Next Article in Journal
Unveiling the Influence of the Menstrual Cycle on Mental Rotation Abilities: A Comparative Analysis of Three-Dimensional vs. Two-Dimensional Tasks
Previous Article in Journal
The Effect of Vertex and Edge Removal on Sombor Index
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Symmetry
Volume 16
Issue 2
10.3390/sym16020171
symmetry-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Exploring Authentication Paradigms in the Internet of Things: A Comprehensive Scoping Review

by
Nazhatul Hafizah Kamarudin
1,
Nur Hanis Sabrina Suhaimi
1,
Fadilla Atyka Nor Rashid
2,*,
Mohd Nor Akmal Khalid
2 and
Fazlina Mohd Ali
3
1
Center for Cyber Security (CYBER), Faculty of Information Science and Technology, University Kebangsaan Malaysia, Bangi 43600, Selangor, Malaysia
2
Center for Artificial Intelligence Technology (CAIT), Faculty of Information Science and Technology, University Kebangsaan Malaysia, Bangi 43600, Selangor, Malaysia
3
Center for Software Technology and Management (SOFTAM), Faculty of Information Science and Technology, University Kebangsaan Malaysia, Bangi 43600, Selangor, Malaysia
*
Author to whom correspondence should be addressed.
Symmetry 2024, 16(2), 171; https://doi.org/10.3390/sym16020171
Submission received: 18 December 2023 / Revised: 17 January 2024 / Accepted: 23 January 2024 / Published: 1 February 2024
Browse Figures
Versions Notes

Abstract

:
In the rapidly expanding domain of the Internet of Things (IoT), ensuring the implementation of robust security measures such as authentication has become paramount to safeguarding sensitive data and maintaining the integrity of connected devices. Symmetry in the IoT commonly denotes the uniformity or equilibrium in data distribution and processing across devices or nodes in a network. Leveraging symmetric patterns can enhance the robustness and scalability of IoT authentication. This scoping review aims to provide a comprehensive overview of recent developments in authentication techniques within the IoT paradigm. It subsequently presents recent research on various IoT authentication schemes, organized around several key research questions. The objective is to decipher the intricacies associated with authentication in the IoT by employing a multi-criteria classification approach. This involves a comprehensive analysis of existing authentication protocols, delineating their respective advantages and disadvantages, and gaining insights into the associated security concerns. The research questions highlighted in the review aim to probe the present scenario of authentication systems utilized in IoT, with a focus on identifying trends and discerning shifts. This review synthesizes insights from scholarly articles to provide a roadmap for future research in IoT authentication. It functions as a valuable resource for establishing theoretical foundations and provides practical implications applicable to practitioners, policymakers, and researchers alike. By elucidating the intricacies of IoT authentication, this review cultivates a profound understanding of the transformative potential and the multifaceted challenges. It establishes the foundation for resilient security measures essential for the sustainable growth of the Internet of Things.

1. Introduction

The exponential expansion of linked devices has resulted in the creation of the vast network known as the Internet of Things (IoT). A wide range of industries, including public health, smart grids, smart transportation, waste management, smart homes, smart cities, agriculture, and energy management, are served by this interconnected network, which includes smart devices such as sensors and actuators [1,2,3]. But the requirements and limitations that these connected “things” inherently bring with them present a multitude of difficulties. Connectivity issues arise when billions of devices attempt to communicate with each other, and the need to protect IoT networks from possible threats is ever-present. This urgency is highlighted by a recent Gartner analysis, which found that 20% of firms had experienced at least one IoT attack in the previous three years [4]. Events such as the Mirai botnet [5], in which Internet of Things networks were used as a means of attack, add to the complexity of the security environment. The inherent resource constraints of Internet of Things (IoT) devices compound these issues by making traditional communication protocols and security mechanisms ineffective and, in certain situations, impractical for IoT applications. Because these devices are widely used in important applications, the growing security concerns in the IoT space are especially concerning.
The security prerequisites for an IoT network hinge on the unique applications it supports. The need for confidentiality, integrity, and authentication is closely linked to the security requirements of each application. Authentication, in particular, is considered a crucial element for IoT [6], as the reliability of involved devices is essential for the network’s optimal performance. The compromise of a single node has the potential to turn it into a malicious entity capable of jeopardizing the entire system or triggering catastrophic events [7,8]. Given the distinctive nature of IoT devices, traditional authentication schemes are deemed impractical and unsuitable. Cryptographic methods designed for mains-powered, high-processing, and large-memory devices need to be adapted to be more suitable for resource-limited IoT nodes. This predicament has led to lightweight authentication schemes, some tailored specifically for the context of IoT or Wireless Sensor Networks (WSNs), which are deemed applicable to IoT.
This study aims to carry out a comprehensive academic analysis of authentication methods based on IoT. One of the main objectives is to assess user views and preferences on the security and usability of various IoT authentication techniques, including password-based systems, smart cards, and biometrics. We intend to determine and examine the obstacles that users encounter while implementing multiple authentication methods, focusing on privacy, usability, and reliability in the context of the Internet of Things.
In addition to investigating new ideas like blockchain, the study will critically assess the shortcomings and efficacy of the IoT authentication solutions that are now in use. It subsequently presents recent research on various IoT authentication schemes. The paper also compares and analyzes existing authentication protocols by employing a multi-criteria classification, delineating their advantages and disadvantages, and building upon previously published research work. Figure 1 illustrates the criteria for the classification of IoT authentication protocols. Future developments in IoT authentication research are expected to yield a nuanced understanding of user perceptions, insights into the efficacy of existing technologies, a comparative analysis that adds to academic discourse, and actionable recommendations for the academic community.
The rest of this paper is organized as follows: The related work of authentication in IoT is presented in Section 2, which reviews existing research and innovations, emphasizing the progress made so far. Section 3, the materials and method section, explores the critical components of IoT-based authentication, highlighting the convergence central to this revolutionary concept. Section 4, Results and Discussion, illuminates the intricate layers and dynamic features of IoT-based authentication, providing a deeper understanding of its complexity and implications. Finally, Section 5 concludes the paper and discusses the survey findings.

2. Related Works

The Internet of Things (IoT) constitutes a network of physical devices embedded with sensors, software, and network connectivity, empowering them to gather, analyze, and exchange data [9,10]. These objects encompass diverse devices, appliances, vehicles, and everyday items equipped with sensors linked to the internet. This connectivity enables smart devices to communicate seamlessly with each other and with humans, facilitating the integration and automation of processes [10,11,12]. Furthermore, the IoT is a technology that incorporates key features such as connectivity, sensing and perception, data processing and analytics, automation and control, interoperability, scalability, security and privacy, and real-time capabilities [9]. This technology has garnered significant attention, emphasizing the necessity for devices with distinct trust domains to interact and collaborate. The importance of authentication in IoT devices is underscored to safeguard people’s lives, property, and privacy security [13]. These features collectively open avenues for new opportunities and applications in diverse domains, including home automation, healthcare, transportation, smart cities, manufacturing, and agriculture, thereby enhancing efficiency, convenience, and decision-making. Ultimately, the IoT creates a connected ecosystem where objects interact and collaborate seamlessly.
While IoT is a physical device network that collects and exchanges data, the Medical Internet of Things (MIoT) applies IoT technology in healthcare, integrating medical devices and systems and allowing for remote patient monitoring, real-time health tracking, and personalized healthcare [11]. The aim is to enhance patient care, improve treatment outcomes, and optimize healthcare processes through IoT technologies in medical settings. Meanwhile, the Industrial Internet of Things (IIoT) connects industrial equipment to enable data exchange, optimize operations, and drive digital transformation [7]. It is relevant in manufacturing, transportation, healthcare, and energy.
Nevertheless, IoT technology has brought several challenges that must be addressed for secure deployment and to realize its full potential. These challenges include security vulnerabilities, privacy concerns, interoperability issues, scalability complexities, data management difficulties, power and energy efficiency, and a lack of standardization [12,14]. To ensure security in IoT technology, authentication is crucial in ensuring security, privacy, trustworthiness, and access control in IoT [15]. It serves to prevent unauthorized access, protect sensitive data, establish trust, and facilitate granular access control. Authentication, as a process, verifies the identity of a user or entity through personal characteristics, knowledge, context, and steganography (the concealment of information within other data) [16]. This process guarantees that only authorized individuals or entities can access a system, network, or resource, thereby thwarting potential security breaches and unauthorized entry [11,14]. In the context of the Industrial Internet of Things (IIoT), secure authentication is pivotal in warding off malicious activities, data breaches, and unauthorized access. It upholds the confidentiality, integrity, and availability of IIoT systems by permitting only trusted and authenticated entities to access and interact with the network.
Moreover, authentication holds particular significance in IoT environments, where low-power devices with high sensor availability are prevalent. The absence of proper authentication measures increases the risk of granting privileges or services to unauthorized individuals. Implementing multi-layer data security techniques such as cryptography and steganography can ensure data privacy among IoT devices, proving especially beneficial for authentication purposes [16]. Some studies have explored the potential benefits of combining blockchain and IoT. It ensures that only authorized individuals or devices can access and interact with IoT systems [14]. Blockchain has also been used for user registration, certificate issuance, key management, smart contracts, and InterPlanetary File System (IPFS) cloud server integration [17]. The combination has the potential to improve security, enhance interoperability, and provide decentralized and fine-grained authorized access to the sensor internet [13]. One study proposed a fogging-based multi-level blockchain authentication framework [18] to leverage such a combination. Several reviews and surveys have been conducted on authentication in IoT. Some explore resource-constrained IoT environments [19,20], and suggest lightweight strategies [19], while others categorize IoT security solutions, discuss their nature, and identify prevalent topologies [21].
Additionally, some surveys focus on authentication and secure key management [22], while others examine the use of blockchain technology for authenticating IoT-enabled smart devices in smart cities [23]. Nevertheless, these reviews/surveys provide limited perspectives on the demographics of the research works, the underlying problems, recent contributions, cross-domain consideration, advantages and limitations of the proposed techniques, and the converging future directions of the state-of-the-art of authentication in IoT that lead to the research frontiers of this unique field of study. As such, this paper attempts to address those limitations.

3. Materials and Methods

A systematic mapping study involves identifying, categorizing, and analyzing existing literature pertinent to a specific research topic. The objective of this study is to offer a comprehensive overview of the research area, provide an impartial assessment of the current literature, identify research gaps, and accumulate evidence for future research directions. The study results in a categorized portfolio of publications related to the research area, making it a form of secondary research that structures the field and facilitates the identification of research gaps and trends.
This study adheres to the systematic mapping process recommendations outlined by Salama et al. [24], encompassing five key steps: planning, search execution, selection of primary studies, data extraction and classification, and analysis and mapping. In the planning step, research questions are defined, the scope is outlined, the search strategy is devised, and selection criteria are established. The search execution step involves conducting searches in relevant sources using specified search strings. The selection of primary studies step employs defined criteria to choose pertinent studies. The data extraction and classification step entails developing a classification scheme and categorizing studies accordingly. Finally, the analysis and mapping step involves extracting statistics from the collected information and constructing visual maps. Each of these steps yields distinct outcomes, and the culmination of this entire process is a systematic map, as further elucidated in [24,25].
Figure 2 illustrates a detailed sequence comprising five primary steps. The initial phase is to do systematic mapping planning. The plan serving as the foundation for conducting the systematic mapping study is established. This step comprises four elements, all of which are to be precisely defined and implemented. The four elements are discussed as follows:
(a)
Definition of research questions: These questions align with the study’s objectives.
(b)
Definition of the scope: Defining the scope aids in establishing initial research boundaries and directing the study’s trajectory by framing the research questions.
(c)
Establishment of search strategy: This encompasses choosing search sources, such as indexing services, digital libraries, and publication venues, to locate primary studies, along with determining search strings. Journal and conference quality criteria are considered.
(d)
Establishment of selection criteria: The inclusion and exclusion criteria determine the relevance of primary studies to address research questions, facilitating the exclusion of irrelevant ones.
The second step in the systematic mapping process is search execution. The search is executed in the designated sources, utilizing the predetermined search strings, in accordance with the previously defined search strategy.
Then, the next step is the selection of primary studies. The selection criteria are employed to choose pertinent primary studies. To enhance the relevance of decision-making, scrutiny is applied to titles, abstracts, introductions, and conclusions for further examination.
Subsequently, the fourth step involves data extraction and classification. The construction of the classification scheme involves establishing clusters that will serve as the foundation for creating map categories. Researchers thoroughly read each paper, identifying keywords and concepts that represent the studies’ contributions. Subsequently, the actual data extraction occurs, wherein studies are categorized using the established classification scheme to generate results addressing the research questions. This process involves the creation of data sheets to store the extracted information.
Finally, the fifth step involves analysis and mapping. Statistics are extracted from the collected information, and visual maps are constructed.

