A Full Lifecycle Authentication Scheme for Large-Scale Smart IoT Applications

The rapid development of IoT (Internet of Things) brings great convenience to people through the utilization of IoT applications, but also brings huge security challenges. Existing IoT security breaches show that many IoT devices have authentication flaws. Although many IoT authentication schemes were proposed, they are not fit for recent smart IoT applications covering IoT device, back-end sever, and user-end mobile applications. To build the first line of defense for smart IoT systems, this paper proposes a new authentication scheme. The proposed scheme first models the entire lifecycle of the IoT device authentication for real-world scenarios of smart IoT systems that contains factory manufacturing, daily usage, and system resetting. For each stage in the lifecycle, the proposed scheme employs efficient symmetric key mechanisms to achieve the authentication between IoT device, back-end server, and mobile application. The proposed scheme supports both server-free local area network communication and sever-involved remote public area communication. Formal security verification shows that the proposed scheme resists existing attacks. The open-source experimental evaluations also show that the proposed scheme is efficient and promising for practical usage.