model
can estimate security efficiencies. The threat model helps find the ad­
Most cryptographic primitives categorize the algorithm into primary
versary capabilities performed on the specified security algorithms
and optional to perform a systematic operation functionalizing the
working on insecure communication channels. This section also dis­
property of security and privacy. The former primitive includes cryp­
cussed the threat model for various security mechanisms considered for
tographic hashes and standard digital signatures to ensure better veri­
advanced IoT environments. We found more than twenty-five attacks
fiability and confidentiality of data whereas the latter enhances the
that commonly affect IoT environments analyzed and prevented by
privacy and anonymity of IoT-based applications. Moreover, the other
various security schemes for advanced IoT applications. The high-level
cryptographic primitives deal with secret sharing and seamless transfer
threat model specifications are depicted in Fig. 11.
to construct the theorems using zero-knowledge proofs. Unfortunately,
The popular assumptions are as follows:
the standard encryption cannot be applied directly in any IoT applica­
tions to construct a reliable commitment protocol using ring-based sig­
1. Since the communication between two entities is in an insecure
natures. In order to classify its functionalities, this survey
wireless communication channel, an adversary can then impersonate
comprehensively evaluates the significance of cryptographic solutions.
and eavesdrop on the original messages transmitted on public
Hash Function [101] is a cryptographic algorithm mapping the
networks.
arbitrary size of data into a fixed size of the data string. This function
2. An adversary can physically capture multiple sensors set up or
includes two basic requirements such as one-way and
implanted in a hostile environment and then collect all the sensitive
collision-resistance to make the computation infeasible. The former
information stored in it using side-channel or differential power
function ensures the property of invertible whereas the latter implies the
attack scenarios [109].
same hash values for two given inputs. Assume a hash function with n −
3. An adversary may attempt to listen to the activity of a lawful user to
bit data out, then the complexity of finding a collision is determined as
gain access as long as public networks highly influence the security
O (2n ) by brute-force attack and as O (2n/2 ) by birthday attack. As a threats.
consequence, the output of the hash function is said to be at least 160 − 4. An adversary can steal or lose a smartcard to obtain sensitive infor­
bits in order to ensure at least 80 − bit level of security mation stored on the card [110].
Digital Signature [102] is another algorithm with the feature of 5. An adversary may recapitulate Cartesian pairs and their products, i.
inevitability to ensure the properties such as non-repudiation, integrity, e., N ID × N PWD in polynomial time where N ID and N PWD
and authentication. In a digital signature, the standard security is so indicate identity passwords of connecting nodes [110].
existential to guarantee a robust signature and cannot use any new
message to forge a valid signature. The signature schemes so-called 5. key assessments: security requirements, services, and
elliptic curve digital signature algorithm (ECDSA) [103] and Edward challenges for iot environments
curve digital signature algorithm (EdDSA) [104] use the hardness of the
elliptic curve version to improve the security efficiency. Most impor­ Due to the extensive use of IoT infrastructures including, sensors,
tantly, EdDSA is already recommended as a new elliptic curve genera­ actuators, mobile devices, and embedded devices can transmit huge
tion of transport layer security as it has a plane model of elliptic curve
cryptography.
Ring Signature [105] is a new concept of crypto-primitive addressing
the issue of anonymity. In order to prove pseudonymity, application
system like Bitcoin applies blind signature and group signature which
shares a signed message on behalf of other group members without the
provision of permission privilege. This primitive categorizes its property
into unlinkability and untraceability to enhance the property of ano­
nymity. The former can not find any identity of the signer whereas the
latter cannot make the signer to decide the virtue of two or more sig­
natures. Moreover, unconditional anonymity shows the significance of a
strong security notion to achieve perfect privacy protection in connec­
tion with the behavioral process of individual signature.
Ring [One Time] Signature [106] signifies the use of a one-time
signature. This process can securely use the signed key but can be
done only once. Otherwise, it would reveal the signed key. Most
computing devices use this strategy to construct encryption and key
agreement mechanisms.
Ring [Borromean] Signature [107] shows an abstract view of the ring
signature to achieve efficient storage and less communication cost. In
addition, this signature uses a monotone Boolean function to express the
knowledge of the given group. This primitive function considers the
signed key as the given attributes to model the structure as a tree-like
access to determine the multiple signatures anomalously.
Multiple Signature [108] is a signature primitive that has the same size
as a regular one to instantiate the standard Schnorr scheme over an Fig. 11. High-level threat model.

12
P.M. Rao and B.D. Deebak Ad Hoc Networks 146 (2023) 103159

information. In this context, protecting the privacy and security of
collected information is critical. Furthermore, with the extensive
development of wireless communication technologies, tiny mobile de­
vices have become prevalent to access the internet. The advancements
bring mobile devices increasing limited access to worldwide access
including online shopping, online payments, mobile banking, e-services,
etc. These advanced technological aspects bring convenience to the end-
user.
On the other hand, as wireless connectivity increases, the attack risk
also increases. Thus, enabling security will become an essential aspect of
advanced IoT communication entities. Besides, security and privacy
have attracted research attention in various complex domains over the
decades. As a consequence, various security schemes have been imple­
mented, especially for IoT environments. Each security solution must
follow various security requirements to ensure the efficiency of the se­
curity protocol [111]. Table 1 depicts recent surveys and their goals.
However, most security protocols may fail to provide all security fea­
tures based on the application design and implementation. Thus, a few
security mechanisms may efficiently work for lightweight systems but
may not withstand several known attacks. This section provides an
extensive summary of various security services, security concerns, is­
sues, and IoT environments’ challenges. Table 4 depicts various security
services that require for the development of IoT applications.
5.1. security services
Mutual Authentication works for gaining acceptance in both ways in
which two parties are authenticated and the entities in a communica­
tions link authenticate each other.
Sensor Anonymity must provide user/sensor anonymity to safeguard
users’ real identities. It should not be exposed to any other entity except
to the trusted server.
Perfect forward security is one of the best features of key agreement
protocols. It guarantees the session keys that it cannot compromise, yet
the server’s private key is compromised. Also, it protects previous ses­
sions against future attacks on session keys and passwords. By using
SSL/TLS, it can further protect the data on the transport layer network.
The compromised single session key [125] cannot affect any data except
the data exchanged with that private key.
Untraceability has any internal user not connecting any two
authentication sessions. In other words, an authenticated person need
not be authenticated with their identity in the same session with the
same user.
Session Key Establishment crucial to enhance the security features
of the protocol which is well constructed to ensure session security. The
members’ identities and roles must be resilient to unknown potential
key-sharing attacks. Imposing unique session identifiers ensures the
session key will be fresh. Few other short or long-term static shared keys
depending upon individual protocols ensure Only standard members
have access to the session key [126].
The session-Key agreement transfers the session key between the
medical professional and patient to secure communication in WMSN
during a specified period.
Known-Key Security has an attacker who cannot compromise

Table 1
Summary of recent related surveys and research goals.
Paper Year Contributions Goals
G1 G2 G3 G4 G5 G6

Ferrag et al. [27] 2017 – In a comprehensive study on authentication mechanisms IoT, more than forty authentication protocols ✔ ✔ ✔ ✔ ✖ ✔
in various IoT contexts such as M2M, IoV, IoE, and IoS, have been examined.
– Besides, Authentication mechanisms have been presented with threat models, countermeasures, and
formal verification methods.
Sfar et al. [31] 2018 – Presented a novel cognitive approach to IoT security. ✖ ✔ ✖ ✔ ✖ ✔
– Described the taxonomy of IoT framework, research challenges, and solutions
Das et al. [32] 2018 – Authentication and safe key management are included in the taxonomy and analysis of security methods ✖ ✔ ✔ ✔ ✖ ✔
for the IoT.
– Recent state-of-the-art techniques for security protocols are presented.
El-hajj et al. [24] 2019 – Provides a complete, up-to-date view of IoT authentication mechanisms. ✖ ✖ ✔ ✔ ✔ ✖
– Compares and assesses proposed authentication techniques, highlighting their advantages and
disadvantages.
Kavianpour et al. 2019 – Systematic literature review of authentication in IoT for heterogeneous devices ✖ ✔ ✔ ✔ ✖ ✔
[29] – Provided a multicriteria classification of existing authentication mechanisms
Nandy et al. [30] 2019 – Focused on IoT security, especially for authentication schemes. ✔ ✖ ✔ ✔ ✖ ✔
– Provides a systematic approach to verification and evaluation methods of IoT authentication schemes
Somasundaram et al. 2020 – The systematic review of various security solutions in IoT for Medical Sensor Networks ✔ ✖ ✔ ✔ ✖ ✖
[33] – Provides the analysis of various security issues and risk factors of security issues in IoMT.
Mrabet et al. [34] 2020 – Addressing the lack of standardized lightweight encryption techniques, a novel compact and optimized ✖ ✖ ✔ ✔ ✖ ✔
layered architecture for IoT is described.
– He addressed the importance of security requirements, including authentication, authorization, access
control, and encryption protocols.
Ferrag et al. [28] 2020 – Authentication mechanisms for smart mobiles. ✔ ✔ ✖ ✔ ✔ ✔
– Provides counteractant classification based on four methods, including cryptographic, channel
characteristics, classification algorithms, and personal identification.
– Provides the open challenges and future research directions
Mousavi et al. [9] 2021 – Cryptographic mechanisms for IoT environments ✖ ✔ ✔ ✔ ✖ ✖
– Addressed security algorithms based on security factors
– Demonstrated the importance of ECC-based cryptographic mechanisms to minimize memory
requirements and execution time.
Our Paper 2022 – Authentication and key management scheme and analysis of security methods for the IoT domain. ✔ ✔ ✔ ✔ ✔ ✔
– Systematic literature review of authentication in IoT for heterogeneous devices
– Addressing the lack of standardized lightweight encryption techniques
– Recent state-of-the-art techniques for security protocols are presented.
– Focused on IoT security, especially for authentication schemes
– Addressed security algorithms based on security factors
– Provides a systematic approach to verification and evaluation methods of IoT authentication schemes

G1: Threat Model; G2: Counteractants; G3: Security Analysis; G4: Authentication Mechanisms; G5: Security Systems; G6: Open Issues and Research Directions ✔:
Supported; ✖: Not Supported.

13
P.M. Rao and B.D. Deebak Ad Hoc Networks 146 (2023) 103159

Table 2
Taxonomy of authentication schemes and their cryptosystems for different sensor networks.
Existing Primary Goal Cryptographic operation Target Objectives
Schemes Network SP1 SP2 SP3 SP4 SP5 SP6 SP7 SP8 SP9

[35] Robust ECC-based authentication scheme – Elliptic Curve Cryptography IIoT ✔ ✖ ✔ ✖ ✔ ✖ ✖ ✖ ✔

for preserving privacy for IIoT
[36] Lightweight MFA secure smartcard-based – Smartcard-based, Password- WSN ✔ ✔ ✖ ✔ ✔ ✖ ✖ ✔ ✖
remote user authentication for cloud-IoT based
applications – Secure Hash Function, XOR
Operations
[37] The robust and secure authentication – Secure Hash Functions, XOR Multi- ✔ ✔ ✔ ✖ ✔ ✖ ✖ ✖ ✖
mechanism for multi-gateway WSN in IoT Operations Gateway
deployments WSN
[38] Novel mutual authentication scheme for e- – Symmetric cryptography, WMSN ✔ ✔ ✔ ✔ ✔ ✖ ✖ ✖ ✖
healthcare systems Smartcard
– XOR operations, The
cryptographic one-way Hash
function
[39] The secure and robust biometrics-based – Chaotic Map, Biometric based WSN ✔ ✔ ✔ ✖ ✖ ✖ ✔ ✖ ✖
authentication scheme for WSN
[40] The efficient, secure password-based – Password-based, Symmetric WBAN ✔ ✖ ✔ ✖ ✔ ✖ ✖ ✖ ✖
anonymous authentication mechanism for cryptography
WBAN
[42] Lightweight 3FA and key agreement – Secure Hash functions, XOR WSN ✔ ✔ ✔ ✔ ✖ ✖ ✔ ✖ ✖
mechanism for secure data transmission in operations
IoT networks – Biometric-based
[43] 3FA and key exchange scheme for – Smartcard-based, Secure WSN ✔ ✔ ✔ ✖ ✔ ✖ ✔ ✖ ✖
ensuring anonymity and privacy Hash functions
preservation in WSN – XOR operations
[44] Secure authentication scheme specially – The one-way collision-free WVSN ✔ ✔ ✖ ✖ ✔ ✖ ✖ ✖ ✖
designed for vehicular systems Hash function
– Bitwise XOR operations
[49] Secure, lightweight Authentication and – Bitwise XOR Operations, WSN ✔ ✔ ✔ ✔ ✔ ✖ ✖ ✖ ✔
key agreement scheme for low capacity Secure Hash functions,
IoT devices Asymmetric encryption
[51] A lightweight and robust 2FA for – Secure Hash Functions, XOR WMSN ✔ ✔ ✔ ✔ ✔ ✔ ✖ ✖ ✖
healthcare systems Operations
[59] The remote user authentication – Secure Hash Functions, WSN ✔ ✔ ✔ ✖ ✖ ✖ ✖ ✖ ✖
mechanism for agriculture monitoring Smartcard-based
– Symmetric cryptography
[73] The secure, anonymous lightweight – Cryptographic one-way Hash Multi- ✔ ✔ ✔ ✔ ✔ ✖ ✖ ✖ ✖
authentication mechanism for multi- Function gateway
gateway based WSN – Smartcard-based WSN
[74] The secure and robust user authentication – Elliptic Curve Cryptography WMSN ✔ ✖ ✔ ✖ ✔ ✖ ✖ ✖ ✔
mechanism for e-Healthcare applications
[112] Design an anonymity-preserving mutual – Secure Hash Functions, WMSN ✔ ✔ ✔ ✖ ✔ ✖ ✖ ✖ ✔
authentication mechanism for the patient- Bitwise XOR Operations
monitoring healthcare system

SP1: Secure Authentication; SP2: Key Management; SP3: Formal Security Analysis SP4: Lightweight; SP5: Efficient; SP6: 2FA; SP7: 3FA; SP8: MFA; SP9: Privacy
Protection;.
✔: Yes; ✖: No.

others’ session keys though an attacker tampers the session key.
User Anonymity hides the user’s identity information presented in
the system, including patients and medical professionals. WMSNs made
a significant contribution to today’s medical field to improve the health
care system’s quality. Since the data is extremely sensitive, exchanging
an insecure wireless communication channel causes a critical fault.
Loss of synchronization relates to the difference in delay between
the communicating devices and must be resilient. Otherwise, it leads to a
loss of synchronization. The time synchronization protocol design ac­
complishes resource consumption minimization without experiencing
loss of synchronization issues [127].
Session secret key Agreement plays a critical role in ensuring its
security while applying the session key agreement and cryptographic
algorithms. Cryptographic algorithms are classified as either symmetric
(secret key/private key) or asymmetric (public key). Secret key cryp­
tosystems can be viewed as the most common security mechanisms in
conventional computing systems as they are extremely fast and promise
to be secure. The secret session key agreement protocol enables the
shared key between two or more communicating parties to validate each
other within the specified period. [128].
5.2. Security concerns
This subsection describes various security concerns in line with IoT
environments.
Confidentiality is one of the essential security services of WSN. It
ensures that the information has not been disclosed to any others, in
which the data can be accessible to only authenticated users. Public-key
cryptography is a well- known standard method to assure the integrity of
sensitive data. But this approach needs more resources when it comes to
computation and communication costs. Moreover, as the WSNs are
resource-constrained, this approach cannot resist known Attacks. Thus,
various security protocols have been proposed based on cryptographic
methods using symmetric-key cryptography for WSN [129]. It assures
the prevention of unauthorised users from accessing sensitive
information.
Integrity ensures that the generated and received data cannot be
modified during transmission and storage. Maintaining and assuring the
completeness of data preserve the energy constrained in IoT
applications.
Authentication and authorization guarantee the IoT devices to
identify other IoT devices’ integrity intended to establish secure

14
P.M. Rao and B.D. Deebak Ad Hoc Networks 146 (2023) 103159

Table 3
Taxonomy of authentication schemes and their cryptosystems for different Networks.
Existing Primary Goal Cryptographic operation Target Objectives
Schemes Network SP1 SP2 SP3 SP4 SP5 SP6 SP7 SP8 SP9

