Secure Device-to-Device Communication in IoT: Fuzzy Identity from Wireless Channel State Information for Identity-Based Encryption

Abstract

With the rapid development of the Internet of Things (IoT), ensuring secure communication between devices has become a crucial challenge. This paper proposes a novel secure communication solution by extracting wireless channel state information (CSI) features from IoT devices to generate a device identity. Due to the instability of the wireless channel, the CSI features are fuzzy and time-varying; thus, we a employ locally sensitive hashing (LSH) algorithm to ensure the stability of the generated identity in a dynamically changing wireless channel environment. Furthermore, zero-knowledge proofs are utilized to guarantee the authenticity and effectiveness of the generated identity. Finally, the identity generated using the aforementioned approach is integrated into an IBE communication scheme, which involves the fuzzy extraction of channel state information from IoT devices, stable identity extraction for fuzzy IoT devices using LSH, and the use of zero-knowledge proofs to ensure the authenticity of the generated identity. This identity is then employed as the identity information in identity-based encryption (IBE), constructing the device’s public key for achieving confidential communication between devices.

1. Introduction

With rapid technological advancements, the Internet of Things (IoT) is undergoing a remarkable and swift expansion, emerging as a key driving force in today’s digital era. The rapid proliferation and application of the IoT span diverse domains, ranging from smart homes and industrial automation to healthcare and urban infrastructure. This technology’s dynamic growth plays a pivotal role in enhancing the quality of life, fostering industrial innovation, and building intelligent societies. The convergence of sensors, embedded devices, and interconnected networks enables various physical objects to exchange real-time information, creating an extensive ecosystem of data. The widespread collection and analysis of these data provide businesses, governments, and individuals with deeper insights and the foundation for intelligent decision making. From the development of smart cities to advancements in precision agriculture, the IoT is profoundly transforming the ways we live and work.

Despite the rapid technological advancements that bring unprecedented connectivity and intelligence, security communication remains a significant challenge in the IoT. The use of traditional Public Key Infrastructure (PKI) systems, especially in large-scale deployments of IoT devices, inevitably faces the daunting task of establishing massive Public Key Certification Centers. Managing the identity information of a vast number of devices not only introduces complexity and cost challenges but also carries the potential risks of performance bottlenecks and single points of failure.

Adopting an identity-based encryption (IBE) solution for establishing communication systems presents unique challenges, even though IBE can avoid the implementation of massive Public Key Certification Centers. Since the physical information of IoT devices often exhibits fuzziness, traditional IBE struggles to directly construct a stable device identity based on these ambiguous physical features. This challenge involves maintaining the consistency of the device identity in a dynamically changing environment to ensure the feasibility of secure communication. In such a scenario, the solution requires an innovative combination of physical information extraction and secure communication technologies to address the complexity and security requirements of IoT device identity management.

In addressing the aforementioned challenges, we introduced a novel device-to-device communication solution for the Internet of Things (IoT). Firstly, by extracting the wireless channel state information (CSI) from IoT devices, we successfully generated stable physical features for these devices. Leveraging the wireless communication characteristics among devices, we established a device identity. Subsequently, addressing the issue of the fuzzy nature of physical features potentially causing disruptions and affecting the stability of device identity, we introduced a locally sensitive hashing (LSH) algorithm. Through LSH, we were able to generate stable identity representations for the fuzzy physical features. This process not only ensures the consistency of the device identity in dynamic environments but also provides a reliable foundation for establishing secure communication. Finally, we applied this stable identity representation to the identity-based encryption (IBE) framework, constructing device public keys. Through this innovative integration, we achieved confidential communication between devices, presenting a new paradigm to address challenges faced by existing Public Key Infrastructure (PKI) and traditional IBE solutions.

Our contributions are as follows:

• We propose a novel device-to-device communication solution for the Internet of Things (IoT). By extracting the wireless channel state information from IoT devices, we successfully generated stable physical features for these devices and combined them with IBE to implement secret communication based on CSI.
• We propose a method to generate a fixed identity identifier from the fuzzy device CSI. This method allows the generation of a unique identity identifier from a stable identity feature in a deterministic manner, which can be used as the device public key information in identity-based encryption (IBE).
• We introduce an identity verification scheme based on zero-knowledge proofs. This scheme can prove that the identity information generated by the device is derived from its CSI without revealing the CSI itself, thus safeguarding the privacy of the device.

2. Related Work

2.1. Identity-Based Encryption

In the year 2001, Boneh and Franklin [1]; Sakai, Ohgishi, and Kasahara [2]; and Cocks [3], independently proposed three identity-based encryption (IBE) schemes, marking the initiation of a new era in identity-based cryptography research. Both the Boneh–Franklin and Sakai–Ohgishi–Kasahara schemes utilize pairings satisfying bilinear mappings. Boneh and Franklin, employing the random oracle model, demonstrated that their scheme achieves indistinguishability against an adaptive chosen identity and chosen ciphertext attacks (IND-ID-CCA). The widespread application of bilinear pairings in cryptographic scheme design was a result of their work, guiding the development of identity-based cryptography. Subsequent works have often adopted methods similar to the Boneh–Franklin method, utilizing pairings with bilinearity to construct IBE schemes. In 2005, Waters [4] designed an efficient IBE scheme that does not rely on a random oracle.

In recent years, many scholars have proposed various improvements to IBE. One major challenge in the real-world deployment of IBE is the key escrow problem. If the private key generator (PKG) is malicious, it can decrypt all messages. Khaleda Afroaz [5] proposed an IBE scheme based on anonymous identities, utilizing ring signatures to address this issue. In this process, identities are signed with ring signatures generated by a ring authority (RA) to mask the actual identity. Private keys are obtained from a key generation authority (KGA), preventing the KGA from knowing which key corresponds to which recipient. In the application of IBE schemes, V. Veeresh et al. [6] comprehensively overviewed the applications of IBE in cloud computing. Van-Quang-Huy Nguyen et al. [7] proposed a private identity-based encryption scheme for key management. Y. Liu et al. [8] introduced a hierarchical identity-based encryption scheme for key distribution in wireless sensor networks, reducing the computational time and saving storage space compared to IBE-based key distribution for wireless sensor nodes.