3.1. Research Questions

The central research question (RQ) in this systematic mapping study was: “What new advancements and limitations arise from authentication systems in the Internet of Things (IoT)?”. This primary question was subdivided into eight specific RQs. Table 1 details the formulated RQs and provides the rationale for each RQ.

3.2. Data Sources

The study’s search process involves automated searches in prominent digital libraries and indexing systems. These databases are recognized as extensive and comprehensive scientific repositories for reviews and are particularly relevant electronic resources in the fields of computer science and software engineering. We scrutinized twelve electronic databases as our primary sources for potentially relevant studies. Google Scholar was excluded from the selection due to its lower precision in delivering results and the considerable overlap with findings from other data sources. The electronic databases employed during the search process are outlined in Table 2.

3.3. Search Queries

For a comprehensive search of relevant studies, identifying appropriate search terms is crucial. The Population, Intervention, Comparison, and Outcome (PICO) framework serves as a valuable guide for this purpose [25]. This perspective has been widely embraced in numerous systematic literature reviews (SLRs). Below, the relevant PICO terms are outlined:
  • Population: Primary studies on authentication.
  • Intervention: IoT applications.
  • Comparison: Problems, innovation, advantages, limitation performance metrics, and future directions.
  • Outcome: Advantages, contributions, and limitations of authentication in IoT technology.
(“Authentication in Internet of Things” OR “Authentication in Internet of Things Trends” OR “Authentication in Internet of Things Limitation” OR “Authentication in Internet of Things Protocols”) AND (“Security Privacy” OR “Cloud Computing” OR “Network Technologies”).

3.4. Research Questions Inclusion and Exclusion Criteria

In this systematic mapping study, inclusion and exclusion criteria were employed to determine the selection and exclusion of studies from the data sources, addressing the Research Questions (RQs). These criteria were consistently applied to all studies retrieved throughout the various phases of the study selection procedure outlined in Table 3. Additionally, early access articles were included if the full text was accessible.

4. Results and Discussion

Within this section, the study addresses all Research Questions (RQs) through a comprehensive analysis of the results originating from the compilation of primary studies. The process involves a detailed review and synthesis of the findings, delivering a thorough response to each RQ in the study.

4.1. RQ1: What Are the Demographics of the Primary Studies?

To address this research question (RQ), an analysis was undertaken regarding three fundamental aspects of the primary studies. These included the publication year, type of publication channels, and the primary source that has disseminated the most relevant studies, encompassing journals and conference proceedings.

4.1.1. Publication Year

From 2020 to 2023, 65 publications were extracted from the literature using the methodology outlined in Section 3. This trend is visually presented in Figure 3, showcasing the evolving landscape of literature on authentication in the IoT domain. The research activity in this domain is notably dynamic and reflects current trends.
Between 2020 and 2021, the research activity showed a relatively slow pace, marked by a limited number of publications. However, in 2022, there was a significant and remarkable surge in research activity focused on authentication in the IoT, resulting in 32 publications. This surge may be attributed to the increasing demand and research trends in the field of IoT authentication. In 2023, a slight decline in publications was observed. Despite the slight fluctuations concerning authentication in IoT research, the overall research activity has consistently showcased a significant upward trajectory. This trend underscores a growing interest in the research domain, particularly over the past decade.

4.1.2. Types of Publication Channels

Within the framework of this mapping study, the authors incorporated content from a diverse array of sources, encompassing 33 distinct journals and articles from IEEE, 10 journals from MDPI, eight journals from Elsevier, five journals from Springer, five journals from ScienceDirect, two journals from Wiley, and one journal each from Hindawi and IJRES (outlined in Figure 4).

4.1.3. Journals Featuring Relevant Publications

Regarding the publication venues for studies on authentication in the Internet of Things (IoT), Table 4 illustrates the top ten most active journals. The IEEE Internet of Things Journal emerged as the leading contributor, with seven publications. Additionally, IEEE Access and Sensors each contributed three articles. Other selected studies published two articles in the following journals: Internet of Things, Journal of King Saud University—Computer and Information Sciences, IEEE Transactions on Computers, Mathematics, and IEEE Transactions on Services Computing. Computers and Security and Computer Networks each contribute one article.

4.2. RQ2: In Which Domains Has Authentication in the IoT Been Extensively Applied?

To address this research question (RQ), an analysis was undertaken regarding three fundamental aspects of the primary studies. These included the publication year, type of publication channels, and the primary source that has disseminated the most relevant studies, encompassing journals and conference proceedings. The section meticulously dissects distinct domains and their affiliated research papers in IoT-based authentication by referring to Figure 5 and Table 5. It categorizes them into ten domains: Industrial, Healthcare, Cloud and Fog, Blockchain, Communication, Farming, Networks, RFID, Smart IoT, and Mobile. Each domain is accompanied by a specified number of research papers and the respective percentage representation, offering a comprehensive understanding of the research landscape.
Industrial: This sector, represented by research papers [7,9,17,27,28,29,30,31,32,33], accounts for 15% of the total. The central focus revolves around the crucial requirement for authorization frameworks in industrial settings to counter unauthorized access, strengthen data security, and guarantee the unwavering reliability and safety of critical industrial processes.
Healthcare: In the convergence of privacy and security within healthcare ecosystems, research papers [12,34,35,36,37,38,39], make substantial contributions, comprising 11% of notable advancements in IoT-based authentication. The focus is on crafting resilient authentication mechanisms specifically tailored to the sensitive nature of healthcare information.
Cloud and Fog: In this domain, researchers [10,15,40,41,42], collaboratively contribute 8%, highlighting the pivotal role of identity verification for securing access to both cloud services and fog computing nodes. The common objectives underscore the imperative for robust authentication mechanisms in these distributed environments.
Blockchain: This domain distinguishes itself with a significant 12% contribution, as evidenced by research papers [6,14,43,44,45,46,47,48,49,50,51,52] centering on secure authentication through decentralized identity, smart contracts, and cryptographic measures. The focus lies on fortifying security through innovative approaches.
Communication: Leading with the highest percentage at 25%, the research papers [11,14,43,44,45,46,47,48,49,50,51,52,53,54], in this domain delve into advancing secure communication protocols, sophisticated encryption techniques, and advanced authentication methods. The pronounced emphasis on secure communication underscores the domain’s significance.
Farming: Focusing on the enduring security and performance of IoT systems in agricultural contexts, research papers [55,56,57] make a 3% contribution to IoT-based authentication technologies. The research underscores the importance of consistently monitoring device behaviour, network traffic, and data interactions in farming environments.
Networks: Comprising 12% of the total, research papers [57,58,59,60,61,62,63,64,65] in this domain emphasize advanced protocols and encryption strategies to foster trusted connections. The primary focus is on fortifying network security to mitigate unauthorized access and potential data breaches.
RFID: In the realm of RFID, research papers [65,66,67,68] centre around the authentication and authorization of RFID devices, particularly in supply chain management, access control, and asset tracking. This domain contributes 6% to IoT-based authentication technologies, underscoring its significance in diverse applications.
Smart IoT: Spanning smart cities, smart homes, and intelligent applications, research papers [65,69,70], contributing 8% in this domain, are dedicated to the development of IoT authentication mechanisms.
Mobile: The domain of Mobile IoT is accentuated by 3%, and the research [70,71], is dedicated to enhancing security in the mobile IoT environment. The spotlight is on a mutual identity authentication scheme for mobile IoT devices, showcasing a nuanced approach to bolstering security.
The article further augments its comprehensiveness by providing insights into the distribution of research papers within each domain (outlined in Table 5). This detailed breakdown offers a nuanced perspective on the distribution of research efforts across these diverse domains, with the communication domain emerging as the focal point with the highest percentage of research papers at 25%. As discussed in the context of RQ2, it illustrates the distribution of research percentages across different domains, contributing to a clearer understanding of the analysis.

4.3. RQ3 What Kinds of Problems Are Present in IoT Authentication?

Several underlying problems have been identified in the reviewed papers as outlined in Table 6 and illustrated in Figure 6. In general, authentication processes in IoT are challenged by the need for security in information sharing and data transmission [6,28,68], wireless communication [49,51,56,57,62], proximity-based authentication [36], false-positive identification [13], or service operations [38]. Another similar aspect is the ability to resist/detection of evolving cyberattacks [14,15,28,37,41,47,52,53,57,65,66,68], leading to the adoption of fog computing that compliments the needs of IoT [40,72]. From the cybersecurity research perspective, the problem with group key distribution or multi-owned devices from an industrial capacity was prevalent [9,16,26,29,31,44,73], as well as an identity-based authentication protocol for IoT [43,60,70,74].
Among the most popular problems involves addressing the issue of computational constraints associated with authentication processes in IoT, which leads to the proposal of a lightweight authentication framework [7,44,55,59,61,64,65,67,70], especially when integrating blockchain technology [80]. Another problem arose from the risk to personal data (or data privacy), which requires a secure communication protocol to protect the privacy and reliability of IoT communications [10,30,32,33,50,52,53,65,71,77]. Some studies opt for mutual authentication protocols to address privacy protection problems [45,70], while others are dependent on highly flawed centralized authentication [78,79]. Others were motivated to have the authentication process in IoT integrated into another practical, real-world system or hardware (such as pollution detection systems [39], digital health solutions [11,35,48], medical devices [34,37], automated monitoring systems [49,54], intelligent transport systems [49], multiple integrated access control systems [32], and the vulnerability of servers in cyber-physical systems [75,76]. Some emerging problems involve addressing cross-domain authentication in IoT devices [12,42,69,70], multi-layered architecture communication [8,69], resource-friendly security mechanisms [36,58,64], and Internet-enabled smart devices [9,27,60].

4.4. RQ4 What Is the Contribution of Authentication in IoT System?

Although issues are raised in implementing authentication in the IoT, it has also contributed to research fields. Five significant contribution trends have been identified: lightweight cryptography, blockchain integration, privacy-preserving approaches, efficient encryption, and novel security mechanisms. This section will delve into the five contribution approaches for each domain, and they have been mapped in Table 7.

4.4.1. Industrial

In the rapidly evolving landscape of Industrial Internet of Things (IIoT) authentication, a synthesis of noteworthy trends has materialized, reflecting a collaborative effort to bolster security, privacy, and efficiency. Embracing lightweight cryptography, Tanveer pioneers’ solutions address privacy concerns and computational constraints, facilitating secure communication in the IIoT [7,27]. The subsequent REAP-IIoT protocol introduces resource-efficient and privacy-preserving authentication. Ali’s contribution centers on an authenticated group shared key (AGSK) mechanism, leveraging hash functions and digital signatures to enhance IIoT network security [26]. Blockchain integration emerges as a pivotal trend, with Sharma proposing a secure authentication and privacy-preserving model [28]. Additionally, Zhang pioneers an IoT-based collaborative processing system on the blockchain, fostering efficiency through Verifiable Random Function (VRF) and reputation voting [32]. Privacy-preserving approaches are evident in Xu’s novel scheme, which employs fuzzy biometric extraction technology [29]. Devi’s efforts enhance IIoT throughput, reduce latency, and preserve privacy through smart contracts [16]. Efficient encryption techniques are pursued by Pu, aiming to optimize IIoT performance [30]. Dohare’s Certificateless Aggregated Signcryption Scheme (CLASS) introduces privacy-preserving data aggregation [31]. Zhang innovates consensus mechanisms in blockchain for IIoT [32].

