3. Security Protocols for the Internet of Things
Communication in various IoT environments usually consists of several stages using specially designed security protocols. The stages of authentication and agreement of the session key are the most characteristic stages of communication. During authentication, the user or device confirms their identity. As a result of correct authentication, the user or device acquires certain rights and privileges depending on the system. Various mechanisms are used in authentication protocols to ensure an appropriate level of security (for example, using methods described in
Section 2.2). An essential element of authentication protocols is the number of factors used in the authentication process. It is worth indicating three groups of factors that are used during the authentication process:
Knowledge factor relates to something the user knows, e.g., username and password;
Ownership factor refers to something the user has, e.g., a smart card or security token; and
Inheritance factor refers to the user’s biometric characteristics, i.e., something the user can be identified by, such as a fingerprint or an iris pattern.
An equally important stage of communication is distributing the session key. The keys are used to encrypt and decrypt messages. There are many different approaches to the problem of session key agreement. We can define a separate protocol for these purposes and extract a fragment of the authentication protocol that will be responsible for the agreement of the session key (e.g., [
80]).
As mentioned earlier, the most desirable features of security protocols are connected with the implementation of the CIA triad (confidentiality, integrity, availability). Data confidentiality is critical in IoT environments. Any situation that threatens the security of such environments can contribute to the threat to users’ privacy and their data. Data can be stolen and misused. Data confidentiality is essential in any situation, but it becomes crucial when communication concerns patients’ health data. An excellent solution to secure data and thus ensure data confidentiality is the use of elliptic curve algorithms, which use the mathematics of elliptic curves. Usually, these algorithms are considered in the case of the Rivest–Shamir–Adleman algorithm as an alternative cryptographic method. Elliptic curve algorithms use a smaller key size than the Rivest–Shamir–Adleman algorithm.
The second security feature is data integrity, ensuring data consistency, accuracy, and reliability. Here, the characteristic technology has become blockchain technology. Blockchain can be defined as a register of decentralized data that is securely shared between users. The data is divided into shared blocks, linked to unique identifiers in the form of cryptographic hashes. The use of blockchain technology enables accessible collection, integration, and sharing of data.
The last security feature is availability, ensuring that access to data will be easy for authorized parties. We can use biometric techniques and physical unclonable functions to support data availability. Physical unclonable functions use randomness to give an object a unique “fingerprint”. Thanks to this, only users or devices with defined permissions will gain access to data.
Below in this Section, we will present a comprehensive review of the latest authentication protocols, including authentication protocols with key agreement phases for IoT solutions. We will deliver them, dividing them according to their use (medicine and healthcare, edge, industry, vehicles, drones, and general IoT solutions). This review will support the summary of the characteristics and features of the protocols that occurred in the IoT or WSN environments.
Rasslan et al. in [
81] have proposed identity-based strong designated verifier signature authentication protocols for medical IoT solutions. The proposed protocols can support the authentication process of the IoT device network, which consists of both typical devices designed to control the vital functions of patients and autonomous vehicles and drones. A characteristic feature of both solutions is their short signature size. Moreover, the authors showed that both schemes are characterized by low communication and computing costs compared to similar solutions. The authors confirmed that the proposed protocols meet the assumptions of the ROM and protect patient privacy, and ensure data integrity and authenticity.
Masud et al. in [
82] have proposed an authentication protocol for medical IoT solutions. The proposed protocol is based on blockchain [
83] and fog calculations, Ethereum-powered smart contracts [
84], PUF, and biometrics. Blockchain and fog technology ensure nonrepudiation, transparency, low latency, and efficient bandwidth use. Other technologies are used to prevent replay, spoofing, and cloning attacks. The authors checked and confirmed the protocol’s security by using the Scyther tool. Moreover, they compared their protocol with similar computation costs and performance solutions. The authors showed that the proposed protocol could be successfully used in healthcare networks that use devices with limited resources.
Chander et al. in [
85] also addressed medical safety issues. The authors focused on solutions for telecare medicine information systems [
86]. They proposed an authentication protocol that uses hash functions, random functions, radio frequency identification (RFID) technology [
87], and bitwise logical operations [
88]. They checked the correctness and security of the proposed protocol with the help of BAN and GNY logics and Avispa and Scyther tools. These studies have shown that the protocol is resistant to typical attacks occurring in IoT networks and meets the most crucial security properties. However, Soni et al. in [
89] have reexamined the protocol apportioned by Chander et al. in [
85]. The authors showed that despite the use of hashing functions that reduce computing costs of endpoint devices, storage and communication costs are higher.
