Exploring Authentication Paradigms in the Internet of Things: A Comprehensive Scoping Review
<p>Criteria for classification of IoT authentication.</p> "> Figure 2
<p>Systematic mapping process.</p> "> Figure 3
<p>Distribution of selected primary studies by year.</p> "> Figure 4
<p>Publication channels.</p> "> Figure 5
<p>Authentication in the Internet of Things across diverse domains.</p> "> Figure 6
<p>Focused problems in IoT authentication. The top 5 most focused problems, including resisting/detecting cyberattacks, hardware/software integration, privacy and reliability of IoT communication, dealing with computational constraints, and distributed/multi-owned devices, were prominent in IoT authentication. Nevertheless, several niche-focused problems required further investigation within the domain of IoT authentication (such as proximity-based limitation, false-positive identification, blockchain encumberment, and resource-friendly security).</p> "> Figure 7
<p>Comprehensive analysis of contributions of authentication trends in IoT.</p> "> Figure 8
<p>The output of the reviewed paper based on years for different performance measures: (1) computational costs, (2) communication costs, (3) time consumption, (4) storage costs, (5) accurateness, (6) energy requirements, (7) usability, (8) throughput rates, (9) variable size, (10) falseness rates.</p> "> Figure 9
<p>Advantages of authentication in IoT.</p> "> Figure 10
<p>Distribution of common limitations across IoT authentication studies.</p> "> Figure 11
<p>Future directions based on common themes.</p> ">
Abstract
:1. Introduction
2. Related Works
3. Materials and Methods
- (a)
- Definition of research questions: These questions align with the study’s objectives.
- (b)
- Definition of the scope: Defining the scope aids in establishing initial research boundaries and directing the study’s trajectory by framing the research questions.
- (c)
- Establishment of search strategy: This encompasses choosing search sources, such as indexing services, digital libraries, and publication venues, to locate primary studies, along with determining search strings. Journal and conference quality criteria are considered.
- (d)
- Establishment of selection criteria: The inclusion and exclusion criteria determine the relevance of primary studies to address research questions, facilitating the exclusion of irrelevant ones.
3.1. Research Questions
3.2. Data Sources
3.3. Search Queries
- Population: Primary studies on authentication.
- Intervention: IoT applications.
- Comparison: Problems, innovation, advantages, limitation performance metrics, and future directions.
- Outcome: Advantages, contributions, and limitations of authentication in IoT technology.
3.4. Research Questions Inclusion and Exclusion Criteria
4. Results and Discussion
4.1. RQ1: What Are the Demographics of the Primary Studies?
4.1.1. Publication Year
4.1.2. Types of Publication Channels
4.1.3. Journals Featuring Relevant Publications
4.2. RQ2: In Which Domains Has Authentication in the IoT Been Extensively Applied?
4.3. RQ3 What Kinds of Problems Are Present in IoT Authentication?
4.4. RQ4 What Is the Contribution of Authentication in IoT System?
4.4.1. Industrial
4.4.2. Healthcare
4.4.3. Cloud and Fog
4.4.4. Blockchain
4.4.5. Communication
4.4.6. Farming
4.4.7. Network
4.4.8. RFID
4.4.9. Smart IoT
4.4.10. Mobile
4.5. RQ5: Which Performance Metrics Are Most Commonly Utilized?
4.6. RQ6: What Are the Advantages of Each Type of Authentication in IoT?
4.6.1. Security and Reliability
4.6.2. Performance Efficiency
4.6.3. Decentralization and Fairness
4.6.4. Privacy Protection
4.6.5. Real-Time Monitoring
4.6.6. Mutual Authentication
4.6.7. Flexibility and Scalability
4.6.8. Availability of Source Code
4.7. RQ7: What Are the Authentication Challenges in IoT Environments?
4.7.1. Integration and Compatibility
4.7.2. Computational Complexity
4.7.3. QoS Impacting Authentication
4.7.4. Low Efficiency
4.7.5. Security and Privacy
4.7.6. Scalability Issues
4.7.7. High Storage Overhead
4.7.8. Lack of Performance Analysis
4.7.9. Authentication and Leakage Resilience
4.7.10. Implementation Challenges
4.7.11. Resource-Intensive Operations
4.7.12. Network Availability
4.7.13. Attacks on Robustness
4.7.14. Others
4.8. RQ8: How Can Advancements in IoT Authentication Address the Collective Challenges in the IoT Authentication Environment?
- Security Enhancement and Efficiency Optimization: Researchers in multiple studies [11,13,27,31,39,53,54,72,75,76,80] underscore the crucial significance of enhancing security measures while optimizing computational efficiency. This direction aims to achieve a delicate balance between robust security protocols and minimal computational overhead, acknowledging the inherent trade-off between security and performance.
- Real-World Implementation and Assessment: Studies [6,9,13,31,48,55,66,68,73] highlight the need to transition from theoretical proposals to practical implementations. Real-world assessments guarantee the effectiveness, scalability, and resilience of proposed authentication solutions, ensuring their capability to withstand the complexities of diverse environments. Researchers aspire to bridge the gap between theoretical advancements and practical usability.
- Scalability and Reliability: As evident in various studies [12,13,34,51,55,73,74], scalability and reliability emerge as central concerns for researchers. As IoT networks expand, the necessity to ensure authentication solutions can seamlessly scale and maintain reliability becomes imperative. This future direction aims to tackle challenges associated with the growing size and complexity of IoT ecosystems.
- Blockchain Integration and Security Issues: Recognizing the potential of blockchain in enhancing security in IoT authentication, studies [14,17,31,65,72,73,75] highlight its importance. Integration with blockchain effectively addresses challenges such as decentralization, immutability, and transparency. Researchers envision blockchain as a viable solution to secure data transactions and user identities within IoT networks.
