A Lightweight ECC-Based Authentication and Key Agreement Protocol for IoT with Dynamic Authentication Credentials

Due to the openness of communication channels and the sensitivity of the data being collected and transmitted, securing data access and communication in IoT systems requires robust ECC-based authentication and key agreement (AKA) protocols. However, designing an AKA protocol for IoT presents significant challenges, as most IoT sensors are deployed in resource-constrained, unattended environments with limited computational power, connectivity, and storage. To achieve anonymous authentication, existing solutions typically rely on shared temporary public keys to mask device IDs or validate sender certificates, which increases the computational overhead. Furthermore, these protocols often fail to address crucial security concerns, such as nonresistance to ephemeral secret leakage (ESL) attacks and a lack of perfect forward security. To mitigate the computational burden, we propose a dynamic authenticated credentials (DACs) synchronization framework for anonymous authentication. Then, we introduce an ECC-based AKA scheme that employs DACs in place of temporary public keys or sender credentials, enabling efficient and secure anonymous authentication. The security of the proposed protocol was rigorously verified under the Real-or-Oracle model and validated using ProVerif. Performance comparisons demonstrate that our scheme offered significant improvements in security, with an over 37% reduction in communication cost and computational overhead.