Hu, S.; Jiang, S.; Miao, Q.; Yang, F.; Zhou, W.; Duan, P. Provably Secure ECC-Based Anonymous Authentication and Key Agreement for IoT. Appl. Sci.2024, 14, 3187.
Hu, S.; Jiang, S.; Miao, Q.; Yang, F.; Zhou, W.; Duan, P. Provably Secure ECC-Based Anonymous Authentication and Key Agreement for IoT. Appl. Sci. 2024, 14, 3187.
Hu, S.; Jiang, S.; Miao, Q.; Yang, F.; Zhou, W.; Duan, P. Provably Secure ECC-Based Anonymous Authentication and Key Agreement for IoT. Appl. Sci.2024, 14, 3187.
Hu, S.; Jiang, S.; Miao, Q.; Yang, F.; Zhou, W.; Duan, P. Provably Secure ECC-Based Anonymous Authentication and Key Agreement for IoT. Appl. Sci. 2024, 14, 3187.
Abstract
With the rise of the Internet of Things (IoT), maintaining data confidentiality and protecting user privacy have become increasingly challenging. End devices in IoT are often deployed in unattended environments and connected to open networks, which can make them vulnerable to physical tampering and other security attacks. Different authentication key agreement (AKA) schemes have been validated to date, but most schemes do not cover the necessary security features or are incompatible with resource-constrained end devices. Besides, their security proofs have been performed under the real-or-random model, which is not guaranteed to be secure in real applications. To reduce the weaknesses, we present an AKA protocol for end devices and servers. The proposal leverages the ECC-based key exchange mechanism and one-way hash function-based message authentication method to achieve mutual authentication, user anonymity, and forward security. Formal security proof of the proposed scheme is performed under the standard model with the elliptic curve encryption computational assumptions, and an automatic formal verification was performed with ProVerif. Further, the performance comparison verifies that our scheme reduces computation and communication costs while providing improved security features.
Keywords
Authentication and Key Agreement; Anonymity; Internet of Things; Standard Model; Elliptic Curve Cryptography
Subject
Computer Science and Mathematics, Security Systems
Copyright:
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.