2.2. Channel State Information

In recent years, scholars both domestically and internationally have proposed numerous wireless device authentication schemes based on physical layer fingerprints. X. Wan et al. [9] employed the Received Signal Strength Indicator (RSSI) technique for device identification and monitoring. To enhance the spatial resolution and improve the accuracy of attack detection, multiple antennas were deployed at various landmarks to collect richer RSSI data. A. Mahmood et al. [10] introduced a distributed wireless device authentication method based on a Channel Impulse Response (CIR), enhancing the system detection accuracy through multipoint sensing technology. Q. Wu et al. [11] utilized Radio Frequency (RF) fingerprints for wireless device authentication, employing a Recursive Neural Network (RNN) to autonomously learn RF fingerprint features without manual intervention.

The RSSI, RSS, and CIR can be used to describe the characteristics of the wireless channel, but they provide limited channel information at a single frequency point. In contrast, CSI contains both amplitude and phase information for each OFDM subcarrier, offering more detailed wireless channel features and achieving a superior identification performance. To address this, R. Liao et al. [12] proposed a CSI-based device authentication scheme, employing a CNN as the recognition algorithm for physical layer fingerprints. Meanwhile, C. Shi et al. [13] utilized an SVM to identify user channel fingerprints. Ribouh et al. [14] designed a CSI-based key generation method for use in vehicular environments, treating the CSI values of each subcarrier as random sources and using a new QAM demodulation quantizer (QAM-Dem-Quan) to extract bit values for key generation. Ji et al. [15] proposed a key generation scheme combining adaptive link selection and a two-step decorrelation algorithm, leveraging CSI information. Wang et al. [16] combined CSI features with the static position of devices, constructing CSI data into CSI images. Through a deep learning-based recognition and authentication model, they learned the mapping relationship between CSI and the device identity, achieving device authentication. Wang et al. [17] introduced a physical layer authentication scheme based on Gaussian Process channel prediction. By establishing a mapping between historical CSI information and the sender’s location information, they predicted the next legitimate CSI information for identity recognition. Additionally, they proposed a one-class authentication (OCA) scheme that does not require any channel information from attackers.

2.3. Zero-Knowledge Proof

Many researchers are concerned about privacy issues in data sharing and have proposed various data sharing schemes with privacy protection features. Lu et al. [18] introduced a novel approach based on federated learning and deep reinforcement learning to alleviate the transmission overhead and address the privacy concerns of data providers. The asynchronous federated learning mechanism, learning models from edge data, minimizes the total cost by selecting participating nodes and further enhances the efficiency of federated learning. To validate the authenticity of collected data and protect user privacy, a study [19] employs homomorphic encryption technology to construct a ciphertext space, ensuring the normal operation of data services under data encryption. Based on this ciphertext space, they propose an identity-based signature scheme and a two-tier batch signature verification scheme.

A zero-knowledge proof (ZKP) refers to the ability of a prover to convince a verifier of the correctness of a statement without revealing any useful information. This concept was introduced by S. Goldwasser and others [20]. The security of zero-knowledge proofs relies primarily on cryptographic assumptions related to challenging problems, such as discrete logarithms and elliptic curve problems. The zero-knowledge proof system is widely used for authentication because it has the following properties:

• Completeness: Referring to the assurance that anything valid generated by an honest prover can be successfully verified by an honest verifier.
• Soundness: Ensuring that for any prover without access to the secret, they cannot forge something that would pass verification.
• Honest verifier with zero knowledge: Ensuring that, for an honest verifier, apart from knowing the outcome of the proof (i.e., the known parameters mentioned above), no other information is revealed.

In recent years, ZKPs have been preliminarily applied and practiced in the context of IoT access security. Walshe et al. [21] proposed an IoT and sensor device authentication scheme based on non-interactive zero-knowledge proofs. Unlike traditional ZKP, the authors replaced the ZKP’s NP-hard problem and used Merkle trees to create authentication challenges. The authors conducted simulations to evaluate the performance of non-interactive zero-knowledge proofs relative to traditional zero-knowledge proofs. Salleras et al. applied it to scenarios such as 5G services for user identity authentication [22]. Service providers can verify proofs and grant services without knowing the user’s identity. Users can remain anonymous when using the service by proving the ownership of their signature without revealing any other information.

Zero-knowledge proofs have been applied as a privacy protection technology in various fields, such as traffic management, the crowdsourced IoT, identity management schemes in blockchain, and vehicular ad hoc networks [23]. However, with the exponential growth of IoT devices in various applications, ensuring the efficient, secure, and bidirectional authentication of relevant devices without leaking any information remains crucial.

3. Wireless Channel State Feature Extraction

3.1. Multipath Effects

Wireless signals typically propagate in environments characterized by complex electromagnetic wave scattering. In such environments, various objects along the signal propagation path from the transmitting device to the receiving device can induce electromagnetic wave scattering. These objects cause the signal to reflect along different paths, eventually reaching the receiving device. Due to the presence of these reflected paths, the signal received at the receiving device is the result of the superposition of multiple reflections, a phenomenon commonly referred to as multipath effects.The origins of multipath effects are diverse, including outdoor structures, terrain such as mountains, and densely packed objects in indoor environments, all contributing to varied electromagnetic wave reflections and refractions.

As the transmitted signal traverses different electromagnetic wave reflection or refraction paths, differences in the amplitude, phase, and arrival time occur during the transmission process. At the antenna position of the receiving device, multiple reflections or refractions with different phases may simultaneously superimpose. Therefore, under the influence of multipath effects, the signal response amplitude received at the antenna of the receiving device exhibits significant variations. This phenomenon is known as multipath fading.

3.2. Orthogonal Frequency Division Multiplexing

Orthogonal Frequency Division Multiplexing (OFDM) is a multi-carrier modulation technique widely employed in the field of wireless communication, particularly in high-speed data transmission environments. The core concept of OFDM involves dividing a high-speed data stream into multiple lower-speed substreams and concurrently transmitting these substreams on multiple carriers to enhance the overall data transmission efficiency.

OFDM subdivides the high-speed data stream into several lower-speed substreams and allocates these substreams to different orthogonal subcarriers. This allocation ensures mutual orthogonality among the subcarriers, reducing interference between spectral bands. Due to the orthogonality of the subcarriers, symbols on each subcarrier can be transmitted at different phases, achieving higher spectral efficiency within the same frequency band. This adaptability makes OFDM suitable for the demands of high-speed data transmission.

