Majlesi Journal of Electrical Engineering

Current Issue

By Issue

By Author

By Subject

Author Index

Keyword Index

About Journal

Aims and Scope

Editorial Board

Indexing and Abstracting

Review Process

Related Links

Journal Metrics

News

Innovative passwordless authentication approaches in IoT identity management

Document Type : Reseach Article

Authors

1 Department of CSE, LakiReddy Bali Reddy College of Engineering, Mylavaram, NTR DT, 521230.

2 VIT-AP 2School of Computer Science and Engineering VIT-AP University, Amaravati, Andhra Pradesh-522237.University

/10.57647/j.mjee.2025.1902.44

Abstract

A global ecosystem of networked sensors, actuators, and other devices intended for data exchange and interaction is known as the Internet of Things (IoT). Password-based authentication has been a major component of IoT solutions historically, despite its numerous flaws. This survey article provides a thorough analysis of the literature with an emphasis on the implementation of authentication without the use of passwords on the Internet of Things. Ensuring that authorized persons have the correct access to related IT incomes under the correct situations is the core necessity behind enterprise IoT security. Identity managing, the first line of protection in initiative security, is a key component of this project. Traditional passwordbased authentication systems are frequently regarded as “high friction,” causing users’ problems and lengthy procedures in addition to being vulnerable to different security threats. IoT businesses are investigating password less authentication techniques more frequently in an effort to improve user productivity while
preserving strong security assurance in response to these difficulties. A comprehensive analysis of password less authentication mechanisms designed for the Internet of Things is presented in this article. 