Consequently, there may be delays in the transmission of medical data. Moreover, they have shown that this protocol is susceptible to impersonation, insider, stolen smart card, MITM, and modification attacks. Furthermore, the protocol does not include the possibility of changing the password, which significantly affects the security of data transmission.
Wang et al. in [
90] proposed a protocol for medical IoT that protects patient data from illegal access by unauthorized servers. The authors created an encryption method for this protocol based on cyclic shift and XOR operation. Thanks to it, the protocol maintains the safety of users but does not burden devices. The authors demonstrated the security of the proposed protocol by using the BAN logic. Moreover, they have shown that the protocol is resistant to typical attacks in IoT environments. The authors also compared their protocol with similar solutions and obtained satisfactory results in achieving safety attributes and energy consumption during communication and calculations.
Prasanalakshmi et al. in [
91] focused on IoT solutions in the healthcare field. The authors designed a protocol by using the AES [
92] and blowfish [
93] algorithms to encrypt medical data, the Koblitz method to choose the embedding points [
94] curve, and hyperelliptic curve [
95] for embedding medical data in a medical image. The embedded image prepared in this way is then compressed with a five-level discrete wavelet transform file to achieve a reasonable payload. The authors confirmed the proposed method’s correctness, especially in medical image processing. Moreover, they suggested that the protocol could be used in real-time applications.
Chen et al. in [
96] introduced the LAP-IoHT protocol, a three-factor authentication protocol designed for health-related IoT solutions. Authentication is based on using the smart card, passwords, and biometric features. The authors conducted a safety analysis of the proposed protocol based on the ROR model. Research has shown that the protocol is resistant to replay attacks, user impersonation attacks, server impersonation attacks, privileged-insider attacks, KSSTI attacks, and stolen smart card attacks. Moreover, the protocol ensures perfect forward secrecy. The authors also showed that the LAP-IoHT protocol is more computationally efficient than similar solutions and has low communication costs.
Agrahari et al. [
97] focused on securing communication between doctor and patient. The authors proposed a two-factor authentication protocol by using hashing functions and bilinear pairing. Authentication is based on the smart card and password entered by the users. The authors checked the safety and correctness of the proposed scheme by using the Avispa tool and the BAN logic. The formal and informal analyses showed that the protocol meets the following security properties, mutual authentication, user anonymity, perfect forward secrecy, and untraceability, and is resistant to MITM, offline password guessing attacks, and privileged-insider attacks and replay attacks. The authors also compared their protocol with similar solutions and obtained satisfactory results in achieving security attributes and energy consumption during communication and calculations.
Tanveer et al. in [
98] have proposed an authentication protocol targeting the telecare medical information system. This protocol uses lightweight cryptography-based authenticated encryption with associative data and the hash function of the Esch256 [
99] hash. The authors showed that their protocol ensures the anonymity and privacy of users and is resistant to MITM attacks, replay attacks, impersonation attacks and DoS attacks. Moreover, the authors used the ROM model and Scyther tools to confirm the level of security provided by the proposed protocol. Compared to similar solutions, this protocol generates lower computational and communication costs.
Pardeshi et al. in [
100] highlighted the problems of adequately securing IoT devices in fog or edge processing. This problem arises with mass-produced IoT devices that ignore basic security requirements and make them vulnerable to attacks. Therefore, the authors proposed a hash–chain fog/edge zero-knowledge protocol, the task of which is to authenticate each other and agree on session keys in the fog/cloud processing environment for different devices. In the proposed protocol, the authentication process takes place by using a centralized server that manages the keys. The protocol consists of the phases: initialization, registration, authentication, communication, and revocation. The authors confirmed the performance and correctness of the protocol on various architectures and workstations, including interconnectivity. Moreover, they established the security of the protocol using the BAN logic. They also demonstrated the protocol’s resistance to active and passive attacks, modification, sinkhole, monitoring, replay, location disclosure, and Sybil attacks.
