Current authentication protocols seek to establish authenticated sessions over insecure channels while maintaining a small footprint considering the energy consumption and computational overheads. Traditional authentication schemes must store a form of authentication data on the devices, putting this data at risk. Approaches based on purely public/private key infrastructure come with additional computation and maintenance costs. This work proposes a novel non-interactive zero-knowledge (NIZKP) authentication protocol that incorporates the limiting factors in IoT communication devices and sensors. Our protocol considers the inherent network instability and replaces the ZKP NP-hard problem using the Merkle tree structure for the creation of the authentication challenge. A series of simulations evaluate the performance of NIZKP against traditional ZKP approaches based on graph isomorphism. A set of performance metrics has been used, namely the channel rounds for client authentication, effects of the authentication processes, and the protocol interactions to determine areas of improvements. The simulation results indicate empirical evidence for the suitability of our NIKP approach for authentication purposes in resource-constrained IoT environments.
Bibliographical note© 2020 Elsevier. Licensed under the Creative Commons Attribution-NonCommercialNoDerivatives 4.0 International http://creativecommons.org/licenses/by-nc-nd/4.0/.