Research On Anonymous Authentication Scheme For Internet Of Things Devices

Device identity authentication is the key technology of Internet of Things security.Due to the difference of mass devices,various authentication methods and limited node energy,the authentication of Io T devices is facing severe challenges.The traditional security mechanism has high complexity,which leads to its high energy cost and can not be directly applied to the Internet of Things system;the device authentication protocol based on specific identity information has the risk of device privacy leakage.This paper focuses on the technology of device anonymous identity authentication in the Internet of Things,proposes a lightweight method of device anonymous identity authentication by using elliptic curve cryptography and dynamic identity identification technology,and proposes an enhanced device anonymous identity authentication protocol by using one-time public key algorithm and hash chain technology.Aiming at the problem of user privacy leakage in the authentication process of Internet of Things devices,a lightweight device anonymous authentication protocol(LDAAP)is proposed by using elliptic curve cryptography and dynamic identity identification technology.Based on elliptic curve cryptography,the computation cost and key storage cost of LDAAP are reduced by 55% and 74% respectively under the premise of ensuring the same security.Using random number and server public key to participate in device anonymization,the time complexity of server anonymous authentication is reduced from O(n)to O(1).Using BAN logic,Random Oracle Model,AVISPA and other methods and tools to prove that the protocol can resist replay attack and man in the middle attack,and achieve anonymity,untraceability,mutual authentication and secure session key agreement.The experimental results show that compared with the similar schemes proposed by Wang,Wu,Kumari,Rostanmpour,etc.,the average computing cost of LDAAP protocol is reduced by 52.7%,and the average storage cost is reduced by 59.2%.On the premise of ensuring the identity authentication security of Io T devices,the computing and storage costs are reduced.The anonymous authentication protocol based on encryption,pseudonym and dynamic pseudonym anonymizes the external users,and the communicators can still obtain the real identity information of the device.Because the communication entity is not completely trusted,there is the problem that the dishonest communication entity maliciously divulges the privacy of the device.To solve these problems,an enhanced device anonymous authentication protocol(EDAAP)based on one-time public key algorithm is proposed.Using the device private key and random number to generate a one-time public key which can verify the legitimacy of the device,the device identity is completely anonymous;the identity token negotiated by the initial authentication is used as a one-time password for identity re authentication,which reduces the number of one-time public key generation and verification.Using BAN logic,AVISPA and other methods and tools,it is proved that EDAAP protocol can resist replay attack and man in the middle attack,solve the problem of dishonest communication entities leaking device privacy,and achieve strong anonymity,untraceability,mutual authentication and secure session key agreement.The experimental analysis shows that compared with Wu,Rostanmpour,LDAAP and other anonymous authentication protocols,EDAAP protocol only loses 18.9% of the average computing overhead without increasing the storage and communication overhead,which meets the basic requirements of Internet of Things applications.Based on the technology and scheme studied,the device anonymous authentication system for the Internet of Things is designed.The system realizes the function modules of security parameter management,device security registration,gateway security registration,efficient open verifiable information query,bidirectional authentication and key negotiation based on EDAAP.The system performance test shows that the registration module has the lateral scalability,the initial authentication time of a single node and gateway is less than 500 ms.In the case of 500 nodes concurrent authentication,the average time of initial authentication is less than 1s,and the average time of introducing authentication re authentication is reduced to 285 ms,which is 39.4% lower than the initial authentication time.The feasibility of the scheme is verified.The system has been deployed in the scene of building security,intelligent sentry and intelligent hospital operation and maintenance,which verifies the practicability of the technology and scheme studied.