Study On Lightweight Authentication Technology For IoT

The Internet of Things is an emerging trend of future technology development.The Internet of Things is to collect,share and analyze data from the environment through the connection of multiple embedded devices.The storage and processing capabilities of IoT devices are limited,and to improve the applicability of IoT,they are usually integrated as a large resource pool and server.Although integration can improve the applicability of the Internet of Things,it also raises a new security issue,namely,how to achieve mutual authentication between embedded devices and servers.In recent years,attacks on the Internet of Things have become more and more frequent,and attacks on the Internet of Things will bring many problems.For example,the privacy of users is exposed,the communication process is eavesdropped,and the security of data is threatened.This paper designs and implements the IoT device authentication protocol.The specific contributions are as follows:(1)This paper analyzes the existing security authentication protocols of various IoT devices and finds that the existing protocols lack the protection of the real identity of IoT devices.Attackers can monitor the communication process of the device by tracking the identity of the device.Get the communication content.At the same time,it is also unable to resist denial of service(Do S)attacks.Attackers can cause the server to refuse service requests from legitimate devices by launching Do S attacks,or even cause the server to crash.In this paper,the anonymity of the device is achieved by adding a new security field,using pseudonym,and using timestamp to solve the problem of inability to resist Do S attacks.Through the AVISPA formal analysis tool,informal analysis,and rigorous experiments,it is proved that this protocol can resist password guessing attacks,replay attacks,man-in-the-middle attacks,privileged insider attacks,session key theft attacks,Do S attacks and KCI attacks.Provides device anonymity and complete forward secrecy,enabling mutual authentication.The protocol provided in this paper successfully solves the above problems while inheriting the characteristics of the traditional lightweight security authentication protocol.(2)The existing IoT security authentication protocols are generally implemented using ECC(elliptic curve algorithm).Compared with algorithms such as RSA,ECC is more lightweight,but ECC involves a point multiplication operation,which is not very efficient.Based on the traditional security authentication protocol of the Internet of Things,this paper adopts the cheap encryption calculation operation to solve the problem of low efficiency of the point multiplication operation and realizes the lightweight of the protocol while providing sufficient security.Through AVISPA formal analysis tool,informal analysis and rigorous experiments,it is proved that this protocol can provide complete forward secrecy and device anonymity and can achieve mutual authentication and known key secrecy at the same time.Resistant to replay attacks,device impersonation attacks,server impersonation attacks,DenningSacco attacks,known session specific temporary information attacks,stolen authenticator attacks,and denial of service attacks.The experimental results show that the computational overhead of the proposed security authentication protocol is small enough and the efficiency is high enough,which is very suitable for the resource-constrained scenario of the Internet of Things.