The Internet of Things (IoT) is composed of a large number of miniaturized devices interconnected through the Internet. These devices, equipped with sensing, computing, and communication capabilities, can be used to remotely control the environment or the monitored infrastructure. However, IoT devices usually only have limited resources, and thus designing a lightweight security authentication protocol for them is a challenge. This article proposes an identity authentication protocol between embedded devices and server. The protocol uses the elliptic curve encryption algorithm and realizes the anonymity of the device by hashing their IDs and prevents the server from replay attacks by adding security attributes timestamp. We prove the security of the protocol and its resistance to security attacks and also formally verify it using the AVISPA tool. In addition, through experimental comparison with existing protocols, we demonstrate the performance superiority of the proposed protocol.

• Institution
  南昌大学