Open Access iconOpen Access

ARTICLE

Lightweight Secure Authentication for IoT Devices: A Systematic Literature Review

Rayan Alenzi, Rayan Aldoghan*, M. M. Hafizur Rahman

Department of Computer Networks and Communications, College of Computer Sciences and Information Technology, King Faisal University, Al Ahsa, Saudi Arabia

* Corresponding Author: Rayan Aldoghan. Email: email

(This article belongs to the Special Issue: Next-Generation Cyber Defense: Agentic AI, Autonomous Threat Response, and Identity-Aware Security in the Cloud Era)

Journal of Cyber Security 2026, 8, 373-396. https://doi.org/10.32604/jcs.2026.083953

Abstract

The rapid proliferation of Internet of Things (IoT) devices across smart homes, healthcare facilities, industrial networks, and smart cities has raised critical security concerns, particularly regarding device authentication. IoT devices are typically characterized by limited computational resources, constrained memory, and restricted energy budgets, which renders the deployment of traditional cryptographic protocols infeasible; consequently, lightweight authentication schemes are required. Although numerous lightweight authentication protocols have been proposed, a systematic risk evaluation of such protocols against established threat modeling frameworks remains largely absent from the existing literature. This paper presents a systematic literature review (SLR) based on the PRISMA methodology, encompassing 45 peer-reviewed articles published between 2021 and 2025 on lightweight secure authentication for IoT devices. The review integrates the STRIDE threat modeling framework for systematic threat identification with the DREAD risk assessment model for quantitative risk prioritization across authentication protocol categories. The protocols reviewed include Physical Unclonable Function (PUF)-based, Elliptic Curve Cryptography (ECC)-based, blockchain-based, multi-factor, Authenticated Encryption with Associated Data (AEAD)-based, post-quantum, and zero-knowledge proof authentication techniques. Our STRIDE-DREAD analysis indicates that, while ECC-based and PUF-based protocols exhibit the strongest overall risk mitigation profiles, considerable unmitigated risks persist across all categories, particularly in spoofing and information disclosure threats. The findings reveal critical gaps in real-world deployment validation, post-quantum readiness, cross-domain interoperability, and alignment with established risk management standards. This review contributes a risk-centric classification framework, quantitative risk scores per protocol category, and actionable research directions for the IoT security community.

Keywords

IoT; lightweight authentication; risk assessment; STRIDE; DREAD; threat modeling; security protocol; PUF; ECC; blockchain; AEAD; mutual authentication; post-quantum cryptography

Cite This Article

APA Style
Alenzi, R., Aldoghan, R., Rahman, M.M.H. (2026). Lightweight Secure Authentication for IoT Devices: A Systematic Literature Review. Journal of Cyber Security, 8(1), 373–396. https://doi.org/10.32604/jcs.2026.083953
Vancouver Style
Alenzi R, Aldoghan R, Rahman MMH. Lightweight Secure Authentication for IoT Devices: A Systematic Literature Review. J Cyber Secur. 2026;8(1):373–396. https://doi.org/10.32604/jcs.2026.083953
IEEE Style
R. Alenzi, R. Aldoghan, and M. M. H. Rahman, “Lightweight Secure Authentication for IoT Devices: A Systematic Literature Review,” J. Cyber Secur., vol. 8, no. 1, pp. 373–396, 2026. https://doi.org/10.32604/jcs.2026.083953



cc Copyright © 2026 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 28

    View

  • 7

    Download

  • 0

    Like

Share Link