Assuming a carrier bandwidth of B, it can be divided into N orthogonal subcarriers with a bandwidth of $\Delta f=B/N$. If the center frequency of the first carrier is f_0, then the frequency of the nth carrier is given by the following:

$$f_n=f_0+(n-1)\Delta f$$

(1)

Modulating the OFDM symbol $P_n$ onto the subcarrier n results in the transmission symbol $P_n^{e^{j2\pi f_{n}t}}$. Summing up the signals across all N subcarriers yields the final transmitted signal:

$$f\left(t\right)=\sum _{n=1}^N{P}_n{e}^{j2\pi f_{n}t}=e^{j2\pi f_{0}t}\sum _{n=1}^N{P}_n{e}^{j2\pi (n-1)\Delta ft}$$

(2)

Once the receiver obtains the signal, it can determine the OFDM symbol $P_n$ transmitted over the subcarrier using the following formula:

$$\Delta f{\int }_0^{\frac{1}{\Delta f}}f\left(t\right)e^{-j2\pi f_{n}t}dt=P_n+{\sum }_{k\ne n}\Delta f{\int }_0^{\frac{1}{\Delta f}}{P}_k{e}^{j2\pi f_{k}t}{e}^{-j2\pi f_{n}t}dt=P_n$$

(3)

3.3. Channel State Information

In the same physical environment, different subcarriers experience varying fading and multipath effects in the wireless channel. The channel responses at different frequency positions of the subcarriers exhibit differences. To describe the subchannel response at each subcarrier frequency position, a set of data representing the features of the channel frequency response is required. These data enable the communication system at the receiving end to adapt to the actual conditions of the wireless channel, allowing the reconstruction of the effective original wireless signal received by the receiving antenna. This series of data describing the channel frequency response is commonly referred to as channel state information (CSI). CSI is a crucial data metric in wireless communication, encompassing various aspects of the radio waves between the terminals and enabling the real-time dataization and visualization of the electromagnetic wave status between the communicating parties.

The receiving device can recover the original signal based on the channel conditions described by CSI, facilitating signal transmission under the adaptation to the current channel conditions. This is vital for achieving robust communication in OFDM systems. The CSI is obtained through channel estimation in OFDM wireless communication systems. In OFDM communication transmission systems, the primary purpose of channel estimation is the selection of pilot information. As wireless channels may experience fading during transmission, continuous tracking of the channel is necessary, requiring the ongoing transmission of pilot information. Through the estimation of pilot information, the receiving terminal can acquire the CSI of the wireless communication channel from the other party.

CSI reflects the communication channel conditions between the transmitter and the receiver, manifesting on OFDM symbols as variations in the amplitude and phase of signals on each subcarrier. According to the signal system model, let H represent the channel frequency response, X be the transmitted signal, and N denote noise. The received signal Y can be expressed as follows:

$$Y=XH+N$$

(4)

In WiFi, OFDM technology is commonly employed, and CSI reflects the representation of the channel frequency response (CFR) on subcarriers. The expression of the CFR can be easily obtained through the pilot portion of each OFDM symbol:

$$H=\sum _{k\in K}∥h_k∥\times e^{-j{\phi }_k}$$

(5)

In this context, $∥h_k∥$ and ${\phi }_k$ represent the amplitude and phase values of the signal on each subcarrier, respectively. The CFR can describe small-scale multipath effects and is widely utilized as a channel indicator. By adjusting the firmware, it is possible to obtain the CFR of multipath channel samples, i.e., the measured values of CSI, on existing wireless terminal devices, such as commercial IEEE 802.11a/g/n equipment.

CSI represents the sampling of the wireless channel frequency response at various subcarrier frequencies in OFDM. On each wireless channel, each antenna at the receiving end can generate a set of CSI data. Due to the presence of multipath effects and fading phenomena in the wireless channel environment, different subcarrier frequencies are affected to varying degrees. As a result, each subchannel possesses a unique gain. This implies that each subchannel has corresponding CSI values, reflecting its distinctive frequency response features. The CSI features of the wireless channel exhibit robustness, uniqueness, and irreproducibility.

3.4. Wireless Channel Features

The wireless channel possesses four features, reciprocity, time variability, short-term stationarity, and spatial sensitivity, which are descrived below:

• Channel reciprocity: Channel reciprocity in a wireless channel refers to the symmetric propagation features between the transmitter and the receiver. In other words, if the propagation channel from the transmitter to the receiver is reciprocal, then the propagation channel from the receiver to the transmitter is also reciprocal. Reciprocity simplifies the analysis and modeling of wireless communication systems. However, in practical communication environments, various factors such as noise, channel variations, and environmental conditions may lead to incomplete consistency in the collected channel state data due to the asynchrony in signal reception times between communication parties.
• Time variability: The propagation features of a wireless channel undergo changes over time. This time variability can be caused by various factors, including the movement of objects, changes in obstacles along the signal path, and variations in atmospheric conditions. Time variability is particularly crucial for mobile communication systems as it impacts the signal transmission quality and system performance.
• Short-term stationarity: Despite the time variability of the wireless channel, it is often possible to approximate the channel as approximately stationary over short periods. This implies that within very short time intervals, the propagation features of the channel can be considered constant, simplifying the complexity of system design and signal processing.
• Spatial sensitivity: The propagation features of a wireless channel are highly sensitive to spatial changes. Even within relatively small spatial ranges, significant variations in the channel’s features may occur. This sensitivity is due to the signal’s propagation through multiple paths, influenced by reflection, refraction, and scattering. Spatial sensitivity is particularly important in places with complex structures, such as indoor and urban environments, necessitating the adoption of appropriate antenna configurations and signal processing techniques to address it.

3.5. CSI Acquisition Module Based on Multipath Effects

3.5.1. CSI Acquisition

In general, CSI is often represented by the channel frequency response (CFR) in a wireless multipath channel environment. When the transmission frequency is denoted as f, the formula for CSI is given by the following:

$$H\left(f\right)=\sum _n^N{a}_n{e}^{-j2\pi f{\tau }_n}$$

(6)

In OFDM wireless networks, such as IEEE 802.11a/g/n, each pair of antenna channel propagations results in a set of CSI data. The length of each set of CSI data corresponds to the number of subcarriers, and the individual CSI values within the set are represented by the following formula:

$$CS{I}_{m,n}=\left[cs{i}_{-i},cs{i}_{-i+1},\dots ,cs{i}_0,cs{i}_1,\dots cs{i}_i\right]$$

(7)

In the above formula, m represents the index of the transmitting antenna, n denotes the index of the receiving antenna, and i represents the subcarrier index. When a device transmits data with a bandwidth of 20 MHz in the 2.4 GHz frequency band, the utilized channel will consist of 64 subcarriers. The measured CSI at the receiver will include the frequency response for each subcarrier, forming a 64-dimensional complex CSI vector. In a Multiple-Input Multiple-Output Orthogonal Frequency Division Multiplexing (MIMO-OFDM) wireless communication systems (assuming the system has V transmit antennas and G receive antennas), the CSI will be expanded into a three-dimensional complex matrix of size $V \times G \times 64$. This provides an alternative representation for the CSI:

$${CSI}_k=\left|cs{i}_k\right|e^{-j\angle cs{i}_k},k=-i,\dots ,-1,1,\dots ,i^{\circ }$$

(8)

where $\left|cs{i}_k\right|$ represents the amplitude and $\angle cs{i}_k$ represents the phase.

