ECAUT: ECC-infused efficient authentication for internet of things systems based on zero-knowledge proof

Abstract

The Internet of Things (IoT) has seen significant growth, enabling connectivity and intelligence in various domains which use RFID communication most. However, this growth has also brought forth significant security challenges, particularly concerning replay attacks, which have troubled previous works. In our study, we introduce an innovative security solution that uses elliptic curve cryptography (ECC) with zero-knowledge proof (ZKP) specifically tailored for RFID-communicated applications. By leveraging ECC with ZKP, we not only improve the security of IoT systems but also reduce the persistent threat of replay attacks. Unlike traditional methods, our approach ensures that sensitive data is securely transmitted and authenticated without the risk of unauthorized duplication. We validated our approach using Scyther and BAN logic, well-known tools for assessing security protocols. These validations confirm the robustness of our solution in addressing security challenges and provide further assurance of its effectiveness in protecting IoT systems against various threats, including replay attacks. Our comprehensive analysis revealed that our approach outperforms existing solutions in terms of communication costs and computation costs. The improved efficiency in these key areas underscores the practicality and viability of our solution, further solidifying its position as a leading option for safeguarding IoT ecosystems against emerging threats.