4.4.2. Healthcare

Approaches to IoT authentication and several notable contributions in the healthcare domain have surfaced. El-Meniawy [11] addresses security and privacy concerns in medical data transmission within publicly accessible IT infrastructures by proposing a lightweight and secure authentication protocol for Medical Internet of Things (MIoT) networks. The protocol facilitates mutual authentication, real-time patient data monitoring, and access control policies, exhibiting exemplary computational efficiency. Liu [33] introduces a lightweight and secure redactable signature scheme for rapidly disseminating healthcare data in cloud-based IoT systems. The scheme ensures data integrity, authenticity, and privacy in resource-constrained IoT environments, offering solutions for privacy preservation, redaction control, and efficient authentication. Hasan [34] contributes to efficient medical data security by proposing a lightweight encryption technique for medical images in Internet of Medical Things (IoMT) applications. The approach prioritizes the privacy and security of medical data, demonstrating superior efficiency in image encryption execution time compared to conventional methods. Mehbodniya [35] develops a framework utilizing a modified Lamport Merkle Digital Signature method, employing a central healthcare controller (CHC) for signature validation and authentication. This framework achieves cost-effective and faster security compared to existing methods. Vinoth [36] presents a cloud-based session key agreement and data storage scheme with an improved authentication mechanism for MIoT, demonstrating resilience against various security attacks. Das [37] proposes a privacy-preserving mutual authentication scheme tailored for IoT-enabled healthcare systems, emphasizing lightweight and practical authentication for network devices. Deebak [38] introduces a seamless authentication framework with a privacy-preserving (SAF-PP) protocol to address security and privacy challenges in smart eHealth intelligence. The protocol utilizes lightweight cryptosystem operations, including hashing evaluation and MAC verification, to minimize computation and communication overhead.

4.4.3. Cloud and Fog

One prominent cluster revolves around the integration of lightweight cryptography, as exemplified by Rana’s work [39], which proposes a long-range IoT-based architecture for real-time vehicular pollution monitoring. This approach addresses environmental concerns and incorporates blockchain integration for enhanced information security and transparency. Another noteworthy cluster focuses on privacy-preserving techniques, with specific contributions not explicitly mentioned in the provided text. In efficient encryption, Gupta’s [41] proposal introduces an IoT device-specific, unique identity-based authentication method that utilizes lightweight procedures for identity-based encryption and is capable of detecting Distributed Denial of Service (DDoS) attacks. The cluster related to blockchain integration features Lansky’s [40] work, presenting a lightweight centralized authentication mechanism for IoT driven by Fog computing. This mechanism addresses security risks and privacy concerns while enhancing scalability and response time. Additionally, innovation approaches are evident in Saad’s [9] development of ThingsSentral TM, a lightweight IoT platform designed to provide a standalone cloud-based solution with a RESTful API, SQL-compliant databases, and modular infrastructure. Singh’s proposal [14] emphasizes secure device connections to servers’ mobiles, showcasing efficiency and high-security standards.

4.4.4. Blockchain

Several distinct clusters of trends emerge in the authentication domain for the Internet of Things (IoT), each contributing to the overarching goal of fortifying security, efficiency, and privacy. One significant cluster centers on the integration of blockchain technology. Anaam [78] delves into the fundamental understanding of how blockchain synergizes with IoT, shedding light on its crucial functions in securing data records within IoT systems. Khashan and Khafajah [80] propose a hybrid authentication architecture that combines centralized and blockchain-based elements to reduce authentication overhead while implementing lightweight encryption methods for constrained IoT devices. Al Ahmed [79] contributes to a decentralized blockchain solution by organizing IoT devices into clusters and employing a hierarchical structure for authentication, showcasing reduced computational loads in simulations. Ismail [75] presents a blockchain-based identity management and secure authentication mechanism for registering and authenticating nodes, ensuring secure wireless sensor network (WSN) communication.
Another cluster focuses on innovative approaches. Mahmoud [81] introduces a novel proof-of-identity algorithm tailored to the computational constraints of IoT devices. Tong [43] addresses cross-domain authentication challenges, offering functionalities such as intra-domain and cross-domain authentication, identity revocation, and pseudonym mechanisms for enhanced privacy protection. Additionally, Liu et al. [6] propose a blockchain-enabled decentralized information-sharing protocol for zero-trust IoT environments, emphasizing mutual authentication, fairness, and autonomy through smart contracts, eliminating the need for a trusted third party.

4.4.5. Communication

In the rapidly evolving landscape of IoT-based authentication, diverse trends have surfaced, highlighting innovative approaches to bolster security, privacy, and efficiency in this domain. Rangwani [11] leads the way with a Four-Factor Mutual Authentication and Key Agreement Protocol, establishing a foundation for robust security through formal verification and advanced logic models. Expanding into blockchain integration, Liu et al. [6] propose a decentralized information-sharing protocol, reshaping the paradigm by achieving mutual authentication and autonomy through smart contracts and eliminating reliance on trusted third parties.
Privacy-preserving methods find expression in Ataei Nezhad [53], who introduces an authentication-based secure data aggregation that addresses energy consumption and fortifies network security against malicious nodes. Tong’s [42] approach tackles cross-domain authentication challenges, emphasizing device privacy and offering comprehensive functionalities. Chen’s [43] novel authentication and key agreement protocol demonstrate resistance to various attacks and significant security and communication efficiency advantages through performance comparisons. Gong [44] introduces a lightweight authentication and key agreement protocol based on the CoAP framework, ensuring anonymity, robust security, and anti-attack capacity. It stands out for its unique security attributes and resistance to diverse attacks. Jiang’s [45] two private and mutual authentication protocols prioritize privacy protection, with the first employing a three-message key exchange protocol based on attribute-based encryption and the second opting for a one-round key exchange protocol for simplicity and efficiency.
Studies in [13,46,47,48,49,76], use an IoT device authentication scheme based on ambient access points, utilizing broadcast message data for authentication and affirming proximity between devices in an ad hoc IoT network. The authors in [50,51], both present a secure, lightweight authentication and key agreement protocol for IoT environments, achieving semantic security and critical properties like anonymity, robust synchronization, and forward security secrecy without using public-key cryptographic primitives. The authentication framework tailored for IoT-driven critical applications combines identity, password, and a digital signature scheme to save bandwidth and communication energy while reducing computing and communication costs for resource-constrained sensor nodes.

4.4.6. Farming

In IoT-based authentication tailored for specific applications, Rahimi [54] contributes to the innovation cluster by addressing challenges associated with urbanization, minimal land availability, and rising food demands. Their proposed solution involves designing and implementing an automatic monitoring system for an indoor vertical hydroponic system. This system optimizes land usage and integrates IoT technology to monitor essential plantation requirements efficiently. Carolina [55] adopts the OpenID Connect (OIDC) protocol on the privacy-preserving front, emphasizing secure federated authentication and authorization processes for both users and IoT devices. The protocol generates an ID Token, a JSON Web Token (JWT), housing various claims pertinent to user authentication, including identity and profile information.

4.4.7. Network

Wu [57] pioneers a game-theoretic approach to Physical Layer Authentication (PLA) for IoT, specifically addressing spoofing detection. Malik’s [58] work emphasizes the necessity for resource-efficient security mechanisms in IoT applications, proposing lightweight ECQV implicit certificates (L-ECQV) to optimize security for constrained devices. Leng [59] contributes with single-frame and multi-frame physical-layer authentication schemes using spreading code watermarking, streamlining authentication without complicated upper-layer protocols. Transitioning to Blockchain Integration, Chanal [60] adopts a Belief-Desire-Intention (BDI) server agency and the Random Forest (RF) algorithm to utilize context information for IoT object authentication. Yuan [61] introduces a hash-chain-based multi-node mutual authentication algorithm, showcasing superior running time and complexity performance in the testing environment.
For privacy-preserving measures, Shilpa’s [62] lightweight encryption algorithm and SEC-RMC protocol offer secure data transmission and mutual authentication in the IoT environment, achieving an impressive 80% reduction in transmission time. In the domain of efficient encryption, Goswami [63] presents an efficient scheme for remote registration and group authentication of IoT devices in 5G cellular networks. Compared to recent proposals, the proposed method seamlessly integrates with 5G-AKA, ensuring security and efficiency. In the field of innovation approaches, Hu’s [57] groundbreaking scheme introduces an elevated level of security while upholding computational efficiency. It represents a significant stride forward by attaining two-factor security and user anonymity amid sensor node-captured attacks, demonstrating a pioneering approach to IoT authentication.

4.4.8. RFID

In the context of RFID-based IoT authentication, several noteworthy trends are emerging to tackle the distinctive challenges posed by highly constrained devices. Rostampour [68] introduces a novel lightweight authentication protocol based on AEAD encryption schemes specifically designed to secure highly constrained IoT devices. The study showcases the protocol’s efficiency in meeting the lightweight requirements for secure solutions in constrained IoT environments. Contributing to this trend, Alshawish [65] presents an efficient IoT authentication scheme that achieves mutual authentication among three entities within the IoT system: IoT devices, an IoT manufacturer server, and an authentication server. This multi-entity authentication approach adds an extra layer of security to RFID-based IoT systems. Pahlevi [67] explores a secure mutual authentication protocol utilizing two-factor RFID and fingerprint authentication through the MQTT protocol. The protocol attains optimal FAR and FRR at an 80% threshold, demonstrating robust performance with an Equal Error Rate (ERR) of approximately 59.5%.
Moreover, the protocol undergoes testing against brute force and sniffing attacks, highlighting its resilience to various security threats. Ghasemi [66] introduces a new lightweight authentication approach for RFID-based IoT, employing stream ciphering techniques to enhance privacy between legitimate components. The study focuses on providing forward security and resisting various attacks such as eavesdropping, tag tracking, replay, cloning, and DoS attacks. These trends underscore the ongoing endeavors to develop lightweight, efficient, and secure authentication protocols tailored for RFID-based IoT applications.

4.4.9. Smart IoT

The concept of Smart IoT is being advocated to elevate security measures and enable secure data transmission. Annadurai [69] introduces an innovative technique to enhance the security of biometric authentication systems. This approach integrates biometric authentication, artificial intelligence, and the Internet of Things (IoT) to attain secure data transmission and efficient intruder detection. The proposed approach stands out for its focus on lightweight cryptographic methods, ensuring efficient and secure communication within the biometric authentication framework.
Regarding Efficient Encryption, Annadurai [10] emphasizes the importance of secure data transmission in a biometric authentication system, underscoring the significance of efficient encryption methods to fortify overall system security. Regarding innovation approaches, Chen [59] proposes an authentication scheme tailored for smart IoT applications. This scheme supports mutual authentication among devices, back-end servers, and users’ mobile applications, covering the entire device lifecycle. Additionally, Alshawish [64] contributes to innovation in IoT authentication by presenting an efficient scheme that achieves mutual authentication among various entities within the IoT system.

4.4.10. Mobile

Two notable trends are emerging to address privacy concerns and enhance user verification in mobile authentication for IoT. Wazzeh [71] introduces a privacy-preserving continuous authentication framework that enables users to verify behavioural data continuously. This is achieved through a novel Federated Learning approach coupled with a warm-up strategy designed to enhance the model weights of clients. The innovation lies in accommodating non-independent and non-identically distributed (non-IID) data, leading to improved performance for authentication models. Gong [70] contributes to the trends by proposing a lightweight cross-domain mutual identity authentication scheme designed explicitly for mobile IoT devices. This scheme surpasses existing methods by leveraging the constrained resources of mobile nodes and authentication servers, ensuring low computation and communication overhead. This innovative approach is tailored for the dynamic and resource-constrained mobile IoT environment.
In conclusion, Figure 7 shows that the Novel Security Mechanism accounts for over 45% of the total contribution of IoT-based authentication. This is predicated on the expansion of IoT technologies, which witness a rise in various unique and creative solutions intended to solve new security issues or enhance current security protocols. Then came Lightweight Cryptography at 26.15%, Privacy-Preserving Techniques at 16.92%, Blockchain Integration at 13.85%, and Efficient Encryption at 10.77%. While the previously described trends represent some of the important and developing elements of IoT-based authentication, determining which trends are the least important might be arbitrary and context-dependent. From a wider angle, certain places have not received as much attention as others or have yet to be widely recognized. But technological trends are ever-evolving, so things that seem unimportant now could become important later on due to new developments and shifting priorities.

