{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T04:47:33Z","timestamp":1769748453714,"version":"3.49.0"},"reference-count":52,"publisher":"MDPI AG","issue":"18","license":[{"start":{"date-parts":[[2022,9,19]],"date-time":"2022-09-19T00:00:00Z","timestamp":1663545600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"National Research Foundation of Korea (NRF)","award":["2020R1I1A3058605"],"award-info":[{"award-number":["2020R1I1A3058605"]}]},{"name":"National Research Foundation of Korea (NRF)","award":["20ZR1300"],"award-info":[{"award-number":["20ZR1300"]}]},{"DOI":"10.13039\/501100003725","name":"Ministry of Education","doi-asserted-by":"publisher","award":["2020R1I1A3058605"],"award-info":[{"award-number":["2020R1I1A3058605"]}],"id":[{"id":"10.13039\/501100003725","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100003725","name":"Ministry of Education","doi-asserted-by":"publisher","award":["20ZR1300"],"award-info":[{"award-number":["20ZR1300"]}],"id":[{"id":"10.13039\/501100003725","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Electronics and Telecommunications Research Institute (ETRI)","award":["2020R1I1A3058605"],"award-info":[{"award-number":["2020R1I1A3058605"]}]},{"name":"Electronics and Telecommunications Research Institute (ETRI)","award":["20ZR1300"],"award-info":[{"award-number":["20ZR1300"]}]},{"DOI":"10.13039\/501100003696","name":"Korean Government","doi-asserted-by":"publisher","award":["2020R1I1A3058605"],"award-info":[{"award-number":["2020R1I1A3058605"]}],"id":[{"id":"10.13039\/501100003696","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100003696","name":"Korean Government","doi-asserted-by":"publisher","award":["20ZR1300"],"award-info":[{"award-number":["20ZR1300"]}],"id":[{"id":"10.13039\/501100003696","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>In IoT-based environments, smart services can be provided to users under various environments, such as smart homes, smart factories, smart cities, smart transportation, and healthcare, by utilizing sensing devices. Nevertheless, a series of security problems may arise because of the nature of the wireless channel in the Wireless Sensor Network (WSN) for utilizing IoT services. Authentication and key agreements are essential elements for providing secure services in WSNs. Accordingly, two-factor and three-factor-based authentication protocol research is being actively conducted. However, IoT service users can be vulnerable to ID\/password pair guessing attacks by setting easy-to-remember identities and passwords. In addition, sensors and sensing devices deployed in IoT environments are vulnerable to capture attacks. To address this issue, in this paper, we analyze the protocols of Chunka et al., Amintoosi et al., and Hajian et al. and describe their security vulnerabilities. Moreover, this paper introduces PUF and honey list techniques with three-factor authentication to design protocols resistant to ID\/password pair guessing, brute-force, and capture attacks. Accordingly, we introduce PUFTAP-IoT, which can provide secure services in the IoT environment. To prove the security of PUFTAP-IoT, we perform formal analyses through Burrows Abadi Needham (BAN) logic, Real-Or-Random (ROR) model, and scyther simulation tools. In addition, we demonstrate the efficiency of the protocol compared with other authentication protocols in terms of security, computational cost, and communication cost, showing that it can provide secure services in IoT environments.<\/jats:p>","DOI":"10.3390\/s22187075","type":"journal-article","created":{"date-parts":[[2022,9,20]],"date-time":"2022-09-20T04:28:55Z","timestamp":1663648135000},"page":"7075","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":29,"title":["PUFTAP-IoT: PUF-Based Three-Factor Authentication Protocol in IoT Environment Focused on Sensing Devices"],"prefix":"10.3390","volume":"22","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8172-6182","authenticated-orcid":false,"given":"JoonYoung","family":"Lee","sequence":"first","affiliation":[{"name":"School of Electronic and Electrical Engineering, Kyungpook National University, Daegu 41566, Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8690-2125","authenticated-orcid":false,"given":"JiHyeon","family":"Oh","sequence":"additional","affiliation":[{"name":"School of Electronic and Electrical Engineering, Kyungpook National University, Daegu 41566, Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0014-1965","authenticated-orcid":false,"given":"DeokKyu","family":"Kwon","sequence":"additional","affiliation":[{"name":"School of Electronic and Electrical Engineering, Kyungpook National University, Daegu 41566, Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4891-818X","authenticated-orcid":false,"given":"MyeongHyun","family":"Kim","sequence":"additional","affiliation":[{"name":"School of Electronic and Electrical Engineering, Kyungpook National University, Daegu 