Research On Secure Authentication For IoT Cloud Platform

As more and more IoT devices access cloud computing services,IoT cloud platforms emerge as the times require.IoT devices can collect and exchange information autonomously without human intervention,and upload it to the cloud platform,which brings great convenience to people.For example,emerging IoT cloud platforms such as Google Cloud IoT and Amazon Web Services IoT can store and forward information uploaded by IoT devices,and can also provide rich cloud service resources for IoT devices.However,the rapid development of IoT cloud platforms also brings new security issues.Because cloud platforms or attackers may steal the information perceived by IoT devices,or there may be attackers impersonating legitimate IoT devices to use cloud computing service resources,which will bring serious consequences.Security authentication technology can solve the problem of information security communication or unauthorized use of cloud services.However,there are still many applicability problems in the security authentication technology under the existing IoT cloud platform.For example,some authentication schemes are based on complex operations such as pairing operations,or some lightweight schemes cannot provide reliable security(such as anonymity,inability to counterfeiting),these issues still pose serious challenges to IoT devices.To this end,this paper proposes two security authentication schemes under the IoT cloud platform.1)For the scenario where users in the IoT cloud platform want to transmit information through smart terminals and the IoT,the existing security authentication scheme is implemented through Authentication Key Exchange(AKE).Participants provide identity authentication to negotiate a session key between them to ensure that only both parties know the content of the communication.However,most of the AKEs under the existing IoT cloud platforms are interactive,that is to say,multiple rounds of interaction between the two parties are required to negotiate a session key for secure communication.For resource-constrained IoT devices,multiple rounds of interactive communication will bring huge bandwidth overhead and power consumption relative to the device itself(non-plug-in type devices).Therefore,this paper proposes a forward secure non-interactive authenticated key agreement protocol MAKE to provide authenticated key agreement under the IoT cloud platform,which is based on pierceable matching encryption,public key signature and blockchain technology.MAKE uses pierceable matching encryption and public key signature to achieve forward security of the protocol,which can resist the attack caused by key leakage.MAKE also relies on blockchain technology to achieve reliable key outsourcing,which greatly reduces both computational and storage overhead.Finally,the security analysis and simulation experiments show that the MAKE scheme is a safe and efficient key agreement protocol,and it can bring a great improvement over the scheme with the same function.2)For scenarios where cloud services authenticate IoT devices to access their services,most of the existing security authentication schemes are implemented through attribute-based anonymous credentials(ABAC)or group signatures.If you need to show that you are a legitimate user and do not want to disclose personal information,you will authenticate with the cloud service authentication agent by showing proof of your legal credentials or signing the information with the group signature key.However,most of the existing anonymous authentication schemes are based on public key primitives,and even include complex pairing operations,which are not friendly to IoT devices with limited computing resources and wish to efficiently authenticate IoT devices.Therefore,this paper proposes a lightweight and traceable anonymous security authentication protocol(TAAP)to solve the anonymous authentication problem of the IoT cloud platform.This paper first proposes a traceable key verification anonymous credential TKVAC,and then builds a TAAP scheme based on TKVAC and blockchain technology,in which TKVCA can provide attribute-based lightweight anonymous authentication,and combined with blockchain technology enables administrators Service proxies that can reveal maliciously issued credentials.Finally,the security analysis and simulation experiments show that TAAP can achieve fast and efficient anonymous security authentication while having the security based on the public key primitive scheme,and the performance is greatly improved compared with the same type of scheme.