Chaudhry, Shehzad AshrafFarash, Mohammad SabzinejadKumar, NeerajAlsharif, Mohammed H.2023-10-112023-10-1120221932-81841937-9234https://hdl.handle.net/11363/5837https://doi.org/The Internet of Things (IoT) connects enormous objects through various sensors to facilitate daily life by interconnecting the information space with the decision-makers. Security and privacy are, however, the main concerns in IoT due to the openness of communication channels and the unattended nature of common sensors. To provide security and privacy for sensors and users in IoT-based systems; in 2019, Zhou et al. proposed an unlinkable authentication scheme using bilinear pairings. However, the vulnerability of their scheme against sensor node impersonation attack as proved in this article renders the scheme of their work impractical and insecure. A pairing free lightweight and unlinkable authentication scheme for distributed IoT devices (PFLUA-DIoT) is then proposed in this article. The security of PFLUA-DIoT is proved using the formal method along with a discussion on its provision of security features. The performance and security comparisons show that PFLUA-DIoT provides known security features and provides better performance. Due to the avoidance of bilinear pairing-based expensive operations, PFLUA-DIoT completes authentication in less than half running time as compared with their and related schemes. Therefore, the PFLUA-DIoT can address the security and privacy issues of IoT, practically and efficiently.eninfo:eu-repo/semantics/openAccessAttribution-NonCommercial-NoDerivs 3.0 United StatesDevice access controldevice impersonationforged messageIoT accessArticle16130931610.1109/JSYST.2020.30364252-s2.0-85097948946Q1WOS:000792953400034Q2