A lightweight authentication and management method for Internet of Things

Isil Cetintav*, Mehmet Tahir Sandikkaya

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review


Internet of Things (IoT) devices are vulnerable due to their limited resources and inadequate security mechanisms. The number of IoT devices has increased day by day, so the number of devices that are connected to the Internet has also increased. Devices may be deployed anywhere and made available to anyone, making the management of numerous devices problematic. Device management is crucial, as the compromise of IoT devices might cause serious consequences and already there are examples of such a compromise caused widespread DDoS attacks. This paper aims to propose a mechanism that ensures the security of IoT devices and presents a management model and lightweight authentication mechanism simultaneously. The proposed mechanism is novel, computationally lightweight, financially low-cost, remotely usable, and requires no special hardware. This mechanism includes a key management phase to generate ephemeral keys for every session and a trivial and cost-efficient data transfer phase. The proposed mechanism provides an IoT device management model to achieve a scalable IoT environment. Data is transferred cost-effectively via XORs and hash functions. The security of the authentication mechanism is formally verified using AVISPA model checker.

Original languageEnglish
Article number100842
JournalInternet of Things (Netherlands)
Publication statusPublished - Oct 2023

Bibliographical note

Publisher Copyright:
© 2023 Elsevier B.V.


  • Internet of Things
  • IoT key exchange
  • IoT management
  • IoT security
  • Lightweight authentication


Dive into the research topics of 'A lightweight authentication and management method for Internet of Things'. Together they form a unique fingerprint.

Cite this