Iqbal et al. in [
101] proposed an authentication protocol with a key agreement for IoT and cloud computing environments. The authors used elliptic curve algorithms and symmetric encryption/decryption. The authors performed a formal protocol security analysis by using BAN logic and the Scyther tool. In turn, informal analyses showed the protocol’s resistance to replay attacks, impersonation attacks, traceability attacks, message integrity attacks, and MITM attacks. Computational and communication cost studies have shown that the protocol proposed by Iqbal et al. in [
101] is more efficient than similar solutions.
Wu et al. in [
102,
103] focused on IoT-related cloud computing solutions. In both years, they used Intel software guard extensions (SGX) [
104] to improve the security of protocols used in cloud solutions. In Wu et al. [
102], the authors proposed the SAKAP protocol for authentication and session key reconciliation. The authors use SGX to store a shared key. The authors performed formal (using the ROR model and the ProVerif tool) and informal protocol analysis. Research has shown that the protocol is resistant to replay attacks, MITM attacks, and impersonation attacks and provides security features such as anonymity and untraceability. In turn, in [
103], the authors proposed the SQXAP protocol that can be used to authenticate intelligent vehicles in cloud systems. The authors also performed formal (using the ROR model) and informal analyses for this protocol. Research has shown that the protocol is resistant to replay attacks, insider attacks, and MITM attacks, and provides security properties such as mutual authentication, anonymity, and untraceability.
Zhao et al. in [
105], Zhao et al. focused on industrial IoT (IIoT) security. The authors noticed that the low computing power of IIoT devices resulted in the low level of security implemented in such networks. The authors proposed a three-factor authentication and key-handshake protocol to solve such problems based on elliptic curve cryptography. The protocol can work on networks with one or more gateways. The authors confirmed the security of this protocol by using the ROM model and the Scyther tool. In turn, informal analyses confirmed that the protocol provides mutual authentication, session key agreement, forward and backward secrecy, user anonymity, and untraceability. Moreover, the protocol is resistant to stolen smart card attacks, replay attacks, privileged-insider attacks, desynchronization attacks, and impersonation attacks. The authors also compared their protocol and similar solutions for IIoT and obtained satisfactory results in achieving security attributes and energy consumption during communication and calculations.
Yi et al. in [
106] also proposed an authentication protocol for IIoT. The proposed protocol uses the physically unclonable function (PUF) [
107] chip and uses the Bloom [
108] filter to preauthenticate and reduce computation and communication costs. The authors performed a formal safety analysis of the proposed protocol by using the Avispa tool and informal analysis. The research showed that the proposed protocol for ensuring the following security properties: mutual authentication, identity anonymity, and untraceability and forward and backward secrecy of session keys, and is also resistant to tampering attacks, replay attacks, simulation and forgery attacks, physical attacks, and desynchronization attacks. Moreover, the authors compared their protocol with other schemes regarding security and computational and communication costs with satisfactory results.
Panda et al. in [
109] focused on industrial IoT solutions and proposed an authentication protocol for machine-to-machine communication. The authors tried to minimize the computational and communication load while increasing communication security. The authors used only XOR operations and hashing functions, and the shared symmetric key is only generated after two rounds of communication without human intervention. The authors carried out a formal (using BAN logic and the Avispa tool) and informal analysis of the protocol’s security, showing that it is resistant to typical attacks occurring in IoT environments. In conclusion, the authors emphasized the advantages of a protocol that meets security properties with low computational and communication costs. Moreover, they noted that the protocol could be successfully implemented in other IoT domains.
Zhang et al. in [
110] have developed an authentication protocol for the cross-domain IoT environment. The protocol uses the elliptic curve digital signature algorithm, blockchain technology, and a specially designed cryptocurrency token to build trust between entities. The authors analyzed the safety of the proposed protocol. They showed that it is resistant to MITM attacks, replay attacks, revealing identity attacks, authority abuse attacks, and DoS attacks. In addition, they demonstrated its computing and communication performance. In turn, Wang et al. in [
111] confirmed this protocol’s computing and communication advantages. However, they showed that it only allows one-way authentication and adds to the burden of certificate storage.
