Two-Level-Composite-Hashing Facilitating Highly Efficient Anonymous IoT and D2D Authentication

Resource limitation is quite popular in many Internet of Things (IoT) devices and eavesdropping on the identities of IoT devices could reveal the sensitive information; therefore, high efficiency (computation and communication) and anonymity protection are two desirable properties in IoT authentication and in device-to-device (D2D) authentication. Conventionally, dynamic pseudonyms are widely adopted to protect the device identity privacy in IoT authentication and in D2D communications; however, the conventional mechanisms of pseudonym-renewing and pseudonym-bound-public-keys updating could be very costly or be vulnerable to the desynchronization-based denial-of-service (DoS) attacks. In this paper, we propose a novel 2-level composite hashing (2LCH) mechanism to mitigate the problems, and propose the 2LCH-based anonymous IoT and D2D authentication schemes. The schemes simultaneously achieve high efficiency and strong anonymity for such environments; once two devices successfully complete one instance of the server-assist anonymous authentication, they can run several instances of the direct D2D anonymous authentication without the involvement of the server. The merits of the schemes include: (1) high efficiency in terms of computation and communication; (2) easy and efficient generation/synchronization of dynamic pseudonyms; (3) robustness to both desynchronization-based DoS attacks and the unreliable connections; (4) easy application to the existent IoT architectures and standards; and (5) formal security verification.