Provably Secure ECC-Based Anonymous Authentication and Key Agreement for IoT

Abstract

With the rise of the Internet of Things (IoT), maintaining data confidentiality and protecting user privacy have become increasingly challenging. End devices in the IoT are often deployed in unattended environments and connected to open networks, making them vulnerable to physical tampering and other security attacks. Different authentication key agreement (AKA) schemes have been used in practice; several of them do not cover the necessary security features or are incompatible with resource-constrained end devices. Their security proofs have been performed under the Random-Oracle model. We present an AKA protocol for end devices and servers. The proposal leverages the ECC-based key exchange mechanism and one-way hash function-based message authentication method to achieve mutual authentication, user anonymity, and forward security. A formal security proof of the proposed scheme is performed under the standard model and the eCK model with the elliptic curve encryption computational assumptions, and formal verification is performed with ProVerif. According to the performance comparison, it is revealed that the proposed scheme offers user anonymity, perfect forward security, and mutual authentication, and resists typical attacks such as ephemeral secret leakage attacks, impersonation attacks, man-in-the-middle attacks, and key compromise impersonation attacks. Moreover, the proposed scheme has the lowest computational and communication overhead compared to existing schemes.

1. Introduction

Thanks to advances in chipset production and embedding technologies, sensors and actuators (referred to as end devices) are pervasive in the Internet of Things (IoT), being integrated into intelligent agriculture, smart grid (SG), telemedicine, smart home, intelligent manufacturing, and many other fields to collect and disseminate the data [1]. According to the latest estimates, there will be 83 billion IoT connections by 2024 [2]. In IoT applications, the collected and transmitted data are sensitive. Privacy is another crucial issue, especially regarding user data such as consumption habits, location, and communication activities [3,4]. To ensure security, authentication key agreement (AKA) schemes for IoT applications have been widely used, which offer mutual authentication and privacy protection and ensure confidentiality, integrity, and non-repudiation of data transmissions based on the negotiated session keys [5]. End devices are often linked to open networks and deployed in unattended environments with limited computation, communication, and storage capabilities. As a result, mutual authentication and key agreement between end devices and servers to sustain efficiency is a critical challenge.

1.1. Related Work

Over the last few years, numerous AKA solutions have been developed for IoT applications. The symmetric cryptography-based AKA protocols [6,7,8,9] have the advantages of low computational complexity and high efficiency. On the other hand, such schemes necessitate sharing key parameters between end devices beforehand or each device transferring its key to the server. It is unrealistic for numerous end devices and significantly burdens the servers. Physical Unclonable Function (PUF) is a promising lightweight hardware security primitive adopted by many IoT AKA protocols [10,11,12]. Each participant in these schemes should record one or more Challenge–Response Pairs (CRPs) of its PUF with the registration server beforehand. When a registered device, Alice, wants to communicate with another registered device, Bob, it can only do so with the assistance of the server, which results in a lack of flexibility and efficiency. In contrast, the asymmetric cryptography-based AKA schemes requiring fewer restrictions have attracted increasing attention [13]. Elliptic Curve Cryptography (ECC) provides smaller key sizes than other asymmetric algorithms with the same security [14,15], which makes it introduced in IoT AKA protocols.

Numerous IoT AKA protocols based on ECC have been developed. In 2015, a bilinear pairing-based AKA protocol for wireless body area networks (WBAN) was put forward by Wang et al. [16], which requires a high computational overhead. They claimed that their scheme achieves absolute anonymity, perfect forward security (PFS), and overcomes the weaknesses of previous schemes. After analysis, it was found that the session key could be captured after temporary session information disclosure. In addition, Wu et al. [17] pointed out that the protocol is incapable of withstanding impersonation (IM) attacks. And then, they proposed an enhanced version for WBANs. However, the enhanced scheme also uses bilinear pairing and suffers from ephemeral secret leakage (ESL) attacks. Seo et al. [18] introduced an AKA scheme for dynamic WSNs. Later, Saeed et al. [19] pointed out that the scheme [18] could not provide PFS; then, they proposed a scheme for establishing an authenticated key between WSNs and cloud servers, whereas the proposal [19] is also not resistant to ESL attacks and cannot provide user anonymity. In 2020, an AKA scheme for IoT was introduced by Fang et al. [20]. In this scheme, heterogeneous-type IoT smart devices are deployed based on a trust model. Their solution requires higher computational and communication costs and is susceptible to ESL attacks [21]. In the same year, Dariush et al. [22] introduced an AKA protocol for SG that offers solutions to some of the previously mentioned problems, such as ESL attacks and private key leakage attacks. Unfortunately, in [22], the trusted authority (TA) is able to masquerade as a smart meter to agree on session keys with the server provider [23]. Moreover, the scheme needs more computational and communication costs for the bilinear pairing computation.

Recently, Srinivas et al. [24] designed an anonymous AKA protocol with Schnorr’s signature. Later, Baruah et al. [23] demonstrated that the scheme [24] is prone to man-in-the-middle (MIM) attacks and IM attacks. Cryptanalysis identifies that the protocol [24] is also vulnerable to key escrow problems and ESL attacks. Yang et al. [25] stated that Shen et al.’s scheme [26] suffers from MIM attacks and key compromise impersonation (KCI) attacks and is incapable of providing PFS, and then introduced an enhanced cloud-based scheme. Unfortunately, the enhanced scheme has key escrow problems and is incapable of providing user anonymity. Chaudhry et al. [27] presented an AKA scheme for SG using ECC and symmetric encryption. Unfortunately, this scheme [27] has key escrow problems and suffers from MIM attacks. Hajian et al. [28] examined the deficiencies of four existing AKA schemes and then proposed an improved device-to-device AKA scheme in the IoT. But the improved scheme suffers from MIM attacks and KCI attacks and is incapable of affording PFS. In 2023, Chen et al. [29] presented an AKA scheme for industrial control systems. However, the solution requires high computation and communication costs, suffers from ESL attacks, and cannot afford PFS.

1.2. Related Adversary Model

In 1993, Bellare and Rogaway [30] put forward an adversary model for the AKA scheme, the BR model, which formalized the attacker’s known-key attacks and IM attacks. Later, the BR model was modified by Blake-Wilson et al. [31] by introducing long-term private key corruption attacks. In 2001, Canetti and Krawczyk [32] proposed the CK model, which covers attacks on ephemeral private keys and intermediate result leakage. All these adversary models attempt to cover the essential safety and performance attributes required. In 2007, LaMacchia et al. [33,34] introduced a somewhat stronger adversary model, the extended CK model (eCK model), which incorporates weak PFS and KCI attacks.

1.3. Random-Oracle Model and Standard Model

Provable security theory, which employs formal language to describe the security of cryptographic protocols, has played a critical role in designing and analyzing AKA protocols. Most early cryptographic schemes for provable security were inefficient. Practically oriented provably secure cryptographic schemes were proposed only after the famous Random-Oracle model was introduced by Bellare and Rogaway [35]. In the Random-Oracle model, the hash function is treated as a completely randomized machine called R, and the adversary has no access to its information. A random oracle is a theoretical model that takes deterministic inputs and produces random outputs. Finding a genuinely random function to replace the random oracle R in the Random-Oracle model is impossible. Many scholars have suggested avoiding using hash functions as random oracles in favor of designing cryptographic protocols directly under realistic conditions [36,37,38]. This approach, called the standard model, avoids using idealized models such as hash functions. In general, cryptographic schemes that are provably secure under the standard model can provide more robust security than those that are provably secure under the randomized predicate model.

