Research On Anonymous Authentication Method Of Internet Of Things Devices

Identity authentication can ensure the legitimacy of the identities of both parties in the Internet of Things(Io T)communication and is a crucial technology to ensure the security of the Internet of Things.The inherent massive heterogeneous devices and open channels of the Internet of Things make the device authentication process inefficient and leak device privacy,which brings enormous challenges to the identity authentication of the Internet of Things.This paper focuses on the anonymous authentication of Io T edge devices and cloud servers.It aims to design an efficient and secure anonymous authentication method to solve the security risks of Io T device identity authentication.Aiming at the problems of the inefficient authentication processes and privacy leakage in existing identity authentication protocols,this paper designs a lightweight anonymous authentication method(DALAAP)that resists synchronization attacks by using dynamic pseudonym,one-time hash chain,elliptic curve cryptography,and other technologies.The scheme uses dynamic pseudonyms to solve the problem of traceable attacks caused by fixed identity identification in the authentication process of Io T devices.It uses symmetric encryption to optimize the server to search for anonymous device information,and the time complexity is reduced from O(n)to O(1)to solve the problem of low authentication efficiency.Informal analysis shows that the protocol satisfies security features such as device anonymity and resistance to desynchronization attacks.Formal analysis methods such as BAN logic,random oracle model,and AVISPA tools prove the correctness of the protocol.Experimental analysis shows that,compared with the anonymous authentication protocol proposed by Cws,Wang,Panda,Rostampour,etc.,the DALAAP computing overhead is reduced by an average of 42.39%,the communication overhead is reduced by 12.73%,and the device storage overhead is consistent with the lowest level in similar protocols.Aiming at the problem that the existing authentication protocols cannot achieve internal anonymity,this paper designs a bilinear pairing-based anonymous authentication method(BPAAP).The scheme uses bilinear pairing and challenge-response methods for identity authentication.During the authentication process,the untrusted server cannot obtain any identifying information related to the device,which solves the untrusted server’s malicious leakage of device privacy.Random numbers are used for authentication information,and Key randomization provides untraceability and perfect forward secrecy,solving the problem that the protocol is vulnerable to impersonation attacks.Informal analysis shows that the protocol satisfies security features such as mutual authentication,strong device anonymity,and resistance to malicious device attacks.Formal analysis methods such as BAN logic,random oracle model,and AVISPA tools are used to prove the correctness of the protocol.Experimental analysis shows that,compared with the anonymous authentication protocol proposed by Panda,Rostampour,Ding,Yang,etc.,the communication overhead in the BPAAP authentication stage is only 5.88% higher than the average level of similar protocols,the computing overhead is reduced by 4.78%,and the storage overhead is averaged decreased by 2.05%.Based on the DALAAP and BPAAP proposed in this paper,the Io T device identity authentication system is implemented,which solves the identity authentication problem between embedded devices and cloud servers.The test results show that DALAAP can achieve 1200 concurrent authentication devices,and the average authentication time is 122.25ms; BPAAP can achieve 800 concurrent authentication devices,and the average authentication time is294.78 ms.The system has been applied in practical scenarios such as the industrial Internet health monitoring platform and the Ruiliang dryer data visualization platform,verifying the availability and feasibility of the researched technologies and solutions.