Secure and Efficient Authentication Scheme in IOT Environments based OT

Authors

  • Shoroug Al-Hadlaa Computer Science Department, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, Dammam 31441, Saudi Arabia; https://orcid.org/0009-0008-4994-6864
  • Albandari Alsumayt Saudi Aramco Cybersecurity Chair, Networks and Communications Department, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, Dammam 31441, Saudi Arabia; https://orcid.org/0000-0002-2137-260X
  • Majid Alshammari Department of Information Technology, College of Computers and Information Technology, Taif University, P.O. Box 11099, Taif 21944, Saudi Arabia. https://orcid.org/0000-0003-4517-7232

DOI:

https://doi.org/10.48161/qaj.v6n1a2073

Keywords:

operational technology, continuous authentication, blockchain-based security, elliptic curve cryptography, zero-trust architecture, context-aware computing.

Abstract

The swift growth in the number of Internet of Things (IoT) devices and their deployment into Operational Technology (OT) settings has brought about difficult security issues, including authentication. Current procedures are deficient of scalability, theft of credentials and real-time dynamism, which expose the IoT-OT networks to threats. This paper will present a zero-trust authentication system that uses Artificial Intelligence (AI), blockchain, and Elliptic Curve Cryptography (ECC) to provide a decentralized, adaptive, and lightweight security system. The framework uses situational data, i.e. the location of a device, a history of behaviors, and access patterns to facilitate continuous identity checking without interrupting activities. AI actively identifies anomalies and prompt re-authentication, whereas blockchain allows managing identities transparently and without tampering by distributed devices. Lightweight ECC and XOR encryption are high security and low computation intensity algorithms that are used to overcome resource limitations. The 37 percent reduction in encryption time, 41 percent decreased energy usage and six-fold minimization of error rate over the traditional ECC techniques is shown by simulation and formal verification with ProVerif. The results verify the ability of the proposed approach to increase trust, performance, and resilience in industrial IoT-OT systems. This study makes a theoretical contribution by operationalizing continuous authentication on zero trust and offers a practical system design of secure and scalable industrial connectivity.

Downloads

Download data is not yet available.

References

Almazroi, A. A., Liaqat, M., Ali, R. L., & Gani, A. (2023). SLMAS: A secure and lightweight mutual authentication scheme for the smart wheelchair. Applied Sciences.

Morais, D., Zúquete, A., & Mendes, A. (2023). Adaptive, multi-factor authentication as a service for web applications. In Proceedings of the 7th Cyber Security in Networking Conference (CSNet).

Shi, T., et al. (2025). Securing IoT edge: A survey on lightweight cryptography and authentication mechanisms for constrained devices. Personal and Ubiquitous Computing.

Thakur, A., Kumar, P., & Chaurasia, N. (2023). A lightweight trust-based secure authentication mechanism for IoT devices. Research Square Preprint.

Aighuraibawi, A. H. B., Manickam, S., Abdullah, R., Alyasseri, Z. A. A., Al-Ani, A. K. I., Zebari, D. A., ... & Arif, Z. H. (2023). Feature Selection for Detecting ICMPv6-Based DDoS Attacks Using Binary Flower Pollination Algorithm. Comput. Syst. Sci. Eng., 47(1), 553-574.

Alotaibe, D. Z. (2024). IoT security model for smart cities based on a metamodeling approach. Engineering, Technology & Applied Science Research, 14(3), 7132–7137.

Jubair, M. A., Mostafa, S. A., Zebari, D. A., Hariz, H. M., Abdulsattar, N. F., Hassan, M. H., ... & Alouane, M. T. H. (2022). A QoS aware cluster head selection and hybrid cryptography routing protocol for enhancing efficiency and security of VANETs. IEEE Access, 10, 124792-124804.

Almufti, S. M., Hani, A. A., Zeebaree, S. R., Asaad, R. R., Majeed, D. A., Sallow, A. B., & Ahmad, H. B. (2024). Intelligent home IoT devices: An exploration of machine learning-based networked traffic investigation. Jurnal Ilmiah Ilmu Terapan Universitas Jambi, 8(1), 1-10.

Ibrahim, O. A., Sciancalepore, S., & Di Pietro, R. (2024). MAG-PUFs: Authenticating IoT devices via electromagnetic physical unclonable functions and deep learning. Elsevier Journal, 1–18.

Sudha, K. S., Jeyanthi, N., & Iwendi, C. (2024). Secure supervised learning-based smart home authentication framework. International Journal of Computer Networks & Communications, 16.

Bansal, A. (2023). Authentication and authorization in an IoT-based system: A modern approach. ISSA Journal, 15–18.

