A new lightweight authentication and key agreement protocol for Internet of Things

Internet of Things (IoT) is a network of objects which enables them to collect vital information. As a result, privacy and anonymity in IoT are the most important issues. So far, many protocols have been proposed to provide authentication mechanism in IoT networks. Recently, Amin et al proposed a three-factor authenticated protocol for IoT networks that is claimed to be secure. In this paper, we challenge this claim and show that this protocol is vulnerable against the replay attack and DoS attack. Moreover, inspired by this protocol, we propose a secure authenticated key exchange protocol with the same assumptions. Our analysis shows that our proposed protocol is more efficient than Amin et al protocol.