Abstract
With the increasing number of smart mobile devices, applications based on mobile network take an indispensable role in the Internet of Things. Due to the limited computing power and restricted storage capacity of mobile devices, it is very necessary to design a secure and lightweight authentication scheme for mobile devices. As a lightweight cryptographic primitive, the hash chain is widely used in various cryptographic protocols and one-time password systems. However, most of the existing research work focuses on solving its inherent limitations and deficiencies, while ignoring its security issues. We propose a novel construction of hash chain that consists of multiple different hash functions of different output lengths and employ it in a time-based one-time password (TOTP) system for mobile device authentication. The security foundation of our construction is that the order of the hash functions is confidential and the security analysis demonstrates that it is more secure than other constructions. Moreover, we discuss the degeneration of our construction and implement the scheme in a mobile device. The simulation experiments show that the attacker cannot increase the probability of guessing the order by eavesdropping on the invalid passwords.
Highlights
The Internet of Things (IoT) is becoming more and more closely connected with people’s daily lives, due to the popularity of mobile devices which takes a central role in IoT
We introduce a novel construction of the hash chain and design a timebased one-time password (TOTP) scheme for authentication of mobile devices
The hash chain used in T/Key has a limitation that the domain should be larger as the length of the hash chain increases, and the independent hash functions are generated by the same hash function
Summary
The Internet of Things (IoT) is becoming more and more closely connected with people’s daily lives, due to the popularity of mobile devices which takes a central role in IoT. Unlike traditional personal computers and laptops, mobile devices have limited energy, computing power, and storage capacity It is not practical for the authentication schemes to employ expensive cryptographic primitives. We introduce a novel construction of the hash chain and design a TOTP scheme for authentication of mobile devices. Compared to Lamport’s hash chain, our construction can address the issue that the invalid password may help the attacker to invert the hash chain. Keeping the order of these hash functions confidential can effectively prevent the attacker from inverting the hash chain This design presents a challenge whether an attacker can find the order, which will come through a simulation.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
