DMUAS-IoT: A Decentralised Multi-Factor User Authentication Scheme for IoT Systems


  • Ikenna Rene Chiadighikaobi
  • Norliza Katuk
  • Baharudin Osman



Biometric authentication, cryptography, encryption, ECC, PRESENT, face image


The Internet of Things (IoT) has become the fundamental infrastructure of many intelligent applications, such as smart homes. IoT applications store distributes various information, including user authentication information, over a public channel that exposes it to security threats and attacks. Therefore, this study intends to protect authentication data communication through a decentralised multi-factor user authentication scheme for secure IoT applications (DMUAS-IoT). The scheme is secure and enables efficient user registration, login and authentication, and the user profile updating process where legitimate users can access the IoT system resources. DMUAS-IoT adopted PRESENT for face image encryption and elliptic curve cryptography for data exchange. The scheme security was verified using ProVerif and AVISPA, and mutual authentication was checked with BAN-Logic. The results show that the scheme is secure against man-in-the-middle and impersonation attacks, provides mutual authentication and has a low computation cost. Hence, the outcomes of this study could help secure user authentication data from attacks on applications involved with IoT and resource constraint environments.


S. Naoui, M. E. Elhdhili, and L. A. Saidane, “Lightweight and secure password based smart home authentication protocol: LSP-SHAP,” Journal of Network and Systems Management, vol. 27, no. 4, pp. 1020–1042, 2019.

B. Ali, Internet of Things based Smart Homes: Security Risk Assessment and Recommendations, Master Thesis, Department of Computer Science, Electrical and Space Engineering, Luleå University of Technology, Luleå Sweden, 2016. [Online]. Available at:

N. Katuk, K. R. Ku-Mahamud, N. H. Zakaria, and M. A. Maarof, “Implementation and recent progress in cloud-based smart home automation systems,” Proceedings of the 2018 IEEE Symposium on Computer Applications & Industrial Electronics (ISCAIE), November 2019, pp. 71–77, 2018.

R. Almadhoun, M. Kadadha, M. Alhemeiri, M. Alshehhi, and K. Salah, “A User Authentication Scheme of IoT Devices using Blockchain-Enabled Fog Nodes,” Proceedings of the 2018 IEEE/ACS 15th International Conference on Computer Systems and Applications (AICCSA), 2018, pp. 1-8.

H. Lin and N. W. Bergmann, “IoT privacy and security challenges for smart home environments,” Information, vol. 7, no. 3, pp. 44, 2016.

R. Amin, N. Kumar, G. P. Biswas, R. Iqbal, and V. Chang, “A light weight authentication protocol for IoT-enabled devices in distributed cloud computing environment,” Future Generation Computer Systems, vol. 78, pp. 1005–1019, 2018.

K. Mahmood, S. Ashraf Chaudhry, H. Naqvi, T. Shon, and H. Farooq Ahmad, “A lightweight message authentication scheme for smart grid communications in power sector,” Computers & Electrical Engineering, vol. 52, no. May, pp. 114–124, 2016.

M. Fakroon, M. Alshahrani, F. Gebali, and I. Traore, “Secure remote anonymous user authentication scheme for smart home environment,” Internet of Things, vol. 9, p. 100158, 2020.

V. Ballal, K. Kumar, N. Megha, and S. R. Rai, “A study and comparison of lightweight cryptographic algorithm,” IOSR Journal of Electronics and Communication Engineering, vol. 12, no. 4, pp. 20-25, 2017.

L. Kou, Y. Shi, L. Zhang, D. Liu, and Q. Yang, “A lightweight three-factor user authentication protocol for the information perception of IoT,” CMC-Computers, Materials & Continua, vol. 58, no. 2, pp. 545–565, 2019.

M. Adeli, N. Bagheri, and H. R. Meimani, “On the designing a secure biometric-based remote patient authentication scheme for mobile healthcare environments,” Journal of Ambient Intelligence and Humanized Computing, vol. 12, no. 2, pp. 3075–3089, 2021.

