Preprint Article Version 1 Preserved in Portico This version is not peer-reviewed

Provably secure ECC-based anonymous authentication and key Agreement for IoT

Shunfang Hu
* ORCID logo ,
Shaoping Jiang
,
Qing Miao
,
Fan Yang
,
Weihong Zhou
,
Peng Duan
Version 1 : Received: 23 January 2024 / Approved: 24 January 2024 / Online: 25 January 2024 (01:54:38 CET)

A peer-reviewed article of this Preprint also exists.

Hu, S.; Jiang, S.; Miao, Q.; Yang, F.; Zhou, W.; Duan, P. Provably Secure ECC-Based Anonymous Authentication and Key Agreement for IoT. Appl. Sci. 2024, 14, 3187. Hu, S.; Jiang, S.; Miao, Q.; Yang, F.; Zhou, W.; Duan, P. Provably Secure ECC-Based Anonymous Authentication and Key Agreement for IoT. Appl. Sci. 2024, 14, 3187.

Abstract

With the rise of the Internet of Things (IoT), maintaining data confidentiality and protecting user privacy have become increasingly challenging. End devices in IoT are often deployed in unattended environments and connected to open networks, which can make them vulnerable to physical tampering and other security attacks. Different authentication key agreement (AKA) schemes have been validated to date, but most schemes do not cover the necessary security features or are incompatible with resource-constrained end devices. Besides, their security proofs have been performed under the real-or-random model, which is not guaranteed to be secure in real applications. To reduce the weaknesses, we present an AKA protocol for end devices and servers. The proposal leverages the ECC-based key exchange mechanism and one-way hash function-based message authentication method to achieve mutual authentication, user anonymity, and forward security. Formal security proof of the proposed scheme is performed under the standard model with the elliptic curve encryption computational assumptions, and an automatic formal verification was performed with ProVerif. Further, the performance comparison verifies that our scheme reduces computation and communication costs while providing improved security features.

Keywords

Authentication and Key Agreement; Anonymity; Internet of Things; Standard Model; Elliptic Curve Cryptography

Subject

Computer Science and Mathematics, Security Systems

Copyright: This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Download PDF

Comments (0)

We encourage comments and feedback from a broad range of readers. See criteria for comments and our Diversity statement.

Leave a public comment
Send a private comment to the author(s)
* All users must log in before leaving a comment
Views 0
Downloads 0
Comments 0
Metrics 0
Get PDF Cite Share 0
Bookmark BibSonomy Mendeley Reddit Delicious
×
Alerts
Notify me about updates to this article or when a peer-reviewed version is published.
We use cookies on our website to ensure you get the best experience.
Read more about our cookies here.