The majority of CSI amplitudes tend to stabilize within a relatively concentrated range, with only a portion of the data exhibiting discrete deviations. However, CSI phase data are characterized by an unstable pattern, displaying a distribution with random rotations. Additionally, significant discrepancies are observed in the CSI data between the receiving and transmitting ends at the same position.

3.5.2. Preprocessing of CSI

CSI data may have certain errors due to environmental noise. To eliminate these errors, preprocessing is applied. First, due to hardware errors, environmental factors, etc., there may be outliers or anomalous points in the data sequence. To reduce the impact of errors and enhance the robustness, an outlier detection method is employed. Secondly, normalization is used to reduce data dispersion. Finally, the samples undergo smoothing to eliminate the effects caused by environmental noise.

• Outlier Handling

After obtaining $CS{I}^{\prime }$, the n samples are denoted as ${}^{-}{CSI}_n^{\prime }=c_n^1,c_n^2,\cdots ,c_n^M(n=1,2,\cdots ,N)$, where N represents the number of collected samples and M represents the number of available subcarriers collected (52 in this case). Let $L_m=\left(c_1^m,c_2^m,\cdots c_N^m\right)$ represent the average value of each subcarrier across all samples, where $m=1,2,\cdots ,M$. The median window chosen in this paper is $C_{D,n}^I$ and the sample values within a range of $2l$ around it. The standard deviation for all samples is derived from the absolute deviation, as shown in the following formula:

$${\sigma }_I^m=\frac{1}{\gamma }median\left(\left|c_i^m-c_I^m\right|\right)$$

(9)

where $c_I^m$ represents the median of the window, $c_i^m$ represents the samples within the window, and $\gamma =\sqrt{2}erfinv\left(0.5\right)$. The removal of outliers in the samples is processed using the following formula:

$$c_i^m=\left\{\begin{array}{cc}{c}_i^m\hfill & \left|c_i^m-c_I^m\right|\le \eta {\sigma }_I^m\hfill \\ c_I^m\hfill & \left|c_i^m-c_I^m\right|>\eta {\sigma }_I^m\hfill \end{array}\right.$$

(10)

2.

Normalization

Due to environmental interference, the amplitude of CSI may exhibit certain variations over time, but, overall, it will have similar fluctuation trends. To reduce the adverse effects of amplitude fluctuations, the amplitude sequence of CSI is normalized using the following formula:

$$c_i=\frac{a_i-a_{min}}{a_{max}-a_{min}}$$

(11)

After normalization, the amplitude sequence of CSI exhibits a smaller degree of dispersion while preserving the original shape information to a certain extent.

3.

Smoothing

The smoothing process involves working solely on the amplitude values of each subcarrier, aiming to reduce temporal influences. The smoothing method is expressed as follows:

$${\tilde{c}}_n^m=\frac{1}{w}\sum _{max\left(0,n-⌊\frac{w}{2}⌋\right)}^{min\left(N,n+⌊\frac{w-1}{2}⌋\right)}{c}_n^{m_0}$$

(12)

where w represents the length of the smoothing window.

4. Non-Interactive Channel Feature Similarity Comparison

4.1. Zero-Knowledge Proof

A zero-knowledge proof (ZKP) refers to the ability of a prover to convince a verifier of the correctness of a statement without revealing any useful information. This concept was introduced in the early 1980s by S. Goldwasser and others. The security of zero-knowledge proofs relies primarily on cryptographic assumptions related to challenging problems, such as discrete logarithms and elliptic curve problems. This paper focuses on the enhancement of Sigma Protocols in zero-knowledge proofs, grounded in the assumption of the difficulty of the discrete logarithm problem. The objective is to tailor Sigma Protocols to meet the specific requirements of certain industry applications while maintaining the security principles inherent in zero-knowledge proofs.

The Sigma Protocol is an interactive proof system consisting of a prover (P) and a verifier (V) in a three-step process. This system is based on the discrete logarithm problem and a commitment key ($ck$) generated with a security parameter $\lambda$. The commitment key $ck$ is derived from the discrete logarithm problem and a random number $r\in {\mathbb{Z}}_q^{\ast }$, where represents a non-negative integer ring of order q. The prover can generate a commitment $Co{m}_{ck}(c;r)$ for a secret c, representing a declaration of the secret c. Based on prior research results, it is known that, with negligible probability, this commitment uniquely binds to the secret c and does not leak information about c.

The Sigma Protocol process is described as follows:

• The prover initiates the process by sending the commitment regarding the secret c to the verifier.
• Upon receiving the commitment, the verifier randomly selects a challenge value $x\in {\mathbb{Z}}_q^{\ast }$ and sends it to the prover.
• Based on the received challenge value x, the prover generates the corresponding response value z and sends it to the verifier.
• These three steps constitute the proof by the prover for the secret c. With the known parameters, including the commitment key $ck$, commitment value $Co{m}_{ck}(c;r)$, challenge value x, and response z, the verifier is capable of validating the legitimacy of the proof.

