Anonymous IoT Mutual Inter-Device Authentication Scheme Based on Incremental Counter (AIMIA-IC)

Abstract

Cyber attackers are shifting their attention from traditional computers to IoT devices for malignant activities like exposing smart homeowner private information and/or to launch botnet attacks. Like for conventional networks, the security of IoT networks rests on how properly the authentication process is done. However, unlike conventional networks, IoT infrastructure faces an uphill battle in deploying and operating strong authentication schemes because of inherent limitations on the underlying storage and computation capability. In this paper, we propose a new anonymous mutual Inter-device authentication protocol based on transient identities, incremental counter and temporary secret keys for IoT. The proposed protocol is based on symmetric cryptography and somehow follows the ZigBee protocol. It allows IoT devices to anonymously and mutually authenticate in an unlinkable and untraceable manner, and implements essential security requirements for IoT devices. By analyzing the protocol, we evaluate and demonstrate its efficiency and its relatively limited computational and storage overhead. Furthermore, the security of the protocol is assured through informal security analysis and formally by using the automated validation of Internet security protocols and applications (AVISPA) toolkit.