Li et al. in [
112] have proposed a mutual authentication protocol with key handshaking based on blockchain, elliptic curves, and bilinear pairs. The authors replaced the centralized CA with the registration authority to avoid single-node failure and some attacks. In addition, the key recovery and key update scheme use the Lagrange interpolation method [
113]. The authors formally confirmed the safety of the proposed protocol by using the ProVerif tool and the ECK model [
114]. Informal security analyses have shown that the proposed protocol is resistant to typical IoT attacks. Moreover, the authors noted that this protocol’s computational and communication overhead is negligible. However, Ryu et al. in [
115] pointed out that the protocol barred by Li et al. in [
112] user anonymity is prone to insider attacks.
Hajian et al. in [
116] proposed a two-way, mutual authentication and key agreement protocol. The protocol involves four phases: initialization, registration and generation of secret keys of long duration, key authentication and reconciliation, and updating public and private keys. The authors, using the ROR model, BAN logic and the Scyther tool, confirmed the correctness and safety of the proposed protocol. Additionally, the informal analysis showed resistance to this protocol to replay attacks, MITM attacks, device capture attacks, privilege-insider attacks, KCI attacks, known specific temporary information attacks, impersonation attacks, and known-key attacks. In addition, these analyses showed that the protocol provides anonymity and untraceability and perfect forward/backward secrecy. The authors also assessed their protocol in terms of communication, calculation costs, and energy consumption, and they obtained satisfactory results in comparison with similar solutions.
Gong et al. in [
117] proposed a lightweight protocol for authenticating and negotiating session keys. The proposed protocol uses shared secret and elliptic curve public key technology and is based on the CoAP framework [
118]. The techniques used to ensure the security and anonymity of devices and users. The authors verified the performance and safety of the proposed protocol by using the Dolev–Yao adversary model [
119] and the CPN Tools tool [
120]. The analysis showed that the protocol provides the following security properties: confidentiality, data integrity, mutual authentication, perfect forward and backward secrecy, device anonymity, and unlinkability. The protocol is resistant to impersonation attacks, MITM attacks, privileged-insider attacks, replay attacks, KCI attacks, desynchronization attacks, and DoSs attacks. Moreover, the authors compared their protocol with other schemes regarding security and computational and communication costs with satisfactory results.
Chen et al. in [
121] proposed another two-factor authentication and key agreement protocol for IoT environments. The proposed protocol consists of the predeployment phase, the IoT device registration phase, and the login and authentication phase. The authors distinguished two roles: IoT devices and a server. The IoT device must register on the server. Further communication between these devices takes place by using a session key generated by the server. The authors tested the security of the proposed protocol by using the ROR model and the BAN logic. Studies have shown that the protocol is resistant to privileged-insider attacks, known temporary information disclosure attacks, stolen verification attacks, IoT device simulation attacks, and physical IoT device capture attacks. In addition, the protocol provides the perfect forward secrecy property. Moreover, the authors compared the proposed protocol with similar security and computational and communication cost solutions, obtaining satisfactory results.
Another mutual authentication protocol was proposed by Safkhani et al. in [
122]. The authors focused on the use of RFID technology in the IoT environment. The authors created a new message authentication code function for the proposed protocol by analyzing the existing protocols and their problems and possible attacks. The authors formally informally verified their protocol’s security (using BAN logic and the Scyther tool). The protocol is resistant to replay attacks, secret disclosure attacks, impersonation attacks, and desynchronization attacks. Moreover, the authors showed that their proposed protocol is characterized by low computing and communication costs, and therefore it can be implemented in environments with low resources and computing power.
Khorasgani et al. in [
123] proposed three lightweight protocols called LRSAS+, LRARP, and LRARP+ for use in IoT solutions. The authors chose the operations performed during the protocol to be safe and computationally light, i.e., they do not burden the communicating devices. The authors confirmed the protocol’s security by using GNY logic and the Scyther tool. The protocol is resistant to tag-tracking attacks, replay and reader impersonation attacks, desynchronization attacks, and DoSs attacks. In addition, the protocol meets forward–backward secrecy. The study of the efficiency of the proposed protocols also confirmed the authors’ initial assumptions regarding not overloading communicating devices.
Alam et al. [
124] have proposed a new authentication protocol for use in IoT environments. The authors used the elliptic curve discrete logarithm problem [
125] properties, hash functions, and XOR operations to ensure robust and secure authentication. The authors tested their protocol by using the BAN logic and the Avispa tool and demonstrated its resistance to forging, guessing, masquerading, DoSs and MITM attacks. Moreover, the protocol complies with security properties such as user anonymity and untraceability or perfect forward secrecy. Furthermore, the authors compared the proposed protocol with other schemes in terms of security and computational and communication costs, obtaining satisfactory results. The authors concluded that the proposed protocol can be implemented for various applications of IoT devices and that it can be successfully extended with other techniques of securing the authentication process.
