A lightweight authentication and key agreement protocol for heterogeneous IoT with special attention to sensing devices and gateway

Focusing specifically on sensing devices with restricted resources, heterogeneous internet of things (HIoT) is an attractive scenario for IoT networks. Nonetheless, the very nature of wireless channels in these networks has given rise to a series of security challenges, which need to be considered while developing authentication protocols. Here, we scrutinized Yu and Park’s, Kumari et al.’s, and Ostad-sharif et al.'s protocols and illustrated their weaknesses against key compromise attacks, insider attacks, and violation of anonymity. Furthermore, for heterogeneous IoT contexts, a lightweight and secure authentication and key agreement protocol for heterogeneous IoT environments is presented. Concerning the restricted resources of sensing devices, an attempt is made to provide an efficient HIoT-based authentication protocol to enhance network security and performance. The gateway as a trusted authority with the maximum workload and sensing devices with the highest restrictions on resources are considered in the suggested protocol. As a result, the user bears the brunt of the workload in the individual session. The Burrows–Abadi–Needham (BAN) logic is used to validate the proposed protocol, and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is utilized to demonstrate resilience to existing active attacks. Simulation findings and performance assessment revealed that our protocol improved communication overheads by up to 110%, computation overheads by up to 83%, and sensing device maximum storage capacity by up to 51%.