A Survey of Internet of Things (IoT) Authentication Schemes †

The Internet of Things (IoT) is the ability to provide everyday devices with a way of identification and another way for communication with each other. The spectrum of IoT application domains is very large including smart homes, smart cities, wearables, e-health, etc. Consequently, tens and even hundreds of billions of devices will be connected. Such devices will have smart capabilities to collect, analyze and even make decisions without any human interaction. Security is a supreme requirement in such circumstances, and in particular authentication is of high interest given the damage that could happen from a malicious unauthenticated device in an IoT system. This paper gives a near complete and up-to-date view of the IoT authentication field. It provides a summary of a large range of authentication protocols proposed in the literature. Using a multi-criteria classification previously introduced in our work, it compares and evaluates the proposed authentication protocols, showing their strengths and weaknesses, which constitutes a fundamental first step for researchers and developers addressing this domain.


Introduction
The number of connected devices is growing exponentially, forming the so-called Internet of Things (IoT), a large network of networks connecting smart devices such as sensors and actuators. Such devices are adopted in various domains such as public health, smart grids, smart transportation, waste management, smart homes, smart cities, agriculture, energy management, etc. [1][2][3].
The requirements and limitations of the connected "things" raise a number of challenges, including connectivity challenges for billions of devices to communicate with each other, security challenges with the need to protect IoT networks from being attacked (according to a Gartner report, 20% of organizations have experienced at least one IoT attack in the last three years [4]) and at the same time from being exploited to become an attack tool (e.g., Mirai botnet [5,6]). These challenges are "augmented" with the resource-limited nature of IoT devices which renders traditional communication protocols and security schemes inefficient and even infeasible for IoT. The IoT-related security issues are becoming more alarming given the ubiquitousness of IoT devices and their adoption in critical applications, which aggravate the impact of any security breach to the extent of being life-threatening. A sample scenario can be foreseen from a weakness discovered in 2017 The functions of perception, transport (i.e., network layer) and application layers are the same as in the three-layer architecture. The remaining layers of the architecture are:

1.
Processing layer: Also called the middle-ware layer, it is responsible of providing various types of services, mainly storing, analyzing, and processing data with respect to the computational results.

2.
Business layer: Its work covers the overall IoT system actions and functionality. The application layer sends the data to the business layer whose role is to build business models, graphs, and flowcharts to analyze data, in order to play a role in decision making about business strategies and road-maps.
Other architectures can also be identified in the literature. In [20,21], the authors used a five-layer architecture based on Service Oriented Architecture (SOA) that helps the integration of IoT in enterprise services. In [22], the authors considered a non-layered approach for the architecture (e.g., cloud architecture, fog architecture, social IoT, and architecture based on human brain processing).
For the rest of this paper, we consider the three-layer architecture.

Security Services
As previously mentioned, the use of connecting objects in everyday people's lives can make security issues life-threatening. The smartness integrated into homes, cars, and electric grids can be diverted into harmful scenarios when exploited by hackers. Different hacking scenarios presented in the past years [23,24] illustrate the level of harm that could result from a security breach, especially with the development and large adoption of IoT applications dealing with sensitive information (personal, industrial, governmental, etc.).

1.
Authentication: The process of confirming and insuring the identity of objects. In IoT context, each object should have the ability to identify and authenticate all other objects in the system (or in a given part of the system with which it interacts).

2.
The authorization: The process of giving permission to an entity to do or have something [28].

3.
Integrity: The way toward keeping up the consistency, precision and dependability of information over its whole life cycle. In IoT, the alteration of basic information or even the infusion of invalid information could prompt major issues, e.g., in smart health systems use cases it could lead to the death of the patient [29].

4.
Confidentiality: The process of ensuring that the information is only accessed by authorized people. Two main issues should be considered [27] regarding confidentiality in IoT: firstly, to ensure that the object receiving the data is not going to move/transfer these data to other objects and, secondly, to consider the data management.

5.
Non-repudiation: The way toward guaranteeing the ability to demonstrate that a task or event has occurred (and by whom), with the goal that this cannot be denied later. In other words, the object cannot deny the authenticity of a specific data transferred. 6.
Availability: The process of ensuring that the service needed is available anywhere and anytime for the intended users. This includes in IoT, the availability of the objects themselves. 7.
Privacy: The process of ensuring non-accessibility to private information by public or malicious objects [30].

Security Challenges in IoT Layers
In this section, we consider the most basic architecture of IoT (three-layer architecture), and discuss the security concerns, attacks and security requirements at each layer of the architecture.

Perception Layer Security Issues and Requirements
The perception layer consists of sensors that are characterized by limited processing power and storage capacity [31]. Several security issues and attack risks rise due to such limitations.
Several attacks on the perception layer are noticed:

1.
Node Capture: Nodes (base node or gateway) can be easily controlled by the attackers. Catching a node empowers an adversary not only to get tightly of cryptographic keys and protocol states, but also to clone and redistribute malicious nodes in the network, which affects the security of the entire network [32,33].

2.
Denial of Service (DoS) Attack: A type of attacks that shuts down the system or network and prevents authorized users from accessing it. This could be achieved by overwhelming the system or network with large amount of spam requests all at the same time, thus overloading the system and preventing it from delivering the normal service [34].

3.
Denial of Sleep Attack: One of the essential objective of an IoT network is the capability of sensing through an extensive number of distributed nodes, each providing small data, such as temperature, humidity, vibration, etc., at a set interval and then going to sleep for another time interval in order to allow the nodes to operate for long service life. The denial of sleep attack works on the power supply of the node with a significant goal to increase the power consumption in order to reduce the service lifetime of the node by preventing the node from going asleep after sending the appropriate sensed data [35,36].

