Abstract
Resource limitation is quite popular in many Internet of Things (IoT) devices and eavesdropping on the identities of IoT devices could reveal the sensitive information; therefore, high efficiency (computation and communication) and anonymity protection are two desirable properties in IoT authentication and in device-to-device (D2D) authentication. Conventionally, dynamic pseudonyms are widely adopted to protect the device identity privacy in IoT authentication and in D2D communications; however, the conventional mechanisms of pseudonym-renewing and pseudonym-bound-public-keys updating could be very costly or be vulnerable to the desynchronization-based denial-of-service (DoS) attacks. In this paper, we propose a novel 2-level composite hashing (2LCH) mechanism to mitigate the problems, and propose the 2LCH-based anonymous IoT and D2D authentication schemes. The schemes simultaneously achieve high efficiency and strong anonymity for such environments; once two devices successfully complete one instance of the server-assist anonymous authentication, they can run several instances of the direct D2D anonymous authentication without the involvement of the server. The merits of the schemes include: (1) high efficiency in terms of computation and communication; (2) easy and efficient generation/synchronization of dynamic pseudonyms; (3) robustness to both desynchronization-based DoS attacks and the unreliable connections; (4) easy application to the existent IoT architectures and standards; and (5) formal security verification.
Highlights
The Internet of Things (IoT) technologies facilitate many potential applications and business opportunities
Electronics 2021, 10, 789 achieve anonymity, many of the existent authentication protocols adopt pseudonyms, and many of them link pseudonyms to some kinds of public-key certificates (PKC) [16] or certificateless public keys (CLPK) [12,13,14,20]. Even though this approach protects against attackers from getting the real identities, it should frequently update the pseudonyms and the related public keys/CLPKs; otherwise, by correlating the repeatedly used pseudonyms in the transmissions, it could be used to link the transmissions from the same device or even derive sensitive information
Chien et al [41] proposed a two-phase authentication framework in which any secure key agreement scheme can be performed in the first phase, and the hash value of the session key is supplied as a password in the second phase Message Queue Telemetry Transport (MQTT) CONNECT API
Summary
The Internet of Things (IoT) technologies facilitate many potential applications and business opportunities It incurs the great opportunities for hacking into the systems, when the devices are resource-limited and deployed in unprotected environments. We will propose the 2-level composite hashing (2LCH) and 2LCH-based anonymous IoT/D2D authentication schemes. The schemes achieve high efficiency in terms of computation and communication, and supports both identity anonymity and unlinkability. (1) Proposal of the 2LCH to facilitate anonymous and efficient identification; (2) new anonymous IoT/D2D authentications with high efficiency; (3) the robustness of the schemes to both desynchronization-based DoS attacks and unreliable connections; (4) easy application of the proposed schemes in many classic IoT architectures and standard IoT protocols like Message Queue Telemetry Transport (MQTT) [4,5]; and (5) formal security protocol verification using AVISPA.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.