Abstract
The resource-constrained nature of Internet of Things (IoT) devices necessitates authentication mechanisms built upon lightweight cryptographic primitives, such as symmetric key algorithms and hash functions. In response to demands for user anonymity and forward secrecy, numerous innovative authentication schemes have emerged. This work presents a systematic review of these state-of-the-art approaches. We introduce a structured classification by synthesizing the field into nine distinct sub-frameworks, each focused on either user anonymity or forward secrecy. These are then integrated into two general frameworks that provide both properties. Our analysis illuminates the design principles, security guarantees, and performance trade-offs inherent to each framework. Building on this classification, we comparatively evaluate the security features and performance metrics of 45 representative schemes. Ultimately, this work seeks to enhance the understanding of current challenges and foster further advancement in IoT security.