Research on Simple and Low Interaction Authentication Protocols for IoT Devices

doi:10.3969/j.issn.1671-1122.2025.07.003

Abstract

Abstract:

In the context of the maturity and widespread application of Internet of Things (IoT) technology, this paper designed and implemented a simple, low-interaction IoT device interconnection authentication protocol to address the issues of authentication and encrypted communication efficiency and security among IoT devices. The design of this protocol included a device trust binding process and a device key negotiation process. The trust binding process involved the exchange of identity identification public keys authenticated by a cloud server to verify the identity of the communication counterpart and ensure the secure storage of identity identification public keys. To ensure security, the authentication process employed symmetric encryption to transmit both parties’ identity identification public keys, with the key determined by a oblivious pseudorandom function. The key negotiation process was based on the HMQV (Hashed Menezes-Qu-Vanstone) protocol, which was used to negotiate a session key for secure communication. Compared to the Huawei device interconnection authentication protocol, the proposed protocol reduces the number of interactions, and experimental results demonstrate that it has lower computational and communication overhead, resulting in higher efficiency.

Key words: IoT, device interconnection, oblivious pseudorandom function, authentication and key agreement

CLC Number:

TP309

WANG Mei, YANG Xiaoran, LI Zengpeng. Research on Simple and Low Interaction Authentication Protocols for IoT Devices[J]. Netinfo Security, 2025, 25(7): 1032-1043.

