Design of three-factor secure and efficient authentication and key-sharing protocol for IoT devices

Abstract

The remarkable advance of the Internet of Things (IoT) has smoothed the way to the interconnection of various mobile devices in secure access and communication. In order to guarantee user privacy and anonymity in public networks, a large number of mutual authentication and key-sharing protocols between different IoT devices and multi-servers have been proposed. Due to resource-constrained and inefficient IoT devices, most previous protocols can confront assorted malicious attacks, such as eavesdropping, counterfeiting, chip cloning, device forgery, and other attacks. These attacks may be exposed the user’s private key or other sensitive data. To solve these problems, physical unclonable function (PUF) is a lightweight security primitive that utilizes random process deviations that cannot be controlled during chip manufacturing to generate device-unique digital signatures. In this paper, we combined the key-sharing scheme based on PUF on the hardware side, which solves relevant security problems such as device cloning and key tampering. Furthermore, we propose a three-factor secure and efficient authentication and key-sharing protocol, leveraging the inherent security properties of passwords, biometrics, and PUFs. We demonstrate the security of our proposed protocol based on computational Bilinear Diffie–Hellman Problem (BDH) and k-CAA hard problems and the Proverif tool. Compared with existing relevant protocols, our protocol meets various security properties and defends against varied security threats. The low computational cost, communication overhead, and device storage indicate that our protocol is applicable to resource-constrained IoT devices.