4.
Distributed Denial of Service (DDoS) Attack: A large scale variant of DoS attacks. The most challenging issue is the ability to use the large amount of IoT nodes to pass traffic collected toward the victim server [37,38]. There are indications that the DDoS attack called "Mirai" [5,6] occuring on October 2016 benefited from a large number of IoT nodes.

5.
Fake Node/Sybil Attack: A type of attacks where the attacker can deploy fake identities using fake nodes. With the presence of a sybil node, the whole system might generate wrong data or even the neighbor nodes will receive spam data and will mislay their privacy [39,40]. The fake nodes could be used to transmit data to "legitimate" nodes leading them to consume their energy, which could lead the whole service to go down.

6.
Replay Attack: In this attack, information is stored and re-transmitted later without having the authority to do that. Such attacks are commonly used against authentication protocols [41,42].

7.
Routing Threats: This type of attacks is the most fundamental attack at the network layer but it could occur at the perception layer in data forwarding process. An attacker can create a routing loop causing the shortage or extension of the routing path, increasing the end-to-end delay, and increasing the error messages [43].

8.
Side-Channel Attack: This type of attacks occurs on encryption devices by taking advantage of the hardware information where the crypto-system is applied on (chips), such as the execution time, power consumption, power dissipation, and electromagnetic interference produced by electronic devices throughout the encryption procedure. Such information could be analyzed to discover secret keys used during the encryption process [44][45][46][47].

9.
Mass Node Authentication: The process of authenticating large amount of devices in an IoT system, which requires massive amount of network communication for the authentication phase to finish and this could affect the performance of the whole system.
Taking into consideration the above-mentioned risks, there is a need for node authentication to prevent fake node and illegal access, in addition to the need for data encryption to protect the confidentiality of data while being transmitted between nodes (end node, gateway or server). Due to the properties of the nodes with respect to the shortage of power and the limited storage capacity, there is a necessity for mature lightweight security schemes that include both lightweight cryptographic algorithms and security protocols.

Network Layer Security Issues and Requirements
The network layer is in charge of the diffusion of data from the perception layer to the application layer. This is where data routing occurs as well as the primary data analysis. In this layer, several network technologies are used such as the different technologies for mobile communication generations (2G, 3G, 4G and 5G) and wireless networks (Bluetooth, WiMAX, WiFi, LoRaWAN, etc.).
Several attacks and risks on the network layer are identified:

1.
Man-in-the-Middle (MITM): According to McAfee [6], the most recurrent attacks are Denial of Service (DoS) and Man In the Browser (MITB) attacks. This latter, along with the Secure Socket Layer (SSL) attack, which enables attackers to listen to traffic, intercept it, and spoof both ends of the data, constitute the MITM attack [48,49].

2.
Denial of Service (DoS): This type of attacks occurs also at the network layer by jamming the transmission of radio signals, using a fake node, affecting the transmission or routing of data between nodes [50,51].

3.
Eavesdropping/sniffing: This type of passive attacks gives the intruder the ability to listen to the private communication over the communication link [52]. The intruder might be able to extract useful information such as usernames and passwords, node identification or node configuration, which could lead to other types of attacks, e.g., fake node, replay attack, etc.

4.
Routing attacks: This type of attacks affects how the messages or data are routed. The intruder spoofs, redirects, misdirects or even drops packets at the network layer. The following specific attacks could be considered: (a) Black Hole: It can also be considered as a DoS attack, in which the intruder uses a fake node that welcomes all traffic by asserting that it has the shortest path. As a result, all traffic will be redirected to the fake node that has the ability to redirect them to a proxy server or even drop them [53].
Gray Hole: This type of attacks is similar to the black hole attack but instead of dropping all the packets, it only drops selected ones [54,55]. (c) Worm Hole: In this type of attacks, the intruder creates a connection between two points in the network by either controlling at least two nodes of the network or adding new fake nodes to the network. After forming the link, the intruder collects data from one end and replays them to the other end [56,57].
Hello Flood: The aim of the attacker in this type of attacks is to consume the power of nodes in the system by broadcasting Hello request packets by a fake node to influence all the nodes in the system that they are in the same range, thus causing each one to send packets to its neighbor causing a huge traffic in the network [58][59][60]. (hello messages are defined in some routing protocols, so that nodes announce themselves to their neighbors.) (e) Sybil: In this attack, a fake node presents multiple identities, thus it can control a considerable part of the framework by being in different places within the network at the same time. When l many sybil nodes are within the same network, they will then send a large amount of information denying the normal nodes from using the network [61].
These potential attacks at the network layer (wired or wireless) lead to the definition of the following security requirements: hop-to-hop encryption, point-to-point authentication, key agreement and management, security routing and intrusion detection [62].

Application Layer Security Issues and Requirements
The application layer is responsible for providing services. It hosts a set of protocols for message passing [19,63], e.g., Constrained Application Protocol (COAP), Message Queuing Telemetry Transport (MQTT), Extensible Messaging and Presence Protocol (XMPP), Advanced Message Queuing Protocol (AMQP), etc. This layer directly interacts with the user. Given that the "traditional" application-layer protocols do not perform well within IoT, and since the IoT does not have its own international standards, several security issues arise at the application layer [27].