[47] The untraceable robust mutual – One-way collision-free hash WBAN ✔ ✔ ✔ ✖ ✔ ✖ ✖ ✖ ✖

authentication mechanism for WBANs function
XOR Operations
[80] S-USI authentication for IoT‑based – Chebyshev Chaotic Map WMSN ✔ ✔ ✔ ✔ ✔ ✖ ✖ ✖ ✖
eHealth systems
[81] Lightweight and privacy-preserving 2FA – Physical Unclonable Function WSN ✔ ✔ ✔ ✔ ✔ ✖ ✔ ✖ ✔
mechanism for IoT-enabled devices
[82] Lightweight authentication for M2M – One-way hash function, XOR, WSN ✔ ✔ ✔ ✔ ✖ ✖ ✖ ✖ ✖
communication for IIoT environments operations, Pseudonym Identity
[83] Lightweight, secure 3FA for remote on- – One-time hash Function WBAN ✔ ✔ ✔ ✔ ✔ ✖ ✔ ✖ ✖
body networks are being used to monitor – XOR Operations, Pseudonyms
patients.
[84] Secure 3FA for smart healthcare services – ECC, XOR Operations, One-way WMSN ✔ ✔ ✔ ✔ ✔ ✖ ✔ ✖ ✖
Hash, USB
[85] Enhanced lightweight authentication for – One time hash chain, XOR WSN ✔ ✔ ✔ ✔ ✔ ✔ ✖ ✖ ✖
cloud-based IoT environments Operations, Pseudonym Identity
[86] Efficient MFA scheme for securing real- – One-way hash function, RSA WSN ✔ ✔ ✔ ✖ ✔ ✖ ✖ ✔ ✖
time data access in WSN Cryptosystem, Fuzzy extractor,
XOR operations
[87] Lightweight authentication for IoD for – ECC, One-way Hash, XOR WMSN ✔ ✔ ✔ ✔ ✔ ✖ ✖ ✖ ✔
smart city surveillance operations
[88] Authenticated key agreement – One-way collision-free hash WMSN ✔ ✔ ✔ ✔ ✖ ✖ ✖ ✖ ✖
mechanism fog based IoT healthcare function,
– XOR Operations
[89] Robust and secure authentication – Smartcard, Symmetric Multi- ✔ ✔ ✔ ✔ ✔ ✖ ✖ ✖ ✖
scheme for IoT enabled devices in cloud encryption server
environments – One-way hash function, ECC WSN
[92] Lightweight privacy-preserving and – XOR Operations, One-way Hash WSN ✔ ✔ ✔ ✔ ✔ ✖ ✖ ✖ ✔
session management for fog-related
systems
[93] Lightweight authentication for cloud- – Bilinear pairing, ECC, Fuzzy WMMSN ✔ ✔ ✔ ✔ ✔ ✖ ✖ ✖ ✔
driven IoT intelligent data computing verifier, HMAC
[94] Anonymous mutual authentication for – Pseudorandom generator WMSN ✔ ✔ ✔ ✖ ✔ ✖ ✖ ✖ ✖
cloud-driven IoT based healthcare – One-way Hash, OTP
system
[95] Lightweight authentication scheme in – Secure Hash function WSN ✔ ✔ ✔ ✔ ✖ ✖ ✖ ✖ ✔
the mobile sink for cloud-assisted – XOR Operations
systems
[96] The efficient mutual authentication – Enhanced Chebyshev WVSN ✔ ✔ ✔ ✔ ✔ ✖ ✖ ✖ ✔
mechanism for enabling privacy – One-way Hash
preservation for UAV systems
[97] Secure authentication scheme for – Bilinear pairing WMSN ✔ ✔ ✔ ✖ ✔ ✖ ✖ ✖ ✖
multimedia medical information system – Secure Hash function
[98] Anonymous user authentication method – One-way collision-free hash WMSN ✔ ✔ ✔ ✔ ✔ ✖ ✖ ✖ ✔
for securing healthcare applications function
– Symmetric key encryption
[99] Improved anonymous 2FA mechanism – Bitwise XOR Operations, One- WMSN ✔ ✔ ✔ ✖ ✔ ✔ ✖ ✖ ✖
for healthcare applications way hash, Symmetric-key
encryption

SP1: Secure Authentication; SP2: Key Management; SP3: Formal Security Analysis SP4: Lightweight; SP5: Efficient; SP6: 2FA; SP7: 3FA; SP8: MFA; SP9: Privacy
Protection;.
✔: Yes; ✖: No.

communication. However, the authentication procedure requires a few
standard requirements such as mutual authenticity, secure session key
management, and computationally efficiency. IoT devices have
restricted computation, processing, storage, and battery life due to their
resource constraints. Therefore, preferably using a single authentication
scheme, it needs to utilize a multi-factor authentication mechanism.
Therefore, the schema should be useful because it works with multi-
factor authentication, which needs extra load on IoT devices. In addi­
tion, the authentication schema requires combining encryption tech­
niques, including RSA, SHA, AES, and ECC, to enhance security [130].
Access Control assures the IoT devices that unauthorised users
cannot accesssensitive data. This is the backbone technology for gua­
rantees information security to withstand various security vulnerabil­
ities. The main goal of access control is to monitor access to resources
efficiently and protect against the unauthorised flow of information. In
IoT environments, the data can be transmitted continuously and shared
data between people and things. IoT technology adopts access control
and secure authentication to authorize system requests. It may design an
intelligent IoT application to gain system access that verifies the
authenticity of the real-time objects using key agreement techniques.
The common techniques of role-based access control and attribute-based
access control are two types of access control to ensure a valid autho­
rization of any real-time object [131]. The former technique converts
the system privileges into attributes for any real-time object. In contrast,
the latter converts the system privileges into functional roles for any
real-time object. In addition, a technique known as authentication and
authorization for constrained environments ensures the authenticity of
real-time objects.
Availability uses three basic functions such as physical, technical,
and administrative to manage the operative features of the computer
systems accessible by an authorized user. Most computing systems use
high order efficiency to operate better backup processing whenever is
needed. Two major threats such as loss of data and denial of services
disrupt the technological infrastructure actively to keep the crucial data

15
P.M. Rao and B.D. Deebak Ad Hoc Networks 146 (2023) 103159

Table 4
Taxonomy of IoT security Services.
Security Services Authentication Schemes
[49] [50] [51] [35] [36] [37] [38] [39] [40] [41] [42] [43] [44] [45] [46]

Untraceability ✖ ✖ ✖ ✔ ✖ ✖ ✖ ✖ ✔ ✔ ✔ ✔ ✔ ✔ ✔
User Anonymity ✖ ✖ ✖ ✔ ✔ ✖ ✔ ✔ ✖ ✖ ✔ ✖ ✖ ✖ ✖
Sensor Anonymity ✔ ✖ ✖ ✖ ✖ ✔ ✖ ✖ ✖ ✖ ✖ ✔ ✖ ✖ ✖
Mutual Authentication ✖ ✔ ✔ ✖ ✖ ✔ ✖ ✖ ✔ ✔ ✖ ✖ ✔ ✖ ✔
Loss of synchronization ✔ ✖ ✖ ✔ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖
Session Key
Construction ✖ ✔ ✔ ✖ ✔ ✔ ✔ ✔ ✔ ✖ ✖ ✖ ✖ ✖ ✖
Session Key Agreement ✖ ✖ ✖ ✖ ✔ ✔ ✔ ✖ ✖ ✔ ✖ ✔ ✔ ✔ ✖
Perfect forward secrecy ✖ ✔ ✖ ✔ ✖ ✖ ✖ ✔ ✖ ✖ ✔ ✔ ✖ ✖ ✔
Security Services Authentication Schemes
[98] [99] [100] [113] [114] [115] [116] [117] [118] [119] [120] [121] [122] [123] [124]
Untraceability ✖ ✖ ✔ ✖ ✖ ✔ ✖ ✔ ✔ ✔ ✖ ✔ ✖ ✖ ✔
User Anonymity ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✖ ✔ ✖ ✔ ✖ ✖ ✔
Sensor Anonymity ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✔ ✖ ✖ ✖ ✖ ✖ ✖
Mutual Authentication ✔ ✔ ✖ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✖
Loss of synchronization ✖ ✔ ✖ ✔ ✖ ✖ ✔ ✖ ✔ ✔ ✖ ✔ ✖ ✖ ✖
Session Key
Construction ✔ ✖ ✔ ✖ ✔ ✖ ✖ ✖ ✔ ✖ ✔ ✔ ✖ ✖ ✖
Session Key Agreement ✖ ✖ ✔ ✖ ✖ ✔ ✖ ✔ ✖ ✔ ✖ ✖ ✖ ✔ ✖
Perfect forward secrecy ✖ ✖ ✔ ✔ ✖ ✔ ✔ ✔ ✖ ✔ ✖ ✔ ✔ ✖ ✔

Provided: ✔ Not Provided: ✖.

unavailable and lengthen the data outage times as much as is feasible. As
a result, the organization proactively set its protective strategy to
maintain the system backups and to repair the data breaches to meet the
requirements of data protection and privacy.
Data freshness ensures that the sensory devices send the freshness of
the data. The freshness property ensures that every received message
should be fresh. It necessitates using recent data sets and ensures that no
attacker will respond with an old message.
Non-repudiation ensures that communicating parties’ data trans­
mission cannot be denied by earlier sending the message. It can be
considered when the communicating parties have bound to the contract.
Resilient to device security: in the IoT environment, all the devices
are interconnected; if one device is compromised, an attacker can
physically capture it. Resultantly, each attacker can get their hands on
the device’s secret credentials stored in its memory.[132]. Besides, an
attacker gathers secret session keys that are being issued between the
user and IoT devices. Thus, the compromised node should not influence
the security of other parts of the network. Therefore, some security
mechanisms must be implemented to secure other non-compromised
devices. There must be a need to design secure authentication and key
agreement mechanisms to withstand device security.
Lightweight encryption [40,43,44,74] mentions that the conven­
tional cryptographic solutions could not fit the IoT environments
because of their limited resources. Most of these IoT devices are
equipped with less computing and storage, and battery power. Thus,
lightweight cryptographic solutions were recommended to ensure the
security of the IoT environments. As a sequence, the researchers suggest
reusing existing functions to reduce the complexity of the security al­
gorithm to use resource-constrained devices within the limited
resources.
Secure Key Agreement: Due to the public network environments,
adversaries can implement malfunctions, including eavesdropping,
replaying, or modifying messages, and impersonating legitimate users to
access remote services. Mutual authentication between entities must be
required to ensure secure transmission [133]. Therefore, a shared key
must be generated and distributed among the connected entities to
ensure secure communication. Otherwise, the entities cannot be mutu­
ally authenticated and restrict unauthorised network access.
Data Security is one of the primary challenges affecting data privacy
in the development of IoT environments. In the IoT environment, the
deployment of these data security solutions cannot be straightforward
because of their resource constraint features, heterogeneity, and
dynamic deployments at large-scale industries. Data security necessi­
tates the use of encryption to secure the data while transmitting over an
insecure communication channel. Furthermore, it ensures to provide of
access control policies for governing data control over location and time.
Therefore, the data collected from various sources must be authorized
and governed by enabling access control at various levels of data secu­
rity [134].
Battery life: Most IoT devices have been deployed in environments
where battery power is unavailable, limited power to execute the
planned security feature, and heavyweight security functionalities
consume battery resources. As a result, three alternative solutions to this
problem were proposed by various scholars. To begin, employ the de­
vice’s most basic security features. However, dealing with sensitive in­
formation such as healthcare, the military, and the government is not
advised [135]. The second suggestion is to increase charging/battery
capacity; Practically, all IoT devices have been intended to be small in
size.
Node-Level Security: To achieve IoT node-level security, IoT security
solutions must integrate the functional blocks as interconnected mod­
ules. Data protection, device security, and device integrity and identi­
fication compliance requirements are among them. The first step in
operationalizing trust at the device/node level is to automate and link to
standards-based, proven technologies/products to provide end-to-end
data security and privacy based on policies [136].
Secure Routing is one of the most difficult tasks to establish a safe
routing mechanism for data transfer in the Internet of Things. A protocol
like this should create a secure path between communication nodes by
establishing a safe route. Low-power IoT networks must adequately
serve them; computations performed for routing data should be light­
weight. It is necessary to secure the security and privacy of the IoT de­
vices in the IoT network. As a result, a safe routing protocol must be
capable of maintaining location privacy [137].
Privacy Protection is one of the most important ideas in security
research resulting in property loss and serious threats to human safety.
Furthermore, IoT devices save a large quantity of private data, such as
passwords, the time of automated on/off lighting, blood pressure and
heart rate, and so on. Due to storage limitations, the acquired data
cannot be saved in IoT devices indefinitely. Furthermore, the obtained
data can be moved to the cloud for long-term storage and processing;
however, having one’s private information stolen by third-party appli­
cations or adversaries could result in severe consequences, including a
threat to one’s life [138].

