A Secure and Efficient Authentication Scheme for Large-Scale IoT Devices Based on Zero-Knowledge Proof
Abstract
:1. Introduction
2. Related Work
3. Preliminary
3.1. Zero-Knowledge Proof
3.2. Security Goal
4. Proposed Protocol
4.1. Scheme Initialization
Algorithm 1 Node Registration |
Input: , k Output:
|
4.2. SEAS Authentication Scheme
Algorithm 2 Node Identity Authentication |
Input: Output:
|
Algorithm 3 Detect Malicious Behavior |
Input: none Output: none
|
5. Security Analysis
5.1. Zero-Knowledge Proof Analysis
5.1.1. Completeness
5.1.2. Soundness
5.1.3. Zero-Knowledge
5.2. Informal Security Analysis
5.2.1. Resisting Illegal Devices and Semi-Trusted AC
5.2.2. Resisting Abnormal Devices
5.3. Formal Security Analysis
5.4. Security Comparison
- Replay Attacks: The malicious device listens to and records messages between honest devices and the autonomous system on the wireless channel;
- Modification Attacks: The malicious device disrupts the system’s integrity, confidentiality, and availability by altering communication data;
- Insider Attacks: The malicious device gains physical access to the device registration data stored in the database and uses these data to establish authentication communication with the application server;
- Man-in-the-Middle Attacks: The malicious device intercepts and modifies communication data between honest devices and the autonomous system via the wireless channel.
6. Experimental Analysis
6.1. Experiment Parameters and Performance Index Selection
6.2. Experimental Result Analysis
6.2.1. Registration Phase
6.2.2. Identity Verification Phase
6.2.3. Identity Tracing and Revocation Phase
7. Conclusions and Discussion
7.1. Conclusions
7.2. Discussion
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Mishra, K.; Rajareddy, G.N.; Ghugar, U.; Chhabra, G.S.; Gandomi, A.H. A collaborative computation and offloading for compute-intensive and latency-sensitive dependency-aware tasks in dew-enabled vehicular fog computing: A federated deep Q-learning approach. IEEE Trans. Netw. Serv. Manag. 2023, 20, 4600–4614. [Google Scholar] [CrossRef]
- Chen, H.; Chen, Y.; Xiong, Z.; Han, M.; He, Z.; Liu, B.; Wang, Z.; Ma, Z. Prevention method of block with-holding attack based on miners’ mining behavior in blockchain. Appl. Intell. 2023, 53, 9878–9896. [Google Scholar] [CrossRef]
- Zhang, Y.; Chen, Y.; Miao, K.; Ren, T.; Yang, C.; Han, M. A novel data-driven evaluation framework for fork after withholding attack in blockchain systems. Sensors 2022, 22, 9125. [Google Scholar] [CrossRef] [PubMed]
- Chen, Y.; Chen, H.; Zhang, Y.; Han, M.; Siddula, M.; Cai, Z. A survey on blockchain systems: Attacks, defenses, and privacy preservation. High-Confid. Comput. 2022, 2, 100048. [Google Scholar] [CrossRef]
- Nayak, B.P.; Hota, L.; Kumar, A.; Turuk, A.K.; Chong, P.H. Autonomous vehicles: Resource allocation, security, and data privacy. IEEE Trans. Green Commun. Netw. 2022, 6, 117–131. [Google Scholar] [CrossRef]
- Zhao, X.; Li, D. A lightweight user authentication scheme for multi-gateway based wireless sensor networks using rabin cryptosystem. IEEE Access 2023, 11, 79874–79889. [Google Scholar] [CrossRef]
- Zhang, Y.; He, D.; Vijayakumar, P.; Luo, M.; Huang, X. SAPFS: An efficient symmetric-key authentication key agreement scheme with perfect forward secrecy for industrial internet of things. IEEE Internet Things J. 2023, 10, 9716–9726. [Google Scholar] [CrossRef]
- Zhuang, L.; Guo, N.; Chen, Y. TriNymAuth: Triple pseudonym authentication scheme for vanets based on cuckoo filter and paillier homomorphic encryption. Sensors 2023, 23, 1164. [Google Scholar] [CrossRef]