The intersection proof proposed in this paper is a modification of the aforementioned Sigma Protocol, based on the Pedersen commitment scheme. The properties of this commitment scheme are defined as follows:

Let $\mathbb{G}$ be a q-order cyclic group generated by the commitment key $ck$, with generators g and h. Given a random number $r\in {\mathbb{Z}}_q^{\ast }$, a Pedersen commitment based on the message c can be generated as follows:

$$Co{m}_{ck}(c;r)=g^c·h^r\in \mathbb{G}$$

(13)

The Pedersen commitment is a homomorphic commitment scheme that, under the discrete logarithm assumption, possesses two essential properties, hiding and binding:

• Concealment (hiding): For any adversary with a probabilistic polynomial time computational capability, if the adversary is unable to effectively distinguish between the commitments $Co{m}_{ck}(c_0;r_0)$ and $Co{m}_{ck}(c_1;r_1)$ corresponding to two distinct messages $c_0$ and $c_1$, then the commitment scheme is considered to possess concealment.
• Binding: For any adversary with a probabilistic polynomial time computational capability, given a known commitment $Co{m}_{ck}(c_0;r_0)$, the task is to find another secret value $c_{!}$ such that their commitment values are equal, i.e., $Co{m}_{ck}(c_0;r_0)=Co{m}_{ck}(c_1;r_1)$. If the probability of successfully achieving this task is negligible, then the commitment scheme is deemed to exhibit binding characteristics.

4.2. Interactive Similarity Matching

Similar to fingerprint recognition, when collecting fingerprints from the same individual multiple times, various factors such as sweat, pressure variations, and other elements on the fingers can result in subtle differences in the collected fingerprints. Ensuring fuzzy identity recognition while maintaining both accuracy and fault tolerance in the presence of these subtle variations is a crucial consideration.

In the process of identity authentication, despite the preprocessing of channel state information (CSI), deviations from standard values may still occur during the quantification process. Therefore, it is necessary to enhance the tolerance of identity recognition without compromising accuracy. In this context, we introduce the concept of fuzziness to assess the similarity of fuzzy equations. The extracted CSI exhibits fuzzy characteristics, with the CSI collected by both parties not being entirely consistent but demonstrating a high degree of similarity. This paper, by comparing the similarity of CSI from both parties and obtaining the intersection, negotiates a shared channel key for communication. Simultaneously, the successful comparison of CSI similarity also signifies that the remote end possesses CSI highly similar to the local end, enabling dual-end authentication.

This paper employs a zero-knowledge proof based on the Sigma Protocol for conducting a Comparative Similarity Index (CSI) matching. Initially, the collected CSI information is quantified into a binary CSI vector. This binary vector serves as a representation of the CSI, and the similarity matching involves comparing the binary vectors held by both parties, leading to the determination of their binary vector intersection. Subsequently, by constructing an n-th order polynomial to express the binary vector, the similarity matching of binary vectors is transformed into the intersection operation of an n-th order polynomial. The intersection calculation is achieved by verifying the polynomial’s zero points. This process substantiates the high degree of similarity between the binary vectors held by both parties, thereby facilitating the mutual authentication of the communicating entities.

For a binary string s owned by the communication party Alice, it is divided into n segments of a fixed length, represented as $(s_1,\dots ,s_n)$. The prover wishes to convince the verifier of possessing the secret vector $s=(s_1,\dots ,s_n)$ without disclosing any information. Similarly, after preprocessing, Bob obtains the set $s=(s_1^{\prime },\dots ,s_n^{\prime })$.

In the first place, we construct an n-degree polynomial $p\left(x\right)=(x-1·s_1),\dots ,$$(x-n·s_n)=x^n+a_{n-1}{x}^{n-1}+\cdots +a_{1}x+a_0$. Clearly, the polynomial evaluates to 0 only when the input $x=i·s_i(i\in [1,n])$. This property can be utilized for a prover to verify their possession of secrets without disclosing these secret values (including their corresponding values in the group field) to others. Based on this idea, the problem of similarity comparison can be transformed into a zero-knowledge similarity comparison problem: the prover needs to prove that they possess a polynomial $p\left(x\right)$, and the zeros of this polynomial can be verified by the verifier.

The similarity comparison relation is defined as follows:

$$R=\left\{\begin{array}{cc}ck\leftarrow Setup\left(1^{\lambda }\right);P_i\in \mathbb{G};a_i,r_i,x\in {\mathbb{Z}}_q^{\ast }& \sum _{i=1}^n{P}_i^{\left(s^i\right)}={Com}_{ck}\left(0;r^{\prime }\right)\\ P_i={Com}_{ck}\left(a_i;r_i\right)(i=0,\dots ,n)& \mathrm{where}s\in 1·s_1,\dots ,n·s_n\end{array}\right\}$$

(14)

Firstly, we define the variables required for the algorithmic flow description, based on the discrete logarithm problem. Let $\mathbb{G}$ be a cyclic group of order q, where q is a prime number. The generators of this group are denoted as $\mathbb{g}$ and $\mathbb{h}$, both belonging to $\mathbb{G}$. For an element x in the multiplicative group of q-order positive integers ${\mathbb{Z}}_q^{\ast }$, it holds that ${\mathbb{g}}^x\in \mathbb{G}$. Boldface notation such as $\mathit{a}$ is used to represent vectors, for instance, $\mathit{a}=\left(a_0,\dots ,a_n\right)$ denotes a vector composed of n numerical values. The prover can generate a corresponding Pederson commitment for their secret $\mathit{a}$, denoted as $Com(\mathit{a};r)$, which can be succinctly expressed as $Com(\mathit{a};r)={\mathbb{g}}^{\mathit{a}}·{\mathbb{h}}^r$.

The prover initially generates, for each secret value $a_i$, corresponding random numbers $r_i$, $u_i$, and $v_i$. The commitments $A_i=Co{m}_{ck}(a_i;u_i)$ and $R_i=Co{m}_{ck}(r_i;v_i)$ are computed and disclosed to the verifier. Subsequently, the verifier generates a random number x as the challenge value for the aforementioned commitments. The prover, in response to the verifier’s challenge x, computes $f_i=a_i·x+r_i$ and $z_i=u_i·x+v_i$. Finally, the verifier performs validation on the proof, checking if the prover possesses the secret vector $\mathit{a}=\left(a_0,\dots ,a_n\right)$ and confirming whether the subchannel characteristics are mutual. If the result corresponds to a commitment of 0 in the form $Co{m}_{ck}(0;u^{\prime })$, then the currently computed value $s_j^{\prime }$ is considered a shared secret between the communicating parties and is utilized in generating the final channel key.

Channel Key Computation

After the application of the feature extraction algorithm to the CSI information, a set of binary sequences is obtained. It is ensured that a significant portion of the binary sequences held by both Alice and Bob exhibit similarity, as illustrated in Figure 1.