- AI Integration and Advanced Computing Technologies: Unearthed in studies [15,51,77,80], the integration of AI and advanced computing technologies emerges as a promising avenue for future exploration. AI holds the potential to elevate authentication mechanisms by learning and adapting to evolving threats. Researchers anticipate AI as a tool to enhance the adaptability and intelligence of IoT authentication systems.
- Privacy and Access Control: Emphasized in studies [12,17,32,61], privacy and access control stand out as critical concerns. Given that IoT devices accumulate vast amounts of sensitive data, ensuring robust privacy measures and granular access control becomes imperative. Researchers strive to design authentication systems that prioritize user privacy and offer effective access management.
- Communication Efficiency and IoT Optimization: As acknowledged in studies [10,15,44,55,56], optimizing communication efficiency emerges as crucial for IoT networks. Researchers endeavor to minimize latency, improve data transmission, and optimize resource usage. This direction tackles challenges associated with communication bottlenecks, particularly in scenarios where real-time data exchange is paramount.
- Multifactor Authentication and Standardization: Investigated in studies [54,59,70] multifactor authentication and standardization emerge as essential components for robust security. Researchers advocate for the widespread adoption of standardized protocols to ensure interoperability and emphasize the incorporation of multifactor authentication to strengthen the overall security posture of IoT environments.
- Cross-Domain Authentication and Interoperability: Investigated in studies [13,75], cross-domain authentication and interoperability emerge as crucial elements for seamless integration across diverse IoT domains. Researchers aspire to devise authentication solutions that can function cohesively in heterogeneous environments, facilitating interoperability between various IoT applications and industries.
- Decentralization and Edge Computing: Explored in studies [10,73,77], decentralization and edge computing respond to the demand for distributed authentication mechanisms. Researchers anticipate integrating edge computing to enhance processing at the network’s edge, thereby reducing latency and improving response times for authentication requests.
- Efficiency in Authentication Protocols: Studies [28,36,44,60,75] focus on optimizing authentication protocols for efficiency. This direction aims to streamline the authentication process, reduce computational overhead, and enhance the overall efficiency of authentication mechanisms while maintaining a delicate balance between security and performance.
- Diverse Domain Application: Explored in studies [32,55,59,66,69], the examination of diverse domain applications underscores the adaptability of authentication solutions. Researchers seek to design authentication protocols that are applicable across various domains, addressing challenges unique to each application area.
5. Conclusions
Author Contributions
Funding
Data Availability Statement
Acknowledgments
Conflicts of Interest
References
- El-hajj, M.; Chamoun, M.; Fadlallah, A.; Serhrouchni, A. Analysis of authentication techniques in Internet of Things (IoT). In Proceedings of the 2017 1st Cyber Security in Networking Conference (CSNet), Rio de Janeiro, Brazil, 18–20 October 2017; pp. 1–3. [Google Scholar] [CrossRef]
- El-hajj, M.; Chamoun, M.; Fadlallah, A.; Serhrouchni, A. Taxonomy of authentication techniques in Internet of Things (IoT). In Proceedings of the 2017 IEEE 15th Student Conference on Research and Development (SCOReD), Putrajaya, Malaysia, 13–14 December 2017; pp. 67–71. [Google Scholar] [CrossRef]
- Atzori, L.; Iera, A.; Morabito, G. The Internet of Things: A survey. Comput. Netw. 2010, 54, 2787–2805. [Google Scholar] [CrossRef]
- Maresch, D.; Gartner, J. Make disruptive technological change happen-The case of additive manufacturing. Technol. Forecast. Soc. Chang. 2020, 155, 119216. [Google Scholar] [CrossRef]
- Ahmed, M.E.; Kim, H. DDoS Attack Mitigation in Internet of Things Using Software Defined Networking. In Proceedings of the 2017 IEEE Third International Conference on Big Data Computing Service and Applications (BigDataService), Redwood City, CA, USA, 6–9 April 2017; pp. 271–276. [Google Scholar] [CrossRef]
- Liu, Y.; Hao, X.; Ren, W.; Xiong, R.; Zhu, T.; Choo, K.-K.R.; Min, G. A Blockchain-Based Decentralized, Fair and Authenticated Information Sharing Scheme in Zero Trust Internet-of-Things. IEEE Trans. Comput. 2023, 72, 501–512. [Google Scholar] [CrossRef]
