A Methodological Framework for Validating ZKP Authentication Process

The Internet of Things (IoT) is completely transforming the way network-connected devices are made. Manufacturers and intelligent transportation systems are using thousands of IoT devices and machine-to-machine communication to drive industrial automation. Existing access control schemes for IoT authentication fail to support user anonymity. They rely on the surrendering of the device/user authentication parameters to the trusted server, which hence can be utilized by the IoT infrastructure to track users' behavioral patterns. Furthermore, existing access control mechanisms lack the support of run-time integrity assessment capabilities that are used to verify the authenticity of an authentication process during execution. This paper presents a parametrized crypto-based privacy-preserving authentication protocol that support anonymity, it is based on Zero Knowledge Proof (ZKP). Without the loss of anonymity, a methodological framework for bootstrapping a parametrized authentication process's integrity is introduced herein. We show that run-time integrity assessment of an authentication process running on an IoT device can be achieved through the utilization of the IoT device's physical characteristics, specifically energy consumption and computation time. Behavioral patterns based on the device's power/energy consumption for the ZKP-based protocol were captured and recorded during this effort. In addition, fine-grained behavioral patterns that capture the authentication protocol's processing time were collected and analyzed. To validate the proposed scheme, it was fully implemented and deployed on an IoT testbed. We have tested the performance of the proposed scheme in terms of power consumption and computation time.