Modular Framework for Constructing IoT-Server AKE in Post-Quantum Setting

Liu, Bowen; Tang, Qiang; Zhou, Jianying

doi:10.1109/access.2022.3187537

Cited by 3 publications

(2 citation statements)

References 63 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Previous postquantum secure authentication and key agreement schemes have either used Supersingular Isogeny Dife-Hellman (SIDH) [28,29] or lattice-based cryptography [30,31] (e.g. Liu's postquantum secure scheme [23]).…”

Section: 4mentioning

confidence: 99%

“…As we use Koblitz curve secp256k1 and SHA-256, the ECC point multiplication l ECC , modular exponentiation l ME , and hash output l h are 256 bits. According to Table 1 in Liu et al's Pquantum secure scheme [23], the size of KE protocol messages l KE is 1584 and 1697 bytes between the client and the server if we choose the Treebar protocol. Also, we neglect the size of the data item index I c , I c .…”

Section: Communication and Storage Cost Comparisonmentioning

confidence: 99%

See 1 more Smart Citation

A Lightweight, Secure Big Data-Based Authentication and Key-Agreement Scheme for IoT with Revocability

Zahednejad

Huang

Kosari

et al. 2023

International Journal of Intelligent Systems

View full text Add to dashboard Cite

With the rapid development of Internet of Things (IoT), designing a secure two-factor authentication scheme for IoT is becoming increasingly demanding. Two-factor protocols are deployed to achieve a higher security level than single-factor protocols. Given the resource constraints of IoT devices, other factors such as biometrics are ruled out as additional authentication factors due to their large overhead. Smart cards are also prone to side-channel attacks. Therefore, historical big data have gained interest recently as a novel authentication factor in IoT. In this paper, we show that existing big data-based schemes fail to achieve their claimed security properties such as perfect forward secrecy (PFS), key compromise impersonation (KCI) resilience, and server compromise impersonation (SCI) resilience. Assuming a real strong attacker rather than a weak one, we show that previous schemes not only fail to provide KCI and SCI but also do not provide real two-factor security and revocability and suffer inside attack. Then, we propose our novel scheme which can indeed provide real two-factor security, PFS, KCI, and inside attack resilience and revocability of the client. Furthermore, our performance analysis shows that our scheme has reduced modular exponentiation operation and multiplication for both the client and the server compared to Liu et al.’s scheme which reduces the execution time by one third for security levels of λ = 128 . Moreover, in order to cope with the potential threat of quantum computers, we suggest using lightweight XMSS signature schemes which provide the desired security properties with λ = 128 bit postquantum security. Finally, we prove the security of our proposed scheme formally using both the real-or-random model and the ProVerif analysis tool.

show abstract