- Sang, G.; Chen, J.; Liu, Y.; Wu, H.; Zhou, Y.; Jiang, S. PACM: Privacy-preserving authentication scheme with on-chain certificate management for VANETs. IEEE Trans. Netw. Serv. Manag. 2023, 20, 216–228. [Google Scholar] [CrossRef]
- Yuan, W.; Li, X.; Li, M.; Zheng, L. DCAGS-IoT: Dynamic cross-domain authentication scheme using group signature in IoT. Appl. Sci. 2023, 13, 5847. [Google Scholar] [CrossRef]
- Li, J.; Hou, N.; Zhang, G.; Zhang, J.; Liu, Y.; Gao, X. Efficient conditional privacy-preserving authentication scheme for safety warning system in edge-assisted internet of things. Mathematics 2023, 11, 3869. [Google Scholar] [CrossRef]
- Chen, Z.; Jiang, Y.; Song, X.; Chen, L. A survey on zero-knowledge authentication for internet of things. Electronics 2023, 12, 1145. [Google Scholar] [CrossRef]
- Hamila, F.; Hamad, M.; Salgado, D.C.; Steinhorst, S. Enhancing security in fiat-shamir transformation-based non-interactive zero-knowledge protocols for iot authentication. Int. J. Inf. Secur. 2023, 1, 1131–1148. [Google Scholar] [CrossRef]
- Upadhyay, D.; Zaman, M.; Joshi, R.; Sampalli, S. An efficient key management and multi-layered security framework for scada systems. IEEE Trans. Netw. Serv. Manag. 2022, 19, 642–660. [Google Scholar] [CrossRef]
- Chanchal, M.; Chaurasiya, V. Efficient anonymous batch authentication scheme with conditional privacy in the Internet of Vehicles (IoV) applications. IEEE Trans. Intell. Transp. Syst. 2023, 24, 9670–9683. [Google Scholar]
- Duan, L.; Li, Y.; Liao, L. Non-interactive certificate update protocol for efficient authentication in IoT. Future Gener. Comput. Syst. -Int. J. Escience 2020, 113, 132–144. [Google Scholar] [CrossRef]
- Wang, L.; Zheng, D.; Guo, R.; Hu, C.; Jing, C. A blockchain-based privacy-preserving authentication scheme with anonymous identity in vehicular networks. Int. J. Netw. Secur. 2020, 22, 981–990. [Google Scholar]
- Qureshi, K.N.; Shahzad, L.; Abdelmaboud, A.; Elfadil Eisa, T.A.; Alamri, B.; Javed, I.T.; Al-Dhaqm, A.; Crespi, N. A blockchain-based efficient, secure and anonymous conditional privacy-preserving and authentication scheme for the internet of vehicles. Appl. Sci. 2022, 12, 476. [Google Scholar] [CrossRef]
- Zhang, S.; Lee, J. A group signature and authentication scheme for block-chain-based mobile-edge computing. IEEE Internet Things J. 2020, 7, 4557–4565. [Google Scholar] [CrossRef]
- Gong, B.; Zhang, X.; Cao, Y.; Li, Z.; Yang, J.; Wang, W. A threshold group signature scheme suitable for the internet of things. Concurr. Comput.-Pract. Exp. 2021, 33, e6243. [Google Scholar] [CrossRef]
- Houzhen, W.; Xinwei, C.; Yan, G.; Huanguo, Z. 5-pass zero-knowledge identity authentication scheme based on matrix completion problem. J. Commun. 2021, 42, 79–86. [Google Scholar]
- Han, M.; Yin, Z.; Cheng, P.; Zhang, X.; Ma, S. Zero-knowledge identity authentication for internet of vehicles: Improvement and application. PLoS ONE 2021, 15, e0239043. [Google Scholar] [CrossRef] [PubMed]
- Xi, N.; Li, W.; Jing, L.; Ma, J. ZAMA: A zkp-based anonymous mutual authentication scheme for the iov. IEEE Internet Things J. 2022, 9, 22903–22913. [Google Scholar] [CrossRef]
- Boubakri, W.; Abdallah, W.; Boudriga, N. ZAO-AKA: A zero knowledge proof chaotic authentication and key agreement scheme for securing smart city cyber physical system. Wirel. Netw. 2021, 27, 4199–4215. [Google Scholar] [CrossRef]
- Zhang, L.; Zhu, Y.; Ren, W.; Wang, Y.; Choo, K.K.R.; Xiong, N.N. An energy-efficient authentication scheme based on chebyshev chaotic map for smart grid environments. IEEE Internet Things J. 2021, 8, 17120–17130. [Google Scholar] [CrossRef]