- Tanveer, M.; Badshah, A.; Khan, A.U.; Alasmary, H.; Chaudhry, S.A. CMAF-IIoT: Chaotic map-based authentication framework for Industrial Internet of Things. Internet Things 2023, 23, 100902. [Google Scholar] [CrossRef]
- Ali, F.M.; Yunus, N.A.M.; Mohamed, N.N.; Daud, M.M.; Sundararajan, E.A. A Systematic Mapping: Exploring Internet of Everything Technologies and Innovations. Symmetry 2023, 15, 1964. [Google Scholar] [CrossRef]
- Zhang, Y.; He, D.; Vijayakumar, P.; Luo, M.; Huang, X. SAPFS: An Efficient Symmetric-Key Authentication Key Agreement Scheme with Perfect Forward Secrecy for Industrial Internet of Things. IEEE Internet Things J. 2023, 10, 9716–9726. [Google Scholar] [CrossRef]
- Saad, M.H.M.; Akmar, M.H.S.; Ahmad, A.S.S.; Habib, K.; Hussain, A.; Ayob, A. Design, Development Evaluation of A Lightweight IoT Platform for Engineering Scientific Applications. In Proceedings of the 2021 IEEE 12th Control and System Graduate Research Colloquium, ICSGRC 2021-Proceedings, Shah Alam, Malaysia, 7 August 2021; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2021; pp. 271–276. [Google Scholar] [CrossRef]
- Rangwani, D.; Om, H. 4F-MAKA: Four-factor mutual authentication and key agreement protocol for internet of things. Peer-Peer Netw. Appl. 2023, 16, 35–56. [Google Scholar] [CrossRef]
- El-Meniawy, N.; Rizk, M.R.M.; Ahmed, M.A.; Saleh, M. An Authentication Protocol for the Medical Internet of Things. Symmetry 2022, 14, 1483. [Google Scholar] [CrossRef]
- Mao, W.; Jiang, P.; Zhu, L. BTAA: Blockchain and TEE-Assisted Authentication for IoT Systems. IEEE Internet Things J. 2023, 10, 12603–12615. [Google Scholar] [CrossRef]
- Bułat, R.; Ogiela, M.R. Personalized Context-Aware Authentication Protocols in IoT. Appl. Sci. 2023, 13, 4216. [Google Scholar] [CrossRef]
- Singh, B.; Lal, R.; Singla, S. A Secure Authentication mechanism for accessing IoT devices through Mobile App. In Proceedings of the 2022 International Conference on Computational Modelling, Simulation and Optimization, ICCMSO 2022, Pathum Thani, Thailand, 23–25 December 2022; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2022; pp. 274–278. [Google Scholar] [CrossRef]
- Kamil, S.; Ayob, M.; Abdullah, S.N.H.S.; Ahmad, Z. Challenges in Multi-Layer Data Security for Video Steganography Revisited. Asia-Pacific J. Inf. Technol. Multimed. 2018, 7, 53–62. [Google Scholar] [CrossRef]
- Devi, A.; Kumar, A.; Rathee, G.; Saini, H. User authentication of industrial internet of things (IIoT) through Blockchain. Multimed. Tools Appl. 2022, 82, 19021–19039. [Google Scholar] [CrossRef]
- Alsaeed, N.; Nadeem, F. A Framework for Blockchain and Fogging-based Efficient Authentication in Internet of Things. In Proceedings of the 2022 2nd International Conference on Computing and Information Technology (ICCIT), Tabuk, Saudi Arabia, 25–27 January 2022; pp. 409–417. [Google Scholar] [CrossRef]
- Khan, M.A.; Din, I.U.; Majali, T.; Kim, B.-S. A Survey of Authentication in Internet of Things-Enabled Healthcare Systems. Sensors 2022, 22, 9089. [Google Scholar] [CrossRef] [PubMed]
- Ahmed, W.K.; Mohammed, R.S. Lightweight Authentication Methods in IoT: Survey. In Proceedings of the 2022 International Conference on Computer Science and Software Engineering (CSASE), Duhok, Iraq, 14–17 March 2022; pp. 241–246. [Google Scholar] [CrossRef]
- Trnka, M.; Abdelfattah, A.S.; Shrestha, A.; Coffey, M.; Cerny, T. Systematic Review of Authentication and Authorization Advancements for the Internet of Things. Sensors 2022, 22, 1361. [Google Scholar] [CrossRef]
- Rao, P.M.; Deebak, B. A comprehensive survey on authentication and secure key management in internet of things: Challenges, countermeasures, and future directions. Ad Hoc Netw. 2023, 146, 103159. [Google Scholar] [CrossRef]
- Khalil, U.; Uddin, M.; Malik, O.A.; Hussain, S. A Blockchain Footprint for Authentication of IoT-Enabled Smart Devices in Smart Cities: State-of-the-Art Advancements, Challenges and Future Research Directions. IEEE Access 2022, 10, 76805–76823. [Google Scholar] [CrossRef]
- Salama, M.; Bahsoon, R.; Bencomo, N. Managing Trade-offs in Self-Adaptive Software Architectures. In Managing Trade-Offs in Adaptable Software Architectures; Elsevier: Amsterdam, The Netherlands, 2017; pp. 249–297. [Google Scholar] [CrossRef]
- Okoli, C. A Guide to Conducting a Standalone Systematic Literature Review Chitu Okoli. A Guide to Conducting a Standalone Systematic Literature Review. 2015. Available online: http://aisel.aisnet.org/cais (accessed on 8 December 2023).