41566, Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3245-781X","authenticated-orcid":false,"given":"SungJin","family":"Yu","sequence":"additional","affiliation":[{"name":"School of Electronic and Electrical Engineering, Kyungpook National University, Daegu 41566, Korea"},{"name":"Electronics and Telecommunications Research Institute, Daejeon 34129, Korea"}]},{"given":"Nam-Su","family":"Jho","sequence":"additional","affiliation":[{"name":"Electronics and Telecommunications Research Institute, Daejeon 34129, Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0406-6547","authenticated-orcid":false,"given":"Youngho","family":"Park","sequence":"additional","affiliation":[{"name":"School of Electronic and Electrical Engineering, Kyungpook National University, Daegu 41566, Korea"},{"name":"School of Electronics Engineering, Kyungpook National University, Daegu 41566, Korea"}]}],"member":"1968","published-online":{"date-parts":[[2022,9,19]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"10251","DOI":"10.1109\/JIOT.2019.2936884","article-title":"A key agreement scheme for smart homes using the secret mismatch problem","volume":"6","author":"Zhang","year":"2019","journal-title":"IEEE Internet Things J."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"192","DOI":"10.1016\/j.jnca.2015.09.008","article-title":"Applications of wireless sensor networks for urban areas: A survey","volume":"60","author":"Rashid","year":"2016","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"32","DOI":"10.1016\/j.compag.2007.05.007","article-title":"Regional and on-farm wireless sensor networks for agricultural systems in Eastern Washington","volume":"61","author":"Pierce","year":"2008","journal-title":"Comput. Electron. Agric."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"8804","DOI":"10.1109\/JIOT.2019.2923611","article-title":"AKM-IoV: Authenticated key management protocol in fog computing-based Internet of vehicles deployment","volume":"6","author":"Wazid","year":"2019","journal-title":"IEEE Internet Things J."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Kwon, D., Yu, S., Lee, J., Son, S., and Park, Y. (2021). WSN-SLAP: Secure and lightweight mutual authentication protocol for wireless sensor networks. Sensors, 21.","DOI":"10.3390\/s21030936"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"108463","DOI":"10.1016\/j.ress.2022.108463","article-title":"Analysis on cascading reliability of edge-assisted Internet of Things","volume":"223","author":"Fu","year":"2022","journal-title":"Reliab. Eng. Syst. Saf."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"1705","DOI":"10.1109\/JSEN.2021.3133912","article-title":"Cascade Failures Analysis of Internet of Things under Global\/Local Routing Mode","volume":"22","author":"Fu","year":"2021","journal-title":"IEEE Sensors J."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"1086","DOI":"10.1109\/TWC.2008.080128","article-title":"Two-factor user authentication in wireless sensor networks","volume":"8","author":"Das","year":"2009","journal-title":"IEEE Trans. Wirel. Commun."},{"key":"ref_9","first-page":"361","article-title":"An enhanced two-factor user authentication scheme in wireless sensor networks","volume":"10","author":"He","year":"2010","journal-title":"Ad Hoc Sensor Wirel. Netw."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Kumar, P., and Lee, H.J. (2011, January 20\u201322). Cryptanalysis on two user authentication protocols using smart card for wireless sensor networks. Proceedings of the Wireless Advanced, London, UK.","DOI":"10.1109\/WiAd.2011.5983262"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"96","DOI":"10.1016\/j.adhoc.2014.03.009","article-title":"A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion","volume":"20","author":"Brumen","year":"2014","journal-title":"Ad Hoc Netw."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"58","DOI":"10.1016\/j.adhoc.2015.05.020","article-title":"A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks","volume":"36","author":"Amin","year":"2016","journal-title":"Ad Hoc Netw."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"72","DOI":"10.1016\/j.jnca.2016.12.008","article-title":"An efficient authentication and key agreement scheme for multi-gateway wireless sensor networks in IoT deployment","volume":"81","author":"Wu","year":"2017","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"132","DOI":"10.1016\/j.cose.2019.06.002","article-title":"Anonymous authentication scheme for smart home environment with provable security","volume":"86","author":"Shuai","year":"2019","journal-title":"Comput. Secur."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"4938","DOI":"10.1109\/JSYST.2021.3127438","article-title":"A Robust Two-Factor User Authentication Scheme-Based ECC for Smart Home in IoT","volume":"16","author":"Zou","year":"2021","journal-title":"IEEE Syst. J."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"1361","DOI":"10.1007\/s11277-020-07926-7","article-title":"An efficient user authentication and session key agreement in wireless sensor network using smart card","volume":"117","author":"Chunka","year":"2021","journal-title":"Wirel. Pers. Commun."