1.
Data Accessibility and Authentication: Each application might have many users [64]. Fake or illegal users could have a great impact on the availability of the whole system. Such great number of users means different permission and access control.

2.
Data privacy and identity: The fact that IoT connects different devices from different manufacturers leads to the application of different authentication schemes. The integration of these schemes is a challenging issue to ensure data privacy and identity.

3.
Dealing with the Availability of Big data: IoT connects a huge number of end devices, which leads to a huge amount of data to be managed. This causes an overhead on the application to analyze this data, which has a big impact on the availability of the service(s) provided by the application.
Regarding the security requirements for the application layer, authentication is required while protecting the privacy of users (respectively, data). In addition, there should be an information security management scheme that includes resource management and physical security information management. Table 1 gives a summary of the security requirements of the three-layers in the IoT architecture. In Table 1, it is clear that authentication is a core security mechanism that should applied at different layers. An IoT use case might need an authentication between the end devices and an intermediate device (gateway). The gateway should authenticate itself while sending data to the cloud, and the application (mobile or web) should be authenticated to the cloud in order to collect data for analysis.

Taxonomy of IoT Authentication Schemes
This section presents a taxonomy of IoT authentication schemes using various criteria selected based on the similarities and the main characteristics of these schemes [1,2]. As previously mentioned, the authentication can be applied at each of the three layers of the IoT architecture, which makes the diversity of the authentication techniques. These criteria are illustrated in Figure 2 and summarized as follows.

1.
Authentication factor • Identity: An information presented by one party to another to authenticate itself. Identity-based authentication schemes can use one (or a combination) of hash, symmetric or asymmetric cryptographic algorithms.

•
Context: which can be: -Physical: Biometric information based on physical characteristics of an individual, e.g., fingerprints, hand geometry, retinal scans, etc.

-
Behavioral: Biometric based on behavioral characteristics of an individual, e.g., keystroke dynamics (pattern of rhythm and timing created when a person types), gait analysis (method used to assess the way we walk or run), voice ID (voice authentication that uses voice-print), etc.

2.
Use of tokens • Token-based Authentication: Authenticates a user/device based on an identification token (piece of data) created by a server such as OAuth2 protocol [65,66] or open ID [67].
• Non-Token based authentication: Involves the use of the credentials (username/password) every time there is a need to exchange data (e.g., TLS/DTLS [12,68,69]).

3.
Authentication procedure • One-way authentication: In a scenario of two parties wishing to communicate with each other, only one party will authenticate itself to the other, while the other one remains unauthenticated. • Two-way authentication: It is also called mutual authentication, in which both entities authenticate each other. • Three-way authentication: Where a central authority authenticates the two parties and helps them to mutually authenticate themselves.

4.
Authentication architecture • Distributed: Using a distributed straight authentication method between the communicating parties.

•
Centralized: Using a centralized server or a trusted third party to distribute and manage the credentials used for authentication.
Whether centralized or distributed, the authentication scheme architecture can be: • Hierarchical: Utilizing a multi-level architecture to handle the authentication procedure.

•
Flat: No hierarchical architecture is used to deal with the authentication procedure.

5.
IoT layer: Indicates the layer at which the authentication procedure is applied.
• Perception layer: Responsible for collecting, processing, and digitizing information perceived data by the end nodes in IoT platform.

•
Network layer: Responsible for receiving the perceived data from perception layer and processing it.

•
Application layer: Responsible for receiving data from the network layer, and then providing services requested by users.

6.
Hardware-based: The authentication process might require the use of physical characteristics of the hardware or the hardware itself.
• Implicit hardware-based: Uses the physical characteristics of the hardware to enhance the authentication such as Physical Unclonable Function (PUF) or True Random Number Generator (TRNG).

•
Explicit hardware-based: Some authentication schemes are based on the use of a Trusted Platform Module (TPM), a chip (hardware) that stores and processes the keys used for hardware authentication.

Analysis of IoT Authentication Schemes
This section surveys the literature of the authentication schemes for IoT (including those defined for WSN). The analysis is based on the multi-criteria classification presented in Section 4.
The surveyed research works are organized based on the IoT application domains.