16
P.M. Rao and B.D. Deebak
Secure Communication is to ensure that data is transferred securely
across a public network without revealing information to third parties,
preventing unlawful data collection about things and people [139].
Profiling and trackinge often rely on policing and traffic manage­
ment to extract the profiling features of network information systems
and to analyze the application-level traffic based on automation tech­
niques. Associating an identity with a specific person is a risk because it
may lead to profiling and tracking. As a result, one of the most signifi­
cant issues is to prohibit such conduct in the IoT and implement some
preventative measures [139].
5.3. Security issues and challenges
Of late, various security issues have been identified in surveys [24,
27–34,48,9]. As IoT deployments can occur in hostile environments,
there is a huge chance to attack the devices physically. Besides,
numerous threat scenarios are coming up every day to attack individual
devices or an entire network. Based on recent studies, As the application
plane increase, the attack plane also increases.
Mobility: IoT device mobility has become an essential part of
humans’ daily lives in the advanced computing paradigm. The wearable
device is an example of a mobile device that monitors biomedical in­
formation like temperature, SpO2 levels, heart rate, pulse rate, etc. It
then transfers it to the cloud to be processed and stored in online patient
care systems. These wearable devices will be linked to the specified
network; the connectivity can be varied based on their presence, it will
connect to a home network or personal network, or any private network
[140]. Therefore, different networks may require different user security
services, configurations, and settings. Thus, designing
mobility-supporting security schemes is a challenging task in the current
IoT environment.
Energy: In the resource-constrained IoT environment, the sensors
and other communication units have less battery power [141]. It is
designed to save power when there is no use automatically. However, it
becomes extremely difficult to design a security algorithm to execute
low-power conditions because of battery power and backup limits.
However, various security solutions [68,70–73,131–136] have been
developed using one-way cryptographic hash functions to overcome
computing and communication costs. But it is still challenging to pro­
vide high-level security to these devices.
Location: There is a wide range of Web services and applications that
offer location-based services. To have access to services, users must first
register their location with the service provider. In many circumstances,
location data leaking is a clear hazard and a legitimate issue for users.
Wei et al. [142] proposed mobile internet social networks that enable
anonymous location sharing while keeping flexibility. Within a given
spectrum of social relationships, the system may detect untrustworthy
strangers. It conceals location data by splitting users, creating unique
identifying IDs from anonymous location data, and storing them in two
distinct entities. The information about the location will be innocuous if
one of the storage entities is leaked or attacked because it will not reveal
user identities. Liang et al. [143] proposed a method for preserving
mobile users’ location data. The model uses Breaking location infor­
mation into groups and storing them independently using a Markov
chain for distributed cache-pushing proxies. Cache proxies receive
location-based data without revealing their true locations to service
providers; the location information is preserved.
Tracking and localization: Another issue is localization when com­
puters attempt to track and record a person’s whereabouts through time
and space. One of the most difficult aspects of developing security so­
lutions for IoT is designing protocols for interactions with IoT that
discourage such behavior. In e-commerce applications, profiling infor­
mation about a specific individual can deduce interests by looking at
other people’s profiles, and data is very frequent. Balancing company
interests in profiling and data analysis while respecting user privacy is a
significant challenge. [144].
17
Ad Hoc Networks 146 (2023) 103159
Trust: The diverse capacities of these devices operate as a motivator
for resource sharing between them. However, maintaining trust in the
myriad of pervasive and diversified IoT devices is critical for effective
resource sharing [144].
Trajectory is a specific type of data that is frequently collected by
various sensors deployed in IoT environments. Today, multiple variants
of trajectory data have been made available for tracing and human ac­
tivity profiling. The trajectory can be generated in massive amounts of
data collected from many sensors and other IoT devices. Besides, the
trajectory is aimed to perform mobility tracing [145] which is widely
applied in numerous applications, including urban planning [146],
market analysis [147], and route choosing [148]. Trajectory services
make people obtain real-time trajectories and examine travel trends.
Thus, trajectory becomes a key promising tool for adversaries to obtain
user activity and perform malicious actions. Chen et al. [149] presented
a variable-length n-gram framework to achieve differential privacy to
produce sequential data by using various parameters including choosing
threshold values, allocating a privacy budget, and imposing consistency
limitations to ensure system efficacy.
Dynamic Security Update: It is strongly advised that security
schemes be kept up to date to combat security flaws in existing systems.
When the device revocation or addition performs in the connected
network, the trusted authority should inform the other device to update
the same information in the other device’s memory. Thus, implementing
a mechanism that supports dynamic security updates can challenge IoT
environments [150].
Security against physical capturing: In hostile IoT environments,
there are many chances that attackers can physically steal the devices.
By then, the attacker may use power analysis tools to retrieve the secret
information stored in the devices to perform malicious tasks that may
down the entire system’s performance or damage the system. Besides, an
attacker also replaces a malicious device by cloning the original device.
Therefore, a tamper-proof security mechanism can be the solution for
defeating such attacks. Thus, it is highly demanded to design authenti­
cation schemes to withstand device-stolen attacks [151]. Resultantly,
when the device is stolen, it should not affect the security of the
remaining part of the communication in the system.
Limited computation power and storage: In the current techno­
logical era, designing a standard IoT device can always be challenging,
and the performance of these IoT devices can be limited. In such a sense,
the computation power, storage, and battery are limited. Thus, it cannot
perform high computation tasks. Such that it is not advisable to perform
high-level cryptographic solutions on these resource-constrained de­
vices [152]. Traditional cryptographic solutions may require large
storage space to store these secret keys and devices’ information and
require high computing power to execute security protocols. Therefore,
it is highly demanded to design a security mechanism or a protocol to
meet the requirements of resource-constrained devices without
compromising security.
5.4. Potential attacks
With the rapid advancements of IoT, it is evident that millions of
devices are connected online to provide various solutions. Besides, it
increases the use of the application domain. In turn, it reflects the
network bandwidth, storage, memory, and other related technical
complexities. Furthermore, it isn’t easy to efficiently handle all the ap­
plications and devices due to IoT environments’ autonomous and het­
erogeneous nature. As a result, it increases the attack plane and opens
doors to various potential attacks. This section reviews several potential
attacks that are common to IoT environments. Fig. 12 depicts the attack
classification based on security features [153–155,93,156–165].
Node Capture has an attacker who monitors the node and thus gains
control over cryptographic keys and protocols and also performs node
cloning. In this attack, the node refused to sleep after sending sensed
data.
P.M. Rao and B.D. Deebak
Fig. 12. Attack classification in IoT Environments.
DoS leads to the shutting down of systems and prevents authorized
users from their accessing including services and resources. Moreover,
the legitmate user cannot access the information systems due to band­
width overload or host network with trafiic.
DDoS has a common type of denial of service leveraging the targets
with network traffic or malicious software which eventually makes the
system inaccessible for a cretain period of time.
Malicious Node Injection defines the malicious node injection from
intruders.
A firmware backdoor describes the malicious functioning of back­
ground firmware access.
Fake Node/Sybil utilizes fake identities and Cross-Site nodes to
generate incorrect data.
Replay constitutes information retransmission without granted
authorization.
Man-in-the-Middle listens to the traffic, obstructs it, and impostures
two sides of the data.
Routing Threats creates a loop in the route that causes a shortage or
extension of the routing path.
Side-Channel could perform on encryption devices. So that the se­
cret key can be discovered.
Storage that has user’s information attempted to be made wrong by
an attacker to access the cloud and other storage devices.
Offline Password guessing uses millions of passwords and subse­
quently matches with the captured unit succeeded. It can be done by
utilizing either brute force or dictionary attacks.
Mass Node Authentication requires an enormous amount of network
communication. Thus, the performance of the whole system is affected.
Timing captures the system’s security which may include crypto­
graphic algorithms based on the timing. It exploits the timing variations
caused by several inputs.
Denial of Sleep influences the power supply of the node.
18
Ad Hoc Networks 146 (2023) 103159
Jamming disturbs the communication between the reader and the
tag. Thus, interrupts RFID communication
Tag Removal which has tags not implanted inside the things, tags
can be easily damaged or removed.
Side-Channel could perform on encryption devices. So that the se­
cret key can be discovered.
Eavesdropping/sniffing listens on private communication across
the communication channel using a passive assault.
Routing can listen on private communication across the communi­
cation channel using a passive assault, further affecting message passing.
Exploit may be in the form of software or chunks of data or a
sequence of commands that aim to control the system and deceive the
information stored on the network.
Tracing gathers enough private information to link data to a specific
real identity in this technique.
Buffer overflow reserve space for an incoming packet; an intruder
may violate this mechanism by sending incomplete packets.
Spoofing comprises the fake tag, which is considered a valid tag so
that the attacker can rewrite new RFID tags.
Cloning seizes a valid tag’s data and creates a fake copy of the new
tag’s above data.
Cross-Site Scripting induces an injection attack on a client-side
script and changes the application’s contents according to its usage.
Malicious Code includes code in any part of the software, which
causes undesirable influence and affects the total system.
Tag modification can easily modify or delete information of tag data.
Brute force generates many sequential guessed passwords until it
gets the correct one.
The stolen verifier has the server’s verification details for the current
or previous successful authentication session stolen by an adversary.
Following that, it creates and sends authentication messages to the
server using stolen data.
P.M. Rao and B.D. Deebak
Known Key gets the previous session keys to obtain any other keys in
this attack.
Insider performs malicious activities on the network. It affects the
network availability overloading massive processing capacity; thus, it
causes the entire network or system to crash.
Chosen ciphertext can obtain plaintext for chosen ciphertext.
6. Countermeasures and performance analysis
This section provides a comprehensive study of various cryptosys­
tems and performance analysis for different authentication mechanisms.
Computing and storage resources on IoT devices are limited; nonethe­
less, computation, connectivity, and storage requirements for IoT ap­
plications are crucial. Computing and storage resources on IoT devices
are limited; nonetheless, computation, connectivity, and storage re­
quirements for IoT applications are crucial. We discussed various cryp­
tographic standards for authentication schemes to provide better
security. We summarized the communication cost, computation cost,
and security requirements of several authentication schemes selected for
the review. Around twenty security requirements, according to
numerous research investigations, can ensure authentication procedures
in various WSNs. We denote these security requirements using P1 to
P18, respectively. Table 5 presents the comparison of several potential
security attacks and functional requirements. We also compare the
performance of several WSN-based authentication systems in this sec­
tion. We evaluate several security requirements in Tables 8, 9 and 10
depict the comparison of performance evaluation computation,
communication, and storage cost to determine which scheme can be
suitable to protect real-time applications. The detailed communication
cost, computation cost, and energy cost of related authentication
schemes have summarized in Table 7. Gope et al. [166] ’s communi­
cation cost is the lowest. Subsequently, Srinivas et al. [167] mutual
authentication for WMSNs can be the highest.
6.1. Countermeasures
Several key agreement and authentication systems have recently
been implemented to protect communication and the environment from
various security risks. Today, the rapid growth in IoT environments has
brought remarkable services and advancements to 21st-century human
lives. However, with the device heterogeneity and resource constraint
nature, the IoT faces numerous security issues at various levels of
deployment, communication, and processing stages. Therefore, re­
searchers found various security measures to withstand potential attacks
and secure communication between devices and systems. Table 6 de­
picts various countermeasures that have been considered for enabling
security for various IoT environments. These security mechanisms use a
smartcard, biometric, ECC, symmetric encryption, fuzzy extraction,
secure hash, and bitwise XOR operations. Finally, Table 11 shows the
acronyms used in this paper.
Das et al. [177] devised a robust user-anonymous authentication
mechanism for WMSNs, ensuring their proposed scheme could secure
various attacks and be more effective because of computation and
communication costs. Hence, this scheme can be advisable for various
real-time medical applications. Wu et al. [178] devised a robust and
secure authentication scheme for enabling a privacy-preserving mech­
anism for WSNs to help real-time applications further. Their scheme
proved that [177] scheme is still susceptible to sensor-node capture,
user-impersonation, and offline password-guessing attacks. Ever et al.
[74] reported that the existing authentication mechanisms of Turka­
novic et al. and Farash et al. thoroughly crypt-analyzed to prove various
vulnerabilities, including reply, password guessing, smartcard lost
verifier, and MITM attacks. To overcome some of the existing security
flaws, Ever et al. [74] proposed a novel and lightweight S-AUAS scheme
that influences several merits and protects from faulty risks.
Few recently reviewed that authentication and key agreement
19
Ad Hoc Networks 146 (2023) 103159
schemes have addressed using WSNs for a distinct purpose. For instance,
WSN for health care through body sensor networks, WSN for industrial
and military, WSN for multimedia, and agriculture monitoring [168,
112] proposed one secure authentication schema favoring an anony­
mous patient monitoring system leveraging WMSNs. Ali et al. [59]
designed a reliable security mechanism for agriculture monitoring using
WSNs, which determines system setup, professional registration, login,
session-key management, password update, and authentication adaptive
node addition phases. In Ref [168], their scheme introduces an
identity-based authentication mechanism and a key agreement scheme
leveraging WSN for agriculture monitoring. Both [112] and [177]
schemes are popular and widely spread across various security research.
Moreover, authors in [149] found out that the [59] scheme can fail to
provide user un-traceability, sensor-node, insider, session-key, perfect
forward secrecy attacks, and failed from protecting against denial of
service during the password update phase.
Today, multimedia content can be primarily used for several appli­
cations to ensure personal and public services. These contents can
transmit via various networks. Hence, a reliable and secure authenti­
cation scheme is highly demanded. Recently, Kumari et al. [176] pro­
posed an authentication scheme for multimedia communications in
IoT-enabled WSNs, applied in the coal mine for safety monitoring.
Their scheme claims that the designed system actively resists various
attacks, including a user node, the sensor node impersonation, and
sensor node anonymity. Mishra et al. [179] proved that Kumari et al.
scheme has some design issues. The system is subject to a variety of
assaults, including impersonation attempts on users and sensor nodes.
Authors in [176] devised a mechanism for user authentication using a
smartcard with the BAN logic model to overcome the mentioned issues.
In [179], three-factor authentication and key agreement scheme have
been proposed and ensured that their mechanism could resist various
well-known security attacks. But Yang et al. [169] described that [179]
scheme is susceptible to user impersonation, privileged insider, and
server spoofing attacks.
The future generation of cellular networks (5 G) drastically increases
the performance of message transmission. Several advanced authenti­
cation schemes have been proposed based on complex bilinear-pairing
operations; For vehicle networks, identity authentication and condi­
tional privacy are insufficient to analyze the messages. Cui et al. [180]
proposed a lightweight message authentication scheme and framework
model for 5G-enabled vehicular networks to address this issue. Zhao
et al. [181] proposed a required medium access control scheme based on
multichannel cooperation in vehicular Ad hoc networks. Authors in
[182] proposed a secure and robust authentication mechanism for
mobile-sink in IoD applications. Their scheme enables the UAV-WSN
extended authentication to overcome UAV communication. Lately,
Chen et al. [183] devised a secure authentication scheme for IoV envi­
ronments. Their scheme is enhanced to withstand offline identity at­
tacks, location spoofing, replay, and tracking attacks.
Liu et al. [184] devised the first secure password-based authentica­
tion mechanism for WBAN to achieve strong user anonymity. In WBAN,
patient care information is completely personal and confidential. Pri­
vacy is the key concern for WBAN. Therefore, Xie et al. [185] presented
a robust and novel certificateless authentication scheme for WBAN for
enabling conditional privacy-preserving to assure the patient’s data.
Their scheme enhances security and computational efficiencies by
comparing other existing schemes. Shuai et al. [174] devised a robust
and secure privacy-preserving authentication mechanism for WBAN. It
uses ECC to assure lightweight functionality. Their scheme adopts cer­
tificateless authentication based on identity-based cryptography to
make multi-server architecture without third-party interaction.
The majority of current body area networks are vulnerable to a va­
riety of data security and privacy issues. A scarcity of anonymity and
secure authentication leads to complete system failure in WBAN.
Recently, Jegadeesan et al. [186] created a secure and strong anony­
mous authentication technique to provide healthcare users with data
P.M. Rao and B.D. Deebak Ad Hoc Networks 146 (2023) 103159

Table 5
Summary of various authentication schemes preventing potential security attacks.
Reference Authentication Scheme Potential Attacks
P P P P P P P P P P P P P P P P P P
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

[40] A robust and secure authentication scheme ✖ ✖ ✔ ✖ ✖ ✖ ✔ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✔ ✖

for human-centered industrial Internet of
Things
[125] Enhanced lightweight mutual ✖ ✔ ✖ ✖ ✔ ✖ ✔ ✖ ✖ ✖ ✖ ✔ ✖ ✖ ✖ ✖ ✖ ✖
authentication scheme for cloud-IoT
[119] Lightweight authentication and key ✖ ✔ ✔ ✖ ✔ ✖ ✔ ✖ ✖ ✖ ✔ ✔ ✖ ✖ ✖ ✔ ✔ ✔
agreement scheme in the mobile sink for
cloud-assisted systems
[120] The efficient mutual authentication ✔ ✔ ✔ ✖ ✔ ✖ ✔ ✖ ✖ ✖ ✔ ✔ ✖ ✖ ✖ ✔ ✔ ✔
mechanism for enabling privacy
preservation for UAV systems
[121] A novel secure authentication scheme for ✖ ✖ ✖ ✖ ✔ ✖ ✖ ✖ ✖ ✖ ✖ ✔ ✖ ✖ ✖ ✖ ✔ ✔
MMIS
[157] Secure and robust anonymous user ✖ ✔ ✖ ✖ ✔ ✖ ✔ ✖ ✖ ✖ ✔ ✔ ✖ ✔ ✔ ✖ ✔ ✖
authentication and key agreement scheme
for TMIS
[158] Robust authentication and key agreement ✖ ✔ ✔ ✖ ✔ ✖ ✔ ✖ ✖ ✖ ✔ ✔ ✖ ✖ ✖ ✖ ✔ ✖
scheme considering user anonymity for WSN
[159] Efficient mutual authentication and user ✖ ✖ ✖ ✖ ✖ ✖ ✔ ✖ ✖ ✖ ✖ ✔ ✖ ✔ ✔ ✔ ✔ ✖
anonymity for IoT-based medical care
system
[160] Secure 3FA mechanism for securing ✖ ✔ ✖ ✖ ✔ ✖ ✔ ✖ ✖ ✔ ✔ ✖ ✖ ✔ ✖ ✖ ✖ ✖
heterogeneous WSN
[161] BAKMP-IoMT: Blockchain-based secure ✖ ✖ ✖ ✖ ✔ ✖ ✔ ✔ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✔ ✖
authentication and key management
protocol for IoMT environments
[162] An enhanced three-party pairwise secret key ✖ ✔ ✖ ✖ ✔ ✖ ✔ ✖ ✖ ✖ ✔ ✖ ✖ ✖ ✖ ✖ ✔ ✖
agreement system for fog-driven vehicle ad-
hoc networks
[163] Secure aware authentication and key ✖ ✔ ✖ ✖ ✔ ✔ ✔ ✔ ✖ ✖ ✖ ✔ ✖ ✖ ✖ ✖ ✖ ✖
management protocol for V2G in the social
internet of things for enabling dynamic
privacy-preservation
Reference Authentication Scheme Potential Attacks
P P P P P P P P P P P P P P P P P P
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
[64] Secure, lightweight authentication and key ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✔ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✔
management for IoT environments
[65] Secure authentication and key agreement ✖ ✔ ✖ ✔ ✔ ✔ ✔ ✖ ✖ ✖ ✖ ✔ ✖ ✔ ✖ ✖ ✖ ✖
mechanism using smartcard
[66] Lightweight 2FA for personalized healthcare ✔ ✔ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✔ ✖ ✔ ✖ ✔ ✖ ✔
systems
[67] Secure and robust ECC-based authentication ✖ ✖ ✖ ✖ ✔ ✔ ✔ ✖ ✖ ✖ ✔ ✔ ✖ ✖ ✖ ✖ ✔ ✖
scheme for preserving privacy in IIoT
environments
[68] Lightweight MF secure smartcard-based ✖ ✔ ✔ ✔ ✖ ✖ ✔ ✖ ✖ ✖ ✔ ✔ ✖ ✔ ✖ ✔ ✖ ✖
remote authentication for Cloud-IoT
applications
[69] Efficient authenticated key agreement ✔ ✔ ✖ ✖ ✖ ✔ ✖ ✖ ✖ ✖ ✖ ✔ ✖ ✔ ✖ ✔ ✖ ✔
scheme for multi-gateway WSN
[70] Mutual authentication scheme for WMSN ✔ ✔ ✖ ✖ ✔ ✔ ✔ ✖ ✖ ✖ ✔ ✔ ✖ ✔ ✖ ✖ ✖ ✖
[71] Biometric-based authentication scheme for ✖ ✖ ✖ ✖ ✔ ✔ ✖ ✖ ✖ ✖ ✖ ✔ ✖ ✔ ✖ ✔ ✖ ✖
WSN
[73] Authenticated key management scheme for ✔ ✔ ✖ ✖ ✔ ✖ ✔ ✔ ✖ ✖ ✔ ✔ ✖ ✖ ✔ ✖ ✔ ✖
cloud-enabled BAN
[74] Three party Lightweight authentication ✖ ✖ ✖ ✖ ✔ ✖ ✔ ✖ ✖ ✖ ✖ ✔ ✖ ✖ ✖ ✖ ✖ ✖
schemes for secure data transmission in IoT
networks
[131] Pairing-based anonymous, secure ✖ ✖ ✖ ✖ ✖ ✖ ✔ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✔ ✖
authentication scheme for IoT
[132] Provably secure MFA for IoMT environments ✖ ✔ ✖ ✖ ✔ ✖ ✖ ✔ ✖ ✖ ✔ ✖ ✖ ✖ ✖ ✖ ✔ ✖
[133] Secure authentication mechanism with ✖ ✔ ✖ ✖ ✔ ✖ ✔ ✖ ✖ ✖ ✖ ✖ ✖ ✖ ✔ ✖ ✖ ✖
forward secrecy for IoT
[134] Robust and secure authentication and key ✖ ✖ ✔ ✖ ✔ ✖ ✔ ✖ ✖ ✖ ✖ ✖ ✔ ✖ ✖ ✖ ✖ ✖
management mechanism for securing data
transmission in IoT environments
[135] ECC-based authentication scheme for IoMT ✖ ✔ ✖ ✖ ✔ ✖ ✔ ✔ ✖ ✖ ✖ ✖ ✖ ✔ ✖ ✖ ✔ ✖
[136] Cloud-based data de-duplication with ✖ ✔ ✖ ✖ ✔ ✖ ✔ ✖ ✔ ✖ ✖ ✔ ✖ ✔ ✖ ✖ ✖ ✖
authenticated key management scheme for
IIoT
[137] An anonymous remote user authentication ✖ ✔ ✖ ✖ ✔ ✖ ✔ ✔ ✖ ✖ ✖ ✖ ✖ ✖ ✔ ✖ ✖ ✖
mechanism for smart home environments
(continued on next page)

