Research On Provably Secure And Authentication Key Agreement Schemes For Internet Of Things

The innovation and development of Internet of Things(Io T)technology have profoundly changed the traditional industrial form and social lifestyle,and Io T has become the core support of the third information technology revolution and the fourth industrial revolution.However,the rapidly expanding Io T industry also poses increasingly prominent security impacts on user privacy and basic network environments,and network and information security issues have become one of the main obstacles limiting the wide deployment of Io T.On the one hand,the Io T mainly composed of fixed terminals can satisfy large-scale device communication due to stable and static access of the terminal devices,but the complex and heavy cryptographic operations used in the communication process can bring a heavy load to the network communication of large-scale devices.On the other hand,the Io T mainly composed of mobile terminals can adapt to the real-time adjustment and optimization needs of the adaptive network with the changes in the scale and application requirements of the Io T,but compared with the fixed network topology,it is more vulnerable to network eavesdropping and tampering attacks.In addition,the security of Io T communication schemes based on traditional cryptographic systems is also facing severe challenges from the rapidly developing quantum computing technology.In view of the above different characteristics,how to design an identity authentication scheme that is efficient,secure,has low computational complexity and communication cost,and establish a secure communication environment for Io T,is a problem that needs to be urgently solved.Starting from the security and efficiency requirements of Io T communication,this article conducts research on provable secure authentication schemes for Io T communication.Specifically,three identity authentication schemes suitable for secure communication of Io T terminal devices are designed for three application scenarios: fixed terminal access,mobile terminal access,and post-quantum secure communication.These schemes are designed using cryptographic primitives such as hash functions,message authentication codes,and ideal lattices.The details are as follows:(1)Aiming at the application scenario of fixed and static access of Internet of Things devices,a symmetric key authentication scheme SAPFS with perfect forward security is designed to meet the requirements of large-scale device network communication for high authentication efficiency and low communication overhead.This scheme is based on pre-shared authentication master keys and counters between a Trusted Authority(TA)and users/terminal devices,enabling mutual authentication and authentication master key status synchronization among participants.In order to adapt to resource-constrained Io T devices,the scheme only uses lightweight hash and heterogeneous operations to achieve session key generation and derived master key update of end devices,which effectively reduces the computational overhead of end devices.The shared key completeness,authentication security and session key security of the SAPFS scheme can be formally demonstrated under the random oracle machine model.The performance analysis shows that the SAPFS scheme satisfies the security properties studied in the authentication scheme while having a better communication cost.(2)Aiming at the application scenario of flexible and dynamic access of Internet of Things terminals,a secure multi-factor authentication scheme is designed to meet the requirements of strong security and high scalability of network topology.This scheme utilizes a pseudonym mechanism and hides pseudonyms in transmitted messages to achieve user and terminal device identity anonymity,ensuring that the identity leakage of one party does not affect the anonymity of the other party.The scheme uses hash and Modular exponentiation for user and terminal device authentication,and builds secure session keys using secret values generated by DiffieHellman(DH)key exchange.The scheme’s two-factor security is formally proven under the CK model,meaning that an attacker would find it difficult to complete identity authentication and key negotiation with only one of the user’s password or the smart device.The scheme also satisfies mutual authentication security and key negotiation security,and is resistant to known attacks such as man-in-the-middle attacks,tampering attacks,and known session key attacks.Compared with the schemes proposed by Wazid et al.and Singh et al.,this scheme achieves better security and lower communication overhead.(3)Aiming at the application requirements of Internet of Things secure communication against quantum attacks in the post-quantum era,an efficient post-quantum secure identity authentication scheme is designed to meet the requirements of terminal devices for secure communication and high authentication efficiency.This scheme utilizes an ideal lattice with a special algebraic structure and leverages the DH key exchange over Ring Learning With Errors(RLWE)on ideal lattices to reduce the key length.It also employs hash operations,XOR operations,ring point addition,and ring point multiplication,and completes mutual authentication and key negotiation between users and Io T terminals with the assistance of a gateway.The scheme combines hash functions and secret values to ensure data integrity and message non-repudiation.The scheme’s authentication security and key negotiation security are proven under the random oracle model.Performance analysis shows that this scheme provides stronger security and lower computational complexity compared to other methods.Starting from the characteristics of terminal device access in the Internet of Things and higher security requirements,this paper focuses on identity authentication and secure communication,designs identity authentication schemes under different cryptographic systems to enhance the security of Io T terminal device access,data confidentiality,and reduce computational and communication costs.The goal is to achieve practical security and theoretical proof with a dual guarantee.