Bring Your Device Group (BYDG): Efficient and Privacy-Preserving User-Device Authentication Protocol in Multi-Access Edge Computing

Abstract

Authentication is an important security issue for multi-access edge computing (MEC). To restrict user access from untrusted devices, Bring Your Own Device (BYOD) policy has been proposed to authenticate users and devices simultaneously. However, when integrating BYOD policy into MEC authentication to improve security, issues of efficient binding and user-device conditional anonymity have not been well supported. To address these issues, we propose Bring Your Device Group (BYDG) policy by constructing efficient and privacy-preserving user-device authentication. Our core idea is to use key sequences generated by PUFs-based key derivation functions (KDFs) to not only construct efficient binding relationships, but also achieve conditional anonymity for device groups. Specifically, a flexible and secure binding method is first developed by leveraging Chinese Remainder Theorem (CRT) to bind user with device groups. Each device’s CRT modulus is derived from the key sequence to construct many-to-many user-device binding relationships, which are managed in the form of on-chain Pedersen Commitment. Moreover, we design an identity anonymizing and tracing method for device groups. The key sequence is regarded as traceable device pseudo-identities, and then inserted into the cuckoo filter to reduce the on-chain storage overhead and mitigate malicious login attempts with low costs. Based on above two methods, the combination of Pedersen Commitment and Zero-Knowledge Proof of Knowledge is used to achieve user-device authentication with conditional anonymity. The security analysis was presented to demonstrate important security properties. A proof-of-concept prototype was implemented to conduct performance evaluation and comparative analysis.