Keywords

References
  1. Lyastani, S. G., Schilling, M., Neumayr, M., Backes, M., & Bugiel, S. (2020, May). Is FIDO2 the Kingslayer of User Authentication? A Comparative Usability Study of FIDO2 Passwordless Authentication. In IEEE Symposium on Security and Privacy (pp. 268-285). https://doi.org/10.1109/SP40000.2020.00047
  2. Zwane, Z. P., Mathonsi, T. E., & Maswikaneng, S. P. (2021, May). An Intelligent Security Model for Online Banking Authentication. In 2021 IST-Africa Conference (IST-Africa) (pp. 1-6). IEEE. https://ieeexplore.ieee.org/abstract/document/9576963
  3. Matiushin, I., & Korkhov, V. (2021, December). PASSWORDLESS AUTHENTICATION USING MAGIC LINK TECHNOLOGY. In CEUR Workshop Proceedings (Vol. 3041, pp. 434-438). RWTH Aahen University. https://doi.org/10.54546/MLIT.2021.89.13.001
  4. Bonneau, C. Herley, P. van Oorschot, and F. Stajano. Passwords and the evolution of imperfect authentication. Commun. ACM, 58(7):78--87, 2015. https://doi.org/10.1145/2699390
  5. Chowhan, R. S., & Tanwar, R. (2019). Password-Less Authentication: Methods for User Verification and Identification to Login Securely Over Remote Sites. In Machine Learning and Cognitive Science Applications in Cyber Security (pp. 190-212). IGI Global. https://doi.org/10.4018/978-1-5225-8100-0.ch008
  6. Ogbanufe, O., & Kim, D. J. (2018). Comparing fingerprint-based biometrics authentication versus traditional authentication methods for e-payment. Decision Support Systems, 106, 1-14. https://doi.org/10.1016/j.dss.2017.11.003
  7. Matyáš, V., & Říha, Z. (2002). Biometric authentication—security and usability. In Advanced communications and multimedia security (pp. 227-239). Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35612-9_17
  8. Vallabhu, H., & Satyanarayana, R. V. (2012). Biometric authentication as a service on cloud: novel solution. International Journal of Soft Computing and Engineering, 2(4), 163. D0925072412/2012©BEIESP
  9. Viral Parmar . A Comprehensive Study on Passwordless Authentication. Proceedings of the International Conference on Sustainable Computing and Data Communication Systems (ICSCDS-2022)IEEE Xplore Part Number: CFP22AZ5-ART; ISBN: 978-1-6654-7884-7 https://doi.org/10.1109/ICSCDS53736.2022.9760934
  10. Zwane, Z. P., Mathonsi, T. E., & Maswikaneng, S. P. (2021, May).An Intelligent Security Model for Online Banking Authentication.In 2021 IST-Africa Conference (IST-Africa) (pp. 1-6). IEEE.
  11. Grosse, Eric; Upadhyay, Mayank (January 2013). "Authentication at Scale". IEEE Security & Privacy. 11 (1): 15–22. doi:10.1109/MSP.2012.162. Retrieved 2 July 2022. https://doi.org/10.1109/MSP.2012.162
  12. Munir Kotadia (2004-02-25). "Gates predicts death of the password". News.cnet.com. Retrieved 2020-04-12.
  13. Kotadia, Munir (25 February 2004). "Gates predicts death of the password". ZDNet. Retrieved 8 May 2019.
  14. "IBM Reveals Five Innovations That Will Change Our Lives within Five Years". IBM. 2011-12-19. Archived from the original on 2015-03-17. Retrieved 2015-03-14.
  15. Honan, Mat (2012-05-15). "Kill the Password: Why a String of Characters Can't Protect us Anymore". Wired. Archived from the original on 2015-03-16. Retrieved 2015-03-14. https://doi.org/10.1055/s-0041-102167
  16. "Google security exec: 'Passwords are dead'". CNET. 2004-02-25. Archived from the original on 2015-04-02. Retrieved 2015-03-14.
  17. Grosse, Eric; Upadhyay, Mayank (January 2013). "Authentication at Scale". IEEE Security & Privacy. 11 (1): 15–22. doi:10.1109/MSP.2012.162. Retrieved 2 July 2022. https://doi.org/10.1109/MSP.2012.162
  18. Mims, Christopher (14 July 2014). "The Password is Finally Dying. Here's Mine". Wall Street Journal. Archived from the original on 2015-01-09. Retrieved 2015-03-14.
  19. Mims, Christopher (15 July 2014). "Commentary: What I Learned, and What You Should Know, After I Published My Twitter Password". Wall Street Journal. Archived from the original on 16 July 2014. Retrieved 2 July 2022.
  20. "Making authentication even easier". security.googleblog.com. 2019. Retrieved 2020-04-12.
  21. "Apple Developer Documentation". developer.apple.com. Retrieved 2020-10-07.
  22. "Passwordless Authentication: A Complete Guide [2022] - Transmit Security". Transmit Security. 13 January 2022. Retrieved 12 April 2022.