4.5. RQ5: Which Performance Metrics Are Most Commonly Utilized?

The output of the reviewed papers, categorized by the identified performance metrics based on years, is given in Figure 8. Generally, the majority of the papers concentrated on computational costs, which make up about 52% of the total papers, followed by communication costs, which account for about 47%, time consumption, which accounts for about 33%, storage costs, which account for about 24%, and the rest, which account for less than 13%. These trends are also associated with recent research that showed upward paper output behavior in 2022 compared to 2021 when compared to the year 2023.
The summary of the performance metrics identified in the reviewed paper is tabulated in Table 8. Most research works focused on assessing the computational cost (or computational overhead) that was involved in the authentication process [65], complex operations (i.e., hashing, extraction function) [29,30,56], and response time (i.e., time measured to execute the mathematical operations of protocol/certification [11,80], or time required for processing the signature [33,80]).
The second most adopted performance metric was the communication cost (or communication overhead), which encompasses the overhead associated with the communication process that transmits security parameters between interacting entities [7,10,12,40,43,44,47,65], such as the size of the network bandwidth [39], data transmission amount [36,51,64,67,69,76] or transmission delays [52], network latency [28,42,69,75], key exchange protocols [27], and cryptographic processes associated with it [32,38,50].
Meanwhile, time consumption involves key performance that involves the average execution time of critical steps in the information sharing protocol (such as sharing processing, reputation value computation, and voting mechanism) [6] or execution protocol [31,53], period of physical presence such as on time on air [39] or alive time that crucial for network longevity [52,61], the response time for signature, verification, execution, or analysis time of associated encryption or decryption processes [11,30,34,43,44,45,60,73,79,80], certificate validation time [58] or key generation time [41], real-time complexity of the algorithmic processes [33], delay time between transactions [16], or time required in executing tasks [28,34,72].
Store costs were also considered by several studies, which included considerations such as storing credentials that facilitate the authentication process [7], device information and device-user binding information [69], the space required to store the necessary data and cryptographic keys for the protocol’s operation [10,26,27,28,31,36,76], storing associated authentication key parameters [27,28,29,40,42,65], and the size of compiled programs and memory areas of certificates [9,29,58].
Accuracy and energy requirements were among the emerging performance metrics identified in the reviewed papers. The accuracy measures were performance measures associated with using artificial intelligence techniques to evaluate prediction models [68]: accuracy, F-score, precision, and recall. Accuracy compares the number of correct predictions to the total number of predictions. The F-score combines precision and recall, considering feature differentiation. Precision measures correctly predicted positive samples out of all predicted positives, and recall measures correctly predicted positive samples out of all positives. Prediction performance in authentication was evaluated based on such accuracy measures [14,16,46,59,60,68,74], as well as the quality of the encryption technique [34]. Other studies focus on converging the prediction model incorporated in the overall authentication processes [71].
Meanwhile, energy requirements are considered one of the performance metrics for evaluating the proposed protocol based on an energy model (measured in millijoules or mJ), which is calculated based on the operations performed during the protocol execution and cryptographic operations [10,42,51,52], the energy required to run the source code (communication cost, sensed data, and implementation cost for each time unit) [9,26], the energy consumption of IoT devices during the authentication process using different types of certificates [9,58], or multiplying power (in milliwatt or mW) with time required to send a data packet to the destination node through either centralized edge-level or blockchain authentication [79].
One performance measure was focused on usability, which is associated with the IoT system’s consideration of integrating readily available infrastructure without the need for new hardware to be installed. Some studies focused on such metrics due to proximity-related restrictions [46], avoiding misdetection or false positive outcomes [48,66,74], mitigating rogue or shadow devices [50], features associated with access control (context-awareness, granularity, scalability, and interoperability) [76], and a feature-rich approach [51].
Some studies considered performance metrics such as throughput, variable sizes, and falseness rate. Throughout, the measure is used either to reflect the ratio of data delivery rates sent by network nodes [29,32,52] or the number of transactions processed per unit of time typically associated with industrial IoT systems [16,32]. Meanwhile, variable size refers to the size of the entity measured as a comparison between different authentication techniques, such as the sizes of different types of certificates [58] or signatures [33], the key and block size of encryption algorithms [15], and the total packet size between communicating network nodes. Finally, falseness rate involves determining the possibility or probabilities of attacks or additional detection mechanisms to enhance security features, such as the measure of resistance to guessing attacks via statistical analysis [65], utility of detection (probability of false alarm rate and miss detection rate) [57,74], and fingerprint utility mechanism (false acceptance rate and false rejection rate) [66].

4.6. RQ6: What Are the Advantages of Each Type of Authentication in IoT?

In the expansive field of Internet of Things (IoT) research, numerous studies spanning diverse domains have presented significant advantages for contemporary researchers delving into the authentication of IoT. The benefits elucidated in most of these research works are systematically categorized as follows:

4.6.1. Security and Reliability

Most research works, such as [7,10,65,69,76,79], emphasized the authentication schemes for IoT that offer high security and reliability and demonstrate resilience against various attacks. Various techniques applied to boost security and transparency include the integration of hardware with a blockchain network, the authenticated group shared key (AGSK) mechanism, and the public key infrastructure (PKI) digital certificate [26,39,53]. The study [42] prioritized security by providing the capability to track and penalize malicious anonymous devices. These advantages impede the prompt availability of crucial information, potentially influencing decision-making processes.

4.6.2. Performance Efficiency

A low computation overhead, influenced by factors such as computational cost, storage space, communication cost, and power consumption, as evidenced in [26,40,70] has the potential to result in high-performance efficiency. As noted in [52], employing a predetermined route and hop-by-hop encryption and authentication can decrease the delay in data transmission, thereby reducing end-to-end delay. The high-performance efficiency of the IoT environment holds the potential to attract users for adoption across various applications.

4.6.3. Decentralization and Fairness

Decentralization is a key advantage offered by the authentication protocol, which functions independently of a trusted third party. This ensures autonomy and eliminates single points of failure, as indicated in [80]. Simultaneously, fairness is ensured through the protocol’s inclusion of a voting mechanism with built-in consensus and penalty capabilities. This enables the detection and filtration of fabricated information, allowing for the penalization and blacklisting of misbehaving users [6,39].

4.6.4. Privacy Protection

Some research includes [27,33,45,58] introducing protocols for preserving the privacy of IoT devices and environments. For example, a lightweight encryption technique that enhances the privacy of medical images and industrial networks [11,31,34]. Overlooking the safeguarding of privacy aspects in IoT applications may result in the inadvertent leakage of crucial information to unauthorized individuals.

4.6.5. Real-Time Monitoring

The protocol highlighted in references [11,39,54] introduces a dynamic system that enables real-time monitoring of patient data, vehicular pollution, and the agriculture and forestry sectors. This feature not only reduces patient waiting times, enhancing the overall efficiency of healthcare services, but also contributes to more prompt and responsive medical interventions, plays a crucial role in environmental stewardship, and facilitates easy monitoring of essential plantation necessities.

4.6.6. Mutual Authentication

The attainment of mutual authentication is crucial to guaranteeing that participant entities remain updated and synchronized at least once upon the completion of a correct session. The research introduces an authentication scheme specifically designed for smart IoT applications. This proposed scheme facilitates mutual authentication among devices, back-end servers, and users’ mobile applications [8,69]. Failure of mutual authentication may lead to a range of consequences, including unauthorized access, data integrity risks, and potential security vulnerabilities within the IoT ecosystem.

4.6.7. Flexibility and Scalability

Some works are directed towards enhancing flexibility, with a particular focus on the system’s ability to function effectively on embedded devices [9,52]. This signifies a deliberate effort to optimize and adapt the technology for use in resource-constrained environments, such as those commonly found in embedded systems. The deployment of a lightweight centralized authentication mechanism tailored for the Internet of Things (IoT) in Fog computing holds significant promise for improving scalability. By fostering scalability, the utilization of resources can be optimized, and processing delays can be minimized.

4.6.8. Availability of Source Code

The open-source development of authentication protocols, as exemplified in the case discussed in [67], contributes to simplifying research endeavors. Open-source protocols provide researchers with accessible frameworks, tools, and codebases that can be examined, modified, and built upon for their specific needs and allow for transparency and peer review. Researchers can analyze the code, pinpoint potential vulnerabilities, and suggest enhancements, fostering a collaborative and iterative approach to protocol development. This joint effort contributes to the overall robustness and reliability of authentication mechanisms. Enclosed in Table 9 is a summarized overview on advantages of authentication in IoT. The percentages of these benefits in the context of IoT authentication are visually represented by a visually appealing pie chart in Figure 9, which is noteworthy. Most of the papers indicate these benefits in terms of security and reliability (38%), then performance efficiency (29%), privacy protection (12%), mutual authentication (7%), flexibility and scalability (6%) and real-time monitoring (3%), decentralized and fairness (3%), and source code availability (2%). This pie chart representation provides a comprehensive understanding of their benefits across diverse applications and domains.

4.7. RQ7: What Are the Authentication Challenges in IoT Environments?

Authentication protocols assume a crucial role in safeguarding Internet of Things (IoT) environments. This research inquiry offers a thorough examination, delving into the intricacies of numerous IoT authentication studies. It aims to identify and analyze common limitations found across diverse research works. The discussion concentrates on the trade-offs and challenges encountered in each study, illuminating areas that demand further attention for the advancement of IoT authentication protocols.

4.7.1. Integration and Compatibility

Integrating with current IIoT systems and legacy devices presents challenges when retrofitting or upgrading older devices to align with proposed authentication frameworks [7,11]. The compatibility issues underscore the need for seamless integration strategies to facilitate the transition to advanced authentication protocols. This limitation is prevalent in 4% of the reviewed studies.

4.7.2. Computational Complexity

Numerous studies [6,10,26,46,54,61,68] grapple with high computational complexity, impacting the overall efficiency of IoT authentication. The trade-off between enhanced security and increased computational requirements highlights the need for streamlined cryptographic primitives and efficient algorithms. Approximately 28% of the studies acknowledge challenges in computational complexity.

4.7.3. QoS Impacting Authentication

Quality of Service (QoS) concerns affecting authentication reliability are identified in studies [38,65]. Ensuring a balance between authentication robustness and QoS is crucial to maintaining a seamless user experience without compromising security. This limitation is identified in 4% of the studies.

4.7.4. Low Efficiency

The utilization of low-cost sensors introduces inefficiencies in some studies [39,44], emphasizing the trade-off between cost-effectiveness and the efficiency of the authentication process. Addressing these inefficiencies is paramount for the widespread adoption of IoT authentication systems. Approximately 4% of the studies highlight low efficiency due to the use of low-cost sensors.

4.7.5. Security and Privacy

Studies [30,53,68] reveal challenges in addressing comprehensive security and privacy issues in proposed authentication schemes. The need for a holistic approach to security, encompassing potential vulnerabilities and privacy concerns, remains a critical aspect for further research. Security and privacy challenges are found in 12% of the studies.

4.7.6. Scalability Issues

Scalability challenges in larger IoT networks are evident in studies [42,73], emphasizing the need for authentication protocols that can seamlessly adapt and perform efficiently as the scale of the network increases. Around 8% of the studies recognize scalability issues.

4.7.7. High Storage Overhead

Some studies [40] identify the potential high storage overhead associated with authentication mechanisms. Minimizing storage requirements while maintaining security levels is crucial for resource-constrained IoT devices. Storage overhead is a concern in 4% of the studies.

4.7.8. Lack of Performance Analysis

Studies [43,57] highlighting a lack of detailed performance analysis and specific evaluation metrics underscore the importance of rigorous performance assessments for proposed authentication techniques. This limitation is acknowledged in 8% of the studies.

4.7.9. Authentication and Leakage Resilience

Challenges related to authentication and leakage resilience are evident in studies [71,75], with about 8% of the studies contributing to the common limitations. Striking a balance between robust authentication mechanisms and preventing information leakage remains a crucial area for improvement.

4.7.10. Implementation Challenges

Implementation challenges, particularly in real-world IoT deployments, are identified in studies [12,72]. Bridging the gap between theoretical proposals and practical implementations is imperative for the successful deployment of authentication protocols. Implementation challenges are present in 8% of the studies.