H. Chen, C. Xu, Z. Xu, and X. Tu, “An enhanced lightweight biometric-based three-factor anonymous authentication protocol for mobile cloud computing,” Proceedings of the 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), 2019, pp. 1682–1691.

P. Kumar and L. Chouhan, “A secure authentication scheme for IoT application in smart home,” Peer-to-Peer Networking and Applications, vol. 14, no. 1, pp. 420–438, 2021.

A. Gupta, M. Tripathi, T. J. Shaikh, and A. Sharma, “A lightweight anonymous user authentication and key establishment scheme for wearable devices,” Computer Networks, vol. 149, pp. 29–42, 2019.

A. Diro, H. Reda, N. Chilamkurti, A. Mahmood, N. Zaman, and Y. Nam, “Lightweight authenticated-encryption scheme for Internet of Things based on publish-subscribe communication,” IEEE Access, vol. 8, pp. 60539–60551, 2020.

X. Luo et al., “A lightweight privacy-preserving communication protocol for heterogeneous IoT environment,” IEEE Access, vol. 8, pp. 67192–67204, 2020.

M. Rana, Q. Mamun, and R. Islam, “Current lightweight cryptography protocols in smart city IoT networks: A survey,” pp. 1–22, 2017. [Online]. Available at:

N. N. Mohamed, Y. M. Yussoff, M. A. Saleh, and H. Hashim, “Hybrid cryptographic approach for Internet of Things applications: A review,” Journal of Information and Communication Technology, vol. 19, no. 3, pp. 279–319, 2020.

D. H. Lee and I. Y. Lee, “A lightweight authentication and key agreement schemes for IoT environments,” Sensors (Switzerland), vol. 20, no. 18, pp. 1–18, 2020.

S. Sahoo, S. S. Sahoo, P. Maiti, B. Sahoo, and A. K. Turuk, “A lightweight authentication scheme for cloud-centric IoT applications,” Proceedings of the 2019 6th International Conference of Signal Processing and Integrated Networks, SPIN 2019, 2019, pp. 1024–1029.

M. H. Afifi, L. Zhou, “Dynamic authentication protocol using self-powered timers for passive Internet of Things,” IEEE Internet of Things Journal, vol. 5, no. 4, pp. 2927–2935, 2018.

M. Sajjad et al., “Raspberry Pi assisted face recognition framework for enhanced law-enforcement services in smart cities,” Future Generation Computer System, vol. 108, pp. 995-1007, 2017.

I. R. Chiadighikaobi and N. Katuk, “A scoping study on lightweight cryptography reviews in IoT,” Baghdad Science Journal, vol. 18, no. 2, pp. 989–1000, 2021.

P. K. Dhillon and S. Kalra, “A lightweight biometrics based remote user authentication scheme for IoT services,” Journal of Information Security and Applications, vol. 34, pp. 255–270, 2017.

S. Emerson, Y. K. Choi, D. Y. Hwang, K. S. Kim, and K. H. Kim, “An OAuth based authentication mechanism for IoT networks,” Proceedings of the 2015 International Conference on Information and Communication Technology Convergence (ICTC), 2015, pp. 1072–1074.

A. Canteaut, S. Carpov, C. Fontaine, B. Lac, and R. Sirdey, “End-to-end data security for IoT: from a cloud of encryptions to encryption in the cloud,” Cesar-Conference.Org, [Online]. Available at: Fontaine.pdf.

H. Yang and V. Oleshchuk, “Attribute-based authentication schemes: a survey,” International Journal of Computing, vol. 14, no. 2, pp. 86–96, 2015.

A. De Santis, M. Flores, and B. Masucci, “One-message unilateral entity authentication schemes,” Proceedings of the 12th International Conference on Availability, Reliability and Security, 2017, pp. 1–6.

C. C. Chang, H. L. Wu, and C. Y. Sun, “Notes on ‘Secure authentication scheme for IoT and cloud servers’,” Pervasive Mobile Computing, vol. 38, no. 100, pp. 275–278, 2017.

