A Secure Anonymous D2D Mutual Authentication and Key Agreement Protocol for IoT

Internet of Things (IoT) is a developing technology in our time that is prone to security problems as it uses wireless and shared networks. A challenging scenario in IoT environments is Device-to-Device (D2D) communication where an authentication server, as a trusted third-party, does not participate in the Authentication and Key Agreement (AKA) process and only cooperates in the process of allocating and updating long-term secret keys. Various authentication protocols have been suggested for such situations but have not been able to meet security and efficiency requirements. This paper examined three related protocols and demonstrated that they failed to remain anonymous and insecure against Key Compromise Impersonation (KCI) and clogging attacks. To counter these pitfalls, a new D2D mutual AKA protocol that is anonymous, untraceable, and highly secure was designed that needed no secure channel to generate paired private and public keys in the registration phase. Formal security proof and security analysis using BAN logic, Real-Or-Random (ROR) model, and Scyther tool showed that our proposed protocol satisfied security requirements. The communication and computation costs and energy consumption comparisons denoted that our design had a better performance than existing protocols.

Automated summary

Internet of Things (IoT) is a developing technology that uses wireless and shared networks, but also faces security challenges. This paper examines authentication protocols in IoT environments and proposes a new D2D mutual AKA protocol that is anonymous, untraceable, and highly secure. Security analysis shows that the proposed protocol satisfies requirements and has better performance compared to existing protocols.