1.4. Motivation and Contributions

To summarize, previous ECC-based AKA schemes suffer from more or less vulnerabilities, i.e., failure to provide user anonymity [19,25], PFS [18,24,28,29], and vulnerability to specific attacks [16,17,18,19,20,22,24,25,27,28,29]. Next, high computational and communication costs eliminate the suitability of some solutions for resource-limited IoT [10,16,17,20,22,29]. Their security proofs are performed in the Random-Oracle model model [22,24]. It is attractive to design an efficient AKA scheme for IoT and provide security proof under the standard model and eCK model.

We propose an improvement over the scheme of Srinivas et al. [24] with the ECC-based message exchange mechanism and the one-way hash function message authentication technique. During registration, the TA only possesses part of the entity’s private key, solving the key escrow issues. In addition, the proposals provide PFS and can resist ESL attacks since session keys are generated using both long-term and ephemeral credits. The protocol encrypts entity identities dynamically with random numbers and transmits them anonymously from session to session.

The paper’s contributions can be summarized as follows:

(1) As an example, the cryptanalysis of the protocol scheme of Srinivas et al. [24] for the previous scheme reveals security issues and vulnerabilities.

(2) A secure-enhanced AKA protocol for IoT is presented. Its security is formally proved under the standard model and the eCK model with the elliptic curve encryption computational assumptions and verified with ProVerif.

(3) The proposed protocol has better security features with lower communication and computational overheads than existing schemes.

1.5. Roadmap

The paper is structured as follows: Section 2 reviews the network model and the basics of elliptic curve encryption. In Section 3, we analyze a related AKA scheme. We then describe an improved ECC-based AKA protocol in Section 4. Section 5 provides a formal proof, descriptive security analysis, and validation with ProVerif of the proposed scheme security. In Section 6, we present a performance comparison with related schemes. Finally, we conclude the paper in Section 7.

2. Preliminaries

The following preliminaries and symbols are used to explain and analyze the schemes.

2.1. Network Model

A typical IoT application is shown in Figure 1. It mainly involves three main components: end devices, routers, and servers. The end devices may be sensors, actuators, cell phones, etc. Routers include gateway nodes, base stations, and routers for relaying and passing messages. In addition, servers are in charge of managing devices and assigning security parameters.

An IoT system consists of many low-power, resource-limited end devices placed in unattended or open environments and typically connected to open networks. Through these terminal devices, real-time monitoring and control can be implemented remotely. The end sensors collect real-time data such as agricultural environment parameters, power consumption, biomedical data, and machine conditions and then send the data to remote servers. The servers receive and store the collected data, then extract and evaluate the data to provide the appropriate control measures. The end devices carry out control commands that are received from the server. There is a risk of the adversary controlling the communication channels and compromising the secret credentials of servers and end devices.

2.2. Elliptic Curve Encryption Mathematical Problems

Let $q>3$ be a big prime number, $E(a,b)$ denote a non-singular elliptic curve over a finite field $F_q$, and P be a generator point. The group operation is the usual multiplication of points on the elliptic curve, and G is a subgroup of order p, where $p>q$ [39]. Hence, the following applies.

Definition 1.

Elliptic curve discrete logarithm (ECDL) problem: For the given points X and $aX$, where $X\in G$ and $a\in Z_q^{\ast }$, it is computationally intractable to find a.

Definition 2.

Elliptic curve Diffie–Hellman (ECDH) problem: For the given points $aX,bX\in G$, where $X\in G$ and $a,b\in Z_q^{\ast }$, finding point $abX$ is computationally intractable.

2.3. Symbols

Symbols for the schemes are cataloged in

Table 1. Symbols for the schemes.

Notation	Description
$TA$, $KGC$	Trusted Authority, Key Generation Center
$\mathcal{A},\mathcal{C}$	Adversary, Challenger
$S{P}_j,I{D}_{S{P}_j}$	$j^{th}$ service provider and its identity
$S{M}_i,I{D}_{S{M}_i}$	$i^{th}$ smart meter and its identity
$E_q(a,b)$	A non-singular elliptic curve
P	A base point of $E_q(a,b)$
$t,T_{pub}$	Private-public key pair of $TA$ [24]
$S{K}_{ij},SS{K}_i$	Session key
$\oplus ,\parallel$	Bitwise XOR and concatenation operations
$TS$	Timestamps
$\Delta T$	Maximum transmission delay
$h(·)$	One-way hash functions
$S,SP$	End device, Server
$k/K$	Private/public key of a entity

.

3. Security Analysis of Srinivas et al.’s Scheme [24]

Srinivas et al. [24] put forward an AKA scheme for IoT smart grid systems with an Schnorr signature mechanism based on ECC. Before being added to the network, TA is responsible for distributing secret credentials, including signatures, to each smart grid and service provider. Smart meters and service providers can authenticate each other to establish session keys for secret communication. Baruah et al. [23] point out that the scheme of Srinivas et al. [24] is insured against MIM attacks and IM attacks. Cryptanalysis shows that the protocol [24] also suffers from key escrow issues and ESL attacks. For the review of Srinivas et al. [24], please refer to the complete paper.

3.1. Key Escrow Problem

During the registration process, TA generates the private keys of $S{M}_i$ and $S{P}_j$ with Schnorr’s signature. $TA$ calculates $T_{S{M}_i}=t_{S{M}_i}·P$ and $M_{S{M}_i}=t_{S{M}_i}+h(T_{S{M}_i}$$\parallel I{D}_{S{M}_i})·t\left(\mathrm{mod}q\right)$ for $S{M}_i$, and also $T_{S{P}_j}=t_{S{P}_j}·P$, $P_{S{P}_j}=t_{S{P}_j}+h(T_{S{P}_j}\parallel I{D}_{S{P}_j})·t\left(\mathrm{mod}q\right)$ for $S{P}_j$. Then, the long-term private secrets, $T_{S{M}_i}$, $M_{S{M}_i}$, $T_{S{P}_j}$, and $P_{S{P}_j}$, are known to him/her.

3.2. No Resistance to ESL Attacks

An AKA protocol is designed to resist an ESL attack, meaning that even if all the session-specific information of the entities in a session is compromised, the secrecy of the session key would remain uncompromised. During the authentication process, once the ephemeral secrets $r_i$ and $r_j$ are compromised, $\mathcal{A}$ can compromise the session key $S{K}_{ij}$ or $S{K}_{ji}$ by the following steps:

A1: $\mathcal{A}$ obtains the messages $MS{G}_1=\{R_i,T{S}_i\}$, $MS{G}_2=\{R_j,V_j,T_{S{P}_j},T{S}_j\}$ and $MS{G}_3=\{B_i,C_i,T{S}_i^{\prime }\}$ by eavesdropping via the open channels;

A2: $\mathcal{A}$ extracts $T{S}_i,T_{S{P}_j},T{S}_j,B_i$ and $T{S}_i^{\prime }$ from the messages, then $\mathcal{A}$ calculates $S_i=h(r_i\parallel T{S}_i)·(T_{S{P}_j}+h(T_{S{P}_j}\parallel I{D}_{S{P}_j})·T_{pub})$;

A3: For $S_i=S_j$, $\mathcal{A}$ gets $(I{D}_{S{M}_i}\parallel T_{S{M}_i})=B_i\oplus h(S_i\parallel T{S}_i^{\prime })$ then calculates $U_j=h(r_j\parallel T{S}_j)·(T_{S{M}_i}+h(T_{S{M}_i}\parallel I{D}_{S{M}_i})·T_{pub})$.