C. C. Chang and H. D. Le, “A provably secure, efficient, and flexible authentication scheme for ad hoc wireless sensor networks,” IEEE Transaction on Wireless Communication, vol. 15, no. 1, pp. 357–366, 2016.

P. Gope, R. Amin, S. K. Hafizul Islam, N. Kumar, and V. K. Bhalla, “Lightweight and privacy-preserving RFID authentication scheme for distributed IoT infrastructure with secure localisation services for smart city environment,” Future Generation of Computer Systems, vol. 83, pp. 629–637, 2018.

K. Mansoor, A. Ghani, S. A. Chaudhry, S. Shamshirband, S. A. K. Ghayyur, and A. Mosavi, “Securing IoT-based RFID systems: A robust authentication protocol using symmetric cryptography,” Sensors (Switzerland), vol. 19, no. 21, pp. 1–21, 2019.

M. Wazid, A. K. Das, V. Bhat K, and A. V. Vasilakos, “LAM-CIoT: Lightweight authentication mechanism in cloud-based IoT environment,” Journal of Network and Computer Applications, vol. 150, p. 102496, 2020.

S. Kumari, M. Karuppiah, A. K. Das, X. Li, F. Wu, and N. Kumar, “A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers,” Journal of Supercomputers, vol. 74, no. 12, pp. 6428–6453, 2018.

J. Jeong, Y. C. Min, and H. Choo, “Integrated OTP-based user authentication scheme using smart cards in home networks,” Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008), 2008, pp. 1–7.

B. Vaidya, J. Park, S.-S. Yeo, and J. Rodrigues, “Robust one-time password authentication scheme using smart card for home network environment,” Computer Communications, vol. 34, pp. 326–336, 2011.

J. T. Kim, “Analyses of secure authentication scheme for smart home system based on Internet on Things,” Proceedings of the 2017 International Conference on Applied System Innovation (ICASI), 2017, pp. 335–336.

M. Backes, “Real-or-random key secrecy of the Otway-Rees protocol via a symbolic security proof,” Electronic Notes in Theoretical Computer Science, vol. 155, no. 1 special issue, pp. 111–145, 2006.

A. Y. F. Alsahlani and A. Popa, “LMAAS-IoT: Lightweight multi-factor authentication and authorisation scheme for real-time data access in IoT cloud-based environment,” Journal of Network and Computer Applications, vol. 192, no. August, p. 103177, 2021.

M. Burrows, M. Abadi, and R. Needham, “A logic of authentication,” Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences, pp. 233-271, 1989.

P. Gope and B. Sikdar, “Lightweight and privacy-preserving two-factor authentication scheme for IoT devices,” IEEE Internet of Things Journal, vol. 6, no. 1, pp. 580–589, 2019.

Y. Park, “A secure user authentication scheme with biometrics for IoT medical environments,” International Journal of Advanced Computer Science and Applications, vol. 9, no. 11, pp. 607-615, 2018.

S. Kumari, M. Karuppiah, A. K. Das, X. Li, F. Wu, and N. Kumar, “A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers,” Journal of Supercomputers, vol. 74, no. 12, pp. 6428–6453, 2018.

A. Ghani, K. Mansoor, S. Mehmood, S. A. Chaudhry, A. U. Rahman, and M. Najmus Saqib, “Security and key management in IoT-based wireless sensor networks: An authentication protocol using symmetric key,” International Journal of Communication Systems, vol. 32, no. 16, pp. 1–18, 2019.

X. Li, J. Niu, S. Kumari, F. Wu, and K. K. R. Choo, “A robust biometrics based three-factor authentication scheme for global mobility networks in smart city,” Future Generation of Computer Systems, vol. 83, pp. 607–618, 2018.




How to Cite

Chiadighikaobi, I. R., Katuk, N., & Osman, B. (2022). DMUAS-IoT: A Decentralised Multi-Factor User Authentication Scheme for IoT Systems. International Journal of Computing, 21(4), 424-434.