RPRIA: Reputation and PUF-Based Remote Identity Attestation Protocol for Massive IoT Devices

Abstract

The smart city is a vision for urban development that combines new-generation information technologies to improve the quality of life. The Internet of Things (IoT) technology is a key technology of smart city, which provides the support for the automatic collection and transmission of massive information in smart city. However, there are some challenges for the IoT devices in a smart city in terms of security and performance, such as various security vulnerabilities and a large amount of computational overhead. With the explosive growth of the number of IoT devices and the data they generate, it is very necessary to ensure that a large number of IoT devices can establish secure and reliable communication with the central server. In this article, we design a massive IoT device remote identity attestation protocol based on the reputation mechanism and physically unclonable function (PUF). Our protocol can efficiently and securely accomplish the mutual authentication and key agreement between massive IoT devices and central server, and between IoT devices. The Burrows–Abadi–Needham (BAN) logic and a formal verification tool called Scyther are employed to prove the security of our protocol. We also evaluate the performance by comparing our protocol with other related protocols in terms of computational overhead, communication overhead, etc. The security and performance results show that our protocol has ideal security and performance.