Smart Grids
Smart grid is taking the momentum over traditional power grids due to its efficiency and effectiveness, but security issues are still challenging in such field. In [70], the authors proposed an authentication scheme based on a Merkle-hash tree. Each home is equipped with a smart meter to collect the consumption of electricity for a time interval and sends the data via wireless communication to the Neighborhood Gateway (NG). The NG sends these data to the control center to collect the bill, which is sent back to the customer. The main contribution is the mutual authentication done between the smart meter and NG using a lightweight scheme that has an efficient computation and communication overhead. The authors of [71] also provided an effective and robust approach to authenticate aggregated power usage data in Neighborhood Area Network (NAN) with a fault-tolerance architecture, which is based on digital signature. In [72], the authors proposed a protocol to authenticate Home Area Network (HAN) smart meters with the smart grid utility network, and provided a new approach for key management.
While developing a smart grid, two main features should be taken into consideration: the data sent to the control unit or gateway should be sent from a valid smart meter, and there should not be a way of bring out the style of the customer by analyzing his consumption of electricity, thus breaking his privacy. In [73], the authors took the above features into consideration and developed an authentication scheme (called PASS) for smart grids based on Hash-based Message Authentication Code (HMAC). Such approach also ensures the privacy of the customer.
To achieve a lightweight message authentication scheme for smart grid, the authors of [74] built an approach that allows smart meters to mutually authenticate to other system components and achieve message authentication. The authentication is done using a lightweight Diffie-Hellman and the data integrity is achieved using HMAC.
In [75], the authors proposed an authentication protocol for smart grids called Smart Grid Mutual Authentication (SGMA) and another scheme called Smart Grid Key Management (SGKM) for key management. The scheme benefits from the traditional protocols and enhances them to achieve mutual authentication and key management. It uses the Secure Remote Password (SRP) [76] that depends on the password entered by the requester to generate a verification ID for further communications, but the enhanced version has less overhead with respect to the exchanged handshake messages and number of packets. Public Key Infrastructure (PKI) is used for key management but due to its overhead regarding the key regeneration, an enhanced version of ID-based Cryptography (EIBC) is used with PKI by replacing the public key with the identity of the requester.
In [77], the authors proposed a lightweight authentication protocol for smart grids. It consists of three tiers by using three different protocols for different purposes: Diffie-Hellman is used as key agreement protocol, with the use of RSA and AES for achieving the confidentiality, and HMAC for maintaining message integrity.
To address some performance and security challenges such as the storage cost and the key management, the authors of [78] discussed one-time signature to be used for multicast authentication in smart grids. The authors of [79] proposed a Privacy-preserving Recording and Gateway-assisted Authentication (PRGA) protocol for a hierarchical smart grid network with a gateway-based authentication. The scheme is based on HMAC and homomorphic encryption to authenticate and aggregate the messages sent by smart meters before sending them to the control center. This reduces the amount of exchanged data. The main advantage of such scheme is keeping the identity of the smart meter hidden to the gateway and the control center until the time of generating the bills, thus ensuring privacy.
Due to the limitation of one-time signature with respect to the size and the storage of the signature, the authors of [80] proposed a one-time signature-based multicast authentication in smart grid. Their scheme deployed a new one-time signature based on a nonlinear integer programming that reduces the computation cost.

RFID and NFC-Based Applications
Radio Frequency Identification (RFID) is a wireless technology that consists of tags that can be attached to any physical object or even humans; its main purpose is the identification or detection of the tagged objects. RFID can be deployed in various fields, e.g., supply chain, health care, climate sensing, etc.
In [81], the authors suggested a lightweight authentication protocol for RFID tags based on PUF. The protocol consists of three transactions: tag recognition, verification, and update. In the first transaction, the tag reader recognizes the tag. The second transaction is the verification, where the reader and the tag mutually verify the authenticity of each other. In the last transaction (Update), one should keep up the most recent used key for the next verification.
To protect the supply chain of connected devices, the authors of [82] enabled authentication and perceptibility of the IoT devices, through an RFID-based solution. The authentication process consists of two steps: checking the connectivity between the tag and the IoT device and then approving the perceptibility of the tag.
In an IoT-RFID based system, the RFID reader is connected to the Internet to form an IoT end device. On the other side, it is connected to the tagged items via RFID communication protocols. The tagged item is portable and moves from a reader to another, thus there is a need for verifying the identity of each other via authentication. Due to the absence of cryptographic features in RFID, the system is vulnerable to security threats such as impersonation or cloning attacks. In [83], the authors presented an authentication protocol to be used in IoT-RFID use case with the use of lightweight encryption algorithm.
To resist against cloning attacks to the RFID tag, the authors of [84] proposed an offline authentication for RFID-tags based on PUF. It combined both identification and digital signature security protocols. In the authentication, the tag generates a secret key by challenging the PUF and collecting the response. Such response with the helper data will create a certificate that will be stored inside the ROM of the tag. Next, the verifier authenticates the tag by checking the validity of the certificate. To provide anonymous authentication for RFID systems, the authors of [85] presented a PUF-based authentication scheme for classic RFID tags. Then, they provided an enhanced scheme for noisy PUF environment. The main drawback of such scheme is not taking into consideration re-feeding the server with new Challenge-Response Pair (CRP) when the existing pool becomes empty.
The authors of [86] proposed a two-factor authentication scheme based on smartphone with Near Field Communication (NFC) feature as first factor and fingerprint of the user as the second factor. Both factors are used to authenticate user on smart library system. The library database then checks if the personal data embedded in the NFC tag and the fingerprint match then the user is authorized to access the internal library network to query for books and providing the user with the rack position (location) in which the book is located.
The authors of [87] proposed a mutual authentication scheme for IoT RFID-based applications in fifth-generation mobile networks (5G) by providing the reader with a cache, to store the keys (used for authentication) for the recently visited tags, to speed up the authentication, reduce the computation cost and increase the security in storage.
The authors of [88] proposed a mutual authentication scheme for IoT NFC-based applications in 5G. By using only (lightweight) Shift and XOR operations to suit the performance and storage features of NFC tags, they provided the anonymity of the tags using pseudonym instead of the real identity.