In the proposed scheme, the sequence is divided into segments, and each segment is treated as a secret value $s_i$ for verification purposes. The verifier only needs to sequentially compute the verification for each segmented secret value $s_j^{\prime }$. If the equality holds, it can be inferred that the corresponding segments in the binary sequences of the communicating parties are identical, thereby establishing a common element. Ultimately, the verifier obtains the intersection of the secret value vectors $\mathit{s}$ and ${\mathit{s}}^{\prime }$, denoted as $\mathit{s}\cap {\mathit{s}}^{\prime }$. This intersection sequence serves as the shared channel key for the mutual authentication in the key negotiation process.

4.3. Non-Interactive Key Similarity Comparison

The aforementioned similarity comparison is observed to be interactive. In this context, apart from the commitment value initially transmitted, a challenge–response process must be completed between the prover and the verifier to execute the entire procedure. The interactive nature of this process may result in an increased execution time and potential resource waste or even incompatibility when deployed in certain protocols. This paper leverages the Fiat–Shamir transformation to convert the aforementioned three-step interactive similarity comparison into a non-interactive process requiring only one step. The principle of this transformation involves utilizing the hash value of the interactive data as the challenge for the second step of the Sigma Protocol and using this challenge value to compute the response in the third step. Finally, the commitment and response are sent together to the verifier.

Upon applying the Fiat–Shamir transformation, the non-interactive similarity comparison process is outlined as follows:

• In the execution of the aforementioned Protocol 1, the prover randomly generates three sets of random vectors $(r_0,\dots ,r_n)$, $(u_0,\dots ,u_n)$, and $(v_0,\dots ,v_n)$, and produces the corresponding commitment values $(A_0,\dots ,A_n,R_0,\dots ,R_n)$.
• The prover generates a challenge value for the data to be sent, where $x=H(ck,A_0,\dots ,$$A_n,R_0,\dots ,R_n)$ and $H(·)$ denotes a hash function.
• In accordance with the challenge value x, the secret vector $\mathit{a}=\left(a_0,\dots ,a_n\right)$, random value vector $\mathit{r}=\left(r_0,\dots ,r_n\right)$, $\mathit{u}=\left(u_0,\dots ,u_n\right)$, and $\mathit{v}=\left(v_0,\dots ,v_n\right)$. The prover computes the corresponding response vectors $\mathit{f}=\left(f_0,\dots ,f_{n-1}\right)$ and $\mathit{z}=\left(z_0,\dots ,z_{n-1}\right)$.
• The final prover will transmit the proof, denoted as $Proof=(x,\mathit{A},\mathit{R},\mathit{f},\mathit{z})$, to the verifier in a single instance.

5. Implementation

5.1. Locality-Sensitive Hashing

We employ the locality-sensitive hashing (LSH) algorithm to process bit sequences. LSH is an algorithm designed for similarity search in massive datasets. Essentially, LSH is a technique for data dimensionality reduction, aiming to map data points from the original high-dimensional space to a lower-dimensional space while attempting to preserve their similarity.

The LSH algorithm consists of two main parts. In the first part, we utilize the SimHash algorithm for data dimensionality reduction. It involves merging long bit sequences through weighted combination, merging, and dimensionality reduction steps, resulting in shorter bit strings. In the second part, we apply LSH to locally search for matching pairs among the short bit strings. The bit strings are hashed into hash buckets after being split, ultimately generating a unique identity for terminal devices.

The SimHash algorithm is primarily employed for text similarity detection, using Hamming distance to calculate similarity, making it suitable for the dimensionality reduction of long bit sequences. In the classical SimHash algorithm, text needs to be hashed and transformed into a binary string of 0s and 1s that can be measured using Hamming distance. The m = 6 SimHash algorithm is illustrated in the accompanying Figure 2.

The SimHash algorithm employed in this experiment is primarily divided into the following components:

• Tokenization: The long bit sequence is segmented into multiple equidistant feature strings, each with a length of m bits.
• Weighting: Each equidistant feature string is assigned a weight, based on its importance. Additionally, each bit in the feature string, whether 1 or 0, is transformed. For instance, for a feature string of length 6 bits, the assigned weight is 4, and the weighted representation becomes 4 −4 −4 4 −4 4.
• Merging: The weighted feature strings are cumulatively added to obtain a final sequence string.
• Dimensionality reduction: The merged sequence string undergoes dimensionality reduction. If a particular position in the sequence string is greater than 0, it is set to 1; otherwise, it is set to 0. The output is the signature corresponding to the long bit sequence. Multiple signatures are combined to produce the SimHash signature matrix.

After obtaining the SimHash signature, the locality-sensitive hashing (LSH) algorithm is employed to hash the signature matrix, aggregating the results into hash buckets. This facilitates local searching for matching pairs, with the hash bucket signature serving as the final identifier. During the hashing process, the algorithm further reduces the dimensionality of the input data, enabling unique and stable identity outputs for inputs with minor variations. The locality-sensitive hashing algorithm is depicted in Figure 3.

The specific steps of the locality-sensitive hashing (LSH) algorithm are as follows:

• Initially, the signatures in the previously obtained signature matrix are divided into different bands, with each band containing a fixed number of rows.
• Each band is hashed into a distinct hash bucket.
• Identification is applied to each hash bucket, combining the identifiers of the buckets where each segment of the signature resides. The final result represents the output of the LSH algorithm.

These steps facilitate the segmentation of signatures into bands, followed by the hashing of each band into separate hash buckets. Subsequently, the identification of each hash bucket is performed, combining the identifiers of the buckets associated with each segment of the signature. The ultimate outcome constitutes the output of the LSH algorithm.

5.2. CSI-Based IBE for IoT

We let k be the security parameter given to the setup algorithm.

Setup: (1) Choose a large prime p for some prime $q>3$. Let E be the elliptic curve defined by $·y^2=x^3+1·$ over $·{\mathbb{F}}_p$. Choose an arbitrary $P\in E/{\mathbb{F}}_p·$ of order q. (2) Pick a random $s\in {\mathbb{Z}}_q^{\ast }$ and set $P_{pub}=sP$. (3) Choose a cryptographic hash function $H:{\mathbb{F}}_{p^2}\to {\{0,1\}}^n$ for some n. Choose a cryptographic hash function $G:\{0,1\}\ast \to {\mathbb{F}}_p$.

The message space is $M={0,1}^n$. The ciphertext space is $C=E/{\mathbb{F}}_p\times {\{0,1\}}^n$. The system parameters are $<p,n,P,P_{pub},G,H>$. The master key is $s\in {\mathbb{Z}}_q^{\ast }$.

