روشی جدید برای احراز هویت دوطرفه در اینترنت اشیا

امروزه شاهد گسترش خدمات مختلف اینترنت اشیا در حوزه‌های مختلف از قبیل نظارت و سلامت هستیم. این خدمات از طریق دستگاه‌های هوشمند در هر مکان و زمانی می‌تواند در دسترس کاربران قرار گیرند. این در حالی است که این دسترسی‌ها می‌تواند مساله امنیت و حریم خصوصی را به امری حساس و حیاتی تبدیل کند. گزارش‌های دریافتی نشان می‌دهد که تعداد دستگاه‌های اینترنت اشیا تا سال 2030 به عدد 25.44 بیلیون خواهد رسید و این در حالی است که 26% حملات اینترنت اشیا در سال 2019 مربوط به عدم احراز هویت بوده است. به همین دلیل احراز هویت کاربران در اینترنت اشیا به یکی از حساس‌ترین مفاهیم امنیتی تبدیل شده است. در این مقاله یک پروتکل احراز هویت دوطرفه دستگاه‌به‌دستگاه برای شبکه‌های خانگی هوشمند، ارائه شده است. این پروتکل بر اساس رمزنگاری نامتقارن برای احراز هویت دستگاه‌های موجود در شبکه طراحی شده و در آن تمامی دستگاه‌ها یک کلید جلسه خصوصی مشترک دارند. برای حصول اطمینان از امنیت ارتباط‌ ها در هر جلسه، کلیدهای جلسه پس از هر جلسه ارتباطی، تغییر می‌کنند. برنامه‌نویسی طرح پیشنهادی به‌وسیله hlpsl، شبیه‌سازی و ارزیابی بهینگی با ابزار span و avispa انجام شده است. تحلیل‌های امنیتی نشان می‌دهد که پروتکل پیشنهادی در مقابل حملات امنیتی، پایداری خود را حفظ می‌کند.

a mutual authentication method for internet of things

today, we are witnessing the expansion of various internet of things (iot) applications and services such as monitoring and health. these services are delivered to users via smart devices anywhere and anytime. forecasts show that the iot, which is controlled online in the user environment, will reach 25 billion devices worldwide by 2020. data security is one of the main concerns in the iot. the iot is supposed to deal with a population of about billions of objects, so the number of malicious attacks can be very high and alarming given the global connection (anyone access) and the wide availability (access to any place at any time). however, these accesses can make security and privacy critical. reports show that 26% of iot attacks in 2019 were related to nonauthentication, which is why iot authentication has become one of the most sensitive security concepts. iot devices are usually left unattended and this makes it easy for an attacker to target such equipment. for example, security breaches and unwanted changes in patient #39;s health parameters in smart health care systems can cause wrong treatments or even lead to his death. the fact that each device in the iot knows who it is communicating with and at what level of access is one of the important aspects of security, especially in cases where various devices with different capabilities have to perform common tasks and cooperate with each other. iot authentication is a trust model to protect control access and data when information travels between devices.so far, different methods have been proposed for authentication in the iot network. these methods are usually based on the public key, private key, random key distribution, and hash function. a point that should be taken into account in iot authentication is that iot networks and devices have limited bandwidth, low memory, low processing power, and energy limitations. therefore, the proposed method should pay special attention to such limitations. in addition, iot authentication needs to ensure enhanced security features such as confidentiality, data integrity, reliability, maintainability, scalability, and privacy to their consumers. this paper proposes a twoway or mutual authentication protocol in which both devices authenticate each other without human intervention in a smart home network. the proposed protocol is based on asymmetric encryption for authentication of devices, which have a shared private session key, along with hashing operations in the network. also, to ensure the security of communications at each session, each device has a onetime private session key. the session keys are changed regularly to ensure the security of sessions between devices. the proposed protocol is programmed by hlpsl and simulated and verified by the span and avispa tools. the security analysis results show the proposed protocol is extremely practical, and secure against potential attacks.