Citation: Szymoniak, S.; Kesar, S. Key Agreement and Authentication Protocols in the Internet of Things: A Survey. Appl. Sci. 2023, 13, 404. https://doi.org/10.3390/ app13010404 Academic Editors: Weidong Fang and Chunsheng Zhu Received: 29 November 2022 Revised: 20 December 2022 Accepted: 25 December 2022 Published: 28 December 2022 Copyright: © 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https:// creativecommons.org/licenses/by/ 4.0/). applied sciences Review Key Agreement and Authentication Protocols in the Internet of Things: A Survey Sabina Szymoniak 1, * and Shalini Kesar 2 1 Department of Computer Science, Cz ˛ estochowa University of Technology, 42-200 Cz˛ estochowa, Poland 2 Department of Computer Science & Information Systems, Southern Utah University, Cedar City, UT 84720, USA * Correspondence: sabina.szymoniak@icis.pcz.pl Abstract: The rapid development of Internet of things (IoT) technology has made the IoT applicable in many areas of life and has contributed to the IoT’s improvement. IoT devices are equipped with various sensors that enable them to perform the tasks they were designed for. The use of such devices is associated with securing communication between devices and users. The key stages of communication are the processes of authentication and the process of agreeing on session keys because they are the basis of the subsequent communication phases. The specially designed security protocols are used to secure communication. These protocols define the course of communication and cryptographic techniques employed for securing. In this article, we have reviewed the latest communication protocols designed to secure authentication processes and agree on session keys in IoT environments. We analyzed the proposed protocols’ security level, vulnerability, and computational and communication costs. We showed our observations, describing the requirements that a secure protocol should meet. Keywords: Internet of things; security; security protocols 1. Introduction The rapid development of Internet of Things (IoT) technology has made the IoT applicable in many areas of life and contributed to its improvement [1]. We can find IoT devices in everyday life because we use intelligent washing machines, TV sets, and light bulbs. In combination with appropriate sensors, these devices intelligently control the lighting or water heating in a building. They can also protect our security with tracking devices [2–5]. In medical IoT, devices help to control the vital functions of chronically ill people, test blood glucose levels in people with diabetes, signal the patient’s need for medications, and deliver them to the patient on time [6–8]. One of the typical applications of IoT in the industry to alert people about the possibility of an earthquake [9]. Athletes can also use IoT to control vital functions and performance to prevent life-threatening situations [10–12]. IoT devices are equipped with various sensors (for example, temperature, pressure, and velocity sensors) that enable them to perform the tasks for which they were designed. Sensors process signals from their work environment and then react to them appropriately. For example, if the room temperature is too high, the heating devices will be switched off to lower the temperature. IoT devices can also communicate with each other to con- vey relevant information [13–15]. Usually, the connected sensors form wireless sensor networks (WSNs), within which various operations and data exchanges are performed. Both networks, IoT and WSN, primarily use the standards IEEE 802.15.4 [16], NFC [17], 6LoWPAN [18], MQTT [19], and Bluetooth Low Energy [20] for communication. Communication between IoT devices requires the use of various protocols that will define the purpose of the communication, the sequence of steps performed during it, Appl. Sci. 2023, 13, 404. https://doi.org/10.3390/app13010404 https://www.mdpi.com/journal/applsci