- Kitchenham, B.; Brereton, O.P.; Budgen, D.; Turner, M.; Bailey, J.; Linkman, S. Systematic literature reviews in software engineering—A systematic literature review. Inf. Softw. Technol. 2009, 51, 7–15. [Google Scholar] [CrossRef]
- Ali, W.; Ahmed, A.A. An Authenticated Group Shared Key Mechanism Based on a Combiner for Hash Functions over the Industrial Internet of Things. Processes 2023, 11, 1558. [Google Scholar] [CrossRef]
- Tanveer, M.; Alkhayyat, A.; Khan, A.U.; Kumar, N.; Alharbi, A.G. REAP-IIoT: Resource-Efficient Authentication Protocol for the Industrial Internet of Things. IEEE Internet Things J. 2022, 9, 24453–24465. [Google Scholar] [CrossRef]
- Sharma, P.C.; Mahmood, R.; Raja, H.; Yadav, N.S.; Gupta, B.B.; Arya, V. Secure authentication and privacy-preserving blockchain for industrial internet of things. Comput. Electr. Eng. 2023, 108, 108703. [Google Scholar] [CrossRef]
- Xu, H.; Hsu, C.; Harn, L.; Cui, J.; Zhao, Z.; Zhang, Z. Three-Factor Anonymous Authentication and Key Agreement Based on Fuzzy Biological Extraction for Industrial Internet of Things. IEEE Trans. Serv. Comput. 2023, 16, 3000–3013. [Google Scholar] [CrossRef]
- Pu, L.; Lin, C.; Chen, B.; He, D. User-Friendly Public-Key Authenticated Encryption with Keyword Search for Industrial Internet of Things. IEEE Internet Things J. 2023, 10, 13544–13555. [Google Scholar] [CrossRef]
- Dohare, I.; Singh, K.; Ahmadian, A.; Mohan, S.; Praveen Kumar Reddy, M. Certificateless Aggregated Signcryption Scheme (CLASS) for Cloud-Fog Centric Industry 4.0. IEEE Trans. Ind. Inform. 2022, 18, 6349–6357. [Google Scholar] [CrossRef]
- Zhang, P.; Wang, Y.; Aujla, G.S.; Jindal, A.; Al-Otaibi, Y.D. A Blockchain-Based Authentication Scheme and Secure Architecture for IoT-Enabled Maritime Transportation Systems. IEEE Trans. Intell. Transp. Syst. 2023, 24, 2322–2331. [Google Scholar] [CrossRef]
- Liu, J.; Yang, J.; Wu, W.; Huang, X.; Xiang, Y. Lightweight Authentication Scheme for Data Dissemination in Cloud-Assisted Healthcare IoT. IEEE Trans. Comput. 2023, 72, 1384–1395. [Google Scholar] [CrossRef]
- Hasan, M.K.; Islam, S.; Sulaiman, R.; Khan, S.; Hashim, A.-H.A.; Habib, S.; Islam, M.; Alyahya, S.; Ahmed, M.M.; Kamil, S.; et al. Lightweight Encryption Technique to Enhance Medical Image Security on Internet of Medical Things Applications. IEEE Access 2021, 9, 47731–47742. [Google Scholar] [CrossRef]
- Mehbodniya, A.; Webber, J.L.; Neware, R.; Arslan, F.; Pamba, R.V.; Shabaz, M. Modified Lamport Merkle Digital Signature blockchain framework for authentication of Internet of Things healthcare data. Expert Syst. 2022, 39, e12978. [Google Scholar] [CrossRef]
- Vinoth, R.; Deborah, L.J.; Vijayakumar, P.; Gupta, B.B. An Anonymous Pre-Authentication and Post-Authentication Scheme Assisted by Cloud for Medical IoT Environments. IEEE Trans. Netw. Sci. Eng. 2022, 9, 3633–3642. [Google Scholar] [CrossRef]
- Das, S.; Namasudra, S. Lightweight and efficient privacy-preserving mutual authentication scheme to secure Internet of Things-based smart healthcare. Trans. Emerg. Telecommun. Technol. 2023, 34, e4716. [Google Scholar] [CrossRef]
- Deebak, B.D.; Memon, F.H.; Cheng, X.; Dev, K.; Hu, J.; Khowaja, S.A.; Qureshi, N.M.F.; Choi, K.H. Seamless privacy-preservation and authentication framework for IoT-enabled smart eHealth systems. Sustain. Cities Soc. 2022, 80, 103661. [Google Scholar] [CrossRef]
- Rana, A.; Rawat, A.S.; Afifi, A.; Singh, R.; Rashid, M.; Gehlot, A.; Akram, S.V.; Alshamrani, S.S. A Long-Range Internet of Things-Based Advanced Vehicle Pollution Monitoring System with Node Authentication and Blockchain. Appl. Sci. 2022, 12, 7547. [Google Scholar] [CrossRef]
- Lansky, J.; Sadrishojaei, M.; Rahmani, A.M.; Malik, M.H.; Kazemian, F.; Hosseinzadeh, M. Development of a Lightweight Centralized Authentication Mechanism for the Internet of Things Driven by Fog. Mathematics 2022, 10, 4166. [Google Scholar] [CrossRef]
- Gupta, B.B.; Gaurav, A.; Chui, K.T.; Hsu, C.-H. Identity-Based Authentication Technique for IoT Devices. In Proceedings of the Digest of Technical Papers-IEEE International Conference on Consumer Electronics, Las Vegas, NV, USA, 7–9 January 2022; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2022; pp. 1–4. [Google Scholar] [CrossRef]
- Tong, F.; Chen, X.; Wang, K.; Zhang, Y. CCAP: A Complete Cross-Domain Authentication Based on Blockchain for Internet of Things. IEEE Trans. Inf. Forensics Secur. 2022, 17, 3789–3800. [Google Scholar] [CrossRef]
- Chen, C.-M.; Li, X.; Liu, S.; Wu, M.-E.; Kumari, S. Enhanced Authentication Protocol for the Internet of Things Environment. Secur. Commun. Netw. 2022, 2022, 8543894. [Google Scholar] [CrossRef]
- Gong, X.; Feng, T. Lightweight Anonymous Authentication and Key Agreement Protocol Based on CoAP of Internet of Things. Sensors 2022, 22, 7191. [Google Scholar] [CrossRef]
