Abstract
A large portion of end-point and edge devices in the Internet-of-Things (IoT) are constrained in computational power and bandwidth, which means they cannot easily afford the resource-consuming asymmetric cryptography such as Diffie-Hellman key exchange and RSA-2048 digital signatures. On the other hand, these devices are still confronted with similar threats against conventional devices in authenticity and privacy. In this paper, we present a high-speed authentication protocol for resource-constrained devices in IoT, which provides both authenticity and anonymity without any use of asymmetric cryptography. Moreover, we show how our protocol can be extended for devices that can execute symmetric encryption for secure data transmission. The security and anonymity of the new protocols have been analyzed comprehensively, and the evaluation demonstrates their efficiency.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
ThinkPad, Windows 10, Intel Core i7-8565U @1.80 GHz. The speed measurement is done with openssl speed aes-128-cbc/sha256/ecdh.
- 2.
Two EC point multiplications on each side.
- 3.
See “Authentication Server” column in TABLE V in [7].
References
Arfaoui, G., Bultel, X., Fouque, P.A., Nedelcu, A., Onete, C.: The privacy of the TLS 1.3 protocol. Proc. Priv. Enhancing Technol. 4, 190–210 (2019)
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_21
Bormann, C., Ersue, M., Keranen, A.: Terminology for constrained-node networks. RFC 7228 (informational), March 2014. http://www.ietf.org/rfc/rfc7228.txt
de Carvalho Silva, J., Rodrigues, J.J., Alberti, A.M., Solic, P., Aquino, A.L.: LoRaWAN-a low power WAN protocol for Internet of Things: a review and opportunities. In: 2017 2nd International Multidisciplinary Conference on Computer and Energy Science (SpliTech), pp. 1–6. IEEE (2017)
Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. RFC 5280 (proposed standard), May 2008. http://www.ietf.org/rfc/rfc5280.txt
Davis, H., Diemert, D., Günther, F., Jager, T.: On the concrete security of TLS 1.3 PSK mode. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022. LNCS, vol. 13276, pp. 876–906. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-07085-3_30
Esfahani, A., et al.: A lightweight authentication mechanism for M2M communications in industrial IoT environment. IEEE Internet Things J. 6(1), 288–296 (2017)
Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_5
Guin, U., Singh, A., Alam, M., Canedo, J., Skjellum, A.: A secure low-cost edge device authentication scheme for the Internet of Things. In: 2018 31st International Conference on VLSI Design and 2018 17th International Conference on Embedded Systems (VLSID), pp. 85–90. IEEE (2018)
Heinrich, A., Stute, M., Kornhuber, T., Hollick, M.: Who can find my devices? Security and privacy of apple’s crowd-sourced Bluetooth location tracking system. Proc. Priv. Enhancing Technol. 3, 227–245 (2021)
Heydon, R., Hunn, N.: Bluetooth low energy. CSR Presentation, Bluetooth SIG (2012). https://www.bluetooth.org/DocMan/handlers/DownloadDoc.ashx
Internet Engineering Task Force, Rescorla, E.: The transport layer security (TLS) protocol version 1.3. draft-ietf-tls-tls13-26 (2018). https://tools.ietf.org/html/draft-ietf-tls-tls13-26
Katz, J., Lindell, Y.: Introduction to Modern Cryptography. CRC Press, Boca Raton (2014)
Krawczyk, H.: HMQV: a high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_33
Langley, A., Hamburg, M., Turner, S.: Elliptic curves for security. RFC 7748, January 2016. https://doi.org/10.17487/RFC7748. https://www.rfc-editor.org/info/rfc7748
Li, X., Niu, J., Kumari, S., Wu, F., Sangaiah, A.K., Choo, K.K.R.: A three-factor anonymous authentication scheme for wireless sensor networks in Internet of Things environments. J. Netw. Comput. Appl. 103, 194–204 (2018)
Majzoobi, M., Rostami, M., Koushanfar, F., Wallach, D.S., Devadas, S.: Slender PUF protocol: a lightweight, robust, and secure authentication by substring matching. In: 2012 IEEE Symposium on Security and Privacy Workshops, pp. 33–44. IEEE (2012)
Nair, A.S., Thampi, S.M.: PUFloc: PUF and location based hierarchical mutual authentication protocol for surveillance drone networks. In: Wang, G., Choo, K.K.R., Ko, R., Xu, Y., Crispo, B. (eds.) UbiSec 2021. CCIS, vol. 1557, pp. 66–89. Springer, Singapore (2022). https://doi.org/10.1007/978-981-19-0468-4_6
Nguyên, T.T., Xiao, X., Yang, Y., Hui, S.C., Shin, H., Shin, J.: Collecting and analyzing data from smart device users with local differential privacy. arXiv preprint arXiv:1606.05053 (2016)
Pearce, J.: Internet of Things: key stats for 2022, February 2022. https://techinformed.com/internet-of-things-key-stats-for-2022/
Pornin, T.: Deterministic usage of the digital signature algorithm (DSA) and elliptic curve digital signature algorithm (ECDSA). RFC 6979, August 2013. https://www.rfc-editor.org/rfc/rfc6979
Qureshi, M.A., Munir, A.: PUF-IPA: a PUF-based identity preserving protocol for Internet of Things authentication. In: 2020 IEEE 17th Annual Consumer Communications & Networking Conference (CCNC), pp. 1–7. IEEE (2020)
Srivastava, A., Kumar, A.: A review on authentication protocol and ECC in IoT. In: 2021 International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE), pp. 312–319. IEEE (2021)
1889-1 International Organization for Standardization: Information technology - Trusted platform module library - Part 1: Architecture. International Organization for Standardization, Vernier, Geneva, Switzerland, ISO/IEC 11889-1:2015 (2015). https://www.iso.org/standard/66510.html
Suárez-Albela, M., Fernández-Caramés, T.M., Fraga-Lamas, P., Castedo, L.: A practical performance comparison of ECC and RSA for resource-constrained IoT devices. In: 2018 Global Internet of Things Summit (GIoTS), pp. 1–6. IEEE (2018)
Wu, T.: SRP protocol design. SRP document (2002). http://srp.stanford.edu/design.html
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Duan, L., Li, Y. (2023). High-Speed Anonymous Device Authentication Without Asymmetric Cryptography in the Internet-of-Things. In: Wang, G., Choo, KK.R., Wu, J., Damiani, E. (eds) Ubiquitous Security. UbiSec 2022. Communications in Computer and Information Science, vol 1768. Springer, Singapore. https://doi.org/10.1007/978-981-99-0272-9_32
Download citation
DOI: https://doi.org/10.1007/978-981-99-0272-9_32
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-0271-2
Online ISBN: 978-981-99-0272-9
eBook Packages: Computer ScienceComputer Science (R0)