20
P.M. Rao and B.D. Deebak Ad Hoc Networks 146 (2023) 103159

Table 5 (continued )
Reference Authentication Scheme Potential Attacks
P P P P P P P P P P P P P P P P P P
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

[138] Mutual authentication for establishing a ✖ ✔ ✖ ✖ ✔ ✖ ✔ ✔ ✖ ✖ ✖ ✖ ✔ ✖ ✖ ✖ ✖ ✖

secure D2D communication session in the
edge-based smart cities
[140] The secure authentication mechanism for ✔ ✖ ✔ ✖ ✔ ✖ ✔ ✔ ✖ ✖ ✖ ✔ ✖ ✖ ✖ ✖ ✖ ✖
smart homes

P{1}: Node Capture; P{2}: Privileged Insider attack; P{3}: DoS/DDoS; P{4}: Server Spoofing; P{5}: Impersonation attack; P{6}: Desynchronization Attack; P{7}:
Replay Attack; P{8}: MITM Attack; P{9}: Brute force attack; P{10}: Side-Channel Attack; P{11}: Smartcard stolen Attack; P{12}: Offline Password guessing attack; P
{13}: Eavesdropping; P{14}: SSTPI attack; P{15}: Server spoofing attack; P{16}: Forgery Attack: P{17}: Stolen verifier Attack; P{18}: Session key disclosure attack; ✔:
Yes; ✖: No.

In their scheme, the registration center initially generates the secret

Table 6
information for each communicating node. Then the role of the regis­
Summary of Countermeasures used in the Authentication schemes for IoT
tration center is not required for computation and communication.
environments.
Resultantly, their scheme achieves reduced exponential complexities
Countermeasures References and computational overheads. It could not, however, withstand forgery,
Pseudonym-Identity [168,82,85,94,114,117] password guessing, or monitoring assaults.
Password [36,40,61,58,76] Chang et al. [189] presented a novel authentication mechanism for
Smartcard [29,36,38,43,50,73,76,89,161]
heterogeneous ad hoc networks. Unfortunately, their scheme fails to
Biometric [39,45,75,92,93,125]
[114,75,169,170,171] withstand node capture, spoofing, smart card stolen, and stolen verifier
Pseudo Number Generator [94,172] attacks. Consequently, Li et al. [178] demonstrated the limitations of
Bilinear pairing Cryptosystem [97,93] Chang et al., such that their schemes cannot withstand proper mutual
Rabin’s public key [45,117] authentication and other network security issues. Li et al. presented a
PUF [81]
ECC [75,173,125,84,87,89,93,119,174,
three-factor authentication protocol for WSN in IIoT to restrict the above
175] scheme’s weaknesses. Their scheme ensures that it carries energy effi­
ECDH [81,176] ciency along with the required security properties. Later, Mo et al. [125]
Symmetric Encryption [59,38,40,76,89,98,99] presented a biometric-based privacy-preserving authentication mecha­
Asymmetric Encryption [49]
nism for cloud-enabled IIoT deployments. Their schemes ensure strong
Fuzzy Extraction & Fuzzy Commitment [75,75,125,145,128]
[170] authentication between the users and connecting devices using pre­
Chebyshev Chaotic map [80,96,113] established key agreements with gateway nodes. Finally, the authors in
One-way hash function [22,70,109–129] [175] proposed a secure authentication scheme with privacy preserva­
Bitwise XOR Operations [49–51,37,38,112] tion in IIoT environments. Their scheme ensures lightweight computa­
[42–44,47,81–89]
[116,119,123,128,129]
tion using ECC computations. Their scheme overcame various
Biohashing [44,82,124] challenges addressed for the IIoT environments and proved secure
against known attacks and computationally efficient.
Lately, Li et al. [170] devised a 3FA anonymous authentication
protection and privacy. Their scheme achieved efficiency by reducing mechanism for WSN. Their scheme uses biometrics as the third factor to
computational overheads during the login and authentication phases. enhance the security of the proposed mechanism. A fuzzy extractor
The use of WBAN is exponentially increasing in daily life. Resultantly, scheme was adopted to handle the biometric information. With the rapid
voluminous medical data is being generated from a variety of healthcare development of IIoT, large voluminous data is being generated from
applications. Thus, it is highly essential to secure communication be­ various large-scale industrial sensors. Storing and processing these vol­
tween the WBAN client and the applications. In a larger variant, the uminous data in IIoT devices locally becomes challenging because of
collected information may be related to medical institutions, medical their resource constraints. Thus, local processing and permanent storage
experts, and hospitals, which is huge. Conventional methods could not are necessitated to handle these voluminous data. Cloud and fog
process them effectively and securely. For instance, most of the existing computing models have emerged to handle such kinds. However, there
anonymous authentication mechanisms fail to withstand malicious cli­ are various integration issues have been raised to handle data security
ents sending false messages to trap the application provider which and privacy. Fu et al. [170] presented a novel framework to integrate
causes severe medical damage. To overcome this issue, Ji et al. [187] cloud fog layers into IIoT environments. Their framework resolves la­
presented a big data service-oriented certificateless conditional tency issues and remote authentication [190]. Their scheme enhances
privacy-preserving authentication mechanism for WBAN. the performance by connecting fog nodes, and ensured that it gives
Later, For the Industrial Internet of Things (IIoT), Li et al. [173] better search results than other linear searches.
suggested an ECC-based proven safe user authentication approach with
privacy protection, ensuring that it would resist various security as­
saults. Li et al. [173] set out to demonstrate that different existing 6.2. Performance analysis
symmetric-key cryptography and hash-based user authentication tech­
niques could not withstand safe anonymity and smartcard theft/loss The standard way of computing the protocol’s execution time cal­
attacks. Their scheme provides a comprehensive ECC-based safe culates its computational cost of various operations. By performing a
authentication and biometric-based authentication strategy for IIoT simulation, we can measure the execution time. This section found the
privacy preservation to address the flaws. Subsequently, Singh et al. execution time of various operations such as XOR, ECC, and Hash. And
[188] presented an effective, lightweight authentication mechanism for we compare several schemes using simulated with MIRACL, BAN-Logic,
human-centric IIoT environments. Their scheme ensures primary secu­ and Random Oracle Models. Based on this specification, the computa­
rity properties like mutual authentication, secret session key exchange, tion cost of various authentication schemes is depicted in Table 7.
and independent communication complexities for each involved node. Generally, computation cost can be calculated on the sensor side and the
gateway side on the user side. For example, ref [1] described that it costs

21
P.M. Rao and B.D. Deebak Ad Hoc Networks 146 (2023) 103159

Table 7
Comparing the efficiencies of computation, communication, and storage.
Authentication Scheme User/Node/ Gateway (Login/ Server Total Communication Execution Energy
Sensor authentication) (Login/ Computation Cost (bits) Time (ms) Cost
Registration authentication) Cost mJ

Lightweight 3FA for internet 8TH + TM 12TH + 1TQR 5TH 25TH + TM + TQR 1920 ∼ 0.3445 2.13
integrated WSN [45]
S-USI [80] 3TH + 2TM 8TH + TM + TQR – 11TH + 3TM + 960 ∼ 0.2065 0.91
TQR
Lightweight Privacy-preserving 5TH + TM + 2TQR 5TH + TM – 10TH +2 TM + 3296 ∼ 0.2091 0.93
2FA for IoT devices [81] 2TQR
Lightweight privacy-preserving 4TH + 2TM – 8TH + 2TM + 2TQR 12TH + 4TM + 3252 ∼ 0.2631 1.11
and session scheme 2TQR
interrogation [92]
Lightweight authentication for 10TH + 2TM + 14TH + TM + 3TQR 3TH 27TH + 3TM + 1504 ∼ 0.4872 3.31
cloud/IoT [93] TQR 4TQR
Smart lightweight privacy 4TH 5TH + 3TM + TQR 10TH + 9TM + TQR 19TH + 12TM + 1352 ∼ 0.4671 3.11
preservation mechanism for 2TQR
IoT based UAV systems [96]
Mutual authentication for 3TH + 2TM + – 5TH +2 TM + 3TQR 8TH + 4TM + 1440 ∼ 0.3038 1.91
multimedia medical 2TQR 5TQR
information system [97]
Improved anonymous 2FA 10TH + 2TM + 6TH + 5TM + TQR 4TH + TM + TQR 20TH + 7TM + 3968 ∼ 0.4337 2.87
scheme for healthcare TQR 3TQR
applications [99]
Lightweight user authentication 11TH + TM + TQR 7TH + TM + TQR 5TH + TM + TQR 23TH + 2TM + 2912 ∼ 0.3651 2.47
for cloud-based healthcare 2TQR
services [100]
Enhanced and robust – – – 14TH + 6TM + 3296 ∼ 0.2857 1.33
authentication scheme for TQR
multi-server environments
[113]
Lightweight device 9TH + TM + TQR 15TH + TM + TQR 8TH + TM + TQR 32TH + 3TM + 2400 ∼ 0.5177 4.23
authentication and key 3TQR
management scheme for edge-
based IoT [114]
3FA Authentication for WSN 8TH +2 TM + TQR 9TH + TM + TQR 4TH + TM + TQR 21TH + 4TM + 1856 ∼ 0.4007 2.97
[75] 3TQR

only two ECC multiplications and five hash functions, two repetitions at
the sensor side, and five Hash functions and the gateway side. And it
requires eight Hash functions respectively; the total computations cost
can be 29.4184 milliseconds needed to complete the experiment. In
order to signify a strong corroborative key agreement, various authen­
tication mechanisms [45,80,81,92,93,96,97,99,100,113,114,75] have
been analyzed rigorously. The study analysis shows that lightweight
authentication schemes have better efficiency in terms of computation,
communication and energy to meet the standard requirements of
emerging technologies such as automation, cloud computing, and data
management. It is worth noting that these authentication techniques
rely on a hash-based symmetric cryptosystem to evaluate its security
features including privileged-insder and password guessing and to ac­
cess the malicious activities of the unauthorised devices.
The performance analysis considers a formal specification and
description of the py-crypto library to implement a few cryptographic
functions including TH, TM, and TQR. The system configured with Ubuntu
19.04, 16GB RAM, and 3.60 GHz Core i7 processor to execute the
authentication techniques at an average of ∼ 10 times. In the analysis,
the functions namely TH, TM, and TQR are 0.0120 ms, 0.015 ms, and
0.02957 ms respectively to relate computation with lightweight
authentication schemes. In order to analyze the communication cost of
the lightweight authentication schemes, a few assumptions are as fol­
lows: 1. ∼ 160 bits are set to random nonce, timestamp, password and
user identity; 2. ∼ 256 bits are set to one-way hash function; and 3.
256 bits are set to public key. Also, this analysis considers an energy
consumption to examine the cost efficiency of the transmission rounds
carried by the lightweight authentication schemes [45,80,81,92,93,96,
97,99,100,113,114,75]. To compute the energy efficiency, EE = TC.PCPU
is utilized where TC is the total computation cost of a singly hash func­
tion ∼ 0.054 mJ and PCPU is maximum power capacity of the central
processing unit ∼ 65W. The examination results demonstrate that the
lightweight authentication offers better cost efficiency in terms of
communication, and energy to improve the transmission efficiency of
the communication systems.
6.3. Formal and informal security analysis
Nowadays, cryptographic protocols cannot give assurance to secure
operations only using standard cryptographic schemes. Verification and
validation of these protocols have been necessitated by using formal
methods. Further, several specialized tools have been designed for
validating real-life cryptographic protocols. Besides, formal verification
analysis is a standard protocol verification that is intended to provide a
thorough means of evaluating the correctness and rectifying of the de­
fects of the security protocol. These tools offer feedback in terms of loops
to the designers of protocols to enhance security [191].
These formal security analysis techniques include mathematical
analysis based on logical analysis or process algebra. Various formal
security analysis tools are emerging, subsequently providing a standard
verification functionality of the security mechanism, including a secu­
rity model, attack model, and performance evaluation. In recent times,
various formal verification mechanisms have been used by several re­
searchers to enhance the performance of the security protocol. Some of
the famous formal security verification tools like Spi-calculus (Analysis
by Process), "BAN-Logic” [192], AVISPA [193], Game theory, and
ProVerif (Automatic Reasoning) [194] were depicted in Fig. 13 [195].
BAN-Logic: It consists of three steps: message source authentication,
freshness, and source trustworthiness. [9,91–100,109–111,125–127]
authors use BAN logic to show that the security mechanism can with­
stand various harmful attacks.
ProVerif: It is an automatic security protocol analyzer, which pro­
vides a fully automated technique to verify the security protocols using a
formal method known as the Dolev-Yao Model [109]. Besides,

22
P.M. Rao and B.D. Deebak Ad Hoc Networks 146 (2023) 103159

Table 8
Summary of various authentication schemes that shows performance and limitations.
Reference Authentication Scheme Technique Goal Security Performance (þ) Limitation (–)
Used Verification