},{"key":"ref_17","first-page":"37","article-title":"Advanced password based authentication scheme for wireless sensor networks","volume":"20","author":"Kalra","year":"2015","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"107803","DOI":"10.1016\/j.compeleceng.2022.107803","article-title":"Slight: A lightweight authentication scheme for smart healthcare services","volume":"99","author":"Amintoosi","year":"2022","journal-title":"Comput. Elec. Eng."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1007\/s00530-013-0346-9","article-title":"Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks","volume":"21","author":"He","year":"2015","journal-title":"Multimedia Syst."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"195","DOI":"10.1007\/s00530-015-0476-3","article-title":"An improved and anonymous twofactor authentication protocol for health-care applications with wireless medical sensor networks","volume":"23","author":"Wu","year":"2017","journal-title":"Multimedia Syst."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1155\/2018\/8706940","article-title":"A secure and anonymous two-factor authentication protocol in multiserver environment","volume":"2018","author":"Wang","year":"2018","journal-title":"Secur. Commun. Netw."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1016\/j.comnet.2016.01.006","article-title":"Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks","volume":"101","author":"Amin","year":"2016","journal-title":"Comput. Netw."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"3376","DOI":"10.1109\/ACCESS.2017.2673239","article-title":"Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks","volume":"5","author":"Jiang","year":"2017","journal-title":"IEEE Access"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"882","DOI":"10.1016\/j.future.2019.04.019","article-title":"Three party secure data transmission in IoT networks through design of a lightweight authenticated key agreement scheme","volume":"100","author":"Arshad","year":"2019","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1155\/2019\/2136506","article-title":"A lightweight secure user authentication and key agreement protocol for wireless sensor networks","volume":"2019","author":"Mo","year":"2019","journal-title":"Secur. Commun. Netw."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Yu, S., and Park, Y. (2020). SLUA-WSN: Secure and lightweight three-factor-based user authentication protocol for wireless sensor networks. Sensors, 20.","DOI":"10.3390\/s20154143"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Hajian, R., Erfani, S.H., and Kumari, S. (2022). A lightweight authentication and key agreement protocol for heterogeneous IoT with special attention to sensing devices and gateway. J. Supercomput., 1\u201343.","DOI":"10.1007\/s11227-022-04464-w"},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"410","DOI":"10.1016\/j.future.2019.02.020","article-title":"LACO: Lightweight three-factor authentication, access control and ownership transfer scheme for e-health systems in IoT","volume":"96","author":"Aghili","year":"2019","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Maes, R. (2013). Physically unclonable functions: Properties. Physically Unclonable Functions, Springer.","DOI":"10.1007\/978-3-642-41395-7"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1109\/MSP.2014.67","article-title":"Honey encryption: Encryption beyond the brute-force barrier","volume":"12","author":"Juels","year":"2014","journal-title":"IEEE Secur. Privacy"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Juels, A., and Ristenpart, T. (2014, January 11\u201315). Honey encryption: Security beyond the brute-force bound. Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques, Copenhagen, Denmark.","DOI":"10.1007\/978-3-642-55220-5_17"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1145\/77648.77649","article-title":"A logic of authentication","volume":"8","author":"Burrows","year":"1990","journal-title":"ACM Trans. Comput. Syst."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Abdalla, M., Fouque, P.-A., and Pointcheval, D. (2005). Password-based authenticated key exchange in the three-party setting. Lecture Notes in Computer Science, Proceedings of the 8th International Workshop on Theory and Practice in Public Key Cryptography (PKC\u201905), Les Diablerets, Switzerland, 23\u201326 January 2005, Springer.","DOI":"10.1007\/978-3-540-30580-4_6"},{"key":"ref_34","unstructured":"(2022, July 23). Scyther Tool\u2014Cas Cremers. Available online: https:\/\/people.cispa.io\/cas.cremers\/scyther\/."