- Wang, Z.; Huang, J.; Miao, K. Lightweight zero-knowledge authentication scheme for IoT embedded devices. Comput. Netw. 2023, 236, 110021. [Google Scholar] [CrossRef]
- Dwivedi, A.D.; Singh, R.; Ghosh, U.; Mukkamala, R.R.; Tolba, A.; Said, O. Privacy preserving authentication system based on non-interactive zero knowledge proof suitable for Internet of Things. J. Ambient. Intell. Humaniz. Comput. 2021, 13, 4639–4649. [Google Scholar] [CrossRef]
- Liu, S.; Chen, L.; Yu, H.; Gao, S.; Fang, H. BP-AKAA: Blockchain-enforced privacy-preserving authentication and key agreement and access control for IIoT. J. Inf. Secur. Appl. 2023, 73, 103443. [Google Scholar] [CrossRef]
- Andola, N.; Raghav; Yadav, V.K.; Venkatesan, S.; Verma, S. SpyChain: A lightweight blockchain for authentication and anonymous authorization in IoD. Wirel. Pers. Commun. 2021, 119, 343–362. [Google Scholar] [CrossRef]
- Liu, W.; Wang, X.; Peng, W. NCZKP based privacy-preserving authenti-cation scheme for the untrusted gateway node smart home environment. In Proceedings of the 2020 IEEE Symposium on Computers and Communications (ISCC), Rennes, France, 7–10 July 2021; pp. 391–396. [Google Scholar]
- Jiang, W.; Guo, Z. An anonymous authentication scheme for Internet of Vehicles based on TRUG-PBFT master-slave chains and Zero-Knowledge Proof. IEEE Internet Things J. 2024, 1–15. [Google Scholar] [CrossRef]
- Singh, R.; Dwivedi, A.D.; Srivastava, G.; Chatterjee, P.; Lin, J.C.W. A privacy-preserving internet of things smart healthcare financial system. IEEE Internet Things J. 2023, 10, 18452–18460. [Google Scholar] [CrossRef]
- Liu, Y.; Garg, S.; Nie, J.; Zhang, Y.; Xiong, Z.; Kang, J.; Hossain, M.S. Deep anomaly detection for time-series data in industrial iot: A communication-efficient on-device federated learning approach. IEEE Internet Things J. 2021, 8, 6348–6358. [Google Scholar] [CrossRef]
- Lyubashevsky, V.; Micciancio, D. Generalized compact knapsacks are collision resistant. Proc. Autom. Lang. Program. 2006, 4052, 144–155. [Google Scholar]
- Chen, Y.; Zhang, Y.; Chen, H.; Han, M.; Liu, B.; Ren, T. Efficient consistency consensus algorithm of blockchain for heterogeneous nodes in the internet of vehicles. J. Electron. Inf. Technol. 2022, 44, 314–323. [Google Scholar]
Literature | Category | Purpose | Security | Methods | Disadvantages |
---|---|---|---|---|---|
[14] | Non-zero- knowledge proof | Strengthen the security of industrial plants against cyber threats | Based on secret key secure distribution | Symmetric encryption; dual-message mechanism; separate processing mechanism | Dependent on trusted third-party |
[16] | Implement efficient authentication in IoT | Based on the credibility of the certificate issuing authority | Pseudonym certificates | Frequent updating of pseudonym certificates | |
[19] | Defend against blockchain consensus attacks | Relies on Diffie–Hellman problem | Group signature | Dependent on trusted group administrators | |
[20] | Implement bidirectional authentication | Relies on elliptic curve discrete logarithm problem | Elliptic curve threshold group signature | ||
[21] | Interactive zero- knowledge proof | Minimize potential for successful deception by adversaries | Relies on matrix padding problem | Hash; equation derivation | Multiple rounds of communication; unsuitable for batch verification; low authentication efficiency |
[22] | Implement lightweight authentication against guess attacks | Relies on quadratic residue problem | FFS protocol | ||
[23] | Implement efficient two-way anonymous authentication | Relies on discrete logarithm problem | ECC; FO commitment | ||