Vehicular Networks
Cars nowadays are connected to the Internet or the Internet of Things to form what is called vehicular networks or Internet of Vehicles. Such connectivity is used to provide different services: providing traffic information for users, sharing riding services, charging electrical cars, etc. The field of Electrical Vehicles (EV) is becoming a trend and vehicle authentication is a challenging topic in EV systems. The authors of [89] proposed a two-factor authentication scheme for EV, although it can be deployed in different fields. The scheme combines unique contextual feature. The vehicle is connected to the server via a wireless connectivity and to the charger via a charging cable, so it depends to the physical connectivity to verify the identity.
The authors of [90] proposed an authentication protocol referred to as distributed aggregate privacy-preserving authentication (DAPPA) that can be used to authenticate a vehicle system with the use of multiple trusted authority one-time identity-based aggregate signature technique. A vehicle can verify many messages at the same time, and their signatures can be aggregated into a one message, which decreases the storage space needed by a vehicle or a data collector. In addition, in [91], the authors proposed a protocol to authenticate communication in secure vehicular ad-hoc networks (VANETs) using identity-based aggregate signatures.
In [92], the authors provided a broadcast authentication scheme called Prediction-Based Authentication (PBA) that defends against DoS attacks and resists packet loss. The protocol is based on Merkle hash tree construction for instant verification of urgent messages, and self-generated Message Authentication Code (MAC) storage instead of storing all the receiving signatures. As an enhancement to the scheme in [92], the authors of [93] provided a Prediction-Based Authentication (PBA) as a broadcast authentication scheme in VANETs. The proposed scheme utilizes both the Elliptic Curve Digital Signature Algorithm (ECDSA) signatures and Time Efficient Stream Loss Tolerant Authentication (TESLA) to authenticate messages between vehicles which proved to be an efficient, effective, and authentication scheme.
In [94], an enhancement to Dual Authentication and Key Management Techniques in VANETs is proposed, by providing an authentication phase the first time the vehicle enters the network and a re-authentication phase when the vehicle moves from one coverage area to another without the need to re-iterating the entire verification process.
The authors of [95] provided a mutual authentication between vehicles using a Challenge Handshake Authentication Protocol (CHAP) that achieves both authentication and authorization, thus allowing vehicle-to-vehicle (V2V) charging using a converter-cable assembly.
The authors of [96] proposed an authentication protocol for securing VANETs called (ESPA). The protocol uses asymmetric cryptography (PKI) and the symmetric HMAC for vehicle-to-infrastructure (V2I) and vehicle-to-vehicle (V2V) communications. In [97], the authors proposed a new model for authentication in VANETs based on group authentication. Vehicles are grouped and a session key is generated to be used for V2V communication.
The authors of [98,99] proposed a threshold authentication protocol to support secure and privacy-preserving communications in VANETs. The protocol is described by the use of a group signature scheme for achieving threshold authentication, efficient cancellation, anonymity, and traceability during the communication of vehicles. In [100], the authors used PKI to certify both the public key and a list of fixed unchangeable attributes of the vehicle. In [101], the authors proposed a scheme to prove the identity of one vehicle driver in to another during communication. Elliptic-curve cryptography (ECC) and steganography techniques are used for the authentication and privacy preservation of users.
In most VANETs, there was a problem of connecting it to IP networks using road-side access routers (ARs) due to obstacles and mobility of the vehicle. Hence, the authors of [102] studied the ability to provide IP connectivity to the vehicles in VANETs using a multi-hop scheme. The location and road traffic information are stored in a location server used for roaming purposes. The approach provides a mutual authentication between the roaming vehicle and ARs.

Smart Homes
Smart Homes are automated homes, where users will have the ability to control, monitor and access remotely ( using mobile phone (mobile application) or personal computer (web application)) climate systems (heating and air conditioning), appliances, lighting, TV, audio and video systems, etc. The authors of [66] developed a security scheme that can be deployed in smart homes. Such approach has the ability to overcome some security threats such as impersonation and replay attack [65], but it is still vulnerable to eavesdropping. The approach is based on OAuth 2.0 protocol. In [103], the authors introduced a new authentication scheme to authenticate the end devices deployed in smart homes, which is based on the combination of PUF and Physical Key Generation (PKG). The PUF provides the security of the system by generating a secure key based on the physical parameters of the end device ( the design of PUF depends on common circuit fabrication features that give it the ability to create unique secret key). Machine-to-Machine (M2M) communication is taking a lead in the IoT development, but it also has security challenges. In [104], the authors developed a scheme allowing a smart home network remote user to communicate with end devices. The scheme allows the mutual authentication between the communicating parties, besides establishing a secure connection to establish the confidentiality of data. The authors of [105] proposed a mutual authentication protocol for IoT end-devices (smart home use case) based on PUF. They introduced the concept of Object Life cycle (OLC) to describe the roadmap of the end-device from manufacture till the deployment in the IoT system and describing the security challenges during this roadmap.
The authors of [106] developed a PUF-based authentication scheme for IoT devices to provide mutual authentication between the end device and the gateway by using the CRP data stored inside the gateway. It also provides a way for user (smart phone or wearable device) to authenticate itself with the gateway in order to have the ability to communicate with the end devices using session key generated between them. Timestamp data are used by the user to ensure security against replay attacks.
The authors of [107] proposed a mutual authentication for IoT systems. The scheme is based on the lightweight features of Constrained Application Protocol (CoAP) as an application layer protocol for the communication between client and the server. The secure communication channel is provided by the advantage of Advanced Encryption Standard (AES) cipher. Both the client and the server challenge each other for mutual authentication by encrypting a payload from the message of size 256 bits, and then exchange payloads for verification. The authentication is done during the request-response interaction without the use of an extra layer (DTLS) which increases the communication and computation cost.