4.7.11. Resource-Intensive Operations

Resource-intensive operations in terms of power, energy, and computation are prevalent in studies [40,41,47,54,60]. Optimizing resource usage without compromising security is a key consideration for future IoT authentication solutions. Resource-intensive operations are cited in 12% of the studies.

4.7.12. Network Availability

Challenges related to network availability are outlined in studies [46,52,63,76], highlighting the need for adaptive authentication schemes that can seamlessly operate in dynamic network conditions. Network availability challenges are recognized in 8% of the studies.

4.7.13. Attacks on Robustness

The robustness of authentication mechanisms against advanced attacks is emphasized in studies [64,73]. Evaluating and enhancing the resistance of protocols against sophisticated attacks is crucial for bolstering the overall security posture. Approximately 8% of the studies require a focus on attacks for robustness.

4.7.14. Others

Miscellaneous challenges, including decisional Diffie-Hellman assumptions and reliance on trusted Key Generation Centers [32,58,79], need further exploration to validate the scalability and efficiency of proposed protocols in large-scale IoT deployments. These miscellaneous challenges are collectively found in 8% of the studies.
In essence, understanding and addressing these common limitations collectively contribute to the advancement of IoT authentication protocols, paving the way for more secure and efficient IoT environments. Future research endeavors should focus on mitigating these challenges to foster the widespread adoption of robust authentication mechanisms in the IoT landscape.
Following our discussion, Table 10 delineates the prevalent limitations observed in IoT authentication across various categories. Simultaneously, Figure 10 provides a visual representation of the distribution of common limitations across IoT authentication studies that researchers have faced within their respective domains in the IoT landscape. Further, Figure 10 consistently revealed a shared limitation, underscoring abundant opportunities for future researchers to delve into and address issues within the specified domain. The identified limitation poses a significant challenge, necessitating further exploration in future research endeavors.

4.8. RQ8: How Can Advancements in IoT Authentication Address the Collective Challenges in the IoT Authentication Environment?

Clearly defining future directions is critical in the field of IoT authentication research. These directions capture the goals that researchers have in mind for moving the field forward, tackling new problems, and expanding the use of authentication protocols. Future directions act as markers that point researchers in the direction of important objectives, such as improving security and efficiency, encouraging practical applications, and embracing emerging technology. In addition to advancing scholarly conversation, researchers’ articulation of these trajectories opens the door for useful innovations that maintain the resilience, scalability, and adaptability of the IoT authentication domain in the face of changing technical environments. The consolidation of future research trends and directions, structured around common themes, establishes a comprehensive roadmap to stimulate advancements and foster creativity in the secure integration of IoT authentication within interconnected ecosystems.
  • Security Enhancement and Efficiency Optimization: Researchers in multiple studies [11,13,27,31,39,53,54,72,75,76,80] underscore the crucial significance of enhancing security measures while optimizing computational efficiency. This direction aims to achieve a delicate balance between robust security protocols and minimal computational overhead, acknowledging the inherent trade-off between security and performance.
  • Real-World Implementation and Assessment: Studies [6,9,13,31,48,55,66,68,73] highlight the need to transition from theoretical proposals to practical implementations. Real-world assessments guarantee the effectiveness, scalability, and resilience of proposed authentication solutions, ensuring their capability to withstand the complexities of diverse environments. Researchers aspire to bridge the gap between theoretical advancements and practical usability.
  • Scalability and Reliability: As evident in various studies [12,13,34,51,55,73,74], scalability and reliability emerge as central concerns for researchers. As IoT networks expand, the necessity to ensure authentication solutions can seamlessly scale and maintain reliability becomes imperative. This future direction aims to tackle challenges associated with the growing size and complexity of IoT ecosystems.
  • Blockchain Integration and Security Issues: Recognizing the potential of blockchain in enhancing security in IoT authentication, studies [14,17,31,65,72,73,75] highlight its importance. Integration with blockchain effectively addresses challenges such as decentralization, immutability, and transparency. Researchers envision blockchain as a viable solution to secure data transactions and user identities within IoT networks.
  • AI Integration and Advanced Computing Technologies: Unearthed in studies [15,51,77,80], the integration of AI and advanced computing technologies emerges as a promising avenue for future exploration. AI holds the potential to elevate authentication mechanisms by learning and adapting to evolving threats. Researchers anticipate AI as a tool to enhance the adaptability and intelligence of IoT authentication systems.
  • Privacy and Access Control: Emphasized in studies [12,17,32,61], privacy and access control stand out as critical concerns. Given that IoT devices accumulate vast amounts of sensitive data, ensuring robust privacy measures and granular access control becomes imperative. Researchers strive to design authentication systems that prioritize user privacy and offer effective access management.
  • Communication Efficiency and IoT Optimization: As acknowledged in studies [10,15,44,55,56], optimizing communication efficiency emerges as crucial for IoT networks. Researchers endeavor to minimize latency, improve data transmission, and optimize resource usage. This direction tackles challenges associated with communication bottlenecks, particularly in scenarios where real-time data exchange is paramount.
  • Multifactor Authentication and Standardization: Investigated in studies [54,59,70] multifactor authentication and standardization emerge as essential components for robust security. Researchers advocate for the widespread adoption of standardized protocols to ensure interoperability and emphasize the incorporation of multifactor authentication to strengthen the overall security posture of IoT environments.
  • Cross-Domain Authentication and Interoperability: Investigated in studies [13,75], cross-domain authentication and interoperability emerge as crucial elements for seamless integration across diverse IoT domains. Researchers aspire to devise authentication solutions that can function cohesively in heterogeneous environments, facilitating interoperability between various IoT applications and industries.
  • Decentralization and Edge Computing: Explored in studies [10,73,77], decentralization and edge computing respond to the demand for distributed authentication mechanisms. Researchers anticipate integrating edge computing to enhance processing at the network’s edge, thereby reducing latency and improving response times for authentication requests.
  • Efficiency in Authentication Protocols: Studies [28,36,44,60,75] focus on optimizing authentication protocols for efficiency. This direction aims to streamline the authentication process, reduce computational overhead, and enhance the overall efficiency of authentication mechanisms while maintaining a delicate balance between security and performance.
  • Diverse Domain Application: Explored in studies [32,55,59,66,69], the examination of diverse domain applications underscores the adaptability of authentication solutions. Researchers seek to design authentication protocols that are applicable across various domains, addressing challenges unique to each application area.
This research question offers insights into the motivations behind each future direction theme, reflecting the considerations of researchers and the challenges they seek to overcome in the evolving landscape of IoT authentication. Table 11 compiles the studies, grouping them based on shared areas of future work within the realm of authentication in the Internet of Things (IoT). Figure 11 visually organizes future directions based on common themes, offering a structured overview of the emerging trends in research.
In Figure 11, the choice to present the data in a linear format is justified by the need to visually represent the common future directions identified in numerous existing research works. The figure, depicting a linear line, serves as a graphical representation of the insights gained from exploring the motivations behind each future direction theme based on the thorough analysis offered by Table 1. Figure 11 provides a systematic and easily interpreted summary of the developing trends in IoT authentication research by grouping these future approaches according to common themes. This linear representation enhances clarity and facilitates a deeper understanding of the considerations and challenges that researchers aim to address within the dynamic landscape of IoT authentication.

5. Conclusions

In summary, this study extensively explores the domain of authentication within the Internet of Things (IoT) technology and its corresponding environment. The research was conducted with a thorough literature review encompassing relevant works in the IoT authentication domain, providing insights into identified problems and issues. The study also conducted an assessment of performance metrics and acknowledged inherent limitations. The principal objective of this research is to contribute comprehensive knowledge concerning various authentication techniques and schemes across different domains of IoT. The exploration of authentication methods in IoT technology revealed numerous advantages, particularly in security and reliability, performance efficiency, privacy protection, mutual authentication, flexibility and scalability, real-time monitoring, decentralization and fairness, and availability of source code. These advantages highlight the transformative potential of IoT in enhancing security and privacy across diverse applications, spanning healthcare, industrial management, urban living, and communication purposes. However, it is imperative to recognize the limitations and challenges associated with IoT authentication. These challenges include congestion in data communication traffic, integration and compatibility issues, computational complexity, impacts on quality of service, and implementation challenges. It is imperative to tackle these obstacles in order to promote the broad use of resilient authentication systems in the Internet of Things context. In order to facilitate the widespread and successful adoption of secure authentication methods in the IoT environment, future research enhancements should focus on addressing these obstacles. This helps to seamlessly integrate IoT technology into many aspects of our daily lives, while also improving the general security and privacy of IoT applications.

Author Contributions

Conceptualization, N.H.K. and F.M.A.; methodology, N.H.S.S., M.N.A.K. and F.M.A.; formal analysis, N.H.K.; resources, N.H.S.S. and M.N.A.K.; writing—original draft preparation, N.H.K. and F.A.N.R.; writing—review and editing, N.H.S.S., M.N.A.K. and F.M.A.; results and discussion, N.H.K. and F.A.N.R.; supervision, N.H.K. and F.M.A. All authors have read and agreed to the published version of the manuscript.

Funding

The authors are thankful to the Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia for the grant GGPM-2023-070 for this research.

Data Availability Statement

Publicly available datasets were analyzed in this study. This data can be found here: https://www.mdpi.com/ (accessed on 8 December 2023); https://ieeexplore.ieee.org/Xplore/home.jsp (accessed on 8 December 2023); https://www.webofscience.com/wos/ (accessed on 8 December 2023); https://www.sciencedirect.com (accessed on 10 December 2023); https://link.springer.com (accessed on 9 December 2023); https://dl.acm.org/ (accessed on 9 December 2023); https://onlinelibrary.wiley.com (accessed on 11 December 2023).