- Jiang, L.; Cui, H. Private and Mutual Authentication Protocols for Internet of Things. Mathematics 2023, 11, 1929. [Google Scholar] [CrossRef]
- AlQahtani, A.A.S.; Alamleh, H.; Al Smadi, B. IoT Devices Proximity Authentication. In Ad Hoc Network Environment, Proceedings of the 2022 IEEE International IOT, Electronics and Mechatronics Conference, IEMTRONICS 2022, Toronto, ON, Canada, 1–4 June 2022; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2022; pp. 1–5. [Google Scholar] [CrossRef]
- Odyuo, N.; Lodh, S.; Walling, S. Multifactor Mutual Authentication of IoT Devices and Server. In Proceedings of the 5th International Conference on Smart Systems and Inventive Technology, ICSSIT 2023, Tirunelveli, India, 23–25 January 2023; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2023; pp. 391–396. [Google Scholar] [CrossRef]
- Liou, W.-C.; Lin, T. T-Auth: A Novel Authentication Mechanism for the IoT Based on Smart Contracts and PUFs. In Proceedings of the 2021 IEEE International Conference on Communications Workshops (ICC Workshops), Montreal, QC, Canada, 14–23 June 2021; pp. 1–6. [Google Scholar] [CrossRef]
- Alzahrani, B.A.; Mahmood, K. Provable Privacy Preserving Authentication Solution for Internet of Things Environment. IEEE Access 2021, 9, 82857–82865. [Google Scholar] [CrossRef]
- Saqib, M.; Jasra, B.; Moon, A.H. A lightweight three factor authentication framework for IoT based critical applications. J. King Saud Univ. Comput. Inf. Sci. 2021, 34, 6925–6937. [Google Scholar] [CrossRef]
- Guo, Y.; Guo, Y. CS-LAKA: A lightweight authenticated key agreement protocol with critical security properties for IoT environments. IEEE Trans. Serv. Comput. 2023, 16, 4102–4114. [Google Scholar] [CrossRef]
- Nezhad, M.A.; Barati, H.; Barati, A. An Authentication-Based Secure Data Aggregation Method in Internet of Things. J. Grid Comput. 2022, 20, 1–28. [Google Scholar] [CrossRef]
- Siddiqui, Z.; Gao, J.; Khan, M.K. An Improved Lightweight PUF–PKI Digital Certificate Authentication Scheme for the Internet of Things. IEEE Internet Things J. 2022, 9, 19744–19756. [Google Scholar] [CrossRef]
- Rahimi, M.K.H.; Saad, M.H.M.; Juhari, A.H.M.; Sulaiman, M.K.A.M.; Hussain, A. A Secure Cloud Enabled Indoor Hydroponic System Via ThingsSentral IoT Platform. In Proceedings of the 2020 IEEE 8th Conference on Systems, Process and Control (ICSPC), Melaka, Malaysia, 11–12 December 2020; pp. 214–219. [Google Scholar] [CrossRef]
- Gonçalves, C.; Sousa, B.; Vukovic, M.; Kusek, M. A federated authentication and authorization approach for IoT farming. Internet Things 2023, 22, 100785. [Google Scholar] [CrossRef]
- Hu, B.; Tang, W.; Xie, Q. A two-factor security authentication scheme for wireless sensor networks in IoT environments. Neurocomputing 2022, 500, 741–749. [Google Scholar] [CrossRef]
- Wu, Y.; Jing, T.; Gao, Q.; Wu, Y.; Huo, Y. Game-theoretic physical layer authentication for spoofing detection in internet of things. Digit. Commun. Netw. 2023. [Google Scholar] [CrossRef]
- Malik, M.; Kamaldeep, K.; Dutta, M.; Granjal, J. L-ECQV: Lightweight ECQV Implicit Certificates for Authentication in the Internet of Things. IEEE Access 2023, 11, 35517–35540. [Google Scholar] [CrossRef]
- Leng, Y.; Zhang, R.; Wen, W.; Wu, P.; Xia, M. Physical-layer Authentication with Watermarked Preamble for Internet of Things. In Proceedings of the International Conference on Wireless and Mobile Computing, Networking and Communications, IEEE Computer Society, Montreal, QC, Canada, 21–23 June 2023; pp. 212–217. [Google Scholar] [CrossRef]
- Chanal, P.M.; Kakkasageri, M.S. Random Forest Algorithm based Device Authentication in IoT. In Proceedings of the CONECCT 2023-9th International Conference on Electronics, Computing and Communication Technologies, Bangalore, India, 14–16 July 2023; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2023. [Google Scholar] [CrossRef]
- Yuan, S.; Phan-Huynh, R. A Lightweight Hash-Chain-Based Multi-Node Mutual Authentication Algorithm for IoT Networks. In Proceedings of the 2022 IEEE Future Networks World Forum, FNWF 2022, Montreal, QC, Canada, 10–14 October 2022; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2022; pp. 72–74. [Google Scholar] [CrossRef]
- Shilpa, V.; Vidya, A.; Pattar, S. MQTT based Secure Transport Layer Communication for Mutual Authentication in IoT Network. Glob. Transit. Proc. 2022, 3, 60–66. [Google Scholar] [CrossRef]
- Goswami, H.; Choudhury, H. Remote Registration and Group Authentication of IoT Devices in 5G Cellular Network. Comput. Secur. 2022, 120, 102806. [Google Scholar] [CrossRef]
- Alshawish, I.; Al-Haj, A. An efficient mutual authentication scheme for IoT systems. J. Supercomput. 2022, 78, 16056–16087. [Google Scholar] [CrossRef]
- Ghasemi, F.; Babaie, S. A lightweight secure authentication approach based on stream ciphering for RFID-based Internet of Things. Comput. Electr. Eng. 2022, 102, 108288. [Google Scholar] [CrossRef]