Extract: For a given string $ID\in {\{0,1\}}^{\ast }$, the algorithm builds a private key d as follows: (1) Map the $ID$ to a point $Q_{I}D\in E/{\mathbb{F}}_p$ of order q. (2) Set the private key $d_{ID}$ to be $d_{ID}=s{Q}_{ID}$ where s is the master key.

In the first step, we need to initially use the CSI Acquisition module in Section 3 to obtain the physical state information features of the device. Since in the actual environment these physical state information features are always fluctuating, it is necessary to use LSH to transform the steady-state features of the device into the same hash. Only in this way can they be used as identity identifiers in IBE, serving as public keys externally. In this process, it is also necessary to utilize the non-interactive channel feature similarity comparison in Section 4 to prove the effectiveness of mapping feature values to hash values through LSH and to maintain the privacy of the device’s physical state features.

Encrypt: To encrypt $m\in M$ under the public key $ID$, take the following steps: map the $ID$ into a point $Q_{ID}\in E/{\mathbb{F}}_p$ of order q. Then, choose a random $r\in {\mathbb{Z}}_q$, and set the ciphertext to be

$$C=<rP,m\oplus H\left(g_{ID}^r\right)>$$

(15)

where $g_{ID}=\widehat{e}(Q_{ID},P_{pub})\in {\mathbb{F}}_{p^2}$.

Decrypt: Let $C=(U,V)$ be a ciphertext encrypted using the public key $ID$. If $U\in E/{\mathbb{F}}_p$ is not a point of order q, reject the ciphertext. Otherwise, to decrypt C using the private key $d_{ID}$, compute the following:

$$V\oplus H\left(\widehat{e}(d_{ID}.U)\right)=m$$

(16)

6. Implementation and Experiment

6.1. Construction of a Key Exchange Module Testing System

6.1.1. Testing Environment

The testing environment for channel key negotiation based on channel fingerprints was established with distinct communication characteristics, namely, line-of-sight (LOS) and non-line-of-sight (NLOS) characteristics, as illustrated in Figure 4 and Figure 5, respectively.

• In the NLOS scenario, as illustrated in Figure 4, the communication devices of the two parties are positioned at distances of 3 m, 4 m, and 5 m, with the attacker at the closest proximity of 0.1 m.
• In the LOS scenario illustrated in Figure 5, the devices of the communicating parties are situated at distances of 25 cm, 50 cm, and 75 cm, with the attacker positioned at a minimum proximity of 0.1 m.

6.1.2. Testing Apparatus

In the channel key negotiation module testing, three Raspberry Pi devices (all Raspberry Pi 3 Model B+) were employed as the testing equipment, with the device information outlined in

Table 1. Device information for channel key negotiation module testing.

No.	Model of Device	Name of Device	Identity of Device
1	Raspberry Pi 3 Model B+	Alice	Legal equipment
2	Raspberry Pi 3 Model B+	Bob	Legal equipment
3	Raspberry Pi 3 Model B+	Eve	Attacker

. The three Raspberry Pi devices assumed the roles of Alice (legitimate communication device (1)), Bob (legitimate communication device (2)), and Eve (illegitimate communication device, i.e., the attacker) during the testing. Specifically, Alice and Bob functioned as legitimate communicating parties, executing normal access requests, channel feature collection, identity authentication, key negotiation, and communication processes. Meanwhile, Eve played the role of an attacker, engaging in man-in-the-middle attacks and replay attacks during the identity authentication and key negotiation stages conducted by Alice and Bob.

6.1.3. Software and Hardware Parameters

All Raspberry Pi models utilized in this paper are Raspberry Pi 3 Model B+. The Wi-Fi chipset integrated into all Raspberry Pi devices is identified as BCM43455C0. The antennas employed for both transmission and reception are 2.4 GHz single-frequency antennas with a gain of 6 dBi. All experimental tests are conducted based on the wireless communication protocol IEEE 802.11n, utilizing channels 1–14 with a center frequency range of 2.412–2.472 GHz and a bandwidth of 20 MHz. The firmware version installed on the Wi-Fi chipset is 7_45_189, and the operating system deployed on the Raspberry Pi is the Raspberry Pi OS, with a kernel version of 4.19.

The software parameters for the LOS and NLOS test environments of the channel key negotiation module are configured as presented in

Table 2. Parameter configuration for non-line-of-sight indoor testing software.

No.	Communication Distance (m)	Minimum Distance to the Supplier (cm)	Packet Transmission Rate (pkts/s)	Number of Transmitted Packets (pkts)	Number of Channel Key Negotiation Iterations
1	3	10	500	50,000	5000
2	4	10	500	50,000	5000
3	5	10	500	50,000	5000

and

Table 3. Parameter configuration for line-of-sight testing software.

No.	Communication Distance (m)	Minimum Distance to the Supplier (cm)	Packet Transmission Rate (pkts/s)	Number of Transmitted Packets (pkts)	Number of Channel Key Negotiation Iterations
1	25	10	500	20,000	2000
2	50	10	500	20,000	2000
3	75	10	500	20,000	2000

, respectively.

After experimental verification, it has been demonstrated that there is a significant disparity in the modulus results between Alice and Bob compared to those of Eve. This observation elucidates the efficacy of the modulus operation in enhancing the distinguishability between attackers and legitimate devices. Following the modulus operation, the proportion of data variations across the three sets remains within the anticipated and reasonable range. Subsequent quantization processing further amplifies the observed distinctions.

6.2. OFDM and CSI

6.2.1. Testing Parameters

This paper selected a wireless network with a bandwidth of 20 MHz and 64 OFDM subcarriers, utilizing a wireless terminal with a single transmitter and receiver antenna as a sample. Upon receiving data packets, the receiver calculated the CSI using a channel estimation method, resulting in a matrix of size 1 × 1 × 64. In the long training sequence, the amplitudes of 12 subcarriers are zero, numbered −32, −31, −30, −29, −28, −27, 0, 27, 28, 29, 30, and 31. This implies that the CSI data on these subcarriers is not obtained through channel estimation and is not associated with the wireless channel. After removing these data points, a matrix of size 1 × 1 × 52, denoted as the complex sequence, was obtained, where each value corresponds to the amplitude and phase of a subcarrier.

In this scenario, if the above sequence is directly used for training and recognition, considering factors such as hardware errors and environmental interference, there may be outliers in the sample sequence, leading to the poor recognition performance of the trained model. Therefore, it is necessary to perform outlier handling, normalization, and smoothing on the obtained amplitude and phase sequences. This process is further explained in the following section, which discusses the preprocessing of CSI data.

