Visible to the public Configurable Anonymous Authentication Schemes For The Internet of Things (IoT)

TitleConfigurable Anonymous Authentication Schemes For The Internet of Things (IoT)
Publication TypeConference Paper
Year of Publication2019
AuthorsRasheed, Amar, Hashemi, Ray R., Bagabas, Ayman, Young, Jeffrey, Badri, Chanukya, Patel, Keyur
Conference Name2019 IEEE International Conference on RFID (RFID)
Date Publishedapr
Keywordsanonymity, authentication, cloud-based servers, computer network security, configurable anonymous authentication schemes, cryptographic protocols, cryptography, data privacy, device-user authentication parameters, encoding, human factors, Internet of Things, IoT authentication, IoT infrastructure, IoT testbed, pervasive computing devices, policy-based governance, power consumption, privacy, privacy-preserving authentication schemes, Protocols, pubcrawl, radiofrequency identification, Resiliency, Scalability, smart home occupancy, user anonymity, user privacy, VCSE-based approach, verifiable common secret encoding, zero knowledge proof, zero trust, ZKP-based approach
AbstractThe Internet of Things (IoT) has revolutionized the way of how pervasive computing devices communicate and disseminate information over the global network. A plethora of user data is collected and logged daily into cloud-based servers. Such data can be analyzed by the IoT infrastructure to capture users' behaviors (e.g. users' location, tagging of smart home occupancy). This brings a new set of security challenges, specifically user anonymity. Existing access control and authentication technologies failed to support user anonymity. They relied on the surrendering of the device/user authentication parameters to the trusted server, which hence could be utilized by the IoT infrastructure to track users' behavioral patterns. This paper, presents two novel configurable privacy-preserving authentication schemes. User anonymity capabilities were incorporated into our proposed authentication schemes through the implementation of two crypto-based approaches (i) Zero Knowledge Proof (ZKP) and (ii) Verifiable Common Secret Encoding (VCSE). We consider a user-oriented approach when determining user anonymity. The proposed authentication schemes are dynamically capable of supporting various levels of user privacy based on the user preferences. To validate the two schemes, they were fully implemented and deployed on an IoT testbed. We have tested the performance of each proposed schemes in terms of power consumption and computation time. Based on our performance evaluation results, the proposed ZKP-based approach provides better performance compared to the VCSE-based approach.
Citation Keyrasheed_configurable_2019