Research On Authentication Key Exchange Protocol In IoT Environment

The Internet of Things(Io T)is a network that connects various types of objects(e.g.sensors,devices,appliances,etc.)via the Internet.As Io T grows in scale,security and privacy issues become increasingly critical.Designing and implementing secure and reliable authentication and key exchange protocols is an effective way to address the security and privacy challenges of the Io T.However,existing protocols generally suffer from low communication efficiency,high computational overhead,poor protocol scalability,or do not take into account the variability of adversary attack methods and the specific security requirements of application scenarios.This thesis presents an in-depth study of three different Io T application scenarios,and accordingly proposes three protocols that combine multiple cryptographic algorithms and tools.The proposed protocols are efficient,practical and deployable,taking into account the differences in computing power and attack methods of the participants,while meeting the specific security requirements of the application scenarios.The main research results of this thesis are as follows.Home Smart Io T scenarios: Firstly,a security analysis of the remote user authentication protocol by Shafiq et al.points out that the protocol is vulnerable to offline password guessing,known session-specific temporary information and key leakage impersonation attacks.As a result,a new remote user authentication protocol is proposed.The security of the protocol is verified using BAN logic,the Pro Verif verification tool and informal analysis.A comparison shows that the new protocol not only satisfies the security requirements,but is also efficient with low computational cost and communication overhead.Medical Io T application scenarios: First,a security analysis of Masud et al.’s lightweight anonymous authentication protocol based on hash functions is presented.The results show that the protocol suffers from two design flaws and is vulnerable to session key disclosure attacks,offline password guessing attacks and tracing attacks.Subsequently,a tripartite authentication key protocol with improved security and performance is designed.The new protocol uses a physical unclonable function and an fuzzy extractor to resist physical attacks.Electricity Io T application scenario: To address the problems of existing protocols such as too low performance,need for manual intervention,inability to resist physical attacks and low communication efficiency,a tripartite authentication key exchange protocol based on a physical unclonable function is proposed.The protocol enables resource-constrained devices to be protected from physical threats in an insecure environment and operates without the need for real-time user participation.