A4: For $A_i=U_j$, $\mathcal{A}$ calculates $S{K}_{ij}=h(A_i\parallel S_i\parallel I{D}_{S{M}_i}\parallel I{D}_{S{P}_j})$.

4. The Proposed Protocol

The proposal involves three phases: initialization, registration, and authentication and key agreement. To begin, TA generates and releases parameters for the system during the initialization phase. In the registration phase, each end device $S_s$ or server $S{P}_{sp}$ acquires its private key and both parties’ public key with the assistance of $TA$. Ultimately, $S_s$ and $S{P}_{sp}$ will authenticate each other and negotiate a session key.

4.1. Initialization Phase

TA generates and releases parameters for the system as follows:

TA1: TA selects an elliptic curve $E(a,b)$ over finite field $F_q$ with a base point P;

TA2: Then, TA picks $h(·)$ as the collision-resistant one-way hash function;

TA3: TA issues $\left\{\right(E(a,b),p,q,P,h(·)\}$ publicly.

4.2. Registration Phase

As shown in Figure 2, taking the registration of the server $SP$ as an example, the processes are as follows:

R1: Firstly, SP chooses a random $r_{sp}\in Z_q^{\ast }$ and its identifier $I{D}_{sp}\in Z_q^{\ast }$ and computes $R_{sp}=r_{sp}·P$. Then, SP transmits a registration request, $\{I{D}_{sp},R_{sp}\}$, to TA securely.

R2: In response, first, TA chooses $r_{ta}^{sp}\in Z_q^{\ast }$ randomly to calculate the public key of $SP$. $P{K}_{sp}=R_{sp}+r_{ta}^{sp}·P$. Next, TA sends $\{P{K}_{sp},r_{ta}^{sp},I{D}_s,P{K}_s\}$ to SP via a secure channel.

R3: In response, $SP$ takes $r_{ta}^{sp}$ as part of its private key and obtains its private key, $k_{sp}=\left((r_{sp}+r_{ta}^{sp})\mathrm{mod}q\right)$. Then, SP checks whether $P{K}_{sp}?=k_{sp}·P$; if it holds, then SP computes $W{S}_s=k_{sp}·P{K}_s$ and stores $(I{D}_{sp},k_{sp},I{D}_s,W{S}_s)$.

Similarly, S stores $(I{D}_s,k_s,I{D}_{sp},W{S}_{sp})$ after registration. When a new end device $S^{\prime }$ joins and registers the system, TA sends $\{I{D}_{s^{\prime }},P{K}_{s^{\prime }}\}$ to SP securely.

4.3. Authentication and Key Agreement Phase

$S_s$ and $S{P}_{sp}$ will authenticate each other and negotiate a session key as shown in Figure 3.

S1: S first picks $x_s\in Z_q^{\ast }$ randomly and generates a timestamp $T{S}_s$. Next, S calculates $A_s=\left(x_s{k}_s\mathrm{mod}q\right)·P$ and $B_s=x_s·W{S}_{sp}$. Third, S encrypts $I{D}_s$, $EI{D}_s=I{D}_s\oplus B_s$, and obtains a verifier $V_s=h(W{S}_{sp}\parallel T{S}_s\parallel I{D}_s\parallel B_s)$. Finally, S transmits the authentication request $M_s=\{A_s,EI{D}_s,T{S}_s,V_s\}$ to $SP$.

SP1: Upon receiving the request message, $SP$ first examines its freshness against the timestamp $T{S}_s$. Next, SP calculates $B_{sp}=k_{sp}·A_s$ to decrypt $I{D}_s=EI{D}_s\oplus B_{sp}$. Thus, SP gains the S verifier and validates the equation of $V_s=?h(W{S}_s\parallel T{S}_s\parallel I{D}_s\parallel B_{sp})$ to assure the integrity of the incoming message and the validity of S.

SP2: Firstly, $SP$ selects $x_{sp}$ randomly and obtains a timestamp $T{S}_{sp}$. Secondly, SP calculates $A_{sp}=\left(x_{sp}{k}_{sp}\mathrm{mod}q\right)·P$ and $C_{sp}=x_{sp}·B_{sp}$. SP obtains the session key as $SS{K}_{sp}=h(I{D}_s\parallel I{D}_{sp}\parallel B_{sp}\parallel C_{sp})$. Third, SP figures out a verifier: $V_{sp}=h(W{S}_s\parallel T{S}_{sp}\parallel I{D}_{sp}\parallel SS{K}_{sp})$. and transmits authentication reply $M_{sp}=\{A_{sp},T{S}_{sp},V_{sp}$} to S.

S2: On receiving the message, S first examines its freshness against $T{S}_{sp}$. Next, S calculates $C_s=\left(x_s{k}_s\mathrm{mod}q\right)·A_{sp}$ to obtain the session key $SS{K}_s=h(I{D}_s\parallel I{D}_{sp}\parallel B_s\parallel C_s)$. Thus, S gains the SP verifier and validates the equation of $V_{sp}=?h(W{S}_{sp}\parallel T{S}_{sp}\parallel I{D}_{sp}\parallel SS{K}_s)$ to assure the integrity of the incoming message and the validity of SP.

5. Security Analysis

This session provides a formal proof, descriptive security analysis and validation with ProVerif of the proposed scheme security.

5.1. Formal Proof

The eCK adversary model [33,34,40] is employed for the security proof. The system authentication model is shown in Figure 4. After registration, $S{P}_{sp}$ obtains its private and public keys $(k_{sp},P{K}_{sp})$. The private and public keys of $S_s$ are $(k_s,P{K}_s)$. During authentication and key agreement, they negotiate the session key $SS{K}_s$ ($SS{K}_{sp}$) by exchanging authentication information $M_s$ and $M_{sp}$, where $M_s=f_s\left(x_s{k}_s\right)$ and $M_{sp}=f_s\left(x_{sp}{k}_{sp}\right)$, $x_s$, and $x_{sp}$ are random ephemeral secrets.

5.1.1. Security Model

Participants. There are n participants in the proposed protocol $\mathbb{P}$, which are uniformly denoted by the set $F=\{F_1,\dots ,F_n\}$, and each participant may have i instances involved in distinct, possibly concurrent executions of $\mathbb{P}$, where n and i are polynomial numbers.

Sessions. Let ${\prod }_{i,j}^m$ denote the mth protocol session running between entity $F_i$ and intended partner entity $F_j$. A session ${\prod }_{i,j}^m$ is accepted if it has computed a session key $S{K}_{i,j}^m$, with a session identifier of $si{d}_{i,j}^m=(I{D}_i,I{D}_j,X_i,X_j)$, where $X_i$ is the outgoing information of $F_i$, and $X_j$ is the outgoing information of $F_j$.

Adversary. Firstly, the adversary $\mathcal{A}$ has complete control of the communicating network. Namely, $\mathcal{A}$ is able to eavesdrop on, alter, ascertain, and inject communication messages $M_s$ and $M_{sp}$. Secondly, $\mathcal{A}$ can have knowledge of the participant’s long-term private key $k_s$ ($k_{sp}$) and ephemeral secret $x_s$ ($x_{sp}$) but not both. Thirdly, $\mathcal{A}$ allows replacing the participant’s public key $P{K}_s$ ($P{K}_{sp}$). Finally, $\mathcal{A}$ can obtain the session key $SS{K}_s$ ($SS{K}_{sp}$) held by the participant. $\mathcal{A}$ can interact with ${\prod }_{i,j}^m$ with the following Oracle queries:

(1) $ESReveal\left({\prod }_{i,j}^m\right)$. $\mathcal{A}$ can obtain the ephemeral secrets of $F_i$ with the query.

