Abstract
With the rise of the Internet of Things (IoT), maintaining data confidentiality and protecting user privacy have become increasingly challenging. End devices in the IoT are often deployed in unattended environments and connected to open networks, making them vulnerable to physical tampering and other security attacks. Different authentication key agreement (AKA) schemes have been used in practice; several of them do not cover the necessary security features or are incompatible with resource-constrained end devices. Their security proofs have been performed under the Random-Oracle model. We present an AKA protocol for end devices and servers. The proposal leverages the ECC-based key exchange mechanism and one-way hash function-based message authentication method to achieve mutual authentication, user anonymity, and forward security. A formal security proof of the proposed scheme is performed under the standard model and the eCK model with the elliptic curve encryption computational assumptions, and formal verification is performed with ProVerif. According to the performance comparison, it is revealed that the proposed scheme offers user anonymity, perfect forward security, and mutual authentication, and resists typical attacks such as ephemeral secret leakage attacks, impersonation attacks, man-in-the-middle attacks, and key compromise impersonation attacks. Moreover, the proposed scheme has the lowest computational and communication overhead compared to existing schemes.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.