- Pahlevi, R.R.; Suryani, V.; Nuha, H.H.; Yasirandi, R. Secure Two-Factor Authentication for IoT Device. In Proceedings of the 2022 10th International Conference on Information and Communication Technology (ICoICT), Bandung, Indonesia, 2–3 August 2022; pp. 407–412. [Google Scholar] [CrossRef]
- Rostampour, S.; Bagheri, N.; Bendavid, Y.; Safkhani, M.; Kumari, S.; Rodrigues, J.J.P.C. An Authentication Protocol for Next Generation of Constrained IoT Systems. IEEE Internet Things J. 2022, 9, 21493–21504. [Google Scholar] [CrossRef]
- Annadurai, C.; Nelson, I.; Devi, K.N.; Manikandan, R.; Jhanjhi, N.Z.; Masud, M.; Sheikh, A. Biometric Authentication-Based Intrusion Detection Using Artificial Intelligence Internet of Things in Smart City. Energies 2022, 15, 7430. [Google Scholar] [CrossRef]
- Chen, F.; Xiao, Z.; Xiang, T.; Fan, J.; Truong, H.-L. A Full Lifecycle Authentication Scheme for Large-Scale Smart IoT Applications. IEEE Trans. Dependable Secur. Comput. 2023, 20, 2221–2237. [Google Scholar] [CrossRef]
- Gong, B.; Zheng, G.; Waqas, M.; Tu, S.; Chen, S. LCDMA: Lightweight Cross-Domain Mutual Identity Authentication Scheme for Internet of Things. IEEE Internet Things J. 2023, 10, 12590–12602. [Google Scholar] [CrossRef]
- Wazzeh, M.; Ould-Slimane, H.; Talhi, C.; Mourad, A.; Guizani, M. Privacy-Preserving Continuous Authentication for Mobile and IoT Systems Using Warmup-Based Federated Learning. IEEE Netw. 2022, 37, 224–230. [Google Scholar] [CrossRef]
- Amanlou, S.; Hasan, M.K.; Abu Bakar, K.A. Lightweight and secure authentication scheme for IoT network based on publish–subscribe fog computing model. Comput. Netw. 2021, 199, 108465. [Google Scholar] [CrossRef]
- Singh, R.; Sturley, S.; Tewari, H. Blockchain-Enabled Chebyshev Polynomial-Based Group Authentication for Secure Communication in an Internet of Things Network. Future Internet 2023, 15, 96. [Google Scholar] [CrossRef]
- Ismail, S.; Dawoud, D.; Reza, H. Towards A Lightweight Identity Management and Secure Authentication for IoT Using Blockchain. In Proceedings of the 2022 IEEE World AI IoT Congress (AIIoT), Seattle, WA, USA, 6–9 June 2022; pp. 77–83. [Google Scholar] [CrossRef]
- Jin, C.; Yang, Z.; Xiang, T.; Adepu, S.; Zhou, J. HMACCE: Establishing Authenticated and Confidential Channel from Historical Data for Industrial Internet of Things. IEEE Trans. Inf. Forensics Secur. 2023, 18, 1080–1094. [Google Scholar] [CrossRef]
- Sivaselvan, N.; Bhat, K.V.; Rajarajan, M.; Das, A.K.; Rodrigues, J.J.P.C. SUACC-IoT: Secure unified authentication and access control system based on capability for IoT. Clust. Comput. 2022, 26, 2409–2428. [Google Scholar] [CrossRef]
- Anaam, E.; Hasan, M.K.; Ghazal, T.M.; Haw, S.-C.; Alzoubi, H.M.; Alshurideh, M.T. How Private Blockchain Technology Secure IoT Data Record. In Proceedings of the 2023 IEEE 2nd International Conference on AI in Cybersecurity, ICAIC 2023, Houston, TX, USA, 7–9 February 2023; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2023. [Google Scholar] [CrossRef]
- Al Ahmed, M.T.; Hashim, F.; Hashim, S.J.; Abdullah, A. Hierarchical blockchain structure for node authentication in IoT networks. Egypt. Inform. J. 2022, 23, 345–361. [Google Scholar] [CrossRef]
- Khashan, O.A.; Khafajah, N.M. Efficient hybrid centralized and blockchain-based authentication architecture for heterogeneous IoT systems. J. King Saud Univ. Comput. Inf. Sci. 2023, 35, 726–739. [Google Scholar] [CrossRef]
- Al Ahmed, M.T.; Hashim, F.; Hashim, S.J.; Abdullah, A. Authentication-Chains: Blockchain-Inspired Lightweight Authentication Protocol for IoT Networks. Electronics 2023, 12, 867. [Google Scholar] [CrossRef]
RQ No. | Research Question | Motivation |
---|---|---|
RQ1 | What are the demographics of the primary studies? | To identify the distribution of primary studies based on their type, publication year, and venue. |
RQ2 | In which domains have authentication in IoT been extensively applied? | To highlight the domains where authentication in IoT has been extensively applied. |
RQ3 | What kinds of problems are present in IoT authentication? | To recognize the types of problems within IoT authentication. |
RQ4 | What is the contribution of authentication in IoT systems? | To synthesize research endeavors, emphasizing common themes in research contributions. |
RQ5 | Which performance metrics are most commonly utilized? | To identify the frequently utilized performance metrics specific to authentication in IoT. |
RQ6 | What are the advantages of each type of authentication in IoT? | To emphasize the advantages offered by existing models for IoT’s authentication and security. |
RQ7 | What are the authentication challenges in IoT environments? | To highlight the limitations in research works focused on authentication in IoT. |
RQ8 | How can advancements in IoT authentication address the collective challenges in the IoT authentication environment? | To identify the trends and directions in IoT authentication. |