Wireless Sensor Networks
Wireless Sensor Networks (WSN) is the ability to add the connectivity and sensing features to billions of sensors embedded in various fields (appliances at homes, vehicles, grids, etc.).
The authors of [108] proposed an authentication protocol at the media access control sub-layer called Optimization of Communication for Ad-hoc Reliable Industrial networks (OCARI), in which they used a one-time shared session key. This technique is suitable for resource-constrained devices.
Blom key predistribution scheme [109] and the polynomial schema [110] are considered as appropriate to be used as key management protocols for some IoT use cases.
The authors of [111] proposed an improved user authentication and key management protocol for WSNs using Bio-hashing [112]. The use of the BAN-logic ( logic of belief and action that ensures one part of communication believes that the key in authentication is good) ensures mutual authentication.
The authors of [113,114] proposed a mutual authentication which consists of two stages: in the enrollment stage, every node should be identified within the system, and in the authentication stage, a number of handshake messages are exchanged between the end device and the server, which result is a session key to be used for upcoming communication.
The authors of [115] developed a group authentication technique in wireless networks for achieving both mutual authentication and privacy. An end node will have the ability to move between access points without the need for re-authentication every time. All the roaming group members information are transmitted to the Base Station (BS) the first time a Mobile Station (MS) is authenticated. Then, the MS sends the information to the group manager, which aggregates all the information and sends it back to the BS. The BS sends it to the access service network for verifying the authentication. After analyzing some existing chaotic-maps based protocols, the authors of [116] provided a chaotic maps-based mutual authentication in WSN.
In [117], the authors proposed a lightweight authentication scheme with anonymous features by providing hop-by-hop authentication and un-traceability. The main contribution is the achievement of user privacy in WSN. In [118], the authors provided an authentication protocol for WSN, which can guarantee different security features such as the privacy of the user, un-traceability, backward secrecy, and strong forward secrecy. It is also resilient to node capture and key compromise impersonation attack.
To ensure mutual authentication between the user, the end node, and the gateway node (GWN) in a WSN, the authors of [119] developed an authentication scheme based on lightweight Hash and XOR operations that gives the remote user the ability to connect to the end nodes in WSN systems without the need to be connected at the beginning to the gateway.
Due to the resource-constrained features of the sensor nodes in WSN systems, there is a need for lightweight encryption protocols. Thus, the authors of [120] proposed a secure authentication protocol for WSN based on Elliptic Curve Cryptography (ECC) which is considered lightweight compared to the traditional RSA cipher. Besides, the authors applied Attribute-Based Access Control (ABAC) authorization mechanism for access control, which is considered scalable.
In [121], the authors proposed an authentication scheme to be deployed in WSNs. The scheme consists of two main steps: the initialization step in which the user is given a public/private key using a lightweight ECC-based protocol. The second step is the authentication step in which two nodes will use the public/private pair to mutually authenticate each other.
The authors of [122] provided a protocol called E-SAP for Efficient-Strong Authentication Protocol for wireless health care applications. This protocol consists of a number of features: a two-factor authentication (smart card and password), mutual authentication between sensors, symmetric cryptography to ensure message confidentiality and the ability to change passwords.
In [123], the authors provided a two-factor-based user authentication scheme for WSN using both passwords and smart cards. The approach is resistant to stolen-verifier and impersonation attacks, but it does not take into consideration node impersonation attack.
The authors of [124] proposed a new anonymous authentication scheme for IoT based on the lightweight ECC. The protocol is composed of two main steps: the registration step and the authentication step. A comparison is held between the ECC and RSA with respect to the time spent for encryption and decryption using different sizes of key.
The authors of [125] presented a secured way for the authentication of devices in Internet of Medical Things (IMT) using the physical characteristics of people for identification. The authors provided a survey of all the biometric techniques used in the literature especially in the smart health environments with an analysis regarding their compatibility with the IMT, a security analysis is also provided. Finally, the authors provided requirements and open issues for researchers and developers while using biometric properties for authentication.
The authors of [126] proposed a novel mutual authentication and key management for WSN systems based on biometric and symmetric crypto-system. They compared their scheme with the schemes provided in the literature regarding computation and communication cost and security threats using both BAN-logic and AVISPA [127] tools.

Mobile Network and Applications
To allow remote users to access Internet services any time, anywhere, the authors of [128] proposed a new scheme to provide a secure roaming for anonymous users benefiting from the group signature technique. They call it Conditional privacy-preserving authentication with access linkability (CPAL). In [129], the authors proposed two authentication schemes, the first one is based on pseudo-random authentication and the second is based on zero-knowledge authentication for providing authentication and location privacy-preserving scheme for LTE-A. The schemes enable all the entities in LTE-A networks to mutually authenticate each other and update their location without involving the subscriber server. The authors of [130] provided also a group-based authentication scheme for LTE networks by developing a group temporary key. It is based on both Elliptic Curve Diffie-Hellman (ECDH) that provides forward and backward secrecy, while using asymmetric key protocol to provide user's privacy. The authors of [131] proposed SEGR for the authentication of a group of devices using both 3GPP or WIMAX systems. It is based on certificate-less aggregate signature which was proposed to remove the complication of certificate management in public key cryptography.
Due to challenging issues in developing a user-friendly authentication scheme for smart phone environment where touch screen is the most user-friendly input peripherals, the authors of [132] provided an authentication process for Android smartphone devices using dual-factor authentication called (Duth). The protocol is made up of a registration step in which the place and time of user entering patterns to the touch screen are stored and then the stored data are used as dual factors for authentication. This approach can improve security without adding any extra hardware.
The authors of [133] proposed a new authentication scheme for mobile phone users based on behavioural pattern. They started by collecting the behavior of mobile phone user regarding the applications used in a specific time and the duration of usage, and then they change these data to a unique pattern to be used as an authentication between the user and the mobile phone.The proposed scheme will be used as complementary to the existing authentication schemes provided by mobile phones (pin code, fingerprint, gestures, etc.).