Mirsaraei et al. in [
126] proposed a three-factor authentication protocol for IoT environments. The protocol uses blockchain technology, hashing functions, XOR, and the concept of a fuzzy extractor. The cryptographic techniques ensure an appropriate level of security, protect data against manipulation and increase the transparency of the recorded information on smart cards. The authors used the BAN logic, the ROR model and the Avispa tool for formal analysis. Research has shown the security of mutual authentication implemented by the proposed protocol.
Conversely, an informal analysis showed that the protocol provides data confidentiality, mutual authentication, data integrity, forward security, anonymity, authorization, three-factor secrecy, and secured password updating. Moreover, the proposed protocol is resistant to replay attacks, password-guessing attacks, DoS attacks, server impersonation attacks, privileged-insider attacks, KSSTI attacks, user impersonation attacks, stolen smart card attacks, MITM attacks, and brute force attacks. The authors concluded that their protocol is superior in computation cost, communication cost, security requirements, and attack resistance compared to similar solutions.
Saqib et al. in [
127] proposed a three-factor authentication protocol for mission-critical IoT-based applications. The protocol is based on the publish–subscribe model and uses elliptical curve cryptography (ECC) and computationally low hash chains. Authentication is done through an identity, password, and digital signature. The authentication process also generates a dynamic session key based on the value of the nonce. Dynamic key changes make the protocol resistant to attacks on session keys. An informal protocol security analysis showed its resistance to MITM attacks, smart card stolen attacks, publisher, subscriber, or broker impersonation attacks, known session key attacks, offline password guessing attacks, replay attacks, and privileged-insider attacks. In addition, the protocol provides confidentiality, mutual authentication and perfect forward secrecy. The formal safety analysis was performed by using the Scyther tool. The authors also showed that, compared to similar protocols, the proposed protocol saves bandwidth and communication energy while reducing resource-constrained sensor nodes’ computation and communication costs.
Hu et al. in [
128] focused on the weaknesses of existing IoT authentication protocols. The authors opposed a two-factor authentication protocol by using ECC, passwords, and smart cards. The authors conducted formal (using the ProVerif tool) and informal verification of their protocol. Based on analyses, they showed that the protocol is resistant to impersonation attacks, offline password guessing attacks, replay attacks, and sensor node captured attacks. In addition, they found the proposed protocol to be secure, meeting user and session key security requirements. In addition, it achieves satisfactory results in terms of computational costs.
Haseeb-ur-rehman et al. in [
129] introduced a two-factor authentication protocol based on a symmetric key, by using biometrics and a password. The proposed protocol consists of six phases: the initialization, the smart device enrollment, the gateway node enrollment, the user enrollment, the login and authentication and the password and biometric update. The authors conducted formal (using the Avispa tool) and informal analyses of the safety of the proposed protocol. Research has shown that the protocol ensures security properties such as session key freshness property, perfect forward secrecy, user anonymity, and untraceability. In addition, it is resistant to replay attacks, impersonation attacks, and MITM attacks. The authors also showed that their protocol has lower computational costs than similar protocols.
Kumar et al. in [
130] focused on IoT solutions for vehicles. The authors proposed an authentication protocol based on RFID and PUF technologies. The protocol assumes the presence of three roles: a tag, a reader, and a cloud server, and each of the components can operate independently. The tag is responsible for initiating communication with the reader, and the reader must validate the message sent by the tag and send it to the server. The server is responsible for tag and reader authentication. The authors tested the safety of the proposed protocol by using the ROR model and informal analyses. Research has shown that the protocol is resistant to ephemeral secret leakage attacks, MITM attacks, insider attacks, replay attacks, impersonation attacks, offline password-guessing attacks, and desynchronization attacks. Moreover, the proposed protocol maintains the following security properties: location privacy, mutual authentication and session key agreement, forward secrecy, and message authentication. Furthermore, the authors compared their protocol with other schemes regarding security and computational and communication costs with satisfactory results.