[84] Secure 3FA for smart ECC Ensured security for consumer ROR – Demonstrated the usage – Susceptible to forgery,
healthcare services XOR USB -MSD, of USB-MSG suitable for tracking, impersonation
Operations Ensuring perfect secrecy and real-time implementation attacks,
One-way hash user anonymity – It could not establish a
USB secret session key and high
computational overheads
[85] Enhanced lightweight One time hash Ensure reciprocal authentication – – Included sub-phase – Focused only on
authentication for cloud- chain and key management phases for known as an indication of a registration and login phases,
based IoT environments XOR cloud-enabled IoT systems to failed connection, fails to restrict password
Operations improve security – It allows both the client guessing attacks.
Pseudonym and the server to
Identity participate.
[86] Efficient MFA for real- One-way hash Ensuring user anonymity and BAN Logic – Provides secure session – Computation and
time data access in WSN function perfect secrecy, key management between communication overheads
RSA Ensured to resist password the communicating entities are relatively high,
Cryptosystem guessing and tracing attacks – Fails to restrict forgery and
Fuzzy insider attacks
extractor
XOR
operations
[87] Lightweight ECC Ensuring secure communication ROR, – Establishes secure session – Still, it is susceptible to
authentication for IoD for One-way hash between users and drones by Scyther key management between password update and
smart city surveillance XOR assuring user anonymity and users and connected drones, tracking attacks
operations perfect secrecy – Resistant to potential
known attacks
[88] Authenticated key One-way hash Ensuring user anonymity, perfect BAN Logic, – Resilient to user tracking, – Communication cost is
agreement mechanism fog function secrecy, ProVerif password guessing, extremely high because of
based IoT healthcare XOR Ensured secret session key impersonation, and insider using pairing technique,
Operations management attacks, – It could not resist forgery
– Ensured high-level attacks
security at fog layer
[89] Lightweight Smartcard Enhanced the security by BAN Logic, – Resilient to forgery, user – Fails to provide user
authentication for IoT based restricting vulnerabilities in AVISPA tracking, privileged insider, anonymity,
enabled cloud Symmetric multi-server cloud environments and replay attacks. – Fails to restrict password
environments encryption – Ensured that it establishes guessing attack
One-way hash secure session key between
function multi-cloud servers
ECC

connections are the properties that describe events that can execute in
the protocol before other events. These events have been formulated
using a logical formula that comprises conjunctions and disjunctions. In
[196,197], the authors used the ProVerif tool to prove their mechanisms
can simultaneously derive Mutual authentication and key exchange
between devices, and other networks should be implemented. Subse­
quently, [93] and [174] authors use the ProVerif tool to demonstrate
that the proposed method may pass verification using the Dolev-Yao
model.
Scyther: It is a push-button tool enabled with GUI for analysis,
verification, and falsification of cryptographic schemes. Besides, Scyther
[195] has various characteristics: the chance of unbounded verification
with guaranteed termination, analysis of an infinite number of traces in
patterns, and multi-protocol analysis support. Also, the working prin­
ciple of Scyther is based on a pattern refinement algorithm. Subse­
quently, the command line interface and some python scripting libraries
enable easy user Scyther for large-scale security scheme verifications.
AVISPA - It is a push-button tool consisting of various back-end tools
having multiple automatic protocol analysis methods. It helps protocol
verification from falsification to abstraction depending upon verifica­
tion methods for unlimited sessions. Besides, in [198], HLPSL is a
modular and expressive formal language that can specify protocols and
properties. AVISPA now combines several back-end tools, including the
Constraint Logic-based Attack Searcher (CL-AtSe) and the
On-the-Fly-Model-Checker (OFMC). SAT-based Model Checker and tree
automata based on automatic approximations for the Analysis of Secu­
rity Protocols (TA4SP) (SMC). In [159–166,199–202], the authors used
AVISPA to prove that their proposed mechanisms protect from several
known attacks, including MITM attacks, replay attacks, node capture
attackers, desynchronization attacks and other related attacks.
7. Research challenges and future directions
The cloud-enabled IoT environment offers numerous applications
and services to enhance productivity from small to large-scale industrial
systems. As it serves in open internet communication, several existing
schemes in the literature were discussed for challenges faced by IoT
environments. Thus, we now point out current pressing research chal­
lenges and future directions in this section. The overview of various
challenges and future directions is depicted in Fig. 14.
Monitoring and Sensing: Even while monitoring and sensing tech­
nologies have advanced significantly, there are still numerous issues to
address with a special focus on form and energy efficiency. To collect
real-time data, sensors and tags are normally assumed to be operational
at all times. This element makes energy efficiency, particularly in terms
of lifetime extension, critical. In large-scale industrial systems, minia­
turization has enabled the development of nanoscale actuators and
sensors [203].
M2M Communication: While there are already IoT communication
protocols such as CoAP and MQTT, there is no open IoT standard.
Although all objects require connectivity, not all of them must be
internet-connected since IoT devices require a specified capability of
sending the data to a specified gateway. There are also a variety of
wireless technologies to choose LoRa, IEEE 802.15.4, and Bluetooth
standards even though it is unclear if current wireless technologies will
meet the wide range of IoT connectivity requirements [204].

23
P.M. Rao and B.D. Deebak Ad Hoc Networks 146 (2023) 103159

Table 9
Summary of various authentication schemes that shows performance and limitations.
Reference Authentication Scheme Technique Goal Security Performance (þ) Limitation
Used Verification (–)

[92] For fog-related systems, a
lightweight privacy-
preserving and session
management framework is
available.
[93] Lightweight authentication
for cloud-driven IoT
intelligent data computing
[94] Smart mutual
authentication for cloud-
driven IoT based healthcare
system
[95] Lightweight authentication
and key agreement scheme
in the mobile sink for cloud-
assisted systems
[96] Smart, lightweight privacy
preservation mechanism for
IoT based UAV systems
XOR Operations Describe the technique of
One-way hash session scheme interrogation,
Enabling privacy-preservation
to resolve major issues of LTE-A
networks
Bilinear pairing, To establish a seamless data
ECC, connection over a secure
Fuzzy verifier network,
HMAC It allows communication
parties to agree on mutual
authentication and a secret
session key.
Pseudorandom Providing smart mutual
generator authentication and revisiting
One-way hash user anonymity, health-report
OTP revelation, forgery,
confidentiality, and non-
repudiation
Secure Hash Lightweight continuous
function authentication was preferred.
XOR Operations It adopts a valid authentication
period to speed up the
authentication process
Enhanced It is constructive to provide the
Chebyshev robustness between IoT
One-way hash devices,
It introduces secret token and
dynamic authentication for
enhanced speedup
BAN Logic – The adoption of session
probing is mathematically
driven by the session adaptive
mechanism.
– It minimizes the flooding
attack detection,
– It ensures the real-time
design system provides call
setup time, session delay, RTP
utilization, and bandwidth
consumption.
BAN Logic – It adheres to compatible
standards such as low cost and
low power consumption to
reduce computation and
communication costs.
BAN Logic – It includes digital
authentication to cross-
examine the communication
entities’ shared secret key.
Scyther – It achieves better security
efficiencies to withstand
forgery, password guessing,
and replay attacks,
– Introduced continuous
authentication scheme
ROR, – It does not use complex
Scyther cryptographic operations.
– It proves less computation
and communication
overheads to meet the
requirements of surveillance
systems
– Computation and
storage cost is relatively
high,
– Susceptible to insider
and forgery attacks
– Computation and
communication
overheads are relatively
high because of cloud
server
– Susceptible to forgery
and tracing attacks
– Susceptible to insider,
impersonation, and
password guessing
attacks,
– Computation overhead
is relatively high
– Consumes more
transmission delay and
throughput rate because
of many authentication
phases
– It is still susceptible to
tracing and
impersonation, and
insider attacks

Efficiency: Because of the different nature of IoT and the massive
amount of data created, processing, analysis, and data management
techniques are highly complex, especially in the current era of IoT
[205]. Currently, most systems use centralized systems to offload data
and perform computationally heavy operations on a global cloud plat­
form. Nonetheless, there is ongoing concern that traditional cloud ar­
chitectures may not be capable of transporting the huge volumes of data
created and consumed by IoT-enabled devices, as well as supporting the
associated computing load while meeting scheduling limitations [206].
Most systems rely on current technologies such as mobile cloud
computing and fog computing to address this issue, both based on edge
processing.
Scalability: The IoT will be made up of billions of devices. While it is
doubtful that all devices would be connected in a mesh rather than in
hierarchical sub-domains, the number of networked objects will dwarf
the existing internet by several orders of magnitude. It is one of the most
important concerns for enabling smart services in future IoT environ­
ments [207]. It encompasses the addition of new sensors, cloud services,
devices, and applications without disturbing the overall performance of
the entire system.
Security and Privacy: IoT has become such an important part of the
internet’s future due to its expanding use, and it needs to address se­
curity and trust functions properly. Many IoT devices have flaws, ac­
cording to researchers. In addition, because IoT is built on top of existing
WSN, It carries the same difficulties with privacy and security as WSN
[208].Adaptable Networks: SDNs and Network Virtualization Context
management are planned to interface with the underlying IoT technol­
ogy and the privacy considerations that come with them in
next-generation networks, enhancing context quality. As a result,
developing more advanced privacy models and privacy-oriented secu­
rity protocols and processes is practically applicable to designate
research priority for the next years. Network virtualization adaption has
emerged as a promising approach for ensuring privacy for a large vol­
ume of data in IoT deployments and cloud management. SDN (soft­
ware-defined networking) has recently developed as a network
virtualization concept [209].
Robust and Resilient Architectures: Data integrations across several
settings are difficult in IoT and will be aided by modular, interoperable
components. Infrastructure solutions will necessitate systems that can
aggregate large amounts of data from several sources, identify signifi­
cant features, analyze data, and illustrate linkages, compare data to
meaningful historical information, and aid decision-making. As a result,
a single reference design cannot serve as a template for all applications.
Users should not be forced to utilize fixed, end-to-end solutions because
of architectures that are open and follow standards [210].
New and novel network designs are required for IoT networks. Once
an attack has been launched, the IoT network must have strategies and
protocols to ensure that the attack is detected as quickly as possible
before causing substantial damage and spreading throughout the
network. In the IoT network, quick recovery from faults is crucial. Long-
term disruptions in IoT services, particularly in disaster management
applications, could put people’s lives in jeopardy. Thus, resilient ar­
chitectures must be required in order to adopt advanced features.
Privacy-aware authentication: The newest trends in IoT privacy
protection include user-centric and context-aware regulations. Other
new solutions include context-centric and self-adaptive privacy-preser­
ving procedures and protocols that facilitate ambient intelligence. Data
privacy protection in IoT streams is a new and rapidly expanding topic

24
P.M. Rao and B.D. Deebak Ad Hoc Networks 146 (2023) 103159

Table 10
Summary of various authentication schemes that shows performance and limitations.
Reference Authentication Scheme Technique Goal Security Performance (þ) Limitation (–)
Used Verification

[97] Mutual authentication for Bilinear Achieved mutual BAN Logic – Achieved enhanced security – Not withstand
multimedia medical pairing authentication, features of multimedia impersonation attack, user
information system Secure Hash Enhanced signal congestion and healthcare information anonymity, and insufficient
function bandwidth utilization system password update phase

[98] For healthcare
applications, an
anonymous authentication
mechanism is used.
[99] Improved two-factor
authentication (two-factor)
strategy for healthcare
applications
One-way To ensure that the medical user BAN Logic – It efficiently restricts offline – It is still susceptible to
hash function and the healthcare provider password guessing and insider forgery, user tracking
Symmetric have secure communication by attacks, attacks, and forward secrecy
key providing user anonymity and – It establishes the secret
encryption mutual authentication session key between the
communicating medical
parties
Bitwise XOR To ensure mutual and ProVerif – It ensures efficient mutual – It could not restrict
Operations, authentication and secure authentication between Forgery, tracking, replay
One-way communication between medical sensors and attacks and could not
hash function medical sensors and healthcare applications. properly establish secret
Symmetric applications – It strongly restricts offline session keys,
key To overcome various known guessing, impersonation, and – Communication cost is
encryption potential attacks from the node capture attacks at both relatively high
existing schemes sensor and application level

[100] User authentication that
isn’t too heavy for cloud-
based healthcare services
[113] For multi-server settings, a
more robust authentication
technique has been
developed.
[114] For edge-based IoT, simple
device authentication and
key management
mechanism have been
developed.
Bitwise XOR Ensures legitimate user access AVISPA – It ensures secure – It is still susceptible to
Operations, specially designed for the communication between impersonation, forgery, and
One-way remote patient monitoring users (patients/medical tracking attacks
hash function service experts) by providing user
Masked anonymity and forward
password secrecy,
– It ensures secure
commencement for enhanced
security
Chebyshev To ensure extended security ROR – Ensures this scheme is free – It could not restrict forgery
chaotic map using chaotic maps in multi- ProVerif from synchronization attacks, and tracing attacks
Biohashing server environments, – It uses a timestamp to ensure
One-way To avoid synchronization issues secured authentication,
hash function caused by adversary models, – It focused on adding
Prevents SSPTI additional features like
registration expiration, server
scalability, etc.
One-way Upon device authentication, it AVISPA – It ensures securing Edge – It could not resist stolen
hash function ensures secure session driven IoT environments from verifier, user impersonation,
Pseudo communication between client known attacks vectors, – It could not support
identity nodes, edge nodes, and cloud – Shows better performance independent server
Generator server password update, biometric
Bitwise XOR update phase, and smartcard
revocation phase

requiring dynamic data access control mechanisms and data manage­
ment rules [211]. Most previous research has been on improving the
algorithmic steps in cryptographic algorithms that conduct crypto­
graphic operations. The protocols that carry out lightweight tasks to
protect the IoT network are not considered in any present studies.
Because of the heterogeneous nature of devices, security provisioning
via IoT is far more difficult than WSN.
Interoperability and design standards: A device is dependable
when it consistently performs its needed function in its designated
environment throughout time. In the Internet of Things, reliability is
crucial. Many of the Things in the Agricultural IoT will be in rural re­
gions with limited access. Things in the Industrial IoT will almost
certainly be exposed to harsh environmental conditions while being
used to control potentially harmful manufacturing operations. Medical
IoT devices have the potential to be life-saving. As a result, a reliable
architecture is a necessary component of the IoT [212]. Reliability will
be supported by resilience and tolerance of faults in the network of other
devices. Because the first requirement in Internet connectivity mandates
that “connected” systems can “speak a similar language” in encodings
and protocols, interoperability has always been. It continues to be an
essential core idea about the internet. Various industries currently
support their applications using several standards. Because of the huge
amounts and varieties of data and heterogeneous devices, adopting
standard interfaces in such disparate entities is critical, and much more
so for applications that facilitate cross-organizational collaboration and
overcome a variety of system limits.
Physically Secure Authentication mechanisms: The secure
authentication protocols developed for the IoT are not suitable for use
on an IP network. IoT necessitates the WSN protocols must be modified
and provisioned on the Internet in order to be used. Security solutions
must be modified because of the many Internet-connected gadgets,
which are not feasible on today’s Internet [213]. Lightweight security
protocols are recommended for limited contexts, such as WSN, WMSN,
and WBAN. Various new security mechanisms that meet the unique
needs of the IoT and existing security procedures on the Internet security
solutions are not necessarily built for resource management is a major
barrier to their use in IoT.
Programming models: Different approaches to programming IoT
applications are required due to the diverse nature of IoT. Programming
models for IoT applications and services focused on edge gadgets and
worked within a single domain, such as manufacturing plants or ma­
chines, tend to use real-time and embedded computing standards. [198]
investigates the use of cloud-based programming models with syn­
chronous and asynchronous APIs for smart buildings or smart cities
[214] applications. The use of information flow programming models to
process streams of processes from IoT objects asynchronously is one

25
P.M. Rao and B.D. Deebak Ad Hoc Networks 146 (2023) 103159

Table 11 research groups exploring dynamic and functional variants in IoT pro­
Acronyms used. gramming models.
Acronym Definition Heterogeneity of IoT Environment: A heterogeneous distributed
IoT system is made up of many sub-systems. It consists of resource-
IoT Internet of Things
IIoT Industrial Internet of Things constrained nodes and more powerful nodes, such as embedded or
IoD Internet of Drones regular computer nodes. We’ll use a distributed IoT system with wireless
IoMT Internet of Medical Things nodes arranged into wireless sub-networks as an example [171]. As the
WSN Wireless Sensor Networks IoT is deployed in heterogeneous environments, node-level and physical
WLAN Wireless Local Area Networks
WMAN Wireless Metropolitan Area Networks
security remain a supreme challenge.
WMSN Wireless Medical Sensor Networks
WMMSN Wireless Multimedia Sensor Networks 8. Conclusion
WVSN Wireless Vehicular Sensor Networks
RFID Radio Frequency Identification
M2M Machine-to-Machine The purpose of this study was to deliver a rigorous systematic liter­
2FA Two-Factor Authentication ature review to analyze the critical aspects of smart IoT environments,
3FA Three-Factor Authentication such as security and privacy, with a specific focus on device connec­
MFA Multi-Factor Authentication
tivity. To address the challenges in device security and data privacy, this
H2M Human-to-machine
DoS Denial of Service study has extensively reviewed various key agreement techniques,
DDoS Distributed denial of service including two-factor, identity-based, multi-factor, etc. A safe and secure
SCADA Supervisory Control and Data Acquisition platform is much necessitated to adopt the technological advancement
AVISPA Automated Validation of Internet Security Protocols in heterogeneous environments that make the device to share the in­
CoAP Constrained Application Protocol
formation confidentially with a promise of service assurance. Thus, in
IBC Identity-Based Cryptography
DHKE Diffie-Hellman Key Exchange this study, six major parts have been categorized to discuss various
PUF Physically Unclonable Functions challenges in IoT environments. The first part detailedly referred to the
PKI Public Key Infrastructure layered architecture of IoT to visualize the production flows of
AES Advanced Encryption Standard
numerous application domains, namely healthcare, smart cities, etc. In
RSA Rivest–Shamir–Adleman
PIN Personal Identification Number
the second, various security requirements, threat models, and possible
TAN Trusted Node Authentication attacks have been reviewed to highlight potential vulnerabilities in real-
ROR Random Oracle Model world IoT. The third analyzed key features of authentication and key
MSD Mass Storage Devices agreement such as primitives, system model, and cryptographic opera­
USB Universal Serial Bus
tions to achieve a high level of security efficiency. The fourth considered
HMAC Hash-based message authentication
UAV Unmanned Ariel Vehicles a few key assessments, such as computing service, security re­
OTP One time Password quirements, and communication metrics to obtain user activity and
SSTPI Session-Specific Temporary Information malicious performance. The fifth comprehensively evaluated various
ECC Elliptic Curve Cryptography
cryptosystems and performance factors to determine security re­
ECDH Elliptic Curve Diffie-Hellman
MMIS Multimedia Medical Information System
quirements and to improve service efficiencies. The sixth chose a cloud-
BAN Burrows–Abadi–Needham based environment to discuss the challenges of IoT environments. Also,
MQTT Message Queuing Telemetry Transport a few future directions, including M2M communication, adaptable
network, robust and resilient architecture were discussed to suit the
distributed nature of Modern IoT applications.
intriguing method that the research community has recently investi­
gated. Distributed Data Flow (DDF) was offered as a potential solution to
suit the distributed nature of IoT applications and is now an active
Declaration of Competing Interest
research topic [215]. Responsive programming, based on an informa­
tion flow model, is gaining traction in the IoT community, with many
None.