  23. "No password for Microsoft Account: What does passwordless authentication mean?". Business Today. Retrieved 12 April 2022.
  24. Deighton, Katie (22 March 2022). "Technology Alliance Says It Is Closer to Killing Off Passwords". Wall Street Journal. Retrieved 12 April 2022.
  25. "Accelerating the Journey to Passwordless Authentication". IBM. Retrieved 12 April 2022.
  26. "Passwordless Authentication" (PDF). World Economic Forum. Retrieved 12 April 2022.
  27. Smithson, Nigel (June 9, 2020). "Issues with Multi-Factor Authentication: PSA for MFA App Users". sayers.com. Archived from the original on 2020-08-10. Retrieved 2 July 2022.
  28. Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, and Frank Stajano. The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. In Proc. IEEE S&P, 2012. https://doi.org/10.1109/SP.2012.44
  29. Troy Hunt. Passwords Evolved: Authentication Guidance for the Modern Era, 2020. https: //web.archive.org/web/20200501185526/https://www.troyhunt.com/passwords-volvedauthentication-guidance-for-the-modernera/.
  30. Lujo Bauer, Cristian Bravo-Lillo, Elli Fragkaki, and William Melicher. A Comparison of Users’ Perceptions of and Willingness to Use Google, Facebook, and Google+ Single-sign-on Functionality. In Proc. DIM, 2013. https://doi.org/10.1145/2517881.2517886
  31. Chandrasekhar Bhagavatula, Blase Ur, Kevin Iacovino, Su Mon Kywe, Lorrie Faith Cranor, and Marios Savvides. Biometric Authentication on iPhone and Android: Usability, Perceptions, and Influences on Adoption. In Proc. USEC, 2015. https://doi.org/10.14722/usec.2015.23003
  32. Dhiman Chakraborty and Sven Bugiel. simFIDO: FIDO2 User Authentication with simTPM. In Proc. CCS, 2019. https://doi.org/10.1145/3319535.3363258
  33. Dhiman Chakraborty, Lucjan Hanzlik, and Sven Bugiel. simTPM: User-centric TPM for Mobile Devices. In Proc. USENIX Security, 2019.
  34. Jacob Cohen. A Coefficient of Agreement for Nominal Scales. Educational and Psychological Measurement, 20(1):37–46, 1960. https://doi.org/10.1177/001316446002000104
  35. Hidehito Gomi, Bill Leddy, and Dean H. Saxe. Recommended Account Recovery Practices for FIDO Relying Parties. FIDO Alliance, 2019. https: //web.archive.org/web/20210520070746/https: //fidoalliance.org/recommended-accountrecovery-practices/.
  36. Ryan Kennedy, Scott Clifford, Tyler Burleigh, Ryan Jewell, and Philip Waggoner. The Shape of and Solutions to the MTurk Quality Crisis. SSRN, 2018. https://www.ssrn.com/abstract=3272468. https://doi.org/10.2139/ssrn.3272468
  37. Eric Klieme, Jonathan Wilke, Niklas van Dornick, and Christoph Meinel. FIDOnuous: A FIDO2/WebAuthn Extension to Support Continuous Web Authentication. In Proc. TrustCom, 2020. https://doi.org/10.1109/TrustCom50675.2020.00254
  38. Nick Mooney. Addition of a Network Transport, 2020. https://github.com/w3c/webauthn/ issues/1381.
  39. Wataru Oogami, Hidehito Gomi, Shuji Yamaguchi, Shota Yamanaka, and Tatsuru Higurashi. Poster: Observation Study on Usability Challenges for Fingerprint Authentication Using WebAuthn-enabled Android Smartphones. In Proc. SOUPS Posters, 2020.
  40. Suby Raman. Guide to Web Authentication, 2021. https://webauthn.guide.
  41. Elissa M. Redmiles, Sean Kross, and Michelle L. Mazurek. How Well Do My Results Generalize? Comparing Security and Privacy Survey Results from MTurk, Web, and Telephone Samples. In Proc. IEEE S&P, 2019. https://doi.org/10.1109/SP.2019.00014
  42. Elissa M. Redmiles, Michelle L. Mazurek, and John P. Dickerson. Dancing Pigs or Externalities? Measuring the Rationality of Security Decisions. In Proc. EC, 2018. https://doi.org/10.1145/3219166.3219185
  43. Elissa M. Redmiles, Noel Warford, Amritha Jayanti, Aravind Koneru, Sean Kross, Miraida Morales, Rock Stevens, and Michelle L. Mazurek. A Comprehensive Quality Evaluation of Security and Privacy Advice on the Web. In Proc. USENIX Security, 2020.
  44. Ken Reese, Trevor Smith, Jonathan Dutson, Jonathan Armknecht, Jacob Cameron, and Kent Seamons. A Usability Study of Five Two-factor Authentication Methods. In Proc. SOUPS, 2019.
  45. Joshua Reynolds, Trevor Smith, Ken Reese, Luke Dickinson, Scott Ruoti, and Kent Seamons. A Tale of Two Studies: The Best and Worst of YubiKey Usability. In Proc. IEEE S&P, 2018. https://doi.org/10.1109/SP.2018.00067
