Enhanced Mobile IoT Security Protection Method Based on CPK and Zero Trust

Abstract

The security protection of mobile Internet of Things (IoT) is becoming increasingly important. In the traditional Single Package Authorization (SPA) protocol, the authenticity of the terminal cannot be proved. This paper propose a Combined Public Key (CPK) and zero-trust based architecture to protect mobile IoT from identity forgery attacks. Specifically, we adopt an enhanced SPA protocol based on CPK, where the CPK matrix merges of multi-dimensional information about users, devices, events and time. In this way, every event is encrypted. Besides, through adopting CPK, the deficiency of subject authenticity proof in SPA can be compensated. Experiments verify the efficiency and validity of the proposed CPK-based SPA authentication method in comparison with the state-of-the-art SPA protocol.