6.2.2. Functional System Testing

This paper employed various wireless IoT devices of different types and brands, including Raspberry Pi, wireless cameras, smart lights, and smart plugs. These devices were connected to a router serving as an access point (AP) to create a simulated IoT network. All these IoT devices operated in the 2.4 GHz frequency band with a bandwidth of 20 MHz, and their communication data packets were captured. Nexmon was chosen as the CSI extraction tool because it offers support for larger bandwidths and a higher number of subcarriers compared to other tools.

This paper continuously recorded the changes in CSI amplitude curves for different IoT devices under four interference conditions, including scenarios with no human movement and individuals walking back and forth from distances of 1 m, 2 m, and 3 m from the terminal. A selection of typical IoT devices was chosen, and the CSI information varied among different devices. Even under interference conditions, the measured CSI amplitude curves maintained a similar shape, with an overall shift in amplitude occurring across all subcarriers. Further experiments indicated that, after processing, the differences in extracted device identities under various interference conditions were within the tolerance range of our algorithm.

6.3. CSI and LSH

Due to the inherent noise in the channel, signals inevitably degrade during transmission. The user identity used for encryption and decryption should be accurate. Therefore, channel state information (CSI) cannot be directly used as a user identity. Only through processing with locality-sensitive hashing (LSH), where the same segment of signal falls into the same hash bucket after stabilization, can CSI be used as a means of user identification. As illustrated in Figure 6, we transmitted 100 identical signal segments repeatedly. To simplify the problem, we calculate the average of the signal sequence in both amplitude and frequency dimensions. However, due to the inherent noise in the channel, the signals received by the actual receiver exhibit subtle differences in amplitude and frequency. These differences, amplified by the avalanche effect of cryptographic hash functions, result in completely different identity representations. Therefore, it is necessary to employ LSH to ensure that these 100 signal segments stably fall into the same hash bucket before they can be used for identity generation.

7. Discussion

7.1. Potential Attack and Security

In this section, we will discuss potential attacks that the methods described in this paper may face, as well as the security of the proposed solution.

7.1.1. Man-in-the-Middle Attack

The man-in-the-middle attack refers to the attacker inserting themselves between communicating parties to intercept or manipulate the information exchanged. Attackers can impersonate user identities through man-in-the-middle attacks. However, in the proposed solution in this paper, user identities rely on the physical characteristics of the user’s device, specifically constructed through channel state information. Unlike traditional approaches that depend on specific message information submitted by users, the attacker cannot mimic the user’s channel environment. Therefore, they are unable to impersonate users through man-in-the-middle attacks.

7.1.2. Replay Attack

The replay attack refers to the act of an attacker retransmitting previously intercepted communication data without modification, with the aim of deceiving the system to achieve unauthorized access or execute certain unauthorized operations. In this paper, on one hand, similar to a man-in-the-middle attack, attackers cannot mimic the channel state in which the user is located. On the other hand, in zero-knowledge proofs, a random freshness number is used as secret information. Therefore, attempting to impersonate a user through replaying messages cannot pass the zero-knowledge verification. Thus, in the discussed solution in this paper, it is not possible to impersonate a user through a replay attack.

7.1.3. Brute-Force Attack

The brute-force attack is a method of password cracking where attackers attempt all possible password combinations until the correct one is found. This method does not rely on pre-obtained information but systematically tries every possible password and is often automated using computer programs. It is a relatively straightforward but time-consuming attack, and its success typically depends on the strength and complexity of the password. In this paper, due to the difficulty of the discrete logarithm problem on elliptic curves, brute-force attacks are computationally infeasible. Meanwhile, attackers not only need to brute-force crack passwords but also attempt to brute-force crack the user’s channel state. The attacker can only be successful if they find a channel that is equivalent to the one in which the user’s device is located. However, the state of the channel itself is uncertain, making it impossible for attackers to brute-force crack the user’s channel state.

7.2. Challenges

7.2.1. Channel Time Variability

Channel time variability refers to the phenomenon where the characteristics of a communication channel change over time. In wireless communication environments, factors such as multipath propagation and the movement of obstacles can cause variations in the channel. This time variability may result in signal fading, changes in multipath effects, and even a distortion of the channel. Due to the existence of channel time variability, the user identity generated based on CSI in this paper is also subject to time variations. Therefore, to ensure the effectiveness of the system, periodic updates of the channel state and user identity are necessary. This introduces an additional communication overhead and may reduce the system’s availability. Addressing the time variability of the channel for efficient real-time updates is a direction for future research.

7.2.2. Location-Dependent Channel State

The location-dependent channel state refers to the characteristics of a communication channel that are influenced by the spatial position of communication devices, capturing how the channel changes based on the location and movement of the devices involved. The communication channel state describes the variations in the signal during the transmission process, encompassing changes such as fading, delay, and other effects caused by propagation paths, multipath effects, obstacles, and other influences. The position, movement, and environmental changes of devices can all have an impact on the channel state. Therefore, the solution discussed in this paper has limitations for general discussions about wireless mobile devices. The devices discussed in this paper are also fixed devices in specific scenarios. In Figure 7, we demonstrate the effect of user identity recognition when the device undergoes a position shift. We recorded the successful recovered number at the red cross, and it can be observed that after deviating a certain distance and angle, the device becomes unacceptable. The location dependency of the channel is also one of the directions for future research, which holds significant practical value for applications in wireless scenarios.

8. Conclusions

This paper introduces an innovative secure communication solution that leverages wireless channel state information (CSI) features from IoT devices for generating device identities. Given the inherent instability of wireless channels, the CSI features are inherently fuzzy and subject to time variations. To address this, we employ the locally sensitive hashing (LSH) algorithm, ensuring the stability of the generated identity within a dynamically changing wireless channel environment. Additionally, zero-knowledge proofs are incorporated to validate the authenticity and effectiveness of the generated identity. Subsequently, the identity produced through this approach is integrated into an identity-based encryption (IBE) communication scheme. This scheme encompasses the fuzzy extraction of channel state information from IoT devices, stable identity extraction for fuzzy IoT devices using LSH, and the application of zero-knowledge proofs to ensure the authenticity of the generated identity. The resultant identity serves as the basis for identity-based encryption, constructing the device’s public key, and facilitating confidential communication among devices.