Fig. 13. Security analysis tools.

26
P.M. Rao and B.D. Deebak
Fig. 14. Research challenges and future directions.
Data availability
No data was used for the research described in the article.
References
[1] J. Singh, A. Gimekar, S. Venkatesan, An efficient lightweight authentication
scheme for human-centered industrial Internet of Things, Int. J. Commun. Syst.
(2019) e4189.
[2] S. Roy, P. Pranav, V. Bhattacharjee, Securing the Internet of Things: current and
Future State of the Art. Smart Healthcare Analytics in IoT Enabled Environment,
Springer, Cham, 2020, pp. 227–246.
[3] D.E. Boubiche, S. Athmani, S. Boubiche, H Toral-Cruz, Cybersecurity Issues in
Wireless Sensor Networks: current Challenges and Solutions, Wireless Personal
Commun. (2020) 1–37.
[4] P. Maratha, K. Gupta, A comprehensive and systematized review of energy-
efficient routing protocols in wireless sensor networks, Int J Comput Appl (2019)
1–18.
[5] C. Pickering, J. Byrne, The benefits of publishing systematic quantitative
literature reviews for PhD candidates and other early-career researchers, Higher
Education Res. Develop. 33 (3) (2014) 534–548.
[6] M.M. Ogonji, G. Okeyo, J.M. Wafula, A survey on privacy and security of Internet
of Things, Computer Sci. Rev. 38 (2020), 100312.
[7] M. Stoyanova, Y. Nikoloudakis, S. Panagiotakis, E. Pallis, E.K. Markakis, A survey
on the internet of things (IoT) forensics: challenges, approaches, and open issues,
IEEE Commun. Surveys Tutor. 22 (2) (2020) 1191–1221.
[8] A.K. Sikder, G. Petracca, H. Aksu, T. Jaeger, A.S. Uluagac, A survey on sensor-
based threats and attacks to smart devices and applications, IEEE Commun.
Surveys Tutor. 23 (2) (2021) 1125–1159.
[9] S.K. Mousavi, A. Ghaffari, S. Besharat, H. Afshari, Security of internet of things
based on cryptographic algorithms: a survey, Proc. 8th Int. Conf. Transparent
Opt. Networks, 5th Eur. Symp. Photonic Cryst., 5th Workshop All-Opt. Routing,
3rd Global Opt. Wireless Networking Semin., 2nd COST 270 Workshop Reliab.
Issues Next Gener. Opt. Networks, 2nd Photonic Integr. Compon. Appl. Workshop
27 (2) (2021) 1515–1555.
[10] P.H. Mirzaee, M. Shojafar, H. Cruickshank, R. Tafazolli, Smart Grid Security and
Privacy: from conventional to machine learning issues (Threats and
Countermeasures), IEEE Access (2022).
[11] G.D. Samaraweera, J.M. Chang, Security and privacy implications on database
systems in Big Data era: a survey, IEEE Trans Knowl Data Eng 33 (1) (2019)
239–258.
27
Ad Hoc Networks 146 (2023) 103159
[12] Z. Liao, X. Pang, J. Zhang, B. Xiong, J. Wang, Blockchain on security and forensics
management in edge computing for iot: a comprehensive survey, IEEE Trans.
Netw. Serv. Manage. (2021).
[13] Oleg, S., IoT: user-Centric, Privacy Security-IoT vulnerabilities might cause
catastrophic disruptions, ranging from privacy breaches to breakdowns of public
ecosystems, https://dzone.com/articles/iot-user-centric-privacy-security,
accessed on 27. 11.2019.
[14] Sharon F., Security by Design, https://whatis.techtarget.com/definition/security-
by-design, accessed on 29.11.2019.
[15] N. Neshenko, E. Bou-Harb, J. Crichigno, G. Kaddoum, N. Ghani, Demystifying IoT
security: an exhaustive survey on IoT vulnerabilities and a first empirical look on
internet-scale IoT exploitations, IEEE Commun. Surveys Tutor. (2019).
[16] X. Li, J. Peng, J. Niu, F. Wu, J. Liao, K.K.R. Choo, A robust and energy efficient
authentication protocol for industrial internet of things, IEEE Internet Things J. 5
(3) (2017) 1606–1615.
[17] S. Hameed, F.I. Khan, B. Hameed, Understanding security requirements and
challenges in the internet of things (IoT): a review, J. Comput. Networks
Commun. (2019), 2019.
[18] W.H. Hassan, Current research on Internet of Things (IoT) security: a survey,
Comput. Networks 148 (2019) 283–294.
[19] Kumar R., Tripathi S., Agrawal R. (2020) An Analysis and Comparison of Security
Protocols on Wireless Sensor Networks (WSN). In: Das S., Samanta S., Dey N.,
Kumar R. (eds) Design Frameworks for Wireless Networks. Lecture Notes in
Networks and Systems, vol 82. Springer, Singapore.
[20] M. Sookhak, H. Tang, Y. He, F.R. Yu, Security and privacy of smart cities: a
survey, research issues and challenges, IEEE Commun. Surveys Tutor. 21 (2)
(2018) 1718–1743.
[21] A. Masood, D.S. Lakew, S. Cho, Security and Privacy Challenges in Connected
Vehicular Cloud Computing, IEEE Commun. Surveys Tutor. 22 (4) (2020)
2725–2764.
[22] E. Benkhelifa, T. Welsh, W. Hamouda, A critical review of practices and
challenges in intrusion detection systems for IoT: toward universal and resilient
systems, IEEE Commun. Surveys Tutor. 20 (4) (2018) 3496–3509.
[23] W. Rafique, L. Qi, I. Yaqoob, M. Imran, R.U. Rasool, W. Dou, Complementing IoT
services through software defined networking and edge computing: a
comprehensive survey, IEEE Commun. Surveys Tutor. 22 (3) (2020) 1761–1804.
[24] M. El-hajj, A. Fadlallah, M. Chamoun, A. Serhrouchni, A survey of Internet of
things (IoT) Authentication schemes, Sensors 19 (5) (2019) 1141.
[25] A. Mainwaring, D. Culler, J. Polastre, R. Szewczyk, J. Anderson, Wireless sensor
networks for habitat monitoring, in: Proceedings of the 1st ACM international
workshop on Wireless sensor networks and applications, 2002, pp. 88–97.
[26] T.Y. Youn, Y.H. Park, J. Lim, Weaknesses in an anonymous authentication scheme
for roaming service in global mobility networks, IEEE Commun Lett 13 (7) (2009)
471–473.
P.M. Rao and B.D. Deebak
[27] M.A. Ferrag, L.A. Maglaras, H. Janicke, J. Jiang, L. Shu, Authentication protocols
for the Internet of things: a comprehensive survey, Secur. Commun. Networks
(2017), 2017.
[28] M.A. Ferrag, L. Maglaras, A. Derhab, H. Janicke, Authentication schemes for
smart mobile devices: threat models, countermeasures, and open research issues,
Telecommun. Syst. 73 (2) (2020) 317–348.
[29] S. Kavianpour, B. Shanmugam, S. Azam, M. Zamani, G. Narayana Samy, F. De
Boer, A Systematic Literature Review of Authentication in the Internet of Things
for Heterogeneous Devices, J. Comput. Networks Commun. (2019), 2019.
[30] T. Nandy, M.Y.I.B. Idris, R.M. Noor, M.L.M. Kiah, L.S. Lun, N.B.A. Juma’at,
S. Bhattacharyya, Review on the security of the Internet of Things authentication
mechanism, IEEE Access 7 (2019) 151054–151089.
[31] A.R. Sfar, E. Natalizio, Y. Challal, Z. Chtourou, A roadmap for security challenges
in the Internet of Things, Digit. Commun. Netw. 4 (2) (2018) 118–137.
[32] A.K. Das, S. Zeadally, D. He, Taxonomy and analysis of security protocols for the
internet of things, Future Generation Comput. Syst. 89 (2018) 110–125.
[33] Somasundaram, R., & Thirugnanam, M. (2020). Review of security challenges in
healthcare internet of things. WIRELESS NETWORKS.
[34] H. Mrabet, S. Belguith, A. Alhomoud, A. Jemai, A survey of IoT security based on
a layered architecture of sensing and data analysis, Sensors 20 (13) (2020) 3625.
[35] X. Li, J. Niu, M.Z.A. Bhuiyan, F. Wu, M. Karuppiah, S. Kumari, A robust ECC-
based provable secure authentication protocol with privacy-preserving for
industrial Internet of things, IEEE Trans. Ind. Inf. 14 (8) (2017) 3599–3609.
[36] G. Sharma, S. Kalra, A lightweight multi-factor secure smartcard-based remote
user authentication scheme for cloud-IoT applications, J. Inform. Secur. Applic.
42 (2018) 95–106.
[37] F. Wu, L. Xu, S. Kumari, X. Li, J. Shen, K.K.R. Choo, A.K. Das, An efficient
authentication and key agreement scheme for multi-gateway wireless sensor
networks in IoT deployment, J. Netw. Comput. Appl. 89 (2017) 72–85.
[38] J. Srinivas, D. Mishra, S. Mukhopadhyay, A mutual authentication framework for
wireless medical sensor networks, J. Med. Syst. 41 (5) (2017) 80.
[39] F. Wang, G. Xu, G. Xu, A provably secure anonymous biometrics-based
authentication scheme for wireless sensor networks using chaotic map, IEEE
Access 7 (2019) 101596–101608.
[40] F. Wei, P. Vijayakumar, J. Shen, R. Zhang, L. Li, A provably secure password-
based anonymous authentication scheme for wireless body area networks,
Communist. Chin.. Sci. Abstr. 65 (2018) 322–331.
[41] M. Wazid, A.K. Das, A.V. Vasilakos, Authenticated key management protocol for
cloud-assisted body area sensor networks, J. Netw. Comput. Appl. 123 (2018)
112–126.
[42] A. Ostad-Sharif, H. Arshad, M. Nikooghadam, D. Abbasinezhad-Mood, Three
party secure data transmission in IoT networks through design of a lightweight
authenticated key agreement scheme, Future Generation Comput. Syst. 100
(2019) 882–892.
[43] R. Amin, S.H. Islam, G.P. Biswas, M.K. Khan, L. Leng, N. Kumar, Design of an
anonymity-preserving three-factor authenticated key exchange protocol for
wireless sensor networks, Comput. Networks 101 (2016) 42–62.
[44] P. Mohit, R. Amin, G.P. Biswas, Design of authentication protocol for wireless
sensor network-based smart vehicular system, Vehicular Commun. 9 (2017)
64–71.
[45] Q. Jiang, S. Zeadally, J. Ma, D. He, Lightweight three-factor authentication and
key agreement protocol for internet-integrated wireless sensor networks, IEEE
Access 5 (2017) 3376–3392.
[46] Q. Jiang, J. Ma, C. Yang, X. Ma, J. Shen, S.A. Chaudhry, Efficient end-to-end
authentication protocol for wearable health monitoring systems, Communist
Chin. Sci. Abstr. 63 (2017) 182–195.
[47] M. Kompara, S.H. Islam, M. Hölbl, A robust and efficient mutual authentication
and key agreement scheme with untraceability for WBANs, Comput. Networks
148 (2019) 196–213.
[48] Y. Yang, L. Wu, G. Yin, L. Li, H. Zhao, A survey on security and privacy issues in
Internet-of-Things, IEEE Internet Things J. 4 (5) (2017) 1250–1258.
[49] Y. Chen, L. López, J.F. Martínez, P. Castillejo, A lightweight privacy protection
user authentication and key agreement scheme tailored for the Internet of things
environment: lightpriauth, J. Sensors (2018), 2018.
[50] F. Wu, L. Xu, S. Kumari, X. Li, A. Alelaiwi, A new authenticated key agreement
scheme based on smart cards providing user anonymity with formal proof, Secur.
Commun. Networks 8 (18) (2015) 3847–3863.
[51] F. Wu, X. Li, A.K. Sangaiah, L. Xu, S. Kumari, L. Wu, J. Shen, A lightweight and
robust two-factor authentication scheme for personalized healthcare systems
using wireless medical sensor networks, Future Generation Comput. Syst. 82
(2018) 727–737.
[52] C.C. Chang, H.D. Le, A provably secure, efficient, and flexible authentication
scheme for ad hoc wireless sensor networks, IEEE Trans. Wireless Commun. 15
(1) (2015) 357–366.
[53] M.S. Farooq, S. Riaz, A. Abid, K. Abid, M.A. Naeem, A Survey on the Role of IoT in
Agriculture for the Implementation of Smart Farming, IEEE Access 7 (2019)
156237–156271.
[54] R. Giuliano, F. Mazzenga, A. Neri, A.M. Vegni, Security access protocols in IoT
capillary networks, IEEE Internet Things J. 4 (3) (2016) 645–657.
[55] J. Soldatos, N. Kefalakis, M. Serrano, M. Hauswirth, Design principles for utility-
driven services and cloud-based computing modelling for the Internet of Things,
Int. J. Web Grid Serv. 6 (2–3) (2014) 139–167.
[56] A. Singh, A. Payal, S. Bharti, A walkthrough of the emerging IoT paradigm:
visualizing inside functionalities, key features, and open issues, J. Netw. Comput.
Appl. 143 (2019) 111–151.
28
Ad Hoc Networks 146 (2023) 103159
[57] F. Khandaker, S. Oteafy, H.S. Hassanein, H. Farahat, A functional taxonomy of
caching schemes: towards guided designs in information-centric networks,
Comput. Networks 165 (2019), 106937.
[58] M.L. Das, Two-factor user authentication in wireless sensor networks, IEEE Trans.
Wireless Commun. 8 (3) (2009) 1086–1090.
[59] R. Ali, A.K. Pal, S. Kumari, M. Karuppiah, M. Conti, Secure user authentication
and key-agreement scheme using wireless sensor networks for agriculture
monitoring, Future Generation Comput. Syst. 84 (2018) 200–215.
[60] B.D. Deebak, F. Al-Turjman, L. Mostarda, Seamless secure anonymous
authentication for cloud-based mobile edge computing, Communist Chin. Sci.
Abstr. 87 (2020), 106782.
[61] L. Lamport, Password authentication with insecure communication, Commun.
ACM 24 (11) (1981) 770–772.
[62] J. Zhu, J. Ma, A new authentication scheme with anonymity for wireless
environments, IEEE Trans. Broadcast Telev. Receivers 50 (1) (2004) 230–234.
[63] D. He, Y. Gao, S. Chan, C. Chen, J. Bu, An enhanced two-factor user
authentication scheme in wireless sensor networks, Ad hoc & sensor wireless
networks 10 (4) (2010) 361–371.
[64] M.K. Khan, K. Alghathbar, Cryptanalysis and security improvements of ‘two-
factor user authentication in wireless sensor networks, Sensors 10 (3) (2010)
2450–2459.
[65] T.H. Chen, W.K. Shih, A robust mutual authentication protocol for wireless sensor
networks, ETRI Journal 32 (5) (2010) 704–712.
[66] B. Vaidya, D. Makrakis, H. Mouftah, Two-factor mutual authentication with a key
agreement in wireless sensor networks, Secur. Commun. Networks 9 (2) (2016)
171–183.
[67] W.B. Hsieh, J.S. Leu, A robust user authentication scheme using dynamic identity
in wireless sensor networks, Wireless Personal Commun. 77 (2) (2014) 979–989.
[68] J. Kim, D. Lee, W. Jeon, Y. Lee, D. Won, Security analysis and improvements of
two-factor mutual authentication with key agreement in wireless sensor
networks, Sensors 14 (4) (2014) 6443–6462.
[69] M. Turkanović, B. Brumen, M. Hölbl, A novel user authentication and key
agreement scheme for heterogeneous ad hoc wireless sensor networks, based on
the Internet of Things notion, Ad Hoc Netw 20 (2014) 96–112.
[70] J.J. Yuan, Enhanced two-factor user authentication in wireless sensor networks,
Telecommun. Syst. 55 (1) (2014) 105–113.
[71] D. He, N. Kumar, J. Chen, C.C. Lee, N. Chilamkurti, S.S. Yeo, Robust anonymous
authentication protocol for healthcare applications using wireless medical sensor
networks, Multimedia Syst. 21 (1) (2015) 49–60.
[72] M.S. Farash, M. Turkanović, S. Kumari, M. Hölbl, An efficient user authentication
and key agreement scheme for heterogeneous wireless sensor networks tailored
for the Internet of Things environment, Ad Hoc Netw 36 (2016) 152–176.
[73] R. Amin, G.P. Biswas, A secure lightweight scheme for user authentication and
key agreement in multi-gateway based wireless sensor networks, Ad Hoc Netw 36
(2016) 58–80.
[74] Y.K. Ever, Secure-anonymous user Authentication scheme for the e-healthcare
application using wireless medical sensor networks, IEEE Syst. J. 13 (1) (2018)
456–467.
[75] X. Li, J. Niu, S. Kumari, F. Wu, A.K. Sangaiah, K.K.R. Choo, A three-factor
anonymous authentication scheme for wireless sensor networks in the Internet of
things environments, J. Netw. Comput. Appl. 103 (2018) 194–204.
[76] D. Singh, B. Kumar, S. Singh, S. Chand, SMAC-AS: MAC based secure
authentication scheme for wireless sensor network, Wireless Personal Commun.
107 (2) (2019) 1289–1308.
[77] S. Yu, J. Lee, K. Lee, K. Park, Y. Park, Secure authentication protocol for wireless
sensor networks in vehicular communications, Sensors 18 (10) (2018) 3191.
[78] K.-A. Shim, CPAS: an efficient conditional privacy-preserving authentication
scheme for vehicular sensor networks, IEEE Trans. Veh. Technol. 61 (4) (2012)
1874–1883.
[79] J.K. Liu, T.H. Yuen, M.H. Au, W. Susilo, Improvements in an authentication
scheme for vehicular sensor networks, Expert Syst. Appl. 41 (5) (2014)
2559–2564.
[80] Deebak, B.D., & Al-Turjman, F. Secure-user sign-in authentication for IoT-based
eHealth systems. Complex Intell. Syst., 1–21.
[81] P. Gope, B. Sikdar, Lightweight and privacy-preserving two-factor authentication
scheme for IoT devices, IEEE Internet Things J. 6 (1) (2018) 580–589.
[82] E. Lara, L. Aguilar, M.A. Sanchez, J.A. García, Lightweight authentication
protocol for M2M communications of resource-constrained devices in industrial
Internet of Things, Sensors 20 (2) (2020) 501.
[83] M. Shuai, B. Liu, N. Yu, L. Xiong, Lightweight and secure three-factor
authentication scheme for remote patient monitoring using on-body wireless
networks, Secur. Commun. Networks (2019), 2019.
[84] K. Renuka, S. Kumari, X. Li, Design of a secure three-factor authentication scheme
for smart healthcare, J. Med. Syst. 43 (5) (2019) 133.
[85] R. Martínez-Peláez, H. Toral-Cruz, J.R. Parra-Michel, V. García, L.J. Mena, V.
G. Félix, A. Ochoa-Brust, An enhanced lightweight IoT-based authentication
scheme in cloud computing circumstances, Sensors 19 (9) (2019) 2098.
[86] D. Wang, P. Wang, C. Wang, Efficient multi-factor user authentication protocol
with forward secrecy for real-time data access in WSNs, ACM Transac. Cyber-
Phys. Syst. 4 (3) (2020) 1–26.
[87] M. Nikooghadam, H. Amintoosi, S.H. Islam, M.F. Moghadam, A provably secure
and lightweight authentication scheme for Internet of Drones for smart city
surveillance, J. Syst. Archit. (2020), 101955.
[88] T.Y. Wu, T. Wang, Y.Q. Lee, W. Zheng, S. Kumari, S. Kumar, Improved
Authenticated Key Agreement Scheme for Fog-Driven IoT Healthcare System,
Secur. Commun. Networks (2021) 2021.
P.M. Rao and B.D. Deebak
[89] R. Amin, N. Kumar, G.P. Biswas, R. Iqbal, V. Chang, A lightweight authentication
protocol for IoT-enabled devices in distributed Cloud Computing environment,
Future Generation Comput. Syst. 78 (2018) 1005–1019.
[90] P. Kumar, L. Chouhan, A privacy and session key-based authentication scheme for
medical IoT networks, Comput Commun 166 (2021) 154–164.
[91] A.G. Reddy, D. Suresh, K. Phaneendra, J.S. Shin, V. Odelu, Provably secure,
Sustain. Cities Soc. 41 (2018) 878–885.
[92] B.D. Deebak, F. Al-Turjman, Robust Lightweight Privacy-Preserving and Session
Scheme Interrogation for Fog Computing Systems, J. Inform. Secur. Applic. 58
(2021), 102689.
[93] B.D. Deebak, A.T. Fadi, Lightweight authentication for IoT/Cloud-based forensics
in intelligent data computing, Future Generation Comput. Syst. 116 (2021)
406–425.
[94] B.D. Deebak, F. Al-Turjman, Smart mutual authentication protocol for cloud
based medical healthcare systems using Internet of medical things, IEEE J. Sel.
Areas Commun. (2020).
[95] B.D. Deebak, Lightweight authentication and key management in mobile-sink for
smart IoT-assisted systems, Sustain. Cities Soc. 63 (2020), 102416.
[96] B.D. Deebak, F. Al-Turjman, A smart lightweight privacy preservation scheme for
IoT-based UAV communication systems, Comput. Commun. 162 (2020) 102–117.
[97] D.B. David, Mutual authentication scheme for multimedia medical information
systems, Multimed. Tools Appl. 76 (8) (2017) 10741–10759.
[98] D. He, N. Kumar, J. Chen, C.C. Lee, N. Chilamkurti, S.S. Yeo, Robust anonymous
authentication protocol for health-care applications using wireless medical sensor
networks, Multimedia Syst. 21 (1) (2015) 49–60.
[99] F. Wu, L. Xu, S. Kumari, X. Li, An improved and anonymous two-factor
authentication protocol for health-care applications with wireless medical sensor
networks, Multimedia Syst. 23 (2) (2017) 195–205.
[100] G. Sharma, S. Kalra, A lightweight user authentication scheme for cloud-IoT based
healthcare services, Iran J. Sci. Technol. Trans. A Sci. 43 (1) (2019) 619–636.
[101] Bertoni, G., Daemen, J., Peeters, M., & Van Assche, G. (2009). Keccak sponge
function family main document. Submission to NIST (Round 2), 3(30), 320–337.
[102] W. Diffie, M.E. Hellman, New directions in cryptography. Democratizing
Cryptography: The Work of Whitfield Diffie and Martin Hellman, 2022,
pp. 365–390.
[103] Qu, M. (1999). Sec 2: recommended elliptic curve domain parameters. J.
Reticuloendothel. Soc., Mississauga, ON, Canada, Tech. Rep. SEC2-Ver-0.6.
[104] D.J. Bernstein, N. Duif, T. Lange, P. Schwabe, B.Y. Yang, High-speed high-security
signatures, J. Cryptogr. Eng. 2 (2) (2012) 77–89.
[105] R.L. Rivest, A. Shamir, Y. Tauman, How to leak a secret, in: International
conference on the theory and application of cryptology and information security,
Springer, Berlin, Heidelberg, 2001, pp. 552–565.
[106] Van Saberhagen, N. (2013). CryptoNote v 2.0.
[107] Maxwell, G., & Poelstra, A. (2015). Borromean ring signatures. Accessed: Jun, 8,
2019.
[108] K. Itakura, K. Nakamura, A public-key cryptosystem suitable for digital
multisignatures, NEC Res. Develop. (71) (1983) 1–8.
[109] D. Dolev, A. Yao, On the security of public key protocols, IEEE Trans. Inf. Theory
29 (2) (1983) 198–208.
[110] P. Kocher, J. Jaffe, B. Jun, Differential power analysis, in: Annual international
cryptology conference, Springer, Berlin, Heidelberg, 1999, pp. 388–397.
[111] J. Mo, Z. Hu, Y. Lin, Cryptanalysis and Security Improvement of Two
Authentication Schemes for Healthcare Systems Using Wireless Medical Sensor
Networks, Security and Communication Networks, 2020, p. 2020.
[112] R. Amin, S.H. Islam, G.P. Biswas, M.K. Khan, N. Kumar, A robust and anonymous
patient monitoring system using wireless medical sensor networks, Future
Generation Comput. Syst. 80 (2018) 483–495.
[113] A. Kumar, H. Om, An enhanced and provably secure authentication protocol
using Chebyshev chaotic maps for multi-server environment, Multimed Tools
Appl. (2021) 1–27.
[114] M. Wazid, A.K. Das, S. Shetty, J. JPC Rodrigues, Y Park, LDAKM-EIoT: lightweight
device authentication and key management mechanism for edge-based IoT
deployment, Sensors 19 (24) (2019) 5539.
[115] H.L. Wu, C.C. Chang, L.S. Chen, Secure and anonymous authentication scheme for
the internet of things with pairing, Pervasive Mob. Comput. 67 (2020), 101177.
[116] K. Mahmood, W. Akram, A. Shafiq, I. Altaf, M.A. Lodhi, S.H. Islam, An enhanced
and provably secure multi-factor authentication scheme for Internet-of-
Multimedia-Things environments, Communist Chin. Sci. Abstr. 88 (2020),
106888.
[117] M. Shuai, L. Xiong, C. Wang, N. Yu, A secure authentication scheme with forward
secrecy for industrial internet of things using Rabin cryptosystem, Comput.
Commun. 160 (2020) 215–227.
[118] Y. Harbi, Z. Aliouat, A. Refoufi, S. Harous, A. Bentaleb, Enhanced authentication
and key management scheme for securing data transmission in the internet of
things, Ad Hoc Netw 94 (2019), 101948.
[119] K. Sowjanya, M. Dasgupta, S. Ray, Elliptic Curve Cryptography based
authentication scheme for Internet of Medical Things, J. Inform. Secur. Applic. 58
(2021), 102761.
[120] O.O. Olufemi, O.K. Oluwasesan, Faster and efficient cloud-server-aided data de-
duplication scheme with an authenticated key agreement for Industrial Internet-
of-Things, Internet Things (2021), 100376.
[121] M. Fakroon, M. Alshahrani, F. Gebali, I. Traore, Secure remote anonymous user
authentication scheme for smart home environment, Internet Things 9 (2020),
100158.
[122] Y. Zhang, K. Cheng, F. Khan, R. Alturki, R. Khan, A.U. Rehman, A mutual
authentication scheme for establishing secure device-to-device communication
29
Ad Hoc Networks 146 (2023) 103159
sessions in the edge-enabled smart cities, J. Inform. Secur. Applic. 58 (2021),
102683.
[123] Y.K. Ever, A secure authentication scheme framework for mobile-sinks used in the
Internet of Drones applications, Comput. Commun. 155 (2020) 143–149.
[124] P. Kumar, L. Chouhan, A secure authentication scheme for IoT application in
smart home, Peer Peer Netw. Appl. 14 (1) (2021) 420–438.
[125] J. Mo, H. Chen, A lightweight secure user authentication and key agreement
protocol for wireless sensor networks, Secur. Commun. Networks (2019), 2019.
[126] G. Yang, R. Chen, Y. Mu, W. Susilo, F. Guo, J. Li, Strongly leakage resilient
authenticated key exchange, revisited, Des. Codes Cryptogr 87 (12) (2019)
2885–2911.
[127] K.L. Noh, E. Serpedin, K. Qaraqe, A new approach for time synchronization in
wireless sensor networks: pairwise broadcast synchronization, IEEE Trans.
Wireless Commun. 7 (9) (2008) 3318–3322.
[128] X. Wang, J. Zhao, An improved key agreement protocol based on chaos, Commun.
Nonlinear Sci. Numer. Simul. 15 (12) (2010) 4052–4057.
[129] F. Amin, A.H. Jahangir, H. Rasifard, Analysis of public-key cryptography for
wireless sensor networks security, World Acad. Sci. Eng. Technol. 41 (2008)
529–534.
[130] M.T. Hammi, B. Hammi, P. Bellot, A. Serhrouchni, Bubbles of Trust: a
decentralized blockchain-based authentication system for IoT, Comp. Secur. 78
(2018) 126–142.
[131] S.R. Moosavi, T.N. Gia, E. Nigussie, A.M. Rahmani, S. Virtanen, H. Tenhunen,
J. Isoaho, End-to-end security scheme for mobility enabled healthcare Internet of
Things, Future Generation Comput. Syst. 64 (2016) 108–124.
[132] H.M. Almohri, L.T. Watson, D. Evans, An attack-resilient architecture for the
Internet of Things, IEEE Trans. Inf. Forensics Secur. 15 (2020) 3940–3954.
[133] Q. Jiang, F. Wei, S. Fu, J. Ma, G. Li, A. Alelaiwi, Robust extended chaotic maps-
based three-factor authentication scheme preserving biometric template privacy,
Nonlinear Dyn. 83 (4) (2016) 2085–2101.
[134] P.M. Rao, P. Saraswathi, Evolving cloud security technologies for social networks.
Security in IoT Social Networks, Academic Press, 2021, pp. 179–203.
[135] S. Zonouz, A. Houmansadr, R. Berthier, N. Borisov, W. Sanders, Secloud: a cloud-
based comprehensive and lightweight security solution for smartphones, Comp.
Secur. 37 (2013) 215–227.
[136] S. Raza, L. Wallgren, T. Voigt, SVELTE: real-time intrusion detection in the
Internet of Things, Ad Hoc Netw 11 (8) (2013) 2661–2674.
[137] A. Triantafyllou, P. Sarigiannidis, T.D. Lagkas, Network protocols, schemes, and
mechanisms for internet of things (iot): features, open challenges, and trends,
Wireless communications and mobile computing (2018), 2018.
[138] F. Syed, S.K. Gupta, S. Hamood Alsamhi, M. Rashid, X. Liu, A survey on recent
optimal techniques for securing unmanned aerial vehicles applications, Transac.
Emerg. Telecommun. Technol. 32 (7) (2021) e4133.
[139] J. Hunker, C.W. Probst, Insiders and Insider Threats-An Overview of Definitions
and Mitigation Techniques, J. Wirel. Mob. Networks Ubiquitous Comput.
Dependable Appl. 2 (1) (2011) 4–27.
[140] B. Farahani, F. Firouzi, V. Chang, M. Badaroglu, N. Constant, K. Mankodiya,
Towards fog-driven IoT eHealth: promises and challenges of IoT in medicine and
healthcare, Future Generation Comput. Syst. 78 (2018) 659–676.
[141] O. Kanoun, S. Bradai, S. Khriji, G. Bouattour, D. El Houssaini, M. Ben Ammar,
C. Viehweger, Energy-aware system design for autonomous wireless sensor nodes:
a comprehensive review, Sensors 21 (2) (2021) 548.
[142] W. Wei, F. Xu, Q. Li, Mobishare: flexible privacy-preserving location sharing in
mobile online social networks, in: 2012 Proceedings IEEE INFOCOM, IEEE, 2012,
pp. 2616–2620.
[143] X. Liang, X. Li, T.H. Luan, R. Lu, X. Lin, X. Shen, Morality-driven data forwarding
with privacy preservation in mobile social networks, IEEE Trans. Veh. Technol. 61
(7) (2012) 3209–3222.
[144] Khan, F.I., & Hameed, S. (2018). Understanding security requirements and
challenges in internet of things (IoTs): a review. arXiv preprint arXiv:1808.10529.
[145] L. Zhu, K. Gai, M. Li, Security and privacy issues in internet of things. Blockchain
Technology in Internet of Things, Springer, Cham, 2019, pp. 29–40.
[146] Levy, J.M. (2016). Contemporary Urban Planning. Taylor & Francis.
[147] E.E. Peters, Fractal Market analysis: Applying Chaos Theory to Investment and
Economics, Vol. 24, John Wiley & Sons, 1994.
[148] Committee on Gynecologic Practice, Committee Opinion No 701: choosing the
route of hysterectomy for benign disease, Obstet. Gynecol. 129 (6) (2017) e155.
[149] R. Chen, G. Acs, C. Castelluccia, Differentially private sequential data publication
via variable-length n-grams, in: Proceedings of the 2012 ACM conference on
Computer and communications security, 2012, pp. 638–649.
