A lightweight biometrics based remote user authentication scheme for IoT services.

User authentication is becoming crucial in the accelerating Internet of Things (IoT) environment. With IoT several applications and services have been emerging in the areas such as, surveillance, healthcare, security, etc. The services offered can be accessed through smart device applications by the user from anywhere, anytime and anyplace. This makes security and privacy critical to IoT. Moreover, security is paramount in IoT, to enable secure access to the services; multi-factor based authentication can provide high security. In this paper, a lightweight biometric based remote user authentication and key agreement scheme for secure access to IoT services has been proposed. The protocol makes use of lightweight hash operations and XOR operation. The security analysis proves that it is robust against multiple security attacks. The formal verification is performed using AVISPA tool, which confirms its security in the presence of a possible intruder.