Generic IoT Applications
The authors of [134] provided a protocol for performing authentication between a user and a server, and not between end devices. It is a two-step verification to IoT devices. A password or a shared secret key is considered as the first authentication factor and the use of PUF as the second authentication factor.
Due to the large number of devices wishing to access the network which leads to an overload for the authenticating server and in order to achieve mutual authentication and secure key management for resource-constrained devices, the authors in [135] provided a group-based lightweight authentication and key agreement scheme called GLARM. GLARM is composed of two fundamental stages: an identification stage and, a group authentication and key-agreement stage based on a combination of message authentication code of a group of devices to be authenticated.
In [136], the authors proposed a lightweight device authentication protocol for IoT systems named speaker-to-microphone (S2M). This scheme achieves distance authentication between wireless IoT devices. Is is implemented in both mobile phones and PC to check its experimental results.
The author of [137] provided a new hardware-based approach, using a hardware fingerprint to authenticate IoT device with its Physical Unclonable Functions (PUF). The author presented the machine learning based attacks on PUF leading to the creation of a software model of the PUF. The author of [138] presented an implementation of PUF-based algorithms for IoT device. They used PUF-based elliptic curve for device enrollment, authentication, decryption, and digital signature. The author fingered the environment variations under which the IoT devices will be operating and also the effects of aging in the usage of PUF by using error correction codes. They handled the machine-learning attacks by combining the PUF with the use of ECC to encrypt the generated key. In [139], the authors proposed an authentication mechanism which applies a modeling for the PUF to avoid storing the whole Challenge-Response Pairs (CRPs) or the retrieval of some CRPs during authentication or verification phases, and the model will be hidden by applying a symmetric encryption algorithm (AES) to avoid modeling-based attacks.
The authors of [140] realized that a single-tier authentication is not adequate for services such as cloud computing. Thus, they proposed a multi-tier authentication scheme without the use of any extra software or hardware. In the first stage, user enters a simple username and password that is validated by the server on the cloud. In the second stage, user pursues a predetermined sequence on the virtual screen during the registration phase.
In [141], the authors provided an authentication scheme to be used in cloud computing use cases. They divided the devices into two categories: registered and unregistered devices, and handled the authentication using two different approaches. The registered devices are authenticated using an authentication server. Firstly, the device is registered in the server, then a session key is generated by the server and sent encrypted using Advanced Encryption Standard (AES), to the device to be used for further communications. On the other hand, a cloud-based Software-as-a-Service (SaaS) using modified Diffie-Hellman (DH) algorithm is used to authenticate unregistered devices for accessing cloud services.
Using password or smart cards as the only way of authentication for remote users is vulnerable to security attacks. Thus, the authors of [142] proposed a novel scheme by using a three-factor authentication. The fingerprint or iris-scan, the smart card, and a password to authenticate a user to remotely-based applications.
Although traditional Public Key Infrastructure is considered heavy with respect to the computation and communication cost, the authors of [143,144] presented a lightweight PKI to be implemented in IoT use cases. The authors of [145] presented an efficient transmission to ensure privacy of data sent. The proposed scheme used a customized data encapsulation to reduce both the computation and communication overhead.
The authors of [69] presented a two-way IoT authentication protocol. The authentication is handled using the Datagram Transport Layer Security (DTLS) protocol with the exchange of certificates based on RSA. This work is an enhancement of the work reported in [68], a two-way IoT authentication schemes based on RSA with the use of Trusted Platform Module (TPM).
In [146], the authors proposed an authentication protocol based on PUFs that uses the zero-knowledge proof of knowledge (ZKPK) of discrete logarithm. The protocol requires a user to input a password to the device each time it requires authentication. The limitation of this protocol is providing the authentication between the user end device and the server without also taking into consideration authentication between end devices. The use of ZKPK increased the complexity of this protocol.
After doing a security analysis for some of previous scheme for the authentication of devices in Low-earth-orbit satellite (LEOs) communication systems, the authors of [147] proposed an authentication and key management scheme based on Elliptic curve and symmetric cryptography. The proposed scheme provides a mutual authentication between the user and the Network Control Center (NCC), besides its resilience to stolen verifier, replay, DoS, password guessing, and impersonation attacks.
The authors of [148] presented a two-factor device authentication scheme. They used both the digital signature and a novel factor called the device capability. Device capability is similar to a functional operation solved by the device, which could be a mathematical challenge or even a cryptographic-based puzzle. Such scheme can be used to authenticate both the end-device and the server too. Using a secure TLS channel, the device sends a request for communication to the server, the server then sends a nonce encrypted with its private key and the timestamp to avoid replay attacks. The device then decrypts the signature, solves the nonce with functional operation, signs the result with its private key and sends it back to the server. The server then checks the valid signature and the result of the functional operation to authenticate the device.
The authors of [149] proposed a new authentication scheme for IoT system based on PUF. The scheme is based on generating a response of a challenge, then feeding the response to another PUF as a challenge. The two PUFs are connected using Linear Feedback Shift Register (LFSR). The main drawback of such design is its complexity, and the lack of security analysis. Machine learning attacks to create a model of PUF is not considered.
The authors of [150] proposed a new authentication scheme for IoT systems based on blockchain called Bubbles-of-Trust. The idea is to divide the devices into virtual zones called bubbles in which they identify and trust each other (concept of grouping). Then, the communication (transaction) between different devices is controlled and validated by the public blockchain implemented using Ethereum.
To provide authentication for IoT system integrated in cloud computing environment, the authors of [151] provided a lightweight two-factor authentication scheme based on one-way hashing and XOR operation. The authentication process is made up of three steps: registration, verification, and password renewal step. The computation cost of such scheme is considered and its efficiency is shown in resource-constrained environments.
To ensure the security of IoT systems, the authors of [152] took advantage of PKI by using X.509 digital certificates to ensure the authentication of devices within the system. Such certificates can be used for device identification and also the device integrity.
The authors of [153] proposed a model to addresses the IoT security issues. They used Object Naming service (ONS) to query the Domain Name Server (DNS) to search for information about a device using either its IP address or electronic product Codes (EPC). They ensured the anonymity of the requester by asking multiple ONSs to hide the identity and using multiple encryption layers using the encryption key of the router during transmission. Table 2 summarizes the different surveyed IoT authentication schemes with a classification based on the taxonomy presented in Section 4 as well as a summary of their advantages and disadvantages.
The following abbreviations are used for the below criteria: • IoT Layer: A, Application; N, Network; P, Perception.

