A flexible and lightweight privacy-preserving handshake protocol based on DTLShps for IoT

Abstract

Anonymous authentication is widely studied for preserving the privacy of IoT devices . Although attribute-based signature (ABS) schemes can show identity attributes flexibly, letting the private key be generated by someone else is not safe. The computational overhead of traditional anonymous credential schemes based on zero-knowledge proofs (ZKP) is heavy for resource-constrained IoT devices. DTLShps, a lightweight handshake protocol based on software-defined networking (SDN), brings a new thought to verify certificates for resource-constrained IoT devices without anonymous functions. In this article, a lightweight privacy-preserving handshake protocol is designed based on DTLShps to flexibly present attributes of anonymous certificates for resource-constrained IoT devices. An authorization code is designed to represent the authorization status of each identity attribute defined in the X.509 standard. The IoT device cooperating with the CA can flexibly show arbitrary identity attributes to its peer by the authorization code. Only one signing operation of the elliptic curve digital signature algorithm (ECDSA) is needed to grant the authorization on the IoT device with the cooperation of the controller. The security of the proposed scheme is validated by the BAN logic and the tool Scyther. The performance evaluation shows that the computational delay on the IoT device and overall handshake delay is effectively reduced compared with the existing anonymous certificate schemes.