Acknowledgments

This research work received support from the Ministry of Higher Education (MOHE) and FTSM, University Kebangsaan Malaysia (UKM). The authors extend their sincere gratitude for the generous support and provision of adequate facilities throughout the course of this research.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. El-hajj, M.; Chamoun, M.; Fadlallah, A.; Serhrouchni, A. Analysis of authentication techniques in Internet of Things (IoT). In Proceedings of the 2017 1st Cyber Security in Networking Conference (CSNet), Rio de Janeiro, Brazil, 18–20 October 2017; pp. 1–3. [Google Scholar] [CrossRef]
  2. El-hajj, M.; Chamoun, M.; Fadlallah, A.; Serhrouchni, A. Taxonomy of authentication techniques in Internet of Things (IoT). In Proceedings of the 2017 IEEE 15th Student Conference on Research and Development (SCOReD), Putrajaya, Malaysia, 13–14 December 2017; pp. 67–71. [Google Scholar] [CrossRef]
  3. Atzori, L.; Iera, A.; Morabito, G. The Internet of Things: A survey. Comput. Netw. 2010, 54, 2787–2805. [Google Scholar] [CrossRef]
  4. Maresch, D.; Gartner, J. Make disruptive technological change happen-The case of additive manufacturing. Technol. Forecast. Soc. Chang. 2020, 155, 119216. [Google Scholar] [CrossRef]
  5. Ahmed, M.E.; Kim, H. DDoS Attack Mitigation in Internet of Things Using Software Defined Networking. In Proceedings of the 2017 IEEE Third International Conference on Big Data Computing Service and Applications (BigDataService), Redwood City, CA, USA, 6–9 April 2017; pp. 271–276. [Google Scholar] [CrossRef]
  6. Liu, Y.; Hao, X.; Ren, W.; Xiong, R.; Zhu, T.; Choo, K.-K.R.; Min, G. A Blockchain-Based Decentralized, Fair and Authenticated Information Sharing Scheme in Zero Trust Internet-of-Things. IEEE Trans. Comput. 2023, 72, 501–512. [Google Scholar] [CrossRef]
  7. Tanveer, M.; Badshah, A.; Khan, A.U.; Alasmary, H.; Chaudhry, S.A. CMAF-IIoT: Chaotic map-based authentication framework for Industrial Internet of Things. Internet Things 2023, 23, 100902. [Google Scholar] [CrossRef]
  8. Ali, F.M.; Yunus, N.A.M.; Mohamed, N.N.; Daud, M.M.; Sundararajan, E.A. A Systematic Mapping: Exploring Internet of Everything Technologies and Innovations. Symmetry 2023, 15, 1964. [Google Scholar] [CrossRef]
  9. Zhang, Y.; He, D.; Vijayakumar, P.; Luo, M.; Huang, X. SAPFS: An Efficient Symmetric-Key Authentication Key Agreement Scheme with Perfect Forward Secrecy for Industrial Internet of Things. IEEE Internet Things J. 2023, 10, 9716–9726. [Google Scholar] [CrossRef]
  10. Saad, M.H.M.; Akmar, M.H.S.; Ahmad, A.S.S.; Habib, K.; Hussain, A.; Ayob, A. Design, Development Evaluation of A Lightweight IoT Platform for Engineering Scientific Applications. In Proceedings of the 2021 IEEE 12th Control and System Graduate Research Colloquium, ICSGRC 2021-Proceedings, Shah Alam, Malaysia, 7 August 2021; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2021; pp. 271–276. [Google Scholar] [CrossRef]
  11. Rangwani, D.; Om, H. 4F-MAKA: Four-factor mutual authentication and key agreement protocol for internet of things. Peer-Peer Netw. Appl. 2023, 16, 35–56. [Google Scholar] [CrossRef]
  12. El-Meniawy, N.; Rizk, M.R.M.; Ahmed, M.A.; Saleh, M. An Authentication Protocol for the Medical Internet of Things. Symmetry 2022, 14, 1483. [Google Scholar] [CrossRef]
  13. Mao, W.; Jiang, P.; Zhu, L. BTAA: Blockchain and TEE-Assisted Authentication for IoT Systems. IEEE Internet Things J. 2023, 10, 12603–12615. [Google Scholar] [CrossRef]
  14. Bułat, R.; Ogiela, M.R. Personalized Context-Aware Authentication Protocols in IoT. Appl. Sci. 2023, 13, 4216. [Google Scholar] [CrossRef]
  15. Singh, B.; Lal, R.; Singla, S. A Secure Authentication mechanism for accessing IoT devices through Mobile App. In Proceedings of the 2022 International Conference on Computational Modelling, Simulation and Optimization, ICCMSO 2022, Pathum Thani, Thailand, 23–25 December 2022; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2022; pp. 274–278. [Google Scholar] [CrossRef]
  16. Kamil, S.; Ayob, M.; Abdullah, S.N.H.S.; Ahmad, Z. Challenges in Multi-Layer Data Security for Video Steganography Revisited. Asia-Pacific J. Inf. Technol. Multimed. 2018, 7, 53–62. [Google Scholar] [CrossRef]
  17. Devi, A.; Kumar, A.; Rathee, G.; Saini, H. User authentication of industrial internet of things (IIoT) through Blockchain. Multimed. Tools Appl. 2022, 82, 19021–19039. [Google Scholar] [CrossRef]
  18. Alsaeed, N.; Nadeem, F. A Framework for Blockchain and Fogging-based Efficient Authentication in Internet of Things. In Proceedings of the 2022 2nd International Conference on Computing and Information Technology (ICCIT), Tabuk, Saudi Arabia, 25–27 January 2022; pp. 409–417. [Google Scholar] [CrossRef]
  19. Khan, M.A.; Din, I.U.; Majali, T.; Kim, B.-S. A Survey of Authentication in Internet of Things-Enabled Healthcare Systems. Sensors 2022, 22, 9089. [Google Scholar] [CrossRef] [PubMed]
  20. Ahmed, W.K.; Mohammed, R.S. Lightweight Authentication Methods in IoT: Survey. In Proceedings of the 2022 International Conference on Computer Science and Software Engineering (CSASE), Duhok, Iraq, 14–17 March 2022; pp. 241–246. [Google Scholar] [CrossRef]
  21. Trnka, M.; Abdelfattah, A.S.; Shrestha, A.; Coffey, M.; Cerny, T. Systematic Review of Authentication and Authorization Advancements for the Internet of Things. Sensors 2022, 22, 1361. [Google Scholar] [CrossRef]
  22. Rao, P.M.; Deebak, B. A comprehensive survey on authentication and secure key management in internet of things: Challenges, countermeasures, and future directions. Ad Hoc Netw. 2023, 146, 103159. [Google Scholar] [CrossRef]
  23. Khalil, U.; Uddin, M.; Malik, O.A.; Hussain, S. A Blockchain Footprint for Authentication of IoT-Enabled Smart Devices in Smart Cities: State-of-the-Art Advancements, Challenges and Future Research Directions. IEEE Access 2022, 10, 76805–76823. [Google Scholar] [CrossRef]
  24. Salama, M.; Bahsoon, R.; Bencomo, N. Managing Trade-offs in Self-Adaptive Software Architectures. In Managing Trade-Offs in Adaptable Software Architectures; Elsevier: Amsterdam, The Netherlands, 2017; pp. 249–297. [Google Scholar] [CrossRef]
  25. Okoli, C. A Guide to Conducting a Standalone Systematic Literature Review Chitu Okoli. A Guide to Conducting a Standalone Systematic Literature Review. 2015. Available online: http://aisel.aisnet.org/cais (accessed on 8 December 2023).
  26. Kitchenham, B.; Brereton, O.P.; Budgen, D.; Turner, M.; Bailey, J.; Linkman, S. Systematic literature reviews in software engineering—A systematic literature review. Inf. Softw. Technol. 2009, 51, 7–15. [Google Scholar] [CrossRef]
  27. Ali, W.; Ahmed, A.A. An Authenticated Group Shared Key Mechanism Based on a Combiner for Hash Functions over the Industrial Internet of Things. Processes 2023, 11, 1558. [Google Scholar] [CrossRef]
  28. Tanveer, M.; Alkhayyat, A.; Khan, A.U.; Kumar, N.; Alharbi, A.G. REAP-IIoT: Resource-Efficient Authentication Protocol for the Industrial Internet of Things. IEEE Internet Things J. 2022, 9, 24453–24465. [Google Scholar] [CrossRef]
  29. Sharma, P.C.; Mahmood, R.; Raja, H.; Yadav, N.S.; Gupta, B.B.; Arya, V. Secure authentication and privacy-preserving blockchain for industrial internet of things. Comput. Electr. Eng. 2023, 108, 108703. [Google Scholar] [CrossRef]
  30. Xu, H.; Hsu, C.; Harn, L.; Cui, J.; Zhao, Z.; Zhang, Z. Three-Factor Anonymous Authentication and Key Agreement Based on Fuzzy Biological Extraction for Industrial Internet of Things. IEEE Trans. Serv. Comput. 2023, 16, 3000–3013. [Google Scholar] [CrossRef]
  31. Pu, L.; Lin, C.; Chen, B.; He, D. User-Friendly Public-Key Authenticated Encryption with Keyword Search for Industrial Internet of Things. IEEE Internet Things J. 2023, 10, 13544–13555. [Google Scholar] [CrossRef]
  32. Dohare, I.; Singh, K.; Ahmadian, A.; Mohan, S.; Praveen Kumar Reddy, M. Certificateless Aggregated Signcryption Scheme (CLASS) for Cloud-Fog Centric Industry 4.0. IEEE Trans. Ind. Inform. 2022, 18, 6349–6357. [Google Scholar] [CrossRef]
  33. Zhang, P.; Wang, Y.; Aujla, G.S.; Jindal, A.; Al-Otaibi, Y.D. A Blockchain-Based Authentication Scheme and Secure Architecture for IoT-Enabled Maritime Transportation Systems. IEEE Trans. Intell. Transp. Syst. 2023, 24, 2322–2331. [Google Scholar] [CrossRef]
  34. Liu, J.; Yang, J.; Wu, W.; Huang, X.; Xiang, Y. Lightweight Authentication Scheme for Data Dissemination in Cloud-Assisted Healthcare IoT. IEEE Trans. Comput. 2023, 72, 1384–1395. [Google Scholar] [CrossRef]
  35. Hasan, M.K.; Islam, S.; Sulaiman, R.; Khan, S.; Hashim, A.-H.A.; Habib, S.; Islam, M.; Alyahya, S.; Ahmed, M.M.; Kamil, S.; et al. Lightweight Encryption Technique to Enhance Medical Image Security on Internet of Medical Things Applications. IEEE Access 2021, 9, 47731–47742. [Google Scholar] [CrossRef]
  36. Mehbodniya, A.; Webber, J.L.; Neware, R.; Arslan, F.; Pamba, R.V.; Shabaz, M. Modified Lamport Merkle Digital Signature blockchain framework for authentication of Internet of Things healthcare data. Expert Syst. 2022, 39, e12978. [Google Scholar] [CrossRef]
  37. Vinoth, R.; Deborah, L.J.; Vijayakumar, P.; Gupta, B.B. An Anonymous Pre-Authentication and Post-Authentication Scheme Assisted by Cloud for Medical IoT Environments. IEEE Trans. Netw. Sci. Eng. 2022, 9, 3633–3642. [Google Scholar] [CrossRef]
  38. Das, S.; Namasudra, S. Lightweight and efficient privacy-preserving mutual authentication scheme to secure Internet of Things-based smart healthcare. Trans. Emerg. Telecommun. Technol. 2023, 34, e4716. [Google Scholar] [CrossRef]
  39. Deebak, B.D.; Memon, F.H.; Cheng, X.; Dev, K.; Hu, J.; Khowaja, S.A.; Qureshi, N.M.F.; Choi, K.H. Seamless privacy-preservation and authentication framework for IoT-enabled smart eHealth systems. Sustain. Cities Soc. 2022, 80, 103661. [Google Scholar] [CrossRef]
  40. Rana, A.; Rawat, A.S.; Afifi, A.; Singh, R.; Rashid, M.; Gehlot, A.; Akram, S.V.; Alshamrani, S.S. A Long-Range Internet of Things-Based Advanced Vehicle Pollution Monitoring System with Node Authentication and Blockchain. Appl. Sci. 2022, 12, 7547. [Google Scholar] [CrossRef]
  41. Lansky, J.; Sadrishojaei, M.; Rahmani, A.M.; Malik, M.H.; Kazemian, F.; Hosseinzadeh, M. Development of a Lightweight Centralized Authentication Mechanism for the Internet of Things Driven by Fog. Mathematics 2022, 10, 4166. [Google Scholar] [CrossRef]
  42. Gupta, B.B.; Gaurav, A.; Chui, K.T.; Hsu, C.-H. Identity-Based Authentication Technique for IoT Devices. In Proceedings of the Digest of Technical Papers-IEEE International Conference on Consumer Electronics, Las Vegas, NV, USA, 7–9 January 2022; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2022; pp. 1–4. [Google Scholar] [CrossRef]
  43. Tong, F.; Chen, X.; Wang, K.; Zhang, Y. CCAP: A Complete Cross-Domain Authentication Based on Blockchain for Internet of Things. IEEE Trans. Inf. Forensics Secur. 2022, 17, 3789–3800. [Google Scholar] [CrossRef]
  44. Chen, C.-M.; Li, X.; Liu, S.; Wu, M.-E.; Kumari, S. Enhanced Authentication Protocol for the Internet of Things Environment. Secur. Commun. Netw. 2022, 2022, 8543894. [Google Scholar] [CrossRef]
  45. Gong, X.; Feng, T. Lightweight Anonymous Authentication and Key Agreement Protocol Based on CoAP of Internet of Things. Sensors 2022, 22, 7191. [Google Scholar] [CrossRef]
  46. Jiang, L.; Cui, H. Private and Mutual Authentication Protocols for Internet of Things. Mathematics 2023, 11, 1929. [Google Scholar] [CrossRef]