Figures/Tables 11

References 25

[1]	GARBA A, KHOURY D, BALIAN P, et al. LightCert4IoTs: Blockchain-Based Lightweight Certificates Authentication for IoT Applications[J]. IEEE Access, 2023, 11: 28370-28383.
[2]	AMANLOU S, HASAN M K, ABU B K A. Lightweight and Secure Authentication Scheme for IoT Network Based on Publish-Subscribe Fog Computing Model[EB/OL]. (2021-09-13) [2024-10-15]. https://doi.org/10.1016/j.comnet.2021.108465.
[3]	SIDDIQUI Z, GAO Jiechao, KHAN M K. An Improved Lightweight PUF-PKI Digital Certificate Authentication Scheme for the Internet of Things[J]. IEEE Internet of Things Journal, 2022, 9(20): 19744-19756.
[4]	TSAI J L, LO N W. Secure Anonymous Key Distribution Scheme for Smart Grid[J]. IEEE Transactions on Smart Grid, 2016, 7(2): 906-914.
[5]	BELLOVIN S M, MERRITT M. Encrypted Key Exchange: Password-Based Protocols Secure against Dictionary Attacks[C]// IEEE. Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy. New York: IEEE, 1992: 72-84.
[6]	HAO Feng, RYAN P Y A. Password Authenticated Key Exchange by Juggling[C]// Springer. Security Protocols XVI. Heidelberg: Springer, 2011: 159-171.
[7]	LEE H, WON D. Prevention of Exponential Equivalence in Simple Password Exponential Key Exchange (SPEKE)[J]. Symmetry, 2015, 7(3): 1587-1594.
[8]	POINTCHEVAL D, WANG Guilin. VTBPEKE: Verifier-Based Two-Basis Password Exponential Key Exchange[C]// ACM. Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. New York: ACM, 2017: 301-312.
[9]	SHAMIR A. Identity-Based Cryptosystems and Signature Schemes[C]// Springer. Advances in Cryptology. Heidelberg: Springer, 2007: 47-53.
[10]	LI Xiong, XIONG Yongping, MA Jian, et al. An Efficient and Security Dynamic Identity Based Authentication Protocol for Multi-Server Architecture Using Smart Cards[J]. Journal of Network and Computer Applications, 2012, 35(2): 763-769.
[11]	WU T D. The Secure Remote Password Protocol[EB/OL]. [2024-10-15]. https://www.ndss-symposium.org/wp-content/uploads/2017/09/The-Secure-Remote-Password-Protocol.pdf.
[12]	JARECKI S, KRAWCZYK H, XU Jiayu. OPAQUE: An Asymmetric PAKE Protocol Secure against Pre-Computation Attacks[C]// Springer. 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Heidelberg: Springer, 2018: 456-486.
[13]	DIFFIE W, VAN O P C, WIENER M J. Authentication and Authenticated Key Exchanges[J]. Designs, Codes and Cryptography, 1992, 2(2): 107-125.
[14]	BLAKE W S, MENEZES A. Unknown Key-Share Attacks on the Station-to-Station (STS) Protocol[C]// Springer. International Workshop on Public Key Cryptography. Heidelberg: Springer, 1999: 154-170.
[15]	LAW L, MENEZES A, QU Minghua, et al. An Efficient Protocol for Authenticated Key Agreement[J]. Designs, Codes and Cryptography, 2003, 28(2): 119-134.
[16]	KRAWCZYK H. HMQV: A High-Performance Secure Diffie-Hellman Protocol: (Extended Abstract)[C]// Springer. Advances in Cryptology- CRYPTO 2005. Heidelberg: Springer, 2005: 546-566.
[17]	KUMARI S, KARUPPIAH M, DAS A K, et al. A Secure Authentication Scheme Based on Elliptic Curve Cryptography for IoT and Cloud Servers[J]. The Journal of Supercomputing, 2018, 74(12): 6428-6453.
[18]	BABU E S, DADI A K, SINGH K K, et al. A Distributed Identity-Based Authentication Scheme for Internet of Things Devices Using Permissioned Blockchain System[EB/OL]. (2022-02-04) [2024-10-15]. https://doi.org/10.1111/exsy.12941.
[19]	DANIEL R M, THOMAS A, RAJSINGH E B, et al. A Strengthened ECK Secure Identity Based Authenticated Key Agreement Protocol Based on the Standard CDH Assumption[EB/OL]. (2023-07-11) [2024-10-15]. https://doi.org/10.1016/j.ic.2023.105067.
[20]	CAO Jin, LI Hui, MA Maode, et al. A Simple and Robust Handover Authentication between HeNB and eNB in LTE Networks[J]. Computer Networks, 2012, 56(8): 2119-2131.
[21]	GB/T 32907-2016 Information Security Technology—SM4 Block Cipher Algorithm[S]. Beijing: Standards Press of China, 2016.
	GB/T 32907-2016 信息安全技术 SM4 分组密码算法[S]. 北京: 中国标准出版社, 2016.
[22]	GB/T 32918.2-2016 Information Security Technology—Public Key Cryptographic Algorithm SM2 Based on Elliptic Curves-Part 2: Digital Signature Algorithm[S]. Beijing: Standards Press of China, 2016.
	GB/T 2918. 2-2016信息安全技术 SM2椭圆曲线公钥密码算法第2部分:数字签名算法[S]. 北京: 中国标准出版社, 2016.
[23]	CASACUBERTA S, HESSE J, LEHMANN A. SoK: Oblivious Pseudorandom Functions[C]// IEEE. 2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P). New York: IEEE, 2022: 625-646.
[24]	BELLARE M, POINTCHEVAL D, ROGAWAY P. Authenticated Key Exchange Secure against Dictionary Attacks[C]// Springer. Advances in Cryptology — EUROCRYPT 2000. Heidelberg: Springer, 2000: 139-155.
[25]	ABDALLA M, FOUQUE P A, POINTCHEVAL D. Password-Based Authenticated Key Exchange in the Three-Party Setting[C]// Springer. Public Key Cryptography-PKC 2005. Heidelberg: Springer, 2005: 65-84.

符号	含义
$p$	大素数
$q$	群的阶
$g$	群的生成元
$G$	有限群
$\mathrm{}$	实例生成器
$\lambda $	安全参数
$\mathrm{}$	多项式时间内敌手
${{\mathbf{F}}_{q}}$	阶为$q$的有限域
${{\mathbf{Z}}_{q}}$	模$q$的整数环，当$q$是素数时，是域；否则，是有限环
${{\leftarrow }_{\$}}$	从一个集合中均匀随机采样
$pwd$	口令
$H(\cdot )$、$G(\cdot )$	哈希函数
$\Pr [x]$	$x$事件发生的概率
$ADV_{\mathrm{}}^{DDH}$	$\mathrm{}$成功计算出DDH问题的概率
$negl(\lambda )$	在$\lambda $中可忽略的概率
${{f}_{k}}(\cdot )$	密钥为$k$的伪随机函数
PPT	多项式时间