Tejas, D. P., et al. (2024). Secure communication using mutual authentication light IoT: A case study. International Journal of Creative Research Thoughts, 12(1), 616–619.

Gong, B., Zheng, G., Waqas, M., Tu, S., & Chen, S. (2023). LCDMA: Lightweight cross-domain mutual identity authentication scheme for Internet of Things. IEEE Conference Proceedings.

Wu, T.-Y., Meng, Q., Chen, Y.-C., Kumari, S., & Chen, C.-M. (2023). Toward a secure smart-home IoT access control scheme based on home registration approach. Sensors, 11, 2123.

Tabany, M., & Syed, M. (2024). A lightweight mutual authentication protocol for Internet of Vehicles. Journal of Advances in Information Technology, 15(2), 155–163.

Kavianpour, S., Razaq, A., & Hales, G. (2023). A secure lightweight authentication mechanism for IoT devices in generic domain. In Proceedings of the International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME).

Bettahar, M. H., Louazan, A., & Sekhri, L. (2024). Secure and efficient authentication framework for IoT-based smart homes using dynamic keys. Research Square Preprint.

Xinyu, Z., Zhangang, W., Anqian, L., Yuyan, H., & Shufang, N. (2023). A lightweight anonymous authentication and key negotiation scheme in smart home environments. Wuhan University Journal of Natural Sciences, 28(6), 523–530.

Fayad, A., Hammi, B., & Khatoun, R. (2024). An adaptive authentication and authorization scheme for IoT gateways: A blockchain-based approach. HAL Open Science.

Gonçalves, C., Sousa, B., Vukovic, M., & Kusek, M. (2023). A federated authentication and authorization approach for IoT farming. Elsevier Journal.

Mallouli, F. H. A. S. N. S., & Al-Fuqaha, A. (2019). A survey on cryptography: Comparative study between RSA vs ECC and RSA vs El-Gamal algorithms. In IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom) (pp. 173–176).

Khurshid, A. R. S. K. K. G. A., et al. (2023). MediLinker: A blockchain-based decentralized health information exchange system. Frontiers in Big Data, 6, 1146023.

Yazdinejad, A., et al. (2020). Decentralized authentication of distributed patients in hospital networks using blockchain. IEEE Journal of Biomedical and Health Informatics, 24(8), 2146–2156.

Ruzbahani, A. M. (2024). AI-protected blockchain-based IoT environments: Harnessing the future of network security and privacy. arXiv preprint.

Lakhan, A., Mohammed, M. A., Zebari, D. A., Abdulkareem, K. H., Deveci, M., Marhoon, H. A., ... & Martinek, R. (2024). Augmented IoT cooperative vehicular framework based on distributed deep blockchain networks. IEEE Internet of Things Journal, 11(22), 35825-35838.

Kondoju, S. K. V. V. M., & Babu, P. B. (2022). Performance evaluation of lightweight cryptographic algorithms for heterogeneous IoT environments. Journal of Circuits, Systems and Computers, 31(5), 2141031.

Namakshenas, D., Yazdinejad, A., Dehghantanha, A., & Srivastava, G. (2024). Federated quantum-based privacy-preserving threat detection model for consumer Internet of Things. IEEE Transactions on Consumer Electronics.

Rani, D., & Gupta, N. S. (2019). Lightweight security protocols for Internet of Things: A review. International Journal of Advanced Trends in Computer Science and Engineering, 8(3), 707–719.

Mohammed, Z. K., Mohammed, M. A., Abdulkareem, K. H., Zebari, D. A., Lakhan, A., Marhoon, H. A., ... & Martinek, R. (2024). A metaverse framework for IoT-based remote patient monitoring and virtual consultations using AES-256 encryption. Applied Soft Computing, 158, 111588.

Almaiah, M. A., et al. (2023). A review of multi-factor authentication in the Internet of Healthcare Things: Challenges, impact, and solutions. Journal of Healthcare Engineering.

Yazdinejad, A., et al. (2024). A robust privacy-preserving federated learning model against model poisoning attacks. IEEE Transactions on Information Forensics and Security.

Enhancing IIoT security: AI-driven blockchain-based authentication scheme. (2024). International Journal of Computer Technology and Science.

Downloads

Published

2026-01-24

How to Cite

Al-Hadlaa , S. ., Alsumayt, A., & Alshammari , M. . (2026). Secure and Efficient Authentication Scheme in IOT Environments based OT. Qubahan Academic Journal, 6(1), 272–307. https://doi.org/10.48161/qaj.v6n1a2073

Issue

Vol. 6 No. 1 (2026)

Section

Articles

License

Copyright (c) 2026 Qubahan Academic Journal

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Crossref
Scopus
Google Scholar
Europe PMC