  47. AlQahtani, A.A.S.; Alamleh, H.; Al Smadi, B. IoT Devices Proximity Authentication. In Ad Hoc Network Environment, Proceedings of the 2022 IEEE International IOT, Electronics and Mechatronics Conference, IEMTRONICS 2022, Toronto, ON, Canada, 1–4 June 2022; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2022; pp. 1–5. [Google Scholar] [CrossRef]
  48. Odyuo, N.; Lodh, S.; Walling, S. Multifactor Mutual Authentication of IoT Devices and Server. In Proceedings of the 5th International Conference on Smart Systems and Inventive Technology, ICSSIT 2023, Tirunelveli, India, 23–25 January 2023; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2023; pp. 391–396. [Google Scholar] [CrossRef]
  49. Liou, W.-C.; Lin, T. T-Auth: A Novel Authentication Mechanism for the IoT Based on Smart Contracts and PUFs. In Proceedings of the 2021 IEEE International Conference on Communications Workshops (ICC Workshops), Montreal, QC, Canada, 14–23 June 2021; pp. 1–6. [Google Scholar] [CrossRef]
  50. Alzahrani, B.A.; Mahmood, K. Provable Privacy Preserving Authentication Solution for Internet of Things Environment. IEEE Access 2021, 9, 82857–82865. [Google Scholar] [CrossRef]
  51. Saqib, M.; Jasra, B.; Moon, A.H. A lightweight three factor authentication framework for IoT based critical applications. J. King Saud Univ. Comput. Inf. Sci. 2021, 34, 6925–6937. [Google Scholar] [CrossRef]
  52. Guo, Y.; Guo, Y. CS-LAKA: A lightweight authenticated key agreement protocol with critical security properties for IoT environments. IEEE Trans. Serv. Comput. 2023, 16, 4102–4114. [Google Scholar] [CrossRef]
  53. Nezhad, M.A.; Barati, H.; Barati, A. An Authentication-Based Secure Data Aggregation Method in Internet of Things. J. Grid Comput. 2022, 20, 1–28. [Google Scholar] [CrossRef]
  54. Siddiqui, Z.; Gao, J.; Khan, M.K. An Improved Lightweight PUF–PKI Digital Certificate Authentication Scheme for the Internet of Things. IEEE Internet Things J. 2022, 9, 19744–19756. [Google Scholar] [CrossRef]
  55. Rahimi, M.K.H.; Saad, M.H.M.; Juhari, A.H.M.; Sulaiman, M.K.A.M.; Hussain, A. A Secure Cloud Enabled Indoor Hydroponic System Via ThingsSentral IoT Platform. In Proceedings of the 2020 IEEE 8th Conference on Systems, Process and Control (ICSPC), Melaka, Malaysia, 11–12 December 2020; pp. 214–219. [Google Scholar] [CrossRef]
  56. Gonçalves, C.; Sousa, B.; Vukovic, M.; Kusek, M. A federated authentication and authorization approach for IoT farming. Internet Things 2023, 22, 100785. [Google Scholar] [CrossRef]
  57. Hu, B.; Tang, W.; Xie, Q. A two-factor security authentication scheme for wireless sensor networks in IoT environments. Neurocomputing 2022, 500, 741–749. [Google Scholar] [CrossRef]
  58. Wu, Y.; Jing, T.; Gao, Q.; Wu, Y.; Huo, Y. Game-theoretic physical layer authentication for spoofing detection in internet of things. Digit. Commun. Netw. 2023. [Google Scholar] [CrossRef]
  59. Malik, M.; Kamaldeep, K.; Dutta, M.; Granjal, J. L-ECQV: Lightweight ECQV Implicit Certificates for Authentication in the Internet of Things. IEEE Access 2023, 11, 35517–35540. [Google Scholar] [CrossRef]
  60. Leng, Y.; Zhang, R.; Wen, W.; Wu, P.; Xia, M. Physical-layer Authentication with Watermarked Preamble for Internet of Things. In Proceedings of the International Conference on Wireless and Mobile Computing, Networking and Communications, IEEE Computer Society, Montreal, QC, Canada, 21–23 June 2023; pp. 212–217. [Google Scholar] [CrossRef]
  61. Chanal, P.M.; Kakkasageri, M.S. Random Forest Algorithm based Device Authentication in IoT. In Proceedings of the CONECCT 2023-9th International Conference on Electronics, Computing and Communication Technologies, Bangalore, India, 14–16 July 2023; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2023. [Google Scholar] [CrossRef]
  62. Yuan, S.; Phan-Huynh, R. A Lightweight Hash-Chain-Based Multi-Node Mutual Authentication Algorithm for IoT Networks. In Proceedings of the 2022 IEEE Future Networks World Forum, FNWF 2022, Montreal, QC, Canada, 10–14 October 2022; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2022; pp. 72–74. [Google Scholar] [CrossRef]
  63. Shilpa, V.; Vidya, A.; Pattar, S. MQTT based Secure Transport Layer Communication for Mutual Authentication in IoT Network. Glob. Transit. Proc. 2022, 3, 60–66. [Google Scholar] [CrossRef]
  64. Goswami, H.; Choudhury, H. Remote Registration and Group Authentication of IoT Devices in 5G Cellular Network. Comput. Secur. 2022, 120, 102806. [Google Scholar] [CrossRef]
  65. Alshawish, I.; Al-Haj, A. An efficient mutual authentication scheme for IoT systems. J. Supercomput. 2022, 78, 16056–16087. [Google Scholar] [CrossRef]
  66. Ghasemi, F.; Babaie, S. A lightweight secure authentication approach based on stream ciphering for RFID-based Internet of Things. Comput. Electr. Eng. 2022, 102, 108288. [Google Scholar] [CrossRef]
  67. Pahlevi, R.R.; Suryani, V.; Nuha, H.H.; Yasirandi, R. Secure Two-Factor Authentication for IoT Device. In Proceedings of the 2022 10th International Conference on Information and Communication Technology (ICoICT), Bandung, Indonesia, 2–3 August 2022; pp. 407–412. [Google Scholar] [CrossRef]
  68. Rostampour, S.; Bagheri, N.; Bendavid, Y.; Safkhani, M.; Kumari, S.; Rodrigues, J.J.P.C. An Authentication Protocol for Next Generation of Constrained IoT Systems. IEEE Internet Things J. 2022, 9, 21493–21504. [Google Scholar] [CrossRef]
  69. Annadurai, C.; Nelson, I.; Devi, K.N.; Manikandan, R.; Jhanjhi, N.Z.; Masud, M.; Sheikh, A. Biometric Authentication-Based Intrusion Detection Using Artificial Intelligence Internet of Things in Smart City. Energies 2022, 15, 7430. [Google Scholar] [CrossRef]
  70. Chen, F.; Xiao, Z.; Xiang, T.; Fan, J.; Truong, H.-L. A Full Lifecycle Authentication Scheme for Large-Scale Smart IoT Applications. IEEE Trans. Dependable Secur. Comput. 2023, 20, 2221–2237. [Google Scholar] [CrossRef]
  71. Gong, B.; Zheng, G.; Waqas, M.; Tu, S.; Chen, S. LCDMA: Lightweight Cross-Domain Mutual Identity Authentication Scheme for Internet of Things. IEEE Internet Things J. 2023, 10, 12590–12602. [Google Scholar] [CrossRef]
  72. Wazzeh, M.; Ould-Slimane, H.; Talhi, C.; Mourad, A.; Guizani, M. Privacy-Preserving Continuous Authentication for Mobile and IoT Systems Using Warmup-Based Federated Learning. IEEE Netw. 2022, 37, 224–230. [Google Scholar] [CrossRef]
  73. Amanlou, S.; Hasan, M.K.; Abu Bakar, K.A. Lightweight and secure authentication scheme for IoT network based on publish–subscribe fog computing model. Comput. Netw. 2021, 199, 108465. [Google Scholar] [CrossRef]
  74. Singh, R.; Sturley, S.; Tewari, H. Blockchain-Enabled Chebyshev Polynomial-Based Group Authentication for Secure Communication in an Internet of Things Network. Future Internet 2023, 15, 96. [Google Scholar] [CrossRef]
  75. Ismail, S.; Dawoud, D.; Reza, H. Towards A Lightweight Identity Management and Secure Authentication for IoT Using Blockchain. In Proceedings of the 2022 IEEE World AI IoT Congress (AIIoT), Seattle, WA, USA, 6–9 June 2022; pp. 77–83. [Google Scholar] [CrossRef]
  76. Jin, C.; Yang, Z.; Xiang, T.; Adepu, S.; Zhou, J. HMACCE: Establishing Authenticated and Confidential Channel from Historical Data for Industrial Internet of Things. IEEE Trans. Inf. Forensics Secur. 2023, 18, 1080–1094. [Google Scholar] [CrossRef]
  77. Sivaselvan, N.; Bhat, K.V.; Rajarajan, M.; Das, A.K.; Rodrigues, J.J.P.C. SUACC-IoT: Secure unified authentication and access control system based on capability for IoT. Clust. Comput. 2022, 26, 2409–2428. [Google Scholar] [CrossRef]
  78. Anaam, E.; Hasan, M.K.; Ghazal, T.M.; Haw, S.-C.; Alzoubi, H.M.; Alshurideh, M.T. How Private Blockchain Technology Secure IoT Data Record. In Proceedings of the 2023 IEEE 2nd International Conference on AI in Cybersecurity, ICAIC 2023, Houston, TX, USA, 7–9 February 2023; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2023. [Google Scholar] [CrossRef]
  79. Al Ahmed, M.T.; Hashim, F.; Hashim, S.J.; Abdullah, A. Hierarchical blockchain structure for node authentication in IoT networks. Egypt. Inform. J. 2022, 23, 345–361. [Google Scholar] [CrossRef]
  80. Khashan, O.A.; Khafajah, N.M. Efficient hybrid centralized and blockchain-based authentication architecture for heterogeneous IoT systems. J. King Saud Univ. Comput. Inf. Sci. 2023, 35, 726–739. [Google Scholar] [CrossRef]
  81. Al Ahmed, M.T.; Hashim, F.; Hashim, S.J.; Abdullah, A. Authentication-Chains: Blockchain-Inspired Lightweight Authentication Protocol for IoT Networks. Electronics 2023, 12, 867. [Google Scholar] [CrossRef]
Symmetry 16 00171 g001
Figure 1. Criteria for classification of IoT authentication.
Figure 1. Criteria for classification of IoT authentication.
Symmetry 16 00171 g001
Symmetry 16 00171 g002
Figure 2. Systematic mapping process.
Figure 2. Systematic mapping process.
Symmetry 16 00171 g002
Symmetry 16 00171 g003
Figure 3. Distribution of selected primary studies by year.
Figure 3. Distribution of selected primary studies by year.
Symmetry 16 00171 g003
Symmetry 16 00171 g004
Figure 4. Publication channels.
Figure 4. Publication channels.
Symmetry 16 00171 g004
Symmetry 16 00171 g005
Figure 5. Authentication in the Internet of Things across diverse domains.
Figure 5. Authentication in the Internet of Things across diverse domains.
Symmetry 16 00171 g005
Symmetry 16 00171 g006
Figure 6. Focused problems in IoT authentication. The top 5 most focused problems, including resisting/detecting cyberattacks, hardware/software integration, privacy and reliability of IoT communication, dealing with computational constraints, and distributed/multi-owned devices, were prominent in IoT authentication. Nevertheless, several niche-focused problems required further investigation within the domain of IoT authentication (such as proximity-based limitation, false-positive identification, blockchain encumberment, and resource-friendly security).
Figure 6. Focused problems in IoT authentication. The top 5 most focused problems, including resisting/detecting cyberattacks, hardware/software integration, privacy and reliability of IoT communication, dealing with computational constraints, and distributed/multi-owned devices, were prominent in IoT authentication. Nevertheless, several niche-focused problems required further investigation within the domain of IoT authentication (such as proximity-based limitation, false-positive identification, blockchain encumberment, and resource-friendly security).
Symmetry 16 00171 g006
Symmetry 16 00171 g007
Figure 7. Comprehensive analysis of contributions of authentication trends in IoT.
Figure 7. Comprehensive analysis of contributions of authentication trends in IoT.
Symmetry 16 00171 g007
Symmetry 16 00171 g008
Figure 8. The output of the reviewed paper based on years for different performance measures: (1) computational costs, (2) communication costs, (3) time consumption, (4) storage costs, (5) accurateness, (6) energy requirements, (7) usability, (8) throughput rates, (9) variable size, (10) falseness rates.
Figure 8. The output of the reviewed paper based on years for different performance measures: (1) computational costs, (2) communication costs, (3) time consumption, (4) storage costs, (5) accurateness, (6) energy requirements, (7) usability, (8) throughput rates, (9) variable size, (10) falseness rates.
Symmetry 16 00171 g008
Symmetry 16 00171 g009
Figure 9. Advantages of authentication in IoT.
Figure 9. Advantages of authentication in IoT.
Symmetry 16 00171 g009
Symmetry 16 00171 g010