  46. San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, and Konstantin Beznosov. What Makes Users Refuse Web Single Sign-on? An Empirical Investigation of OpenID. In Proc. SOUPS, 2011. https://doi.org/10.1145/2078827.2078833
  47. Joshua Tan, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. Practical Recommendations for Stronger, More Usable Passwords Combining Minimum-strength, Minimum-length, and Blocklist Requirements. In Proc. CCS, 2020. https://doi.org/10.1145/3372297.3417882
  48. Web Authentication, 2019. https://www.w3. org/TR/webauthn/.
  49. User Presence vs. User Verification, 2021. https://web.archive.org/web/20210605113506/ https://developers.yubico.com/WebAuthn/ WebAuthn_Developer_Guide/User_Presence_vs_ User_Verification.html.
  50. Tin Zaw and Richard Yew. 2017 Verizon Data Breach Investigations Report (DBIR) from the Perspective of Exterior Security Perimeter. Verizon Media Platform, 2017. https: //web.archive.org/web/20200409012027/https: //www.verizondigitalmedia.com/blog/2017- verizon-data-breach-investigations-report/.
  51. Gope and B. Sikdar, “Lightweight and privacy-preserving two-factorauthentication scheme for IoT devices,” IEEE Internet Things J., vol. 6,no. 1, pp. 580–589, Feb. 2019. ttps://doi.org/10.1109/JIOT.2018.2846299
  52. Kumar, A. Gurtov, M. Sain, A. Martin, and P. H. Ha, “Lightweight authentication and key agreement for smart metering in smart energy networks,” IEEE Trans. Smart Grid, vol. 10, no. 4, pp. 4349–4359,Jul. 2019. https://doi.org/10.1109/TSG.2018.2857558
  53. Ying and A. Nayak, “Lightweight remote user authentication protocol for multi-server 5G networks using self-certified public key cryptography,” J. Netw. Comput. Appl., vol. 131, pp. 66–74, Apr. 2019. https://doi.org/10.1016/j.jnca.2019.01.017
  54. N. Aman, S. Taneja, B. Sikdar, K. C. Chua, and M. Alioto,“Token-based security for the Internet of Things with dynamic energyquality tradeoff,” IEEE Internet Things J., vol. 6, no. 2, pp. 2843–2859,Apr. 2019. https://doi.org/10.1109/JIOT.2018.2875472
  55. Wazid, A. K. Das, V. Odelu, N. Kumar, and W. Susilo, “Secure remote user authenticated key establishment protocol for smart home environment,” IEEE Trans. Dependable Secure Comput., vol. 17, no. 2,pp. 391–406, Mar./Apr. 2020. https://doi.org/10.1109/TDSC.2017.2764083
  56. He, S. Zeadally, N. Kumar, and J.-H. Lee, “Anonymous authentication for wireless body area networks with provable security,” IEEE Syst.J., vol. 11, no. 4, pp. 2590–2601, Dec. 2017. https://doi.org/10.1109/JSYST.2016.2544805
  57. Shen, Z. Gui, S. Ji, J. Shen, H. Tan, and Y. Tang, “Cloudaided lightweight certificateless authentication protocol with anonymity for wireless body area networks,” J. Netw. Comput. Appl., vol. 106,pp. 117–123, Mar. 2018. https://doi.org/10.1016/j.jnca.2018.01.003
  58. Wang, Y. Zhang, X. Chen, K. Liang, and Z. Wang, “SDN-based handover authentication scheme for mobile edge computing in cyberphysical systems,” IEEE Internet Things J., vol. 6, no. 5, pp. 8692–8701,Oct. 2019. https://doi.org/10.1109/JIOT.2019.2922979
  59. Zhaofeng, M. Jialin, W. Jihui, and S. Zhiguang, “Blockchainbased decentralized authentication modeling scheme in edge and IoT environment,” IEEE Internet Things J., vol. 8, no. 4, pp. 2116–2123, Feb. 2021. https://doi.org/10.1109/JIOT.2020.3037733
  60. Wang, L. Wu, K.-K. R. Choo, and D. He, “Blockchain-based anonymous authentication with key management for smart grid edge computing infrastructure,” IEEE Trans. Ind. Informat., vol. 16, no. 3,pp. 1984–1992, Mar. 2020. https://doi.org/10.1109/TII.2019.2936278
  61. Yao, X. Chang, J. Misic, V. B. Miši´c, and L. Li, “BLA: Blockchainassisted lightweight anonymous authentication for distributed vehicular fog services,” IEEE Internet Things J., vol. 6, no. 2, pp. 3775–3784,Apr. 2019. https://doi.org/10.1109/JIOT.2019.2892009
  62. Xu, Q. Huang, X. Yin, M. Abbasi, M. R. Khosravi, and L. Qi, “Intelligent offloading for collaborative smart city services in edge computing,” IEEE Internet Things J., vol. 7, no. 9, pp. 7919–7927, Sep. 2020. https://doi.org/10.1109/JIOT.2020.3000871
