ارائه طرح احراز اصالت سبك با قابليت گمنامي و اعتماد در اينترنت اشيا

The Lightweight Authentication Scheme with Capabilities of Anonymity and Trust in Internet of Things (IoT)

اينترنت اشيا مفهوم جديدي است كه باعث حضور حس‌گرها در زندگي انسان شده است؛ به­طوري‌كه تمامي اطلاعات توسط همين حس‌گرها جمع‌آوري، پردازش و منتقل مي‌شوند. براي برقراري يك ارتباط امن، با افزايش تعداد حس‌گرها، نخستين چالش، احراز اصالت بين آنها است. گمنامي، سبك‌وزني و قابليت اعتماد نيز از جمله مواردي هستند كه بايد مد نظر قرار گيرند. در اين پژوهش پروتكل‌هاي احراز اصالت در حوزه اينترنت اشيا بررسي شده و محدوديت­ها و آسيب‌پذيري‌هاي امنيتي آنها مورد تحليل واقع شده‌اند. هم‌چنين پروتكل احراز اصالت جديدي پيشنهاد مي‌شود كه گمنامي به‌عنوان يك پارامتر مهم، در آن لحاظ مي­شود. از طرفي تابع چكيده‌ساز و عمل‌گرهاي منطقي نيز مورد استفاده قرار مي­گيرند تا هم پروتكل سبك باشد و هم حس‌گر‌ها بتوانند به­عنوان موجوديت‌هايي محدود از لحاظ محاسباتي، از آنها استفاده كند. در اين پروتكل نيازمندي‌هاي امنيتي از قبيل قابليت عدم رديابي، مقياس­پذيري، دسترس­پذيري و غيره لحاظ شده‌اند و پروتكل در مقابل حملات مختلف از جمله حمله جعل هويت، تكرار، مرد مياني و ... مقاوم است.

The Internet of Things (IoT), is a new concept that its emergence has caused ubiquity of sensors in the human life. All data are collected, processed, and transmitted by these sensors. As the number of sensors increases, the first challenge in establishing a secure connection is authentication between sensors. Anonymity, lightweight, and trust between entities are other main issues that should be considered. However, this challenge also requires some features so that the authentication is done properly. Anonymity, light weight and trust between entities are among the issues that need to be considered. In this study, we have evaluated the authentication protocols concerning the Internet of Things and analyzed the security vulnerabilities and limitations found in them. A new authentication protocol is also proposed using the hash function and logical operators, so that the sensors can use them as computationally limited entities. This protocol is performed in two phases and supports two types of intra-cluster and inter-cluster communication. The analysis of proposed protocol shows that security requirements have been met and the protocol is resistant against various attacks. In the end, confidentiality and authentication of the protocol are proved applying AVISPA tool and the veracity of the protocol using the BAN logic. Focusing on this issue, in this paper, we have evaluated the authentication protocols in the Internet of Things and analyzed their limitations and security vulnerabilities. Moreover, a new authentication protocol is presented which the anonymity is its main target. The hash function and logical operators are used not only to make the protocol lightweight but also to provide some computational resources for sensors. In compiling this protocol, we tried to take into account three main approaches to covering the true identifier, generating the session key, and the update process after the authentication process. As with most authentication protocols, this protocol is composed of two phases of registration and authentication that initially register entities in a trusted entity to be evaluated and authenticated at a later stage by the same entity. It is assumed that in the proposed protocol we have two types of entities; a weak entity and a strong entity. The poor availability of SNs has low computing power and strong entities of CH and HIoTS that can withstand high computational overhead and carry out heavy processing. We also consider strong entities in the proposed protocol as reliable entities since the main focus of this research is the relationship between SNs. On the other hand, given the authenticity of the sensors and the transfer of the key between them through these trusted entities, the authenticity of the sensors is confirmed, and the relationship between them is also reliable. This protocol supports two types of intra-cluster and inter-cluster communication. The analysis of the proposed protocol shows that security requirements such as untraceability, scalability, availability, etc. have been met and it is resistant against the various attacks like replay attack, eavesdropping attack.