Related Works
Several research works surveyed the IoT authentication solutions. The authors of [154] presented a survey of the authentication protocols deployed in Internet of Things (IoT) use cases by categorizing them into four categories: Internet of Sensors (IoS), Internet of Energy (IoE), Machine-to-Machine (M2M) communication, and Internet of Vehicles (IoV). A taxonomy and comparison of authentication protocols are provided in terms of: network model, goals, main processes, computation complexity, and communication overhead. In [155], the authors provided a classification and comparison of different authentication protocols for IoT. The authors created two different classifications: the first one based on whether the authentication technique is being distributed or centralized, flat or hierarchical, and the second one based on the characteristics of the authentication process. In [156], the authors provided an analytical survey of the existing literature. They outlined the potential issues and challenges of authentication in IoT for further research but without providing a comparison of the existing schemes. The authors of [157] provided different authentication methods used within the IoT context with emphasis on lightweight and mutual authentication methods but without classification or comparison. In [158], a review of the prominent and "recent" authentication techniques for IoT systems is provided with an indication of their limitations and future research trends, but without providing a classification. The authors of [159] provided a classification of selected research works addressing security concerns and authentication methods, in addition to their evaluation in terms of advantages and disadvantages. In [160], the authors mapped the current state of the art of the authentication in an IoT environment, featuring the difficulties and the primary methods utilized in authentication scheme but without performing any comparison. The authors of [161] provided a brief overview of authentication mechanisms with an evaluation of the proposed schemes in the literature. They also evaluated each method based on its resource consumption (e.g., energy, memory, computation and communication).

Conclusions
This paper presents a taxonomy and a literature review of authentication in the IoT context. The analysis of a large spectrum of authentication protocols/schemes leads to identify a number of requirements and open issues that should be taken into consideration by researchers and developers while developing new authentication schemes for IoT networks and applications.

1.
In sensor-based applications, where sensors (constrained in terms of memory, processing power, battery, etc.) are the main end-devices, the proposed protocols must be lightweight, making a trade-off between power consumption and security.

2.
The robustness of authentication protocols against potential attacks, e.g., sybil, node capture, replay, password guessing, message forgery, brute force, man-in-the-middle, DoS, collision, chosen-plaintext, etc., should be considered and analyzed. In particular, it is important to to consider Distributed Denial of Service attacks (second attack against IoT in 2017 as per [6]).

3.
There is a need to consider location and identity privacy in certain IoT applications especially smart grids and VANETs. 4.
The communication overhead of authentication protocols is a key factor, especially when dealing with power-limited devices; the number of messages exchanged between authentication parties should be kept as low as possible. In the same context, the size of the messages should be as small as possible due to the restricted bandwidth of the wireless communication protocols used.

5.
Low computation cost should be considered while designing IoT authentication schemes especially for power-constrained and processing-limited IoT environment. This emphasizes the need to adopt lightweight cryptographic algorithms and protocols while designing authentication solutions. 6.
IoT authentication scheme should be scalable in the sense that it should manage large number of nodes s well as have the ability to add new nodes without any further setup or configuration. 7.
Authentication service should be ensured for the three layers of IoT architecture (application, network and perception layer). 8.
Heterogeneity of devices in IoT networks must be taken into consideration while designing IoT authentication schemes. 9.
Hardware security using "PUF" is the current trend due to its advantages over software security approaches. A combination between software solutions (lower cost) and hardware solutions (more secure) should be considered.  −User must be authenticated many times in Multi-server environment.             [125] A + N + P Biometric (physical properties) 1 C/H E +Ease to be used in smart health environments +No ability to be stolen, borrowed, and forgotten. +Resistance to clone and fork attacks. −The uniqueness of behavioral biometric properties is low and its computation cost is high. [126] A + N + P Encryption/+ symmetric + Hashing + Biometric (physical properties, smart card, ID and password) 2 C/H E +Uses three-factor authentication and privacy preserving is considered. +Resistance to replay, MITM, active, passive, forgery, user traceability +Resistance to clone and fork attacks. +The ability to update the biometric or password. +Scalability is high −No consideration for DoS and DDoS attacks.
[148] P Encryption/Asymmetric (Nonce) 2 C/H I +Uses two-factor authentication and +Resistance to replay attack −No security analysis is done −No comparison is done with existing authentication schemes. −Preshared key should be deployed at the provisioning phase −Privacy preservation is not considered.