ScPUAK: Smart card-based secure Protocol for remote User Authentication and Key agreement.

Internet of Things (IoT) is a fast-growing trend in wireless communication where various connected objects become an everyday part of our lives. The richness of the network is leading to open challenges and exposure to various attacks. Thus, security remains a major concern. Our purpose for this paper is to propose a smart card-based protocol that enables mutual authentication between a user and a server and allows for the establishment of a secure session key. In this context, we use Elliptic curve cryptography (ECC) and other lightweight operations as hash function and exclusive OR (XOR). We perform an evaluation of our protocol using Burrows–Abadi–Needham (BAN) logic, Scyther verification tool and Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The results show that our solution is robust to most known attacks, suitable to IoT devices and more efficient compared to recent related protocols. [Display omitted] • Development of a novel security protocol based on smart cards for IoT networks. • ScPUAK is based on Elliptic curve cryptography, user's biometry and hash functions. • The formal security analysis shows its efficiency and safety against known attacks. • The protocol exhibits security properties while maintaining reasonable lightness. [ABSTRACT FROM AUTHOR]