Database Name | Link |
---|---|
MDPI | https://www.mdpi.com/ (accessed on 8 December 2023) |
IEEE Xplore | https://ieeexplore.ieee.org/Xplore/home.jsp (accessed on 8 December 2023) |
Web of Science | https://www.webofscience.com/wos/ (accessed on 8 December 2023) |
Science Direct | https://www.sciencedirect.com (accessed on 10 December 2023) |
SpringerLink | https://link.springer.com (accessed on 9 December 2023) |
ACM Digital Library | https://dl.acm.org/ (accessed on 9 December 2023) |
Wiley | https://onlinelibrary.wiley.com (accessed on 11 December 2023) |
Inclusion Criteria | |
---|---|
IC1 | Articles published from 2020 to 2023 |
IC2 | Articles focusing on authentication in IoT and the respective domains utilized |
IC3 | Peer-reviewed articles |
IC4 | Articles are written in English |
IC5 | Inclusion of the most recent article where multiple studies address the same theme. |
Exclusion Criteria | |
EC1 | Articles that do not meet the inclusion criteria |
EC2 | Research conducted in languages other than English |
EC3 | Articles with no validation of the proposed techniques |
EC4 | Articles using keywords without sufficient information |
EC5 | Articles presenting ambiguous or unclear results |
Title | No. of Papers |
---|---|
IEEE Internet of Things Journal | 7 |
IEEE Access | 3 |
Sensors | 3 |
Internet of Things | 2 |
Journal of King Saud University—Computer and Information Sciences | 2 |
Mathematics | 2 |
IEEE Transactions on Services Computing | 2 |
Computers and Security | 1 |
Computer Networks | 1 |
Domain | References | Authentication in IoT | Number of Papers |
---|---|---|---|
Industrial | [7,8,16,26,27,28,29,30,31,32] | Authorization in industrial settings: preventing unauthorized access, protecting data, and maintaining the reliability and safety of critical industrial processes. | 10 |
Healthcare | [11,33,34,35,36,37,38] | Safeguard the privacy and security of healthcare ecosystems: biometric authentication, secure login credentials, two-factor authentication, encryption, and compliance with healthcare regulations. | 7 |
Cloud and Fog | [9,14,39,40,41] | Cloud and fog identity verification: secured access to cloud services and fog computing nodes. | 5 |
Blockchain | [6,13,42,43,44,45,46,47,48,49,50,51] | Blockchain facilitation: secure authentication through decentralized identity, smart contracts, and cryptographic measures. | 8 |
Communication | [10,13,42,43,44,45,46,47,48,49,50,51,52,53] | Data transmission and information sharing: development of secure communication protocols, encryption techniques, authentication methods. | 16 |
Farming | [54,55,56] | Farming IoT systems: ongoing security and performance of devices involve continuous surveillance of device behaviour, network traffic, and data interactions. | 2 |
Networks | [56,57,58,59,60,61,62,63,64] | Advanced protocols and encryption for trusted connections: emphasizes high-security measures to protect against unauthorized access and data breaches and ensure the integrity of communications. | 8 |
RFID | [64,65,66,67] | Verification of RFID tags: authenticate and authorize RFID devices in supply chain management, access control, and asset tracking. | 4 |
Smart IoT | [64,68,69] | Identity verification of connected IoT devices: secure communication and preventing malicious activities. | 3 |
Prevalent Problems | References | Number of References | % Reference (Approximately) |
---|---|---|---|
Resisting/detecting cyberattacks | [14,15,28,37,41,47,52,53,57,65,66,68] | 12 | 18% |
Real-world hardware/software integration | [11,32,34,35,37,39,48,54,75,76] | 11 | 17% |
Privacy and reliability of IoT communication | [10,30,32,33,50,52,53,65,71,77] | 10 | 15% |
Dealing with computational constraints | [7,44,55,59,61,64,65,67,70] | 9 | 14% |
Distributed or multi-owned devices | [9,16,26,29,31,44,73] | 7 | 11% |
Wireless communication | [49,51,56,57,62] | 5 | 8% |
Identity-based protocol | [43,60,70,74] | 4 | 6% |
Cross-domain protocol | [12,42,69,70] | 4 | 6% |
Internet-enabled smart devices | [9,27,60] | 3 | 5% |
Mutual protection protocol | [45,70] | 2 | 3% |
Flawed centralization | [78,79] | 2 | 3% |
Multi-layered architecture | [8,69] | 2 | 3% |
Proximity-based limitation | [36] | 1 | 2% |
False-positive identification | [13] | 1 | 2% |
Blockchain encumberment | [80] | 1 | 2% |
Resource-friendly security | [58] | 1 | 2% |
Domain | Research Clustering on Contribution Trends | ||||
---|---|---|---|---|---|
Lightweight Cryptography | Blockchain Integration | Privacy-Preserving Approaches | Efficient Encryption | Novel Security Mechanisms | |
Industrial | [7,28,30] | [29,33] | [27,30] | [17,31] | [32,33] |
Healthcare | [12,34,35] | [39] | [38,39] | [17] | [36,39] |
Cloud and Fog | [40,42] | [40] | - | - | [10,15,41] |
Blockchain | [78] | [79] | [43] | [6,43,80,81] | |
Communication | [11] | [6] | [53] | [43] | [14,28,44,45,47,48,49,50,51,52,77] |
