Open Access
ARTICLE
Lightweight Secure Authentication for IoT Devices: A Systematic Literature Review
Department of Computer Networks and Communications, College of Computer Sciences and Information Technology, King Faisal University, Al Ahsa, Saudi Arabia
* Corresponding Author: Rayan Aldoghan. Email:
(This article belongs to the Special Issue: Next-Generation Cyber Defense: Agentic AI, Autonomous Threat Response, and Identity-Aware Security in the Cloud Era)
Journal of Cyber Security 2026, 8, 373-396. https://doi.org/10.32604/jcs.2026.083953
Received 14 April 2026; Accepted 08 May 2026; Issue published 01 July 2026
Abstract
The rapid proliferation of Internet of Things (IoT) devices across smart homes, healthcare facilities, industrial networks, and smart cities has raised critical security concerns, particularly regarding device authentication. IoT devices are typically characterized by limited computational resources, constrained memory, and restricted energy budgets, which renders the deployment of traditional cryptographic protocols infeasible; consequently, lightweight authentication schemes are required. Although numerous lightweight authentication protocols have been proposed, a systematic risk evaluation of such protocols against established threat modeling frameworks remains largely absent from the existing literature. This paper presents a systematic literature review (SLR) based on the PRISMA methodology, encompassing 45 peer-reviewed articles published between 2021 and 2025 on lightweight secure authentication for IoT devices. The review integrates the STRIDE threat modeling framework for systematic threat identification with the DREAD risk assessment model for quantitative risk prioritization across authentication protocol categories. The protocols reviewed include Physical Unclonable Function (PUF)-based, Elliptic Curve Cryptography (ECC)-based, blockchain-based, multi-factor, Authenticated Encryption with Associated Data (AEAD)-based, post-quantum, and zero-knowledge proof authentication techniques. Our STRIDE-DREAD analysis indicates that, while ECC-based and PUF-based protocols exhibit the strongest overall risk mitigation profiles, considerable unmitigated risks persist across all categories, particularly in spoofing and information disclosure threats. The findings reveal critical gaps in real-world deployment validation, post-quantum readiness, cross-domain interoperability, and alignment with established risk management standards. This review contributes a risk-centric classification framework, quantitative risk scores per protocol category, and actionable research directions for the IoT security community.Keywords
Cite This Article
Copyright © 2026 The Author(s). Published by Tech Science Press.This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.


Submit a Paper
Propose a Special lssue
View Full Text
Download PDF
Downloads
Citation Tools