Lightweight zero-knowledge authentication scheme for IoT embedded devices

Abstract

Authentication technology has been employed in a variety of Internet of Things (IoT) applications, such as electronic medical services, smart homes, and the Internet of Vehicles, to protect data privacy and device accessibility. However, current zero-knowledge authentication schemes for resource-limited embedded devices face challenges in computation, communication, and storage costs. In order to solve this problem, we propose a lightweight zero-knowledge authentication scheme for IoT-embedded devices (LZIA). In the proposed scheme, the identity information is associated with a unique identifier, and the device identities are allocated using hash commitment in the registration phase. Then, a lightweight registration method is proposed to reduce the computation and storage costs. In the secret key management phase, the direct communication between the embedded device and the authentication server (AS) for device key management is built. By combining device identity information and the Chebyshev polynomial chaotic map, we simplify the device’s secret key structure and propose a secret key generation equation, an update equation, and a secret key management method to reduce computation and storage costs. In the authentication phase, we replace traditional cryptographic operations with Chebyshev polynomial operations and consolidate all intermediate data into a polynomial for unified authentication. We then optimize the device’s proof generation and proof verification equations and propose a lightweight authentication protocol to effectively reduce the number of interactions and computational costs. Experimental results demonstrate that LZIA, whether in simulation or actual hardware environments, can reduce computation, communication, and storage costs while guaranteeing security. LZIA surpasses EEAS, LAKA, and SRAM in terms of both security and performance.