(2) $PKReplace\left(I{D}_i\right)$. $\mathcal{A}$ replaces the public key of $F_i$ using this query.

(3) $PKReveal\left(I{D}_i\right)$. $\mathcal{A}$ is available with this query for the public key of $F_i$.

(4) $SKReveal\left(I{D}_i\right)$. By running the query, $\mathcal{A}$ is able to obtain the long-term private keys of $F_i$, while the public key of $F_i$ has not yet been replaced.

(5) $SSKReveal\left({\prod }_{i,j}^m\right)$. Returns ⊥ if session ${\prod }_{i,j}^m$ was not accepted. If not, it returns the session key that ${\prod }_{i,j}^m$ holds.

(6) $Send({\prod }_{i,j}^m,M)$. $\mathcal{A}$ represents $F_j$ sending the message M to $F_i$ in session ${\prod }_{i,j}^m$ then receiving a reply from $F_i$ according to $\mathbb{P}$.

(7) $Test\left({\prod }_{i,j}^m\right)$. The query does not simulate the adversary’s ability, but it simulates the indistinguishability between real session keys and random keys. Input session ${\prod }_{i,j}^m$ must be fresh. As a challenger, $\mathcal{C}$ tosses a coin $b\in \{0,1\}$. If $b=0$, $\mathcal{C}$ returns the session key held by ${\prod }_{i,j}^m$; if $b=1$, $\mathcal{C}$ returns a random key from the distribution of the session key.

Matching session. If ${\prod }_{i,j}^m$ and ${\prod }_{j,i}^n$ have the same session $sid$, then ${\prod }_{j,i}^n$ is said to be a matching session for ${\prod }_{i,j}^m$.

Freshness. Let ${\prod }_{i,j}^m$ denote an accepted session between honest participants $F_i$ and $F_j$ if ${\prod }_{i,j}^m$ and ${\prod }_{j,i}^n$ are matching sessions. ${\prod }_{i,j}^m$ is fresh if all the following conditions do not hold:

(1) $\mathcal{A}$ issues $SSKReveal\left({\prod }_{i,j}^m\right)$ or $SSKReveal\left({\prod }_{j,i}^n\right)$ queries if ${\prod }_{j,i}^n$ exists.

(2) The matching session ${\prod }_{j,i}^n$ exists. $\mathcal{A}$ makes $SKReveal\left(I{D}_i\right)$ and $ESReveal\left({\prod }_{i,j}^m\right)$ queries, or $SKReveal\left(I{D}_j\right)$ and $ESReveal\left({\prod }_{j,i}^n\right)$ queries.

(3) The matching session ${\prod }_{j,i}^n$ does not exist. $\mathcal{A}$ makes $SKReveal\left(I{D}_i\right)$ and $ESReveal\left({\prod }_{i,j}^m\right)$, or $SKReveal\left(I{D}_j\right)$ queries.

A game simulates the security of an AKA protocol. In the game, $\mathcal{A}$ can issue multiple queries in any order. $\mathcal{A}$ can issue the $Test\left({\prod }_{i,j}^m\right)$ query only once for a fresh session ${\prod }_{i,j}^s$. Next, a coin $b\in \{0,1\}$ is flipped by $\mathcal{C}$. When the game ends, $\mathcal{A}$ will guess the value of b as $b^{\prime }$. If $b^{\prime }=b$ and the test session ${\prod }_{i,j}^m$ is still fresh, then $\mathcal{A}$ wins the game. The advantage of $\mathcal{A}$ to win the game is defined as $Ad{v}_{AKA}\left(A\right)=\left|Pr\left[b^{\prime }=b\right]-\frac{1}{2}\right|$.

eCK Security. To ensure the security of the AKA protocol in the eCK model, the following conditions must be met:

(1) If both parties complete a matching session, they will calculate the same session key, unless the probability is negligible.

(2) For any polynomial-time adversary $\mathcal{A}$, the advantage in breaking the AKA protocol, $Ad{v}_{AKA}\left(\mathcal{A}\right)$, must be negligible.

5.1.2. Formal Security Analysis

At first, three empty lists are created to hold the query and the corresponding answers.

L: input–output pairs of the hash function. Instead of being randomly chosen by $\mathcal{C}$, the real hash function computes the outputs. To complete the safety proof, $\mathcal{C}$ needs to record the mapping between the inputs and outputs.

$L_U$: Tuple $(I{D}_i,k_i,P{K}_i)$ for storing the queries–answers of $PKReveal\left(I{D}_i\right)$, $PKReplace\left(I{D}_i\right)$, and $SKReveal\left(I{D}_i\right)$.

$L_w$: Tuple $(I{D}_i,I{D}_j,s,x_i,x_j)$ for storing the queries–answers of $ESReveal\left({\prod }_{i,j}^s\right)$.

To continue, it is essential to clarify a few fundamental configurations. Suppose that $\mathcal{A}$ is activating no more than $n_1$ honest parties, and each party is engaged in no more than $n_2$ sessions. Assume that $\mathcal{A}$ selects the ${\prod }_{I,J}^S$ as the test session. $\mathcal{A}$ can distinguish a test session key from a random string in the three ways below:

A1. Guessing. $\mathcal{A}$ guesses the session key correctly.

A2. Key replication. $\mathcal{A}$ creates a mismatched session that has the same session key as ${\prod }_{I,J}^S$. So $\mathcal{A}$ is able to fetch the session key by querying the mismatched session.

A3. Forging. The value of $h(I{D}_i\parallel I{D}_j\parallel B_i\parallel C_i)$ is computed at some point by $\mathcal{A}$.

Theorem 1.

Since the $\mathrm{ECDL}$ or $\mathrm{ECDH}$ problem is intractable, the advantage of $\mathcal{A}$ against the AKA scheme in the eCK model is negligible.

Proof. 

Since the session key $SS{K}_i\in Z_q^{\ast }$, there is only a $\frac{1}{q-1}$ chance of guessing the correct $SS{K}_i$ in the guessing attack.

The hash function should yield the same results for different input values in order to prevent the key replication attack. The probability of success of a key duplication attack is negligible.

The analysis of the forging attack is shown below.

Consider the tuple $(P,u_{1}P,u_1{u}_{2}P,v_{1}P,v_1{v}_{2}P)$ as an example of the $\mathrm{ECDH}$ problem, in which the ephemeral keys $x_s$ and $x_{sp}$ are denoted by $u_2$ and $v_2$, and the long-term keys $k_s$ and $k_{sp}$ are represented by $u_1$ and $v_1$. If $\mathcal{A}$ is successful in forging attack with non-negligible probability, $\mathrm{ECDH}(u_1{u}_{2}P,v_{1}P)=u_1{u}_2{v}_1{v}_{1}P$ and $\mathrm{ECDH}(u_1{u}_{2}P,v_1{v}_{2}P)=u_1{u}_2{v}_1{v}_{1}P$ can be computed by $\mathcal{C}$ using $\mathcal{A}$.

First, $\mathcal{C}$ creates a test session ${\prod }_{I,J}^S$ by randomly selecting $S\in \{1,n_2\}$ and $I,J\in \{1,n_1\}(I\ne J)$. Therefore, $\mathcal{C}$ has no higher chance of correctly guessing the test session ${\prod }_{I,J}^S$ than $\frac{1}{n_1^2·n_2}$. Let ${\prod }_{J,I}^E$ be the matching session of ${\prod }_{I,J}^S$. There are six complementary events to consider as shown in

Table 2. Complementary events.