Farming | - | - | [55,56] | [56] | [55,56] |
Network | [58,59,60] | [61,62] | [63] | [64] | [57] |
RFID | [68] | [65] | [67] | [66] | - |
Smart IoT | [69] | - | - | - | [65,70] |
Mobile | [71,72] | - | [72] | - | [71,72] |
No. of Papers | 17 | 9 | 11 | 7 | 29 |
Performance Metrics | References | No of Papers |
---|---|---|
Computational Costs | [6,7,8,11,12,26,27,29,30,31,32,33,34,36,38,39,42,44,45,47,50,51,56,60,61,64,67,68,69,70,72,76,79,80] | 34 |
Communication Costs | [7,8,9,10,12,13,27,28,29,30,32,33,36,38,39,42,43,44,47,49,51,52,61,64,65,67,69,70,72,75,76] | 31 |
Time Consumption | [6,11,16,28,30,31,33,34,39,41,43,44,45,52,53,58,60,61,72,73,79,80] | 22 |
Storage Costs | [7,8,9,10,26,27,28,29,31,36,40,42,58,65,69,76] | 16 |
Accurateness | [14,16,34,46,59,60,68,71,74] | 9 |
Energy Requirement | [9,10,26,42,52,58,72,79] | 8 |
Usability | [46,48,50,51,66,74,76] | 7 |
Throughput Rate | [16,29,32,38,52] | 5 |
Variable Size | [15,33,58,72] | 4 |
Falseness Rate | [57,65,66,74] | 4 |
Advantages | Number of Papers | References |
---|---|---|
Security and Reliability | 41 | [7,8,10,11,13,14,26,27,28,29,30,31,33,34,35,37,39,41,42,43,44,48,49,50,53,54,56,57,62,63,65,66,67,68,69,73,74,75,76,78,79] |
Performance Efficiency | 31 | [6,7,10,26,27,29,30,33,34,35,36,37,38,40,43,49,51,52,53,56,58,60,61,62,63,65,67,70,72,78,79] |
Decentralization and Fairness | 3 | [6,39,80] |
Privacy Protection | 13 | [6,11,16,27,31,33,34,42,45,53,58,71,75] |
Real-time Monitoring | 3 | [11,39,54] |
Mutual Authentication | 8 | [8,11,14,16,60,64,69,79] |
Flexibility and Scalability | 7 | [8,9,26,28,40,52,58] |
Source Code Availability | 2 | [67,69] |
Limitation Categories | Common Limitation | References | Percentage |
---|---|---|---|
Integration and Compatibility | Compatibility with existing IoT systems and legacy devices | [7,11] | 4% |
Computational Complexity | High computational complexity | [6,10,13,26,46,54,68] | 28% |
QoS Impacting Authentication | Minimal Quality of Service (QoS) impacting authentication reliability | [38,65] | 4% |
Low Efficiency | Low efficiency caused by using low-cost sensors | [39,44] | 4% |
Security and Privacy | Lack of comprehensive analysis of security and privacy issues | [30,53,68] | 12% |
Scalability Issues | Impact of network scale | [42,73] | 8% |
High Storage Overhead | Potential high storage overhead associated with the proposed authentication mechanism | [40] | 4% |
Lack of Performance Analysis | Lack of specific evaluation | [28,43] | 8% |
Authentication and Leakage Resilience | Lack of comprehensive analysis of attacks and vulnerabilities | [71,75] | 8% |
Implementation Challenges | Lack of comprehensive evaluation in real-world IoT deployments | [12,72] | 8% |
Resource-Intensive Operations | High power/energy consumption, computation overheads | [40,41,47,54,60] | 12% |
Network Availability | Dependency on a predetermined route, impact of network scale, dynamic network conditions | [46,52,63,76] | 8% |
Attacks for Robustness | Lack of comprehensive analysis of attacks and vulnerabilities | [64,73] | 8% |
Others | Standardized IoT networks, decisional Diffie-Hellman assumption, trusted Key Generation Center | [32,58,79] | 8% |
Future Trends and Directions | Common Research | References |
---|---|---|
Security Enhancement and Efficiency Optimization | [10,12,26,30,38,52,53,71,74,75,79] | 11 |
Real-World Implementation and Assessment | [6,9,13,31,48,55,66,68,73] | 9 |
Scalability and Reliability | [11,12,33,50,54,72,73] | 7 |
Blockchain Integration and Security Issues | [13,16,30,64,71,72,74] | 7 |
AI Integration and Advanced Computing Technologies | [14,50,76,79] | 4 |
Privacy and Access Control | [11,16,31,60] | 4 |
Communication Efficiency and IoT Optimization | [9,14,43,54,55] | 5 |
Multifactor Authentication and Standardization | [53,58,69] | 3 |
Cross-Domain Authentication and Interoperability | [12,74] | 2 |
Decentralization and Edge Computing | [9,72,76] | 3 |
Efficiency in Authentication Protocols | [28,36,44,60,75] | 5 |
Diverse Domain Applications | [31,54,58,65,68] | 5 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Kamarudin, N.H.; Suhaimi, N.H.S.; Nor Rashid, F.A.; Khalid, M.N.A.; Mohd Ali, F. Exploring Authentication Paradigms in the Internet of Things: A Comprehensive Scoping Review. Symmetry 2024, 16, 171. https://doi.org/10.3390/sym16020171
Kamarudin NH, Suhaimi NHS, Nor Rashid FA, Khalid MNA, Mohd Ali F. Exploring Authentication Paradigms in the Internet of Things: A Comprehensive Scoping Review. Symmetry. 2024; 16(2):171. https://doi.org/10.3390/sym16020171
Chicago/Turabian StyleKamarudin, Nazhatul Hafizah, Nur Hanis Sabrina Suhaimi, Fadilla Atyka Nor Rashid, Mohd Nor Akmal Khalid, and Fazlina Mohd Ali. 2024. "Exploring Authentication Paradigms in the Internet of Things: A Comprehensive Scoping Review" Symmetry 16, no. 2: 171. https://doi.org/10.3390/sym16020171