Journal of Engineering Research and Reports

The rapid growth of smart home Internet of Things (IoT) devices and their reliance on cloud services for data management have heightened security risks, especially in authentication and secure communication. Current protocols often fail to balance the need for strong security with the resource limitations of IoT devices, leaving systems vulnerable to attacks like session hijacking, impersonation, and man-in-the-middle (MitM) breaches. To address this, we propose the Elliptic Curve-Based Mutual Authentication Protocol (EC-MAP), a lightweight solution tailored for resource-constrained IoT devices that require secure cloud interactions. EC-MAP combines elliptic curve cryptography (ECC)—using efficient 256-bit keys for robust security with low computational overhead—and hash-based message authentication (HMAC-SHA256) to enable mutual authentication, forward secrecy, and resistance to replay attacks. The protocol operates in three streamlined phases (initialization, handshake, and dynamic key renewal) and employs ephemeral keys and nonce-based challenges to minimize vulnerabilities. Evaluated through NS-3 simulations and formal verification with AVISPA, EC-MAP reduced authentication latency by 35% and energy consumption by 28% compared to Datagram Transport Layer Security (DTLS) and RSA-based approaches, while adhering to NIST IoT security standards. Results confirm its resilience against common attacks, scalability for large networks, and suitability for low-power devices. EC-MAP bridges longstanding vulnerabilities in IoT-cloud authentication, delivering a deployable, standards-aligned framework that strengthens end-to-end smart home security while maintaining operational efficiency.