In 2019, Banerjee et al. (IEEE Int Things J 6(5):8739–8752, 2019; https://doi.org/10.1109/JIOT.2019.2931372) proposed an authenticated key agreement scheme to facilitate the session establishment resulting into a session key between a user and a smart device for IoT based networks. As per their claim, the scheme of Banerjee et al. provides known security features and resist all known attacks using only lightweight symmetric key primitives. The analysis in this paper; however, shows that the scheme of Banerjee et al. cannot complete normally. The user in their scheme, after sending a request message may never receive the response from smart device. This incorrectness results into total in applicability of Banerjee et al.’s scheme. Moreover, it is also shown that their scheme has weaknesses against stolen verifier attack. Then an improved lightweight authentication scheme for IoT deployments (ILAS-IoT) is proposed in this article. ILAS-IoT performs the process correctly by increasing very little computation and communication overheads. The proposed ILAS-IoT also resists stolen verifier and all known attacks, which is evident from the formal and informal security analysis.

在2019年，Banerjee等人。（IEEE Int Things J 6（5）：8739–8752，2019; https://doi.org/10.1109/JIOT.2019.2931372）提出了一种经过身份验证的密钥协议方案，以促进会话建立，从而导致用户和用户之间建立会话密钥用于基于IoT的网络的智能设备。根据他们的主张，Banerjee等人的计划。提供已知的安全功能，仅使用轻量级的对称密钥原语抵抗所有已知的攻击。本文的分析；然而，表明Banerjee等人的方案。无法正常完成。在他们的方案中，用户在发送请求消息后可能永远不会收到来自智能设备的响应。这种不正确性导致Banerjee等人的方案完全适用。此外，还表明，他们的方案在抵御验证者被盗攻击方面存在弱点。然后，本文提出了一种改进的用于物联网部署的轻量级身份验证方案（ILAS-IoT）。ILAS-IoT通过增加很少的计算和通信开销来正确执行该过程。提议的ILAS-IoT还可以抵抗验证者被盗和所有已知攻击，这从正式和非正式安全分析中可以明显看出。