A Decentralized Multi-Factor User Authentication Scheme For The Internet Of Things System

User authentication is an essential part of communication in an Internet of Things (IoT) environment. For example, it is necessary for a smart home to utilize user authentication as a security measure against various attacks. However, the limitations of IoT devices have led to computation cost challenges and the need for a lightweight authentication scheme. The existing solutions have implemented centralized user authentication, leaving it with the limitation of attacks such as impersonation, man-in-themiddle
(MITM), password guessing attacks, and high computation costs. Hence, this study proposed a decentralized multi-factor (i.e., face image, user device ID, and e-mail authentication link) user authentication scheme. An enhanced PRESENT encryption and
an Elliptic-Curve Cryptography algorithm were adapted to achieve a lightweight authentication scheme, a necessity of the resource-constraint devices. The result shows that the enhanced PRESENT outperformed the original, particularly in terms of the security and computation cost. Besides, the Mann-Whitney U test statistically shows a significant difference in security and computation cost between the two algorithms. When evaluated with BAN-Logic, ProVerif, and AVISPA, PRESENT is secured against known attacks
such as MITM, password guessing, privilege insider, and impersonation attacks. Through the security and performance (i.e., computation cost) analyses, it is concluded that the proposed user authentication scheme is more secure against potential attacks and obtains lower computation costs for the IoT environment. Moreover, a Python-based application was developed to examine the proposed user authentication scheme in a real-life architecture where it was found that the solution can successfully authenticate authorized users and reject any unauthorized access request with an adequate security protection level and an acceptable computation cost. For example, the achievement of a computation cost of 0.58%, 1.68%, and 0.87% on a smartphone, Raspberry PI, and laptop, respectively. This study shows that an authentication scheme's design and implementation approach determine the security and computation cost performance. The approach of face
authentication as presented in this study provides a solution to unauthorized access in an IoT environment while maintaining a lightweight approach. A theoretical contribution was made by designing a decentralized multi-factor user authentication scheme, which eliminated the security challenges and computation cost limitations faced by the existing schemes.