  63. Li, J. Niu, S. Kumari, F. Wu, A. K. Sangaiah, and K. K. R. Choo,“A three-factor anonymous authentication scheme for wireless sensor networks in Internet of Things environments,” J. Netw. Comput. Appl.,vol. 103, pp. 194–204, Feb. 2018. https://doi.org/10.1016/j.jnca.2017.07.001
  64. Jawad, K. Mansoor, A. F. Baig, A. Ghani, and A. Naseem, “An improved three-factor anonymous authentication protocol for WSNsbased IoT system using symmetric cryptography,” in Proc. Int. Conf. Commun. Technol., 2019, pp. 53–59. https://doi.org/10.1109/COMTECH.2019.8737799
  65. Wen, F. Zhang, H. Wang, Z. Gong, Y. Miao, and Y. Deng, “A new secret handshake scheme with multi-symptom intersection for mobile healthcare social networks,” Inf. Sci., vol. 520, pp. 142–154, May 2020. https://doi.org/10.1016/j.ins.2020.02.007
  66. Li, N. Zhang, J. Ni, J. Chen, and R. Du, “Secure and lightweight authentication with key agreement for smart wearable systems,” IEEE Internet Things J., vol. 7, no. 8, pp. 7334–7344, Aug. 2020. https://doi.org/10.1109/JIOT.2020.2984618
  67. Aydin, G. K. Kurt, E. Ozdemir, and H. Yanikomeroglu, “A flexible and lightweight group authentication scheme,” IEEE Internet Things J.,vol. 7, no. 10, pp. 10277–10287, Oct. 2020. https://doi.org/10.1109/JIOT.2020.3004300
  68. Shen, S. Chang, J. Shen, Q. Liu, and X. Sun, “A lightweight multilayer authentication protocol for wireless body area networks,” Future Gener. Comput. Syst., vol. 78, pp. 956–963, Jan. 2018. https://doi.org/10.1016/j.future.2016.11.033
  69. Kluczniak, J. Wang, X. Chen, and M. Kutyłowski, “Multi-device anonymous authentication,” Int. J. Inf. Security, vol. 18, no. 2, pp. 181–197, 2019. https://doi.org/10.1007/s10207-018-0406-4
  70. Gong, Y. Cai, Y. Guo, and Y. Fang, “A privacy-preserving scheme for incentive-based demand response in the smart grid,” IEEE Trans.Smart Grid, vol. 7, no. 3, pp. 1304–1313, May 2016. https://doi.org/10.1109/TSG.2015.2412091
  71. Guan et al., “Privacy-preserving and efficient aggregation based on blockchain for power grid communications in smart communities,” IEEE Commun. Mag., vol. 56, no. 7, pp. 82–88, Jul. 2018. https://doi.org/10.1109/MCOM.2018.1700401
  72. Y. Li, X. B. Chen, Y. L. Chen, Y. Y. Hou, and J. Li, “A new latticebased signature scheme in post-quantum blockchain network,” IEEE Access, vol. 7, pp. 2026–2033, 2019. https://doi.org/10.1109/ACCESS.2018.2886554
  73. Alkim, P. S. Barreto, N. Bindel, J. Kramer, P. Longa, and J. E. Ricardini, “The lattice-based digital signature scheme qTESLA,” in Proc. Int. Conf. Appl. Cryptogr. Netw. Security, 2020, pp. 441–460. https://doi.org/10.1007/978-3-030-57808-4_22
  74. Ma, J. Cao, D. Feng, and H. Li, “LAA: Lattice-based access authentication scheme for IoT in space information networks,” IEEE Internet Things J., vol. 7, no. 4, pp. 2791–2805, Apr. 2020. https://doi.org/10.1109/JIOT.2019.2962553
  75. Jegadeesan et al., “An efficient anonymous mutual authentication technique for providing secure communication in mobile cloud computing for smart city applications,” Sustain. Cities Soc., vol. 49, Aug. 2019, https://doi.org/10.1016/j.scs.2019.101522
  76. Kapu, V. K., & Karri, G. R. (2023). Efficient Detection and Mitigation of Rushing Attacks in VANETs Using RAID: A Novel Intrusion Detection System. https://doi.org/10.3844/jcssp.2023.1143.1159
  77. Vamshi Krishna, K., & Ganesh Reddy, K. (2023). Classification of Distributed Denial of Service Attacks in VANET: A Survey. Wireless Personal Communications, 132(2), 933-964. https://doi.org/10.1007/s11277-023-10643-6
  78. Krishna, K. V., & Reddy, K. G. (2022). VANET Vulnerabilities Classification and Countermeasures: A Review. Majlesi Journal of Electrical Engineering, 16(3), 63-83. https://doi.org/10.30486/mjee.2022.696508
  79. Shaik, K., & Hussain, M.A. (2018). Broadcast Message Authentication Mechanism to Detect Clone and Sybil attacks in VANET’s based on ID-Based Signature Scheme. International Journal of Engineering & Technology. https://doi.org/10.14419/ijet.v7i3.12.17770
  80. Shaik, Kareemulla, Md Ali Hussain, and Guntur District KLEF. "A Novel Integrity verification based privacy preserving model for real-time VANET networks against malicious attacks." /doi.org/10.14419/ijet.v7i3.12.17770
Majlesi Journal of Electrical Engineering
Volume 19, Issue 2
June 2025
Pages 1-13
Files
Share
How to cite
Statistics