Figure 10. Distribution of common limitations across IoT authentication studies.
Figure 10. Distribution of common limitations across IoT authentication studies.
Symmetry 16 00171 g010
Symmetry 16 00171 g011
Figure 11. Future directions based on common themes.
Figure 11. Future directions based on common themes.
Symmetry 16 00171 g011
Table 1. Research Questions.
Table 1. Research Questions.
RQ No.Research QuestionMotivation
RQ1What are the demographics of the primary studies?To identify the distribution of primary studies based on their type, publication year, and venue.
RQ2In which domains have authentication in IoT been extensively applied?To highlight the domains where authentication in IoT has been extensively applied.
RQ3What kinds of problems are present in IoT authentication?To recognize the types of problems within IoT authentication.
RQ4What is the contribution of authentication in IoT systems?To synthesize research endeavors, emphasizing common themes in research contributions.
RQ5Which performance metrics are most commonly utilized?To identify the frequently utilized performance metrics specific to authentication in IoT.
RQ6What are the advantages of each type of authentication in IoT?To emphasize the advantages offered by existing models for IoT’s authentication and security.
RQ7What are the authentication challenges in IoT environments?To highlight the limitations in research works focused on authentication in IoT.
RQ8How can advancements in IoT authentication address the collective challenges in the IoT authentication environment?To identify the trends and directions in IoT authentication.
Table 2. Electronic databases.
Table 2. Electronic databases.
Database NameLink
MDPIhttps://www.mdpi.com/ (accessed on 8 December 2023)
IEEE Xplorehttps://ieeexplore.ieee.org/Xplore/home.jsp (accessed on 8 December 2023)
Web of Sciencehttps://www.webofscience.com/wos/ (accessed on 8 December 2023)
Science Directhttps://www.sciencedirect.com (accessed on 10 December 2023)
SpringerLinkhttps://link.springer.com (accessed on 9 December 2023)
ACM Digital Libraryhttps://dl.acm.org/ (accessed on 9 December 2023)
Wileyhttps://onlinelibrary.wiley.com (accessed on 11 December 2023)
Table 3. Criteria for inclusion and exclusion in article screening.
Table 3. Criteria for inclusion and exclusion in article screening.
Inclusion Criteria
IC1Articles published from 2020 to 2023
IC2Articles focusing on authentication in IoT and the respective domains utilized
IC3Peer-reviewed articles
IC4Articles are written in English
IC5Inclusion of the most recent article where multiple studies address the same theme.
Exclusion Criteria
EC1Articles that do not meet the inclusion criteria
EC2Research conducted in languages other than English
EC3Articles with no validation of the proposed techniques
EC4Articles using keywords without sufficient information
EC5Articles presenting ambiguous or unclear results
Table 4. Top ten featured publications.
Table 4. Top ten featured publications.
TitleNo. of Papers
IEEE Internet of Things Journal7
IEEE Access3
Sensors3
Internet of Things2
Journal of King Saud University—Computer and Information Sciences2
Mathematics2
IEEE Transactions on Services Computing2
Computers and Security1
Computer Networks1
Table 5. Analysis of authentication in IoT domains.
Table 5. Analysis of authentication in IoT domains.
DomainReferencesAuthentication in IoTNumber of Papers
Industrial[7,8,16,26,27,28,29,30,31,32]Authorization in industrial settings: preventing unauthorized access, protecting data, and maintaining the reliability and safety of critical industrial processes.10
Healthcare[11,33,34,35,36,37,38]Safeguard the privacy and security of healthcare ecosystems: biometric authentication, secure login credentials, two-factor authentication, encryption, and compliance with healthcare regulations.7
Cloud and Fog[9,14,39,40,41]Cloud and fog identity verification: secured access to cloud services and fog computing nodes.5
Blockchain[6,13,42,43,44,45,46,47,48,49,50,51]Blockchain facilitation: secure authentication through decentralized identity, smart contracts, and cryptographic measures.8
Communication[10,13,42,43,44,45,46,47,48,49,50,51,52,53]Data transmission and information sharing: development of secure communication protocols, encryption techniques, authentication methods.16
Farming[54,55,56]Farming IoT systems: ongoing security and performance of devices involve continuous surveillance of device behaviour, network traffic, and data interactions.2
Networks[56,57,58,59,60,61,62,63,64]Advanced protocols and encryption for trusted connections: emphasizes high-security measures to protect against unauthorized access and data breaches and ensure the integrity of communications.8
RFID[64,65,66,67]Verification of RFID tags: authenticate and authorize RFID devices in supply chain management, access control, and asset tracking.4
Smart IoT[64,68,69]Identity verification of connected IoT devices: secure communication and preventing malicious activities.3
Table 6. Problem statements that outlined the proportion of the prevalent problems in the domain of authentication in the Internet of Things.
Table 6. Problem statements that outlined the proportion of the prevalent problems in the domain of authentication in the Internet of Things.
Prevalent ProblemsReferencesNumber of References% Reference (Approximately)
Resisting/detecting cyberattacks[14,15,28,37,41,47,52,53,57,65,66,68]1218%
Real-world hardware/software integration[11,32,34,35,37,39,48,54,75,76]1117%
Privacy and reliability of IoT communication[10,30,32,33,50,52,53,65,71,77]1015%
Dealing with computational constraints[7,44,55,59,61,64,65,67,70]914%
Distributed or multi-owned devices[9,16,26,29,31,44,73]711%
Wireless communication[49,51,56,57,62]58%
Identity-based protocol[43,60,70,74]46%
Cross-domain protocol[12,42,69,70]46%
Internet-enabled smart devices[9,27,60]35%
Mutual protection protocol[45,70]23%
Flawed centralization[78,79]23%
Multi-layered architecture[8,69]23%
Proximity-based limitation[36]12%
False-positive identification[13]12%
Blockchain encumberment[80]12%
Resource-friendly security[58]12%
Table 7. Research clustering on contribution trends in IoT authentication.
Table 7. Research clustering on contribution trends in IoT authentication.
DomainResearch Clustering on Contribution Trends
Lightweight CryptographyBlockchain IntegrationPrivacy-Preserving ApproachesEfficient EncryptionNovel Security Mechanisms
Industrial[7,28,30][29,33][27,30][17,31][32,33]
Healthcare[12,34,35][39][38,39][17][36,39]
Cloud and Fog[40,42][40]--[10,15,41]
Blockchain[78][79][43] [6,43,80,81]
Communication[11][6][53][43][14,28,44,45,47,48,49,50,51,52,77]
Farming--[55,56][56][55,56]
Network[58,59,60][61,62][63][64][57]
RFID[68][65][67][66]-
Smart IoT[69]---[65,70]
Mobile[71,72]-[72]-[71,72]
No. of Papers17911729
Table 8. Summary of the performance metrics used in the reviewed papers.
Table 8. Summary of the performance metrics used in the reviewed papers.
Performance MetricsReferencesNo of Papers
Computational Costs[6,7,8,11,12,26,27,29,30,31,32,33,34,36,38,39,42,44,45,47,50,51,56,60,61,64,67,68,69,70,72,76,79,80]34
Communication Costs[7,8,9,10,12,13,27,28,29,30,32,33,36,38,39,42,43,44,47,49,51,52,61,64,65,67,69,70,72,75,76]31
Time Consumption[6,11,16,28,30,31,33,34,39,41,43,44,45,52,53,58,60,61,72,73,79,80]22
Storage Costs[7,8,9,10,26,27,28,29,31,36,40,42,58,65,69,76]16
Accurateness[14,16,34,46,59,60,68,71,74]9
Energy Requirement[9,10,26,42,52,58,72,79]8
Usability[46,48,50,51,66,74,76]7
Throughput Rate[16,29,32,38,52]5
Variable Size[15,33,58,72]4
Falseness Rate[57,65,66,74]4
Table 9. Analysis of advantages of authentication in IoT.
Table 9. Analysis of advantages of authentication in IoT.
AdvantagesNumber of PapersReferences
Security and Reliability41[7,8,10,11,13,14,26,27,28,29,30,31,33,34,35,37,39,41,42,43,44,48,49,50,53,54,56,57,62,63,65,66,67,68,69,73,74,75,76,78,79]
Performance Efficiency31[6,7,10,26,27,29,30,33,34,35,36,37,38,40,43,49,51,52,53,56,58,60,61,62,63,65,67,70,72,78,79]
Decentralization and Fairness3[6,39,80]
Privacy Protection13[6,11,16,27,31,33,34,42,45,53,58,71,75]
Real-time Monitoring3[11,39,54]
Mutual Authentication8[8,11,14,16,60,64,69,79]
Flexibility and Scalability7[8,9,26,28,40,52,58]
Source Code Availability2[67,69]
Table 10. Similar limitation in IoT authentication.
Table 10. Similar limitation in IoT authentication.
Limitation CategoriesCommon LimitationReferencesPercentage
Integration and CompatibilityCompatibility with existing IoT systems and legacy devices[7,11]4%
Computational ComplexityHigh computational complexity[6,10,13,26,46,54,68]28%
QoS Impacting AuthenticationMinimal Quality of Service (QoS) impacting authentication reliability[38,65]4%
Low EfficiencyLow efficiency caused by using low-cost sensors[39,44]4%
Security and PrivacyLack of comprehensive analysis of security and privacy issues[30,53,68]12%
Scalability IssuesImpact of network scale[42,73]8%
High Storage OverheadPotential high storage overhead associated with the proposed authentication mechanism[40]4%
Lack of Performance AnalysisLack of specific evaluation[28,43]8%
Authentication and Leakage ResilienceLack of comprehensive analysis of attacks and vulnerabilities[71,75]8%
Implementation ChallengesLack of comprehensive evaluation in real-world IoT deployments[12,72]8%
Resource-Intensive OperationsHigh power/energy consumption, computation overheads[40,41,47,54,60]12%
Network AvailabilityDependency on a predetermined route, impact of network scale, dynamic network conditions[46,52,63,76]8%
Attacks for RobustnessLack of comprehensive analysis of attacks and vulnerabilities[64,73]8%
OthersStandardized IoT networks, decisional Diffie-Hellman assumption, trusted Key Generation Center[32,58,79]8%
Table 11. Future directions for authentication in IoT.
Table 11. Future directions for authentication in IoT.
Future Trends and DirectionsCommon ResearchReferences
Security Enhancement and Efficiency Optimization[10,12,26,30,38,52,53,71,74,75,79]11
Real-World Implementation and Assessment[6,9,13,31,48,55,66,68,73]9
Scalability and Reliability[11,12,33,50,54,72,73]7
Blockchain Integration and Security Issues[13,16,30,64,71,72,74]7
AI Integration and Advanced Computing Technologies[14,50,76,79]4
Privacy and Access Control[11,16,31,60]4
Communication Efficiency and IoT Optimization[9,14,43,54,55]5
Multifactor Authentication and Standardization[53,58,69]3
Cross-Domain Authentication and Interoperability[12,74]2
Decentralization and Edge Computing[9,72,76]3
Efficiency in Authentication Protocols[28,36,44,60,75]5
Diverse Domain Applications[31,54,58,65,68]5
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Kamarudin, N.H.; Suhaimi, N.H.S.; Nor Rashid, F.A.; Khalid, M.N.A.; Mohd Ali, F. Exploring Authentication Paradigms in the Internet of Things: A Comprehensive Scoping Review. Symmetry 2024, 16, 171. https://doi.org/10.3390/sym16020171

AMA Style

Kamarudin NH, Suhaimi NHS, Nor Rashid FA, Khalid MNA, Mohd Ali F. Exploring Authentication Paradigms in the Internet of Things: A Comprehensive Scoping Review. Symmetry. 2024; 16(2):171. https://doi.org/10.3390/sym16020171

Chicago/Turabian Style

Kamarudin, Nazhatul Hafizah, Nur Hanis Sabrina Suhaimi, Fadilla Atyka Nor Rashid, Mohd Nor Akmal Khalid, and Fazlina Mohd Ali. 2024. "Exploring Authentication Paradigms in the Internet of Things: A Comprehensive Scoping Review" Symmetry 16, no. 2: 171. https://doi.org/10.3390/sym16020171

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop