The rapid development of IoT (Internet of Things) brings great convenience to people through the utilization of IoT applications, but also brings huge security challenges. Existing IoT security breaches show that many IoT devices have authentication flaws. Although many IoT authentication schemes were proposed, they are not applicable to recent smart IoT applications covering IoT device, back-end sever, and user-end mobile applications. To build the first line of defense for trending IoT systems, this paper proposes a new authentication scheme. The proposed scheme first models the entire life cycle of the IoT device for real-world scenarios of smart IoT systems, which contains factory manufacturing, daily usage, and system resetting. For each stage in the life cycle, the proposed scheme employs efficient symmetric key mechanisms to achieve the authentication between IoT device, back-end server, and mobile application. The proposed scheme supports both server-free local area network communication and sever-involved remote public area communication. Formal security verification shows that the proposed scheme resists existing attacks. The open-source experimental evaluations also show that the proposed scheme is efficient and promising for practical usage.
Read full abstract