Gupta et al. in [
131] proposed an authentication protocol for IoT solutions for vehicles. The authors based the security of their protocol on identity-based cryptography [
132] and lattice cryptography [
133]. The authors verified the correctness and security of their protocol by using the ROM model. Research has shown that the protocol is resistant to MITM attacks, Unknown key-share attacks, and known-key security attacks and provides perfect forward secrecy. In addition, the authors compared the protocol with similar solutions in terms of reference and communication costs. The authors concluded that the proposed protocol is computationally efficient and can be implemented in real IoT solutions for vehicles.
Zhang et al. in [
134] observed that the development of IoT systems for vehicles, on the one hand, contributed to easing the traffic load and improving travel efficiency. On the other hand, these systems are exposed to security threats in many respects. Therefore, the authors proposed an authentication protocol for such solutions. The proposed protocol uses blockchain technology and a chaotic mapping algorithm. It allows vehicles and roadside units to register to obtain a public identity, which they then use to authenticate and negotiate the key. The authors confirmed the security of their protocol with the Scyther tool. Moreover, they showed that the proposed protocol has lower computation and communication costs than the existing schemes.
Bera et al. in [
135] focused on IoT solutions that use drones in agriculture. The authors proposed an authentication and key management protocol based on blockchain technology. The authors examined their protocol for its susceptibility to attacks occurring in IoT environments. They showed that the protocol is resistant to MITM attacks, replay attacks, impersonation attacks, privileged-insider attacks, physical IoT smart device and drone capture attacks, and ephemeral capture attacks, secret leakage attacks. In addition, the authors performed a formal protocol analysis by using the ROR model and the Avispa tool. In conclusion, the authors concluded that the protocol has low computational and communication costs.
Tanveer et al. suggested two protocols for IoT drone solutions: a protocol for the authentication process in [
136], and a protocol for the key agreement process in [
137,
138]. These protocols use AES-CBC-256, ECC, SHA-256 hash functions, and XOR operations. The authors have demonstrated the resistance of these protocols to common attacks occurring in IoT environments, for example, replay attacks and MITM attacks. The authors used the ROM model and the Scyther tool for formal analysis of the protocols. The authors used both proposed protocols in the [
139] framework for drones because both are efficient in terms of communication, storage and computing costs compared to similar solutions.
Javed et al. in [
140] have abandoned the blockchain-based authentication protocol and the hyperelliptic curve cryptography for IoT drones. In this approach, the blockchain is used as a certification authority, and transactions are defined as certificates. Such action is designed to reduce maintenance costs while ensuring a high level of communication security. The authors concluded that the proposed protocol is resistant to common attacks in drone IoT networks and is also cost-effective in terms of computation and communication compared to similar solutions.
4. Discussion
Many different protocols are available for use in IoT environments, with different characteristics, purposes and applications. As mentioned in this manuscript, we focused on protocols that fulfill the purposes of authentication, agreement, and agreement of the session key. The protocols may pursue one or more of these objectives during their operation. The overviewed protocols use cryptographic techniques to achieve their goals and secure communication. These protocols have been validated with various tools and methods for vulnerability to attacks and providing essential security features.
In
Table 2, we summarized the revised protocols in terms of the purpose they pursue. We have designated three types of protocols based on the analyzes performed. Here we can observe the need to create protocols primarily for user authentication. An essential aspect of communication is the reconciliation and agreement of session keys; hence, developing and applying this protocol is also key to securing communication.
Table 3 provides a summary of the protocols discussed in terms of their uses and interoperability. We considered protocols targeted at specific solutions such as those intended for medicine and health, fog, edge, or cloud computing, and vehicular, drone, or industrial purposes. However, protocols that can be used in different resolutions (multidomain protocols) also play an essential role. In addition to multidomain solutions, many security protocols have been developed for solutions related to direct human safety, be it physical or environmental. First and foremost, it is about securing communications in medical environments where, on the one hand, we need to ensure patients ’data and privacy and, on the other hand, safeguard their health and life, as IoT devices are used to control patients’ vital functions. Another important aspect will be the protocols for industrial solutions that also relate to securing people environmentally and physically. As in the case of medical solutions, we must secure both data sent in industrial networks and protect against attacks that could contribute to the incorrect operation of industrial devices and thus threaten the health and life of employees.
Table 4 shows the attacks against which the described protocols for IoT are resistant. The table contains only those protocols for which the authors conducted formal and informal security evidence and indicated which attacks their proposed protocol is resistant to. In some papers (such as [
81,
82,
91,
134,
136] or [
137,
137,
137,
137]) lists of attacks emerged. On the other hand, in other papers (such as [
90,
109] or [
112]), the authors only suggested that their protocols are resistant to typical attacks in IoT environments. The table contains a list of attacks and an annotation regarding the resistance of the tested protocol to attack. We only included those attacks that appear in a few papers. These attacks seemed once (e.g., Sybil attack or sinkhole attack) are included in the Others column. The flag + indicates that the authors have demonstrated that their proposed protocol is immune to attack. The flag
- means that the protocol has not been verified to be vulnerable to attack.
We have observed that the most frequently tested vulnerabilities in IoT environments are impersonation attacks, MITM attacks, and replay attacks. Most reviewed papers reported studies of proposed protocols for these attacks, indicating that they are among the most dangerous vulnerabilities. These attacks can lead to the loss of a significant amount of information, necessitating protection against them in IoT environments. The attacker can combine different techniques when carrying out an attack. An attacker can listen to and intercept network traffic and then retransmit it to convince the recipient to perform specific actions. The attack results depend on the attacker’s knowledge, skills and imagination and the vulnerability and specificity of the attacked environment. One of the most dangerous outcomes of an attacker may be the loss of confidential information. Protection against this type of attacker activity should consider using message timestamps and one-time session keys during communication.
Table 5 summarizes the security aspects of the analyzed protocols. Moreover, in this table, we have included only those protocols for which the authors conducted formal and informal proofs of security and indicated the security aspects that their protocols provide. In some papers (e.g., [
90,
91,
100,
101]), the authors did not include the list of aspects. In this table, we have included a list of aspects with an annotation of whether the protocol meets the property (designation +). The designation - means that there is no information about the assurance of ownership by the investigated protocol. The analysis showed forward security is the most desirable security property, a specific feature of the session key agreement protocols.
The authors of all overviewed papers have also conducted performance studies of their protocols. The authors compared their proposals with similar solutions in terms of communication and calculation costs and energy consumption. The authors found that the proposed protocols achieve better performance in all studies than comparable solutions.
To summarize the overviewed protocols, the authentication process is the essential communication element in IoT environments. The process consists of confirming the identity of the communicating parties. One or more factors may be used during authentication; the more factors, the greater the safety of the entire process. If only passwords are used for authentication, this can be a weak and vulnerable security. An attacker can intercept, guess or crack passwords. Hence, a better solution is to use biometrics as it will avoid spoofing or impersonating attacks.
Authentication is vulnerable to rogue users. Attackers can launch attacks to obtain private user information, block the operation of selected system components, or cause the system to malfunction. The most dangerous attacks are MITM attacks, replay attacks, and the impersonation mentioned above because they can lead to the loss of user data and the compromise of essential security properties. The desynchronization attack can be equally dangerous because, in many IoT environments (for example, medical), proper data synchronization is crucial to the entire system’s operation.
An essential element of securing communication is using session keys, which are used to encrypt it. To protect communication against a replay attack or MITM attack, it is worth using one-time session keys, and messages should be timestamped. Thanks to this, the system will unequivocally determine whether a legitimate network node generated the processed message or whether it was intercepted by the attacker and resent by him.
In addition to the security aspects, we should also bear in mind the issues related to the scalability of protocols in the IoT environment. Devices used in IoT environments, or WSN sensors, have limited computing power. For this reason, calculations performed on individual devices while the protocol is running should not drain its energy. For this reason, when designing authentication or key agreement protocols, it is worth using lightweight cryptographic algorithms that will ensure an appropriate level of data security but will not burden system resources. In turn, data storage should be left to centralized units with more computing and hardware resources than individual nodes of the IoT or WSN environment.
Newly proposed protocols should be adequately screened for vulnerability to attacks and their essential security features. There are many different methods and tools for this (mentioned in
Section 1). In addition, implemented and operational protocols should also be systematically checked for this, as the methods used by attackers constantly evolve.