[150] A. Jurcut, T. Niculcea, P. Ranaweera, N.A. Le-Khac, Security considerations for
Internet of Things: a survey, SN Comp. Sci. 1 (2020) 1–19.
[151] Q.M. Ashraf, M.H. Habaebi, Autonomic schemes for threat mitigation in Internet
of Things, J. Netw. Comput. Appl.. 49 (2015) 112–127.
[152] M. Zorzi, A. Gluhak, S. Lange, A. Bassi, From today’s intranet of things to a future
internet of things: a wireless-and mobility-related view, IEEE Wirel Commun 17
(6) (2010) 44–51.
[153] B.D. Deebak, F. Al-Turjman, Digital-twin assisted: fault diagnosis using deep
transfer learning for machining tool condition, Int. J. Intell. Syst. (2021).
[154] B.D. Deebak, F. Al-Turjman, Secure-user sign-in authentication for IoT-based
eHealth systems, Complex Intell. Syst. (2021) 1–21.
[155] B.D. Deebak, F. Al-Turjman, A. Nayyar, Chaotic-map based authenticated security
framework with privacy preservation for remote point-of-care, Multimed. Tools
Appl. 80 (11) (2021) 17103–17128.
P.M. Rao and B.D. Deebak
[156] A.T. Fadi, B.D. Deebak, Seamless authentication: for IoT-big data technologies in
smart industrial application systems, IEEE Trans. Ind. Inf. 17 (4) (2020)
2919–2927.
[157] B.D. Deebak, F. Al-Turjman, Drone of IoT in 6 G wireless communications:
technology, challenges, and future aspects. Unmanned Aerial Vehicles in Smart
Cities, Springer, Cham, 2020, pp. 153–165.
[158] B.D. Deebak, F. Al-Turjman, M. Aloqaily, O. Alfandi, IoT-BSFCAN: a smart
context-aware system in IoT-Cloud using mobile-fogging, Future Generation
Comput. Syst. 109 (2020) 368–381.
[159] B.D. Deebak, F. Al-Turjman, A hybrid secure routing and monitoring mechanism
in IoT-based wireless sensor networks, Ad Hoc Netw 97 (2020), 102022.
[160] F. Al-Turjman, B.D. Deebak, L. Mostarda, Energy aware resource allocation in
multi-hop multimedia routing via the smart edge device, IEEE Access 7 (2019)
151203–151214.
[161] D. BD, F. Al-Turjman, L. Mostarda, A hash-based RFID authentication mechanism
for context-aware management in IoT-based multimedia systems, Sensors 19 (18)
(2019) 3821.
[162] B.D. Deebak, E. Ever, F. Al-Turjman, Analyzing enhanced real-time uplink
scheduling algorithm in 3GPP LTE-advanced networks using multimedia systems,
Transac. Emerg. Telecommun. Technol. 29 (10) (2018) e3443.
[163] D.B. David, Analyzing Traffic Models Using IP Multimedia Server–Client Systems
for Consumer Wireless Multimedia System Devices, Phys. Sci. 88 (2) (2018)
309–316.
[164] F. Al-Turjman, Y.K. Ever, E. Ever, H.X. Nguyen, D.B. David, Seamless key
agreement framework for mobile-sink in IoT based cloud-centric secured public
safety sensor networks, IEEE Access 5 (2017) 24617–24631.
[165] B.D. Deebak, A Secure-Ware System for Web Server: ensuring platform
interoperability, security, privacy, usability and functionality, Natl. Acad. Sci.
Lett. (India) 40 (3) (2017) 157–160.
[166] P. Gope, T. Hwang, BSN-Care: a secure IoT-based modern healthcare system using
body sensor network, IEEE Sens. J. 16 (5) (2015) 1368–1376.
[167] J. Srinivas, S. Mukhopadhyay, D. Mishra, Secure and efficient user authentication
scheme for multi-gateway wireless sensor networks, Ad Hoc Netw 54 (2017)
147–169.
[168] M. Chen, T.F. Lee, J.I. Pan, An Enhanced Lightweight Dynamic Pseudonym
Identity Based Authentication and Key Agreement Scheme Using Wireless Sensor
Networks for Agriculture Monitoring, Sensors 19 (5) (2019) 1146.
[169] L. Yang, Z. Zheng, Cryptanalysis and improvement of a biometrics-based
authentication and key agreement scheme for multi-server environments, PLoS
One 13 (3) (2018), e0194093.
[170] X. Li, J. Niu, S. Kumari, F. Wu, A.K. Sangaiah, K.K.R. Choo, A three-factor
anonymous authentication scheme for wireless sensor networks in internet of
things environments, J. Netw. Comput. Appl. 103 (2018) 194–204.
[171] Contributors, M., CEA, S.L., Tao, X., Kovatsch, M., Nicholson, R., & UGA, S.B.
(2018). D3. 1 Initial data and capabilities models for cross-platform
interoperability.
[172] N.W. Lo, K.H. Yeh, An efficient mutual authentication scheme for EPCglobal class-
1 generation-2 RFID system, in: International Conference on Embedded and
Ubiquitous Computing, Springer, Berlin, Heidelberg, 2007, pp. 43–56.
[173] X. Li, J. Niu, M.Z.A. Bhuiyan, F. Wu, M. Karuppiah, S. Kumari, A robust ECC-
based provable secure authentication protocol with privacy-preserving for the
industrial Internet of Things, IEEE Trans. Ind. Inf. 14 (8) (2017) 3599–3609.
[174] M. Shuai, B. Liu, N. Yu, L. Xiong, C. Wang, Efficient and privacy-preserving
authentication scheme for wireless body area networks, J. Inform. Secur. Applic.
52 (2020), 102499.
[175] X. Li, J. Niu, M.Z.A. Bhuiyan, F. Wu, M. Karuppiah, S. Kumari, A robust ECC-
based provable secure authentication protocol with privacy preserving for
industrial internet of things, IEEE Trans. Ind. Inf. 14 (8) (2017) 3599–3609.
[176] S. Kumari, H. Om, Authentication protocol for wireless sensor networks
applications like safety monitoring in coal mines, Comput Netw 104 (2016)
137–154.
[177] A.K. Das, A.K. Sutrala, V. Odelu, A. Goswami, A secure smartcard-based
anonymous user authentication scheme for healthcare applications using wireless
medical sensor networks, Wireless Personal Commun. 94 (3) (2017) 1899–1933.
[178] F. Wu, L. Xu, S. Kumari, X. Li, A privacy-preserving and provable user
authentication scheme for wireless sensor networks based on internet of things
security, J. Ambient Intell. Humaniz Comput. 8 (1) (2017) 101–116.
[179] D. Mishra, P. Vijayakumar, V. Sureshkumar, R. Amin, S.H. Islam, P. Gope,
Efficient authentication protocol for secure multimedia communications in IoT-
enabled wireless sensor networks, Multimed. Tools Appl. 77 (14) (2018)
18295–18325.
[180] J. Cui, X. Zhang, H. Zhong, Z. Ying, L. Liu, RSMA: reputation System-based
Lightweight Message Authentication Framework and Protocol for 5G-enabled
Vehicular Networks, IEEE Internet Things J (2019).
[181] H. Zhao, M. Zhang, K. Gao, T. Mao, H. Zhu, A Multi-channel Cooperative
Demand-Aware Media Access Control Scheme in Vehicular Ad-Hoc Network,
Wireless Personal Commun. 104 (1) (2019) 325–337.
[182] Y. Zhang, D. He, L. Li, B. Chen, A lightweight authentication and key agreement
scheme for internet of drones, Comput Commun 154 (2020) 455–464.
[183] C.M. Chen, B. Xiang, Y. Liu, K.H. Wang, A secure authentication protocol for
internet of vehicles, Ieee Access 7 (2019) 12047–12057.
[184] X. Liu, C. Jin, F. Li, An improved two-layer authentication scheme for wireless
body area networks, J Med Syst 42 (8) (2018) 1–14.
[185] Y. Xie, S. Zhang, X. Li, Y. Li, Y. Chai, Cascp: efficient and secure certificateless
authentication scheme for wireless body area networks with conditional privacy-
preserving, Secur. Commun. Networks (2019), 2019.
30
Ad Hoc Networks 146 (2023) 103159
[186] S. Jegadeesan, M. Azees, N.R. Babu, U. Subramaniam, J.D. Almakhles, EPAW:
efficient privacy preserving anonymous mutual authentication scheme for
wireless body area networks (WBANs), IEEE Access 8 (2020) 48576–48586.
[187] S. Ji, Z. Gui, T. Zhou, H. Yan, J. Shen, An efficient and certificateless conditional
privacy-preserving authentication scheme for wireless body area networks big
data services, IEEE Access 6 (2018) 69603–69611.
[188] M. Nikooghadam, H. Amintoosi, S.H. Islam, M.F. Moghadam, A provably secure
and lightweight authentication scheme for Internet of Drones for smart city
surveillance, J. Syst. Archit. 115 (2021), 101955.
[189] A.K. Das, S. Kumari, V. Odelu, X. Li, F. Wu, X. Huang, Provably Secure User
Authentication and Key Agreement Scheme For Wireless Sensor Networks, 9,
Security and Communication Networks, 2016, pp. 3670–3687.
[190] J.S. Fu, Y. Liu, H.C. Chao, B.K. Bhargava, Z.J. Zhang, Secure data storage and
searching for industrial IoT by integrating fog computing and cloud computing,
IEEE Trans. Ind. Inf. 14 (10) (2018) 4519–4528.
[191] Y. Zhou, D. Feng, Side-Channel Attacks: ten Years After Its Publication and the
Impacts on Cryptographic Module Security Testing, IACR Cryptol. ePrint Arch.
(2005) 388, 2005.
[192] M. Burrows, M. Abadi, R.M. Needham, A logic of authentication, Proc. R Soc.
Lond. A Math Phys. Sci. 426 (1989) 233–271.
[193] A. Armando, D. Basin, J. Cuellar, M. Rusinowitch, L. Viganò, Avispa: automated
validation of internet security protocols and applications, ERCIM News 64 (2006).
[194] Blanchet, B., Cheval, V., Allamigeon, X., & Smyth, B. (2010). ProVerif:
cryptographic protocol verifier in the formal model.
[195] C.J. Cremers, The Scyther Tool: verification, falsification, and analysis of security
protocols, in: International conference on computer aided verification, Springer,
Berlin, Heidelberg, 2008, pp. 414–418.
[196] V. Rao, K.V. Prema, Light-weight hashing method for user authentication in
Internet-of-Things, Ad Hoc Netw. 89 (2019) 97–106.
[197] D. Gil, M. Johnsson, H. Mora, J. Szymański, Review of the complexity of
managing big data of the internet of things, complex. (2019), 2019.
[198] A. Ragab, G. Selim, A. Wahdan, A. Madani, Robust hybrid lightweight
cryptosystem for protecting IoT smart devices, in: international conference on
security, privacy and anonymity in computation, communication and storage,
Springer, Cham, 2019, pp. 5–19.
[199] A. Ghani, K. Mansoor, S. Mehmood, S.A. Chaudhry, A.U. Rahman, M. Najmus
Saqib, Security and key management in IoT-based wireless sensor networks: an
authentication protocol using symmetric key, Int. J. Commun. Syst. 32 (16)
(2019) e4139.
[200] S. Yu, K. Park, Y. Park, A secure lightweight three-factor authentication scheme
for IoT in cloud computing environment, Sensors 19 (16) (2019) 3598.
[201] A.K. Das, A.K. Sutrala, S. Kumari, V. Odelu, M. Wazid, X. Li, An efficient multi-
gateway-based three-factor user authentication and key agreement scheme in
hierarchical wireless sensor networks, Secur. Commun. Networks 9 (13) (2016)
2070–2092.
[202] G. Sharma, S. Kalra, A secure remote user authentication scheme for smart cities
e-governance applications, J. Reliab. Intell. Environ. 3 (3) (2017) 177–188.
[203] A. Darwish, A.E. Hassanien, Wearable and implantable wireless sensor network
solutions for healthcare monitoring, Sensors 11 (6) (2011) 5561–5595.
[204] P. Thota, Y. Kim, Implementation and comparison of M2M protocols for Internet
of Things, in: 2016 4th Intl Conf on Applied Computing and Information
Technology/3rd Intl Conf on Computational Science/Intelligence and Applied
Informatics/1st Intl Conf on Big Data, Cloud Computing, Data Science &
Engineering (ACIT-CSII-BCD), IEEE, 2016, pp. 43–48.
[205] D. Kumar, P. Kumar, A. Ashok, Introduction to multimedia big data computing for
IoT. Multimedia Big Data Computing for IoT Applications, Springer, Singapore,
2020, pp. 3–36.
[206] W. Yu, F. Liang, X. He, W.G. Hatcher, C. Lu, J. Lin, X. Yang, A survey on the edge
computing for the Internet of Things, IEEE access 6 (2017) 6900–6919.
[207] D. Arellanes, K.K. Lau, Evaluating IoT service composition mechanisms for the
scalability of IoT systems, Future Generation Comput. Syst. 108 (2020) 827–848.
[208] W. Zhang, D. Lin, H. Zhang, C. Chen, X. Zhou, A lightweight anonymous mutual
authentication with key agreement protocol on ECC, in: 2017 IEEE Trustcom/
BigDataSE/ICESS, IEEE, 2017, pp. 170–176.
[209] S. Sun, M. Kadoch, L. Gong, B. Rong, Integrating network function virtualization
with SDR and SDN for 4 G/5 G networks, IEEE Netw. 29 (3) (2015) 54–59.
[210] M. Díaz, C. Martín, B. Rubio, State-of-the-art, challenges, and open issues in the
integration of Internet of things and cloud computing, J Netw Comput Appl 67
(2016) 99–117.
[211] P. Porambage, M. Ylianttila, C. Schmitt, P. Kumar, A. Gurtov, A.V. Vasilakos, The
quest for privacy in the internet of things, IEEE Cloud Comput. 3 (2) (2016)
36–45.
[212] E. Borgia, The Internet of Things vision: key features, applications and open
issues, Comput. Commun. 54 (2014) 1–31.
[213] D. Airehrour, J. Gutierrez, S.K. Ray, Secure routing for internet of things: a
survey, J. Netw. Comput. Appl. 66 (2016) 198–213.
[214] C.S. Shih, J.J. Chou, K.J. Lin, WuKong: secure Run-Time environment and data-
driven IoT applications for Smart Cities and Smart Buildings, J. Internet Serv. Inf.
Secur. 8 (2) (2018) 1–17.
[215] Núñez, P.M.T. (2017). A reactive microservice architectural model with
asynchronous programming and observable streams as an approach to developing
iot middleware (Doctoral dissertation, Colorado Technical University).
P.M. Rao and B.D. Deebak
PATRUNI MURALIDHARA RAO obtained the degree of B.
Tech (Computer Science and Engineering), JNTUK, Kakinada,
India, in 2012. He obtained the degree of M.Tech (Software
Engineering), JNTUH, Hyderabad, India, in 2014. He is
currently pursuing a doctoral degree in network security at the
Vellore Institute of Technology. His-research interests include
wireless sensor networks and networks security. His-research
interests include wireless sensor networks and networks secu­
rity. He is an active member of IEEE and IAENG professional
bodies. His-research contribution spans over 12 publications in
journals, conferences, and book chapters.
31
Ad Hoc Networks 146 (2023) 103159
B D Deebak received his Ph.D. degree from SASTRA Univer­
sity, Tamilnadu, India. Currently, he is working as an Associate
Professor in the Department of Computational Intelligence,
School of Computer Science and Engineering at Vellore Insti­
tute of Technology, Vellore, India. His-areas of research
include Multimedia Networks, Network Security, Internet of
Things, and Machine Learning. He is an active member in
professional societies like IE (I), CSI, and ISTE. His-research
contribution spans over 60 publications in journals, confer­
ences, books, and book chapters.