	$\mathit{E}1$	$\mathit{E}2$	$\mathit{E}3$	$\mathit{E}4$	$\mathit{E}5$	$\mathit{E}6$
${\prod }_{J,I}^E$					×	×
Ephemeral secret keys of $I{D}_I\left(u_2\right)$	×	×			×
Ephemeral secret keys of $I{D}_J\left(v_2\right)$	×		×
Secret value of $I{D}_I\left(u_1\right)$			×	×		×
Secret value of $I{D}_I\left(v_1\right)$		×		×	×	×

×: the session does not exit or $\mathcal{A}$ does not obtain the parameter.

. E1: $\mathcal{A}$ does not obtain the ephemeral secret keys of $I{D}_I\left(u_2\right)$ and $I{D}_J\left(v_2\right)$. E2: $\mathcal{A}$ does not obtain the ephemeral secret key of $I{D}_I\left(u_2\right)$ and secret value of $I{D}_J\left(v_1\right)$. E3: $\mathcal{A}$ does not obtain the ephemeral secret keys $I{D}_J\left(v_2\right)$ and secret value of $I{D}_I\left(u_1\right)$. E4: $\mathcal{A}$ does not obtain the secret values of $I{D}_I\left(u_1\right)$ and $I{D}_I\left(v_1\right)$. E5: There is no matching session for ${\prod }_{I,J}^S$. $\mathcal{A}$ obtains parameters similar to E2. E6: There is no matching session for ${\prod }_{I,J}^S$. $\mathcal{A}$ obtains parameters similar to E4.

At least one event in the set, $\{E1\wedge A3,E2\wedge A3,E3\wedge A3,E4\wedge A3,E5\wedge A3,E6\wedge A3\}$, happens with non-negligible probability if $\mathcal{A}$ succeeds in faking attack with non-negligible probability.

i. 

Analysis of E1

(1) 

Setup. $\mathcal{C}$ sends $\left(E\right(a,b),p,q,P,P,h(·\left)\right)$ to the $\mathcal{A}$.

(2) 

Query. $\mathcal{A}$ will query the public key before an identity is used in any other queries, and all queries are different. $\mathcal{C}$ answers the queries issued by $\mathcal{A}$ as follows:

(1) 

$PKReveal\left(I{D}_i\right)$. $\mathcal{A}$ submits an identity $I{D}_i$, $\mathcal{C}$ picks at random $k_i\in Z_q^{\ast }$, computes $P{K}_i=k_i·P$, then returns $P{K}_i$ and adds $(I{D}_i,k_i,P{K}_i)$ to the list $L_U$.

(2) 

$PKReplace\left(I{D}_i\right)$. $\mathcal{A}$ submits a tuple $P{K}_i^{\prime }=k_i^{\prime }·P$ for $I{D}_i$, $\mathcal{C}$ replaces $P{K}_i$ with $P{K}_i^{\prime }$, and update $(I{D}_i,k_i,P{K}_i)$ with $(I{D}_i,\ast ,K_i^{\prime })$ in the list $L_U$, where ∗ can be the secret value $k_i^{\prime }$ or be the symbol ⊥.

(3) 

$SKReveal\left(I{D}_i\right)$. $\mathcal{A}$ submits an identity $I{D}_i$, $\mathcal{C}$ looks up $(I{D}_i,k_i,P{K}_i)$ in the list $L_U$ and returns $k_i$. If $\mathcal{A}$ has replaced the public key $P{K}_i$ and has not submitted a new one, $\mathcal{C}$ will refuse to respond.

(4) 

$ESReveal\left({\prod }_{i,j}^m\right)$. $\mathcal{A}$ submits a session ${\prod }_{i,j}^s$, then $\mathcal{C}$ processes as follows:

• If ${\prod }_{i,j}^s={\prod }_{I,J}^S$ or ${\prod }_{i,j}^s={\prod }_{J,I}^E$, then $\mathcal{C}$ fails and stops.
• If not, $\mathcal{C}$ selects $x_i,x_j\in Z_q^{\ast }$ at random and appends $(I{D}_i,I{D}_j,s,x_i,$$x_j)$ to $L_W$.

(5) 

$SSKReveal\left({\prod }_{i,j}^m\right)$. $\mathcal{A}$ submits a session ${\prod }_{i,j}^s$, and $\mathcal{C}$ processes as follows: If $\mathcal{A}$ has replaced the public key $P{K}_i$ (or $P{K}_j$) and did not submit the new secret value $P{K}_i^{\prime }$ (or $P{K}_j^{\prime }$), then $\mathcal{C}$ may refuse to reply, else

• $Case1:$ If ${\prod }_{i,j}^s={\prod }_{I,J}^S$ or ${\prod }_{i,j}^s={\prod }_{J,I}^E$, then $\mathcal{C}$ fails and stops.
• $Case2:$ If $\mathcal{A}$ has made $ESReveal\left({\prod }_{i,j}^m\right)$ for ${\prod }_{i,j}^s,C$ will look up $(I{D}_i,I{D}_j,s,x_i,x_j)$ in $L_W$, $(I{D}_i,k_i,P{K}_i)$, or $(I{D}_j,k_j,P{K}_j)$ in $L_U$, then figures out the session key according to the AKA scheme.
• $Case3:$ Else, $\mathcal{C}$ selects $x_i,x_j\in Z_q^{\ast }$ at random and appends $(I{D}_i,I{D}_j,$$s,x_i,x_j)$ to $L_W$, then proceeds as in case 2.

(6) 

$Send({\prod }_{i,j}^s,M)$. $\mathcal{C}$ will answer the query as below.

• If $({\prod }_{i,j}^s,M)=({\prod }_{I,J}^S,\perp )$, $\mathcal{C}$ looks up $(I{D}_I,k_I,P{K}_I)$ in $L_U$ and then returns $k_I{u}_{2}P$.
• If $({\prod }_{i,j}^s,M)=({\prod }_{J,I}^E,\perp )$, $\mathcal{C}$ looks up $(I{D}_J,k_J,P{K}_J)$ in $L_U$ and then returns $k_I{v}_{2}P$.
• If ${\prod }_{i,j}^s\ne {\prod }_{I,J}^S$ and ${\prod }_{i,j}^s\ne {\prod }_{J,I}^E$, $\mathcal{C}$ looks up $(I{D}_i,k_i,P{K}_i)$ in $L_U$ and processes as follows:

  ·

  If $\mathcal{A}$ has made $ESReveal\left({\prod }_{i,j}^m\right)$ for ${\prod }_{i,j}^s$, $\mathcal{C}$ looks up $(I{D}_i,I{D}_j,s,$$x_i,x_j)$ in $L_W$, then computes and returns $A_i$.

  ·

  If not, $\mathcal{C}$ randomly selects $x_i,x_j\in Z_q^{\ast }$ and calculates and returns $A_i$, then appends $(I{D}_i,I{D}_j,s,x_i,x_j)$ to $L_W$.

• If $M=(A_j,\ast )$, $\mathcal{C}$ accepts ${\prod }_{i,j}^s\ne {\prod }_{I,J}^S$.