5. Conclusions
In this manuscript, we surveyed papers that proposed key agreement and authentication protocols for the Internet of things and wireless sensors networks. We collected papers focusing on problems with security, especially in IoT that offer new protocols aimed at correcting vulnerabilities in existing protocols. We discussed the theoretical aspects of IoT environments, cryptographic methods that can be used to secure communication, and cyberattacks that can compromise the security in the environments under consideration.
We highlighted the key agreement, distribution process, and authenticating users or devices on such networks in this manuscript. These processes provide critical communication steps as they prevent unauthorised access to session keys and unauthorised access by unauthorised users or devices. Data transferred between network nodes can be of different natures and importance, and they need to be appropriately secured during communication. All communications are exposed to dishonest users called attackers. Attackers’ activity may involve attacks on various aspects of the network, such as passwords, keys, biometric data or devices, and eavesdropping and retransmitting the same messages.
We looked at various solutions related to authentication and matching of session keys. The authors of the protocols under consideration focused on essential security properties such as untraceability and anonymity, and the solutions’ authors focused on crucial security features. The authors also validated their protocols with formal and informal methods that considered the vulnerability of these protocols. Various techniques (e.g., BAN logic or GNY) and automatic tools (e.g., Scyther, ProVerif) were used for verification. Thanks to the methods and tools used, the authors showed what level of security is provided by the protocol they propose.
The selected protocols’ analysis showed that the most dangerous attacks for IoT are impersonation attacks, MITM attacks, and replay attacks because the susceptibility to these attacks was most often checked and verified by the authors of the selected works. During impersonation attacks, the attacker identifies himself with another user on the network and tries to convince other users of his identity. The replay attack involves duplicating packets and sending them multiple times. At any time during this attack, the attacker can also use a MITM attack to intercept transmitted messages. A successfully conducted attack may result in the loss of confidential data, which may cause further problems for the user. The essential protection principle against attacks is using timestamps in messages and one-time session keys. Timestamps will allow us to verify the time when a message was generated.
On the other hand, disposable session keys will prevent the repeated sending of a message encrypted with an outdated key. Other types of attacks cannot be underestimated. Attacks during which the attacker tries to guess the password (guessing attacks) and the loss of data or devices that verify the user (stolen attacks) are equally dangerous. Such situations may contribute to the fact that an unauthorized user can log in with the correct credentials of an honest user and thus impersonate him.
After analyzing the current state of knowledge in the security protocols for IoT and WSN environments, we set out to indicate further research directions in this area. Here we can indicate the three most important aspects that should pay attention to constructing secure protocols for IoT.
The first is security. Protocols should provide an appropriate level of security for users and data sending because the methods of breaking security are constantly evolving. Therefore, research goals in security protocols for IoT and WSN environments should focus on technologies and solutions that provide increasingly better security. The elliptic curve algorithms are particularly noteworthy here, because they offer security comparable to the Rivest–Shamir–Adleman algorithm when using shorter encryption keys. Authentication and verification of users’ identities are also essential elements of security. These processes should take place, taking into account at least two factors. Authentication using only the user’s password does not provide an adequate level of security, especially in situations in which the user uses the same password when logging into many services or applications. The best solution worth developing is using biometric methods during these two processes. Biometric methods allow us to identify and confirm the user’s identity.
The second aspect of security protocols for IoT and WSN environments is performance. The computing load of IoT devices during communication should be as low as possible so that devices and their users can work efficiently without delays. Blockchain is an interesting technology in this regard, because it ensures nonrepudiation and data transparency. On the other hand, considering calculations in clouds or fog is conducive to achieving low transmission delays and efficient bandwidth use.
The last aspect to consider is cross-platform. Protocols for IoT should be cross-platform. Some of the protocols reviewed in this manuscript are application-specific (e.g., in medicine). When designing a security protocol for IoT, it is worth considering a broader spectrum of applications so that one authentication or key agreement and distribution protocol can be implemented in many solutions.
After analyzing the current state of knowledge in the field of protocols for the IoT and WSNs environments, we set ourselves further research goals. In our next work, we will focus on designing and creating a secure communication framework to be implemented in IoT. We will include a newly designed and secure communication protocol, thanks to which it will be possible to agree on and distribute the session key and user authentication. When designing and creating the framework and protocol, we will consider the security features to ensure the safety of users. We will also include one-time verification credentials, keys, and timestamps to protect the environment from attacks.