# Towards Information-Theoretic Security and Privacy in IoT: A Three-Factor AKA Protocol Supporting Forgotten Password Reset

**Authors:** Yicheng Yu, Kai Wei, Hongtu Li, Kai Zhang

PMC · DOI: 10.3390/e28020205 · Entropy · 2026-02-11

## TL;DR

This paper introduces a secure and efficient three-factor authentication protocol for IoT devices that includes password reset and resists common attacks.

## Contribution

A novel three-factor AKA protocol for IoT with forgotten password reset and strong security guarantees.

## Key findings

- The protocol provides anonymity, forward secrecy, and resilience against replay and impersonation attacks.
- Performance evaluation shows it outperforms existing solutions in computational and communication efficiency.
- The protocol is practical, scalable, and meets high security standards within IoT constraints.

## Abstract

The growth of the Internet of Things (IoT) has created many problems. A wise example is presented by the design of secure, efficient authentication and key agreement (AKA) protocols. A novel three-factor AKA protocol for the IoT is presented in this paper. The scheme integrates password, biometric, and device-based factors that achieved strong security, which gives anonymity to the user, achieves forward secrecy, and makes the scheme resilient to various attacks like replay, impersonation, and de-synchronization. It also adds a safe lost-password-reset functionality, which makes the protocol more usable. Security analysis proves its strength against the typical adversary, while performance evaluation shows that the solution is better than existing solutions in terms of computational and communication efficiency. The work proposes a practical and scalable security solution for IoT systems, which satisfies the high security standard but within the constraints of an IoT system.

## Full-text entities

- **Genes:** NME2 (NME/NM23 nucleoside diphosphate kinase 2) [NCBI Gene 4831] {aka NDK2, NDKB, NDPK B, NDPK-B, NDPKB, NM23-H2}, CRP (C-reactive protein) [NCBI Gene 1401] {aka PTX1}
- **Diseases:** injury to (MESH:D014947)
- **Species:** Homo sapiens (human, species) [taxon 9606]

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/PMC12939264/full.md

## Figures

4 figures with captions in the complete paper: https://tomesphere.com/paper/PMC12939264/full.md

## References

24 references — full list in the complete paper: https://tomesphere.com/paper/PMC12939264/full.md

---
Source: https://tomesphere.com/paper/PMC12939264