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"770","DOI":"10.1145\/358790.358797","article-title":"Password authentication with insecure communication","volume":"24","author":"Lamport","year":"1981","journal-title":"Commun. ACM"},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"198","DOI":"10.1109\/TIT.1983.1056650","article-title":"On the security of public key protocols","volume":"29","author":"Dolev","year":"1983","journal-title":"IEEE Trans. Inf. Theory"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Kocher, P., Jaffe, J., and Jun, B. (1999). Differential power analysis. Advances in Cryptology, Springer Science+Business Media.","DOI":"10.1007\/3-540-48405-1_25"},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"1327","DOI":"10.1109\/JIOT.2017.2703088","article-title":"Mutual authentication in IoT systems using physical unclonable functions","volume":"4","author":"Aman","year":"2017","journal-title":"IEEE Internet Things J."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Frikken, K.B., Blantonm, M., and Atallahm, M.J. (2009, January 7\u20139). Robust authentication using physically unclonable functions. Proceedings of the International Conference on Information Security, Pisa, Italy.","DOI":"10.1007\/978-3-642-04474-8_22"},{"key":"ref_40","first-page":"1","article-title":"A PUF-based secure communication protocol for IoT","volume":"16","author":"Chatterjee","year":"2017","journal-title":"ACM Trans. Embedded Comput. Syst."},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Dodis, Y., Reyzin, L., and Smith, A. (2004). Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. Lecture Notes in Computer Science, Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2\u20136 May 2004, Springer.","DOI":"10.1007\/978-3-540-24676-3_31"},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Juels, A., and Rivest, R.L. (2013, January 4\u20138). Honeywords: Making password cracking detectable. Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, Berlin, Germany.","DOI":"10.1145\/2508859.2516671"},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Lee, J., Yu, S., Park, K., Park, Y., and Park, Y. (2019). Secure three-factor authentication protocol for multi-gateway IoT environments. Sensors, 19.","DOI":"10.3390\/s19102358"},{"key":"ref_44","doi-asserted-by":"crossref","first-page":"1346","DOI":"10.1109\/TNSE.2022.3142287","article-title":"Design of blockchain-based lightweight V2I handover authentication protocol for VANET","volume":"9","author":"Son","year":"2022","journal-title":"IEEE Trans. Netw. Sci. Eng."},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"Oh, J., Yu, S., Lee, J., Son, S., Kim, M., and Park, Y. (2021). A secure and lightweight authentication protocol for IoT-based smart homes. Sensors, 21.","DOI":"10.3390\/s21041488"},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Yu, S., and Park, Y. (2022). A Robust Authentication Protocol for Wireless Medical Sensor Networks Using Blockchain and Physically Unclonable Functions. IEEE Internet Things J.","DOI":"10.1109\/JIOT.2022.3171791"},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"119445","DOI":"10.1016\/j.apenergy.2022.119445","article-title":"Blockchain based energy trading scheme for vehicle-to-vehicle using decentralized identifiers","volume":"322","author":"Kim","year":"2022","journal-title":"Appl. Energy"},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"2412","DOI":"10.1109\/TNSE.2021.3093435","article-title":"Secure and efficient honey list-based authentication protocol for vehicular ad hoc networks","volume":"8","author":"Lee","year":"2021","journal-title":"IEEE Trans. Netw. Sci. Eng."},{"key":"ref_49","unstructured":"Cremers, C.J. (2008, January 7\u201314). The scyther tool: Verification, falsification, and analysis of security protocols. Proceedings of the International Conference on Computer Aided Verification, Princeton, NJ, USA."},{"key":"ref_50","doi-asserted-by":"crossref","first-page":"1005","DOI":"10.1109\/SURV.2013.091513.00050","article-title":"A survey of SIP authentication and key agreement schemes","volume":"16","author":"Kilinc","year":"2013","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_51","doi-asserted-by":"crossref","first-page":"580","DOI":"10.1109\/JIOT.2018.2846299","article-title":"Lightweight and privacy-preserving two-factor authentication scheme for IoT devices","volume":"6","author":"Gope","year":"2019","journal-title":"IEEE Internet Things J."},{"key":"ref_52","doi-asserted-by":"crossref","first-page":"85627","DOI":"10.1109\/ACCESS.2019.2926578","article-title":"Physically secure lightweight anonymous user authentication protocol for internet of things using physically unclonable functions","volume":"7","author":"Banerjee","year":"2019","journal-title":"IEEE Access"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/18\/7075\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T00:34:12Z","timestamp":1760142852000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/18\/7075"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,9,19]]},"references-count":52,"journal-issue":{"issue":"18","published-online":{"date-parts":[[2022,9]]}},"alternative-id":["s22187075"],"URL":"https:\/\/doi.org\/10.3390\/s22187075","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,9,19]]}}}