Date of Award

5-2025

Document Type

Project

Degree Name

Master of Science in Information Systems and Technology

Department

Information and Decision Sciences

First Reader/Committee Chair

Ogundare, Oluwatosin

Abstract

IoT devices are increasingly being used in critical applications such as smart cities, healthcare, and industrial systems. However, due to their limited processing power, memory, and energy, traditional authentication methods are not suitable in these resource-constrained scenarios. To construct and evaluate a lightweight authentication system for such devices, this study incorporates secure, efficient cryptographic techniques. The following are the research questions: Q1) How can a hybrid lightweight authentication protocol that includes ECC and AES be used to safely and successfully link resource-constrained IoT devices? Q2) How can nonce-based challenge-response approaches to protect against replay threats be used to create lightweight IoT authentication without compromising energy efficiency? To overcome these challenges, a modular client-server protocol was developed that uses AES-128 for symmetric encryption, Elliptic Curve Cryptography (ECC) for key exchange, and nonce-based authentication to ensure message freshness and prevent replay attacks. A layered architectural design was employed to optimize performance while maintaining low latency, scalability, and resilience to cyberattacks. In simulated IoT scenarios, implemented via Python, the system’s energy efficiency, latency, and authentication behavior were evaluated to validate the theoretical design. The findings are: Q1) The hybrid ECC-AES protocol significantly reduced computational and energy costs while preserving strong encryption and secure session establishment. Q2) The nonce-based mechanism effectively defended against replay attacks, providing message freshness and minimal overhead, even in resource-constrained scenarios. The conclusions are: Q1) The proposed protocol offers a practical and secure solution for IoT environments, outperforming traditional PKI-based systems in speed and resource usage. Q2) The integration of nonce-based challenge-response with symmetric encryption ensures lightweight, efficient, and secure communication across IoT networks. Areas for further study include: (a) Exploring decentralized authentication using blockchain to reduce reliance on a central server, and (b) Investigating post-quantum cryptographic methods to future-proof the protocol against emerging threats.

Download

  Contact Author

Share

COinS