(7) 

$Test\left({\prod }_{i,j}^s\right)$. If the public key $P{K}_i$ (or $P{K}_j$) had been replaced with $k_i^{\prime }$ (or $k_j^{\prime }$), $\mathcal{A}$ would have had to commit the new secret value $k_i^{\prime }$ (or $k_j^{\prime }$) to $\mathcal{C}$; since $\mathcal{C}$ is unable to generate the session key if he does not know the secret values for $I{D}_i$ and $I{D}_j$. The responses of $\mathcal{C}$ to $Test\left({\prod }_{i,j}^s\right)$ are as follows:

• If ${\prod }_{i,j}^s\ne {\prod }_{I,J}^S,C$ fails and stops.
• If ${\prod }_{i,j}^s={\prod }_{I,J}^S$, $\mathcal{C}$ randomly chooses $SS{K}_i\in Z_q^{\ast }$ and sends it back to $\mathcal{A}$.

(3) 

Solve ECDH problems. To win the game by forging attack, $\mathcal{A}$ would have to calculate $h(I{D}_I\parallel I{D}_J\parallel B_I\parallel C_I)$, where $B_I=k_J{k}_I{u}_{2}P$ and $D_I=k_J{k}_I{u}_2{v}_{2}P$. $\mathcal{C}$ finds $k_I$ and $k_J$ in $L_U$ and computes $B_I$ and $D_I$ by solving the $\mathrm{ECDH}$ problem.

(4) 

Probability. If it is possible for $\mathcal{C}$ to properly guess the test session ${\prod }_{I,J}^S$, $\mathcal{C}$ will not fail in the query phase. Thus, $\mathcal{C}$ is able to calculate $B_I=\mathrm{ECDH}(k_{J}P,k_I{u}_{2}P)$ and $D_I=\mathrm{ECDH}(k_J{v}_{2}P,k_I{u}_{2}P)$ with probability $\frac{1}{n_1^2{n}_2}Ad{v}_{AKA}\left(A\right)$ if $\mathcal{A}$ wins in the game with advantage $Ad{v}_{AKA}\left(A\right)$.

ii. 

Analysis of E2

(1) 

Setup. Same as that in the analysis of E1.

(2) 

Query. $\mathcal{C}$ responds to the queries from $\mathcal{A}$ as those in the analysis of E1 except for the $PKReveal\left(I{D}_i\right)$, $SKReveal\left(I{D}_i\right)$, $ESReveal\left({\prod }_{i,j}^m\right)$, and $Send({\prod }_{i,j}^s,M)$.

(1) 

$PKReveal\left(I{D}_i\right)$. $\mathcal{A}$ submits an identity $I{D}_k$, $\mathcal{C}$ will respond to the query as follows:

• If $I{D}_k=I{D}_J$, $\mathcal{A}$ computes $K_J=v_{1}P$, returns $v_{1}P$, and adds $(I{D}_J,\perp ,v_{1}P)$ to the list $L_U$.
• If not, C randomly selects $k_k\in Z_q^{\ast }$ and calculates $P{K}_k=k_{k}P$, then returns $P{K}_k$ and adds $(I{D}_k,k_k,P{K}_k)$ in $L_U$.

(2) 

$SKReveal\left(I{D}_i\right)$. If $I{D}_i=I{D}_J$, $\mathcal{C}$ will fail and stop. If not, $\mathcal{C}$ looks up $(I{D}_i,k_i,P{K}_i)$ in $L_U$ and returns $k_i$.

(3) 

$ESReveal\left({\prod }_{i,j}^m\right)$. $\mathcal{C}$ will respond to the query as follows:

• If ${\prod }_{i,j}^s={\prod }_{I,J}^S$ or ${\prod }_{i,j}^s={\prod }_{J,I}^E$, $\mathcal{C}$ randomly chooses $x_J\in Z_q^{\ast }$ and returns $(\perp ,x_J)$, then appends $(I{D}_J,I{D}_J,s,\perp ,x_J)$ to $L_W$.
• If not, $\mathcal{C}$ randomly chooses $x_i,x_j\in Z_q^{\ast }$ and returns $(x_i,x_j)$, then appends $(I{D}_i,I{D}_j,s,x_i,x_j)$ to $L_W$.

(4) 

$Send({\prod }_{i,j}^s,M)$. $\mathcal{C}$ will respond to the query as follows:

• If $({\prod }_{i,j}^s,M)=({\prod }_{I,J}^S,\perp )$, $\mathcal{C}$ looks up $(I{D}_I,k_I,P{K}_I)$ in $L_U$ and returns $\left(k_1{u}_{2}P\right)$.
• If $({\prod }_{i,j}^s,M)=({\prod }_{J,I}^E,\perp )$, $\mathcal{C}$ looks up $(I{D}_J,\perp ,v_{1}P)$ in $L_U$, and $(I{D}_I,$$I{D}_J,S,\perp ,x_J)$ in $L_W$, then sends $\left(v_1{x}_{J}P\right)$ back.
• Otherwise, the analysis is the same as for E1.

(3) 

Solve ECDH problems. To win the game by forging attack, $\mathcal{C}$ must compute $h(I{D}_I\parallel I{D}_J\parallel B_I\parallel C_I)$, where $B_I=k_J{k}_I{u}_{2}P$ and $C_I=k_I{u}_2{v}_1{x}_{J}P$. $\mathcal{C}$ finds $k_I$ in the list $L_U$ and $(\perp ,x_J)$ in the list $L_W$ to compute $B_I$ and $C_I$ by solving $\mathrm{ECDH}$ problems.

(4) 

Probability. If it is possible for $\mathcal{C}$ to properly guess the test session ${\prod }_{I,J}^S$, $\mathcal{C}$ will not fail in the query phase. Thus, $\mathcal{C}$ is able to calculate $B_I=\mathrm{ECDH}(k_{J}P,k_I{u}_{2}P)$ and $D_I=\mathrm{ECDH}(v_1{x}_{J}P,k_I{u}_{2}P)$ with the same probability as E1 winning the game.

iii. 

Analysis of E3

$\mathcal{C}$ can swap $I{D}_I$ and $I{D}_J$ in E3 and then carry out the analysis of E2.

iv. 

Analysis of E4

(1) 

Setup. This is the same as that in the analysis of E1.

(2) 

Query. The responses of $\mathcal{C}$ to the queries from $\mathcal{A}$ are the same as in E1, except for $PKReveal\left(I{D}_i\right)$, $SKReveal\left(I{D}_i\right)$, $ESReveal\left({\prod }_{i,j}^m\right)$, $SKReveal\left(I{D}_i\right)$, and $Send({\prod }_{i,j}^s,M)$ queries.

(1) 

$PKReveal\left(I{D}_i\right)$. $\mathcal{A}$ submits an identity $I{D}_k$, $\mathcal{C}$ process as follows:

• If $I{D}_k=I{D}_I$, $\mathcal{C}$ computes $K_I=u_{1}P$, then returns $u_{1}P$ and appends $(I{D}_I,\perp ,u_{1}P)$ to $L_U$.
• If $I{D}_k=I{D}_J$, $\mathcal{C}$ computes $K_J=v_{1}P$, then returns $v_{1}P$ and appends $(I{D}_J,\perp ,v_{1}P)$ to $L_U$.
• Else, C chooses $k_k\in Z_q^{\ast }$ randomly and calculates $K_k=k_{k}P$, then returns $K_k$ and adds $(I{D}_k,k_k,K_k)$ in $L_U$.

(2) 

$SKReveal\left(I{D}_i\right)$. If $I{D}_i=I{D}_I$ or $I{D}_i=I{D}_J$, then $\mathcal{C}$ fails and stops. If not, C looks up $(I{D}_i,k_i,K_i)$ in $L_U$ and returns $k_i$.