[24] | Implement secure authentication for cyber–physical systems | Relies on chaotic map-based discrete logarithm problem | Chebyshev polynomial; modular exponentiation | ||
[25] | Implement lightweight authentication for smart grid | Relies on discrete logarithm problem | Chebyshev polynomial; hash; XOR | ||
[26] | Implement lightweight authentication for embedded devices | Relies on chaotic map-based discrete logarithm problem | Chebyshev polynomial; hash | ||
[27] | Non-interactive zero-knowledge proof | Ensure confidentiality and anonymity | Relies on discrete logarithm problem | Schnorr protocol | Large authentication calculation and low efficiency; unable to detect, track, and revoke abnormal device identities |
[28] | Solve the distrust problem of cross-domain authentication | Relies on discrete logarithm problem | Schnorr protocol | ||
[29] | Implement distributed authentication | Relies on discrete logarithm problem | Bilinear mapping; ring signature | ||
[30] | Defend against transient secret leakage attacks | Relies on chaotic map-based discrete ogarithm problem | Schnorr protocol; Chebyshev polynomial | ||
[31] | Implement identity authentication in V2X networks | Relies on inhomogeneous small integer solution problem | TRUG-PBFT; lattice-based zero-knowledge proof scheme |
Notation | Description | Notation | Description |
---|---|---|---|
the device’s identity | random number in cyclic group | ||
P | the device’s public key | the device’s actual certificate | |
the finite field | TA’s private key | ||
the device’s blind certificate | the device’s public key ciphertext | ||
group public key | the device’s proof | ||
TA’s public key | timestamp | ||
x | AC’s secret parameters | m | the device’s request message |
the device’s secret parameters | concatenation operation | ||
k | the device’s private key | hash function |
Authentication | Anonymity | Unlinkability | Traceability | Forward Secrecy | Replay Attacks Resistance | Modification Attacks Resistance | Insider Attacks Resistance | Man-in-the-Middle Attacks Resistance |
---|---|---|---|---|---|---|---|---|
SEAS | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
ZAMA | ✓ | ✕ | ✓ | ✓ | ✓ | ✓ | ✕ | ✓ |
EEAS | ✕ | ✕ | ✓ | ✓ | ✓ | ✓ | ✕ | ✓ |
UGPA | ✕ | ✕ | ✓ | ✓ | ✓ | ✓ | ✕ | ✓ |
Operations | Time Cost (ms) | Energy Cost (W) |
---|---|---|
Chebyshev polynomial | 1.4984999 | 0.2364956 |
SHA1 | 0.0018001 | 0.0006572 |
Modular exponentiation | 0.1312522 | 0.0190409 |
EC encryption | 0.2199816 | 0.0368030 |
EC decryption | 0.2300024 | 0.0790758 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Su, Z.; Wang, S.; Cai, H.; Huang, J.; Chen, Y.; Zhang, X.; Alam, M. A Secure and Efficient Authentication Scheme for Large-Scale IoT Devices Based on Zero-Knowledge Proof. Electronics 2024, 13, 3735. https://doi.org/10.3390/electronics13183735
Su Z, Wang S, Cai H, Huang J, Chen Y, Zhang X, Alam M. A Secure and Efficient Authentication Scheme for Large-Scale IoT Devices Based on Zero-Knowledge Proof. Electronics. 2024; 13(18):3735. https://doi.org/10.3390/electronics13183735
Chicago/Turabian StyleSu, Ziyi, Shiwei Wang, Hongliu Cai, Jiaxuan Huang, Yourong Chen, Xudong Zhang, and Muhammad Alam. 2024. "A Secure and Efficient Authentication Scheme for Large-Scale IoT Devices Based on Zero-Knowledge Proof" Electronics 13, no. 18: 3735. https://doi.org/10.3390/electronics13183735
APA StyleSu, Z., Wang, S., Cai, H., Huang, J., Chen, Y., Zhang, X., & Alam, M. (2024). A Secure and Efficient Authentication Scheme for Large-Scale IoT Devices Based on Zero-Knowledge Proof. Electronics, 13(18), 3735. https://doi.org/10.3390/electronics13183735