احراز هویت و حفظ حریم خصوصی کامپیوترهای تین کلاینت
Abstract
1. Introduction
2. Background: preliminaries
3. PTAS:Privacy-preserving Thin-client Authentication Scheme
4. (m−1)-private PTAS
5. Security analysis:
6. Performance evaluation
7. Related work
8. Conclusion
Acknowledgments
References
Abstract
Recent years have witnessed tremendous academic efforts and industry growth in Internet of Things (IoT). Security issues of IoT have become increasingly prominent. Public Key Infrastructure (PKI) can provide authentication service to IoT devices which is a crucial element to the security of IoT. However, the conventional PKIs are organized as a tree-like centralized structure which has demonstrated serious usability and security shortcomings such as the single point of failure. Blockchain has numerous desirable properties, such as decentralized nature, cryptographic technology and unalterable transaction record, these properties make it a potential tool to build a decentralized blockchain-based PKI. Nevertheless, the latest proposals for blockchain-based PKI didn’t take thin-clients into consideration where thin-clients indicate those users who can’t download the entire blockchain due to the limited storage capacity of their equipment (most IoT devices fall into this category). To settle this problem, we firstly present a Privacy-preserving Thin-client Authentication Scheme (PTAS) employing the idea of private information retrieval (PIR), which enables thin-clients to run normally like full node users and protect their privacy simultaneously. Furthermore, in order to enhance security, we further propose a (m-1)-private PTAS which means thin-client’s information can be protected against a collusion of at most (m-1) full node users. Besides, security analysis and functional comparison are performed to demonstrate high security and comprehensive functionality of our schemes. Finally, extensive experiments are conducted to compare computational overhead and communication overhead of PTAS and (m-1)-private PTAS.
Introduction
Internet of Things (IoT) is an important part of a new generation of information technology. It is widely used in the convergence of networks through intelligent perception, recognition technology, pervasive computing, etc. Therefore, IoT is also called the third information technology revolution after the computer and the Internet. It has shown promising application prospects in many fields such as Internet of Vehicles [1], Vehicle-to-Grid (V2G) [2–۴] and so on. However, IoT devices may suffer numerous malicious attacks. Many devices are vulnerable to hackers and are easy to be infected to form botnets [5] because of lacking security protection. In fact, considerable research efforts have been devoted to security and privacy issues of IoT [6–۹]. Among these, one of the biggest challenges to IoT security is authentication. Current IoT systems rely on centralised cloud servers. Specifically, all devices are identified, authenticated and connected through cloud servers. Apparently, this structure remains flawed: the single point of failure can disrupt the entire network.