(3) 

$ESReveal\left({\prod }_{i,j}^m\right)$. $\mathcal{A}$ submits a session ${\prod }_{i,j}^s$, $\mathcal{C}$ randomly chooses $x_i,x_j\in Z_q^{\ast }$ and returns $(x_i,x_j)$, then appends $(I{D}_i,I{D}_j,s,x_i,x_j)$ to $L_W$.

(4) 

$Send({\prod }_{i,j}^s,M)$. $\mathcal{C}$ finds $(I{D}_i,k_i,K_i)$ in the list $L_U$, then responds to queries as follows:

• If $({\prod }_{i,j}^s,M)=({\prod }_{I,J}^S,\perp )$, $\mathcal{C}$ performs as follows:

  ·

  If $\mathcal{A}$ has made $ESReveal\left({\prod }_{i,j}^m\right)$ for ${\prod }_{i,j}^s$, $\mathcal{C}$ looks up $(I{D}_i,I{D}_j,s,$$x_i,x_j)$ in $L_W$ and returns $\left(u_1{x}_{i}P\right)$.

  ·

  If $\mathcal{A}$ has made $ESReveal\left({\prod }_{j,i}^m\right)$ for ${\prod }_{j,i}^s$, $\mathcal{C}$ looks up $(I{D}_i,I{D}_j,s,$$x_i,x_j)$ in $L_W$ and returns $\left(v_1{x}_{j}P\right)$.

  ·

  Else, $\mathcal{C}$ randomly chooses $x_i,x_j\in Z_q^{\ast }$ and returns $A_i$, then appends $(I{D}_i,I{D}_j,s,x_i,x_j)$ to $L_W$.

• $M=(A_j,\ast ),C$ accepts the session.

(3) 

Solve ECDH problems. To win the game by forging attack, $\mathcal{C}$ must compute $h(I{D}_I\parallel I{D}_J\parallel B_I\parallel D_I)$, where $B_I=u_1{v}_1{x}_{I}P$ and $D_I=u_1{x}_I{v}_1{x}_{J}P$. $\mathcal{C}$ looks up $(I{D}_i,I{D}_j,s,x_i,x_j)$ in $L_W$ to compute $B_I$ and $D_I$ by solving ${\mathrm{ECDH}}_1$ and ${\mathrm{ECDH}}_2$ problems.

(4) 

Probability. If it is possible for $\mathcal{C}$ to properly guess the test session ${\prod }_{I,J}^S$, $\mathcal{C}$ will not fail in the query phase. Thus, $\mathcal{C}$ is able to calculate $B_I={\mathrm{ECDH}}_1(v_{1}P,u_1{x}_{I}P)$ and $D_I={\mathrm{ECDH}}_2(u_1{x}_{I}P,v_1{x}_{J}P)$ with the same probability as E1 winning the game.

v. 

Analysis of E5

In E2, there is a matching session ${\prod }_{J,I}^E$ for the test session ${\prod }_{I,J}^S$, whereas in E5, there is no matching session for ${\prod }_{I,J}^S$. Therefore, the analysis for E5 is similar to that for E2.

vi. 

Analysis of E6

In E4, there is a matching session ${\prod }_{J,I}^E$ for the test session ${\prod }_{I,J}^S$. However, in E6, there is no matching session for ${\prod }_{I,J}^S$. Therefore, the analysis of E6 is similar to that of E4.

☐

5.2. Descriptive Security Analysis

5.2.1. No Key Escrow Issues

During registration, S obtains the long-term private key, $k_s=\left(r_s+r_{ta}^s\right)\mathrm{mod}q$. TA only generates the partial private key $r_{ta}^s$, which avoids the key escrow problems. The long-term private key of SP is similar.

5.2.2. ESL Attack Resistance

Resistance to ESL attacks means $\mathcal{A}$ is unable to figure out the session key in spite of knowing ephemeral secrets $x_s$ and $x_{sp}$. For $SS{K}_s=H(I{D}_s\parallel I{D}_{sp}\parallel B_s\parallel C_s)$, where $C_s=\left(x_s{k}_s\mathrm{mod}q\right)·A_{sp}=\left(x_{sp}{k}_{sp}\mathrm{mod}q\right)·A_s$, even if $x_s$ and $x_{sp}$ are revealed, $\mathcal{A}$ cannot figure out $SS{K}_s$ because they do not know the long-term secrets $k_s$ and $k_{sp}$. Similarly, if $\mathcal{A}$ knows the short-term secrets $x_s$ and $x_{sp}$, then he/she cannot calculate $SS{K}_{sp}$.

5.2.3. Anonymity

In this scheme, $I{D}_s$ and $I{D}_{sp}$ are masked before being transmitted during the authentication process and change dynamically from session to session with the choice of the temporary random numbers $x_s$ and $x_{sp}$. $\mathcal{A}$ is incapable of retrieving and tracing the identity from the transmitted messages. That is, the proposal guarantees anonymity.

5.2.4. Mutual Authentication

During authenticating, S verifies $SP$ by checking the correctness of $V_{sp}$. For $V_{sp}=h(W{S}_s\parallel T{S}_{sp}\parallel I{D}_{sp}\parallel SS{K}_{sp})$, where $SS{K}_{sp}=x_{sp}·B_{sp}=k_{sp}{x}_{sp}·A_s$, $V_{sp}$ cannot be figured out without long-term secrets $k_{sp}$ of $SP$. Similarly, $SP$ verifies S by checking $V_s$.

5.2.5. Impersonation Attacks Resistance

Firstly, we analyze the S impersonation attack. If $\mathcal{A}$ tries to impersonate S to generate the message $\{A_s,EI{D}_s,T{S}_s,V_s$} to make $SP$ believe that the message is legitimate and generated by S, $\mathcal{A}$ cannot generate valid information and impersonate S in polynomial time without knowing parameters such as $k_s$ and $x_s$.

5.2.6. IoT Nodes Capture Attack Resistance

Some IoT end devices are placed in unattended environments and may be physically captured by an adversary. Thus, their credentials $\{I{D}_s,k_s,P{K}_s,I{D}_{sp},W{s}_{sp}\}$ can be easily extracted by $\mathcal{A}$. The credentials for different end devices in the proposed scheme are different. Therefore, this will only lead to session key leakage between the captured $S_s$ and the server $SP$ but not between the uncorrupted end device $S_s^{\prime }$ and the server $SP$. This implies that the proposal can withstand IoT node capture attacks.

5.2.7. KCI Attack Resistance

Resistance against KCI attacks refers to the inability of $\mathcal{A}$ to impersonate another legitimate participant, Bob, to authenticate with Alice after Alice’s long-term private key disclosure. Suppose $\mathcal{A}$ learns the long-term key $k_s$ of the end device S and wants to impersonate $SP$ to produce $\{A_{sp},T{S}_{sp},V_{sp}$} to convince S that the message is legitimate and generated by $SP$. For $V_{sp}=h(W{S}_s\parallel T{S}_{sp}\parallel I{D}_{sp}\parallel SS{K}_{sp})$, where $C_{sp}=x_{sp}·B_{sp}=k_{sp}{x}_{sp}·A_s$, and $k_{sp}$ has not been compromised, $\mathcal{A}$ cannot impersonate server $SP$ to perform authentication and key agreement with S. Similarly, $\mathcal{A}$ cannot carry out KCI attacks against $SP$.

5.3. Automatic Formal Verification

The security of the proposal is formally validated with ProVerif [5].

Table 3. Codes for end device S.

let S =

new rs:bitstring;

let Rs = Mul(rs, P) in

out (schs, (IDs, Rs));

in (schs, (vIDsp:bitstring,vPKsp: bitstring, vPKs: bitstring,vrtas:bitstring));

let ks = add (rs, vrtas) in

let PKs= Mul (ks, P) in

if PKs = vPKs then

let WSsp = Mul (ks, vPKsp) in

!

(

event startAuthsp;

let As = Mul(xs,PKs) in

let Bs = Mul(xs, WSsp) in

let EIDs = xor (IDs, Bs) in

new TSeeds:bitstring;

let Ts = generate_Timeline(TSeeds) in

let Vs = Hash(con (con (con (WSsp, Ts), IDs),Bs))in

out (ch, (As, EIDs, Ts, Vs));

in (ch, (vAsp: bitstring, vTsp: bitstring, vVsp:bitstring));

let Cs = Mul (mul (xs, ks), vAsp) in

let SSKs = Hash(con (con (con (IDs,IDsp), Bs), Cs)) in

let Vsp = Hash(con (con (con (WSsp,vTsp),IDsp), SSKs)) in

if Vsp = vVsp then

event endAuths;

0

).

illustrates the codes of S, where $schs$ is a secret channel used for S registration, and $ch$ is a public channel used for S and $SP$ authentication. Based on the following results, it can be concluded that both the authentication process and the session key are secure from adversary attacks.

Here are the results of the queries in ProVerif:

(1)

RESULT inj-event(endAuthS) ==> inj-event(startAuthS) is true.

(2)

RESULT inj-event(endAuthSP) ==> inj-event(startAuthSP) is true.

(3)

RESULT inj-event(endAuthSP) ==> inj-event(endAuthS) is true.

(4)

RESULT inj-event(endAuthS) ==> inj-event(endAuthSP) is true.

(5)

RESULT not attacker(SSKs[]) is true.

(6)

RESULT not attacker(SSKsp[]) is true.

(7)

RESULT not attacker(ks[]) is true.

(8)

RESULT not attacker(ksp[]) is true.

6. Performance Comparison

6.1. Communication Cost

According to [22,41], suppose that $G_1$ is an additive cyclic group with order $q_1$. $G_2$ is a multiplicative cyclic group with order q. The bilinear map is defined as $e:G_1\times G_1\to G_2$. In addition, it is assumed that the lengths of an identifier (ID), a hash output (H), a timestamp (TS), and a random number (R) are 64, 128, 32, and 128 bits, respectively.

Table 4. Communication cost.

Scheme	End Device (bit)	Server (bit)	Total (bit)
[22]	$2G+G1+H+TS+ID=2016$	$G+H+TS=544$	2560
[24]	$2G+H+2TS+ID=1024$	$2G+H+TS=928$	1952
[25]	$2G+2H+TS=1056$	$G+H+TS=512$	1568
[27]	$G+H+R+2TS+ID=832$	$G+H+2TS+ID=640$	1472
[28]	$G+2H+TS=672$	$G+2H+ID=704$	1376
[29]	$3G+2H+ID=1472$	$3G+H+ID=1344$	2816
Ours	$G+H+TS+ID=608$	$G+H+TS=544$	1152

shows the communication overhead of each protocol during the authentication and key negotiation phases. It can be concluded that the proposed scheme has the lowest communication overhead in the authentication and key negotiation processes.

6.2. Computation Cost

According to He et al. [41],

Table 5. Run-time of related operations.

Notation	Operation	Time (ms)
$T_{bp}$	Bilinear pairing	$32.713$
$T_h$	Hash function	$0.006$
$T_{pm1}$	Point multiplication in G1	$13.405$
$T_{pa1}$	Point addition in G1	$0.56$
$T_{exp2}$	Exponentiation in G2	$2.249$
$T_s$	Symmetric encryption	$0.012$
$T_{pa}$	ECC point addition	$0.014$
$T_{pm}$	ECC point multiplication	$3.352$

shows the run-time of the relevant encryption operation on a $SamsungGalaxyS5$.

Table 6. Computation cost.

Scheme	End Device (ms)	Server (ms)	Total (ms)
[22]	$2T_{pm1}+T_{pa1}+T_{exp2}+4T_{pm}+T_{pa}+6T_h=43.077$	$T_{pb}+4T_{pm}+T_{pa}+5T_h=46.165$	89.242
[24]	$4T_{pm}+T_{pa}+7T_h=13.464$	$4T_{pm}+T_{pa}+7T_h=13.464$	26.982
[25]	$3T_{pm}+4T_h=10.08$	$3T_{pm}+2T_{pa}+5T_h=13.466$	23.546
[27]	$3T_{pm}+2T_s+4T_h=10.104$	$4T_{pm}+3T_s+4T_h=13.468$	23.572
[28]	$4T_{pm}+7T_h=13.45$	$4T_{pm}7T_h=13.45$	26.9
[29]	$7T_{pm}+2T_{pa}+5T_h=23.522$	$7T_{pm}+2T_{pa}+5T_h=23.522$	47.044
Ours	$3T_{pm}+3T_h=10.074$	$3T_{pm}+3T_h=10.074$	20.148

displays the run-time of each scheme during authentication and key agreement. It is evident that the proposed scheme requires the least computational overhead.

6.3. Performance Comparison

The results of the comparison between the proposal and related schemes [22,24,25,27,28,29] in terms of security are shown in

Table 7. Performance comparison.

Scheme	SF1	SF2	SF3	SF4	SF5	SF6	SF7	SF8	SF9	SF10	SF11	SF12
[22]	×	×	√	×	√	√	×	√	√	×	√	√
[24]	×	×	√	×	√	√	√	√	√	√	√	×
[25]	√	√	√	√	√	√	×	√	√	√	√	×
[27]	√	×	√	√	√	√	√	√	√	√	√	×
[28]	√	×	√	√	×	√	√	√	√	×	√	√
[29]	√	√	√	×	√	√	√	√	×	√	√	√
Ours	√	√	√	√	√	√	√	√	√	√	√	√

SF1: IM attack resistance; SF2: MIM attack resistance; SF3: Mutual authentication without the help of TA; SF4: ESL attack resistance; SF5: KCI attack; SF6: IoT nodes capture attack resistance; SF7: Anonymity; SF8: Unknown key share attack resistance; SF9: Perfect forward secrecy; SF10: Formal security proof; SF11: Replay attack resistance; SF12: No key escrow issue; √: Secure or supportive ×: Insecure or unsupported.

. Compared to the existing schemes, the proposed protocol provides better security and functionality, e.g., it is resistant to attacks such as IM, MIM, and ESL while providing anonymity, mutual authentication, and PFS without key escrow issues.

7. Conclusions

To begin, we reviewed the existing ECC-based AKA schemes. Then, we pointed out that the existing schemes failed to provide user anonymity and PFS and had no resistance to typical attacks (such as ESL, IM, MIM, KCI, etc.) with key escrow problems. The high computational and communication costs also made some of these solutions unsuitable for resource-limited IoT. Furthermore, the security proofs were conducted in the Random-Oracle model. It is widely recognized that cryptographic schemes proven secure in the Random-Oracle model may not necessarily provide the same level of security when implemented in real-world systems. We propose a security-enhanced AKA protocol for connecting IoT devices to servers to remedy the existing challenges. The session key security of the proposed scheme is rigorously proven under the eCK model with the elliptic curve encryption computational assumptions. The session key confidentiality and authentication properties are verified with ProVerif. Based on the performance comparison, it is found that the proposed scheme offers user anonymity, PFS, mutual authentication, and resistance to typical attacks such as ESL, IM, MIM, and KCI. Additionally, the proposed scheme has minimal computational and communication overhead compared to the existing schemes.