A Multi-Factor Homomorphic Encryption based Method for Authenticated Access to IoT Devices

TL;DR

This paper extends a multi-factor authentication framework for IoT devices to support group authentication using homomorphic encryption and hybrid cryptographic protocols, enhancing security in device interactions.

Contribution

It introduces two new multi-factor group authentication protocols, HGAKA and HGA, based on homomorphic encryption for secure IoT device group access.

Findings

Protocols satisfy security requirements

Formal security verification confirms robustness

Supports multi-factor device group authentication

Abstract

Authentication is the first defence mechanism in many electronic systems, including Internet of Things (IoT) applications, as it is essential for other security services such as intrusion detection. As existing authentication solutions proposed for IoT environments do not provide multi-level authentication assurance, particularly for device-to-device authentication scenarios, we recently proposed the M2I (Multi-Factor Multi-Level and Interaction based Authentication) framework to facilitate multi-factor authentication of devices in device-to-device and device-to-multiDevice interactions. In this paper, we extend the framework to address group authentication. Two Many-to-One (M2O) protocols are proposed, the Hybrid Group Authentication and Key Acquisition (HGAKA) protocol and the Hybrid Group Access (HGA) protocol. The protocols use a combination of symmetric and asymmetric cryptographic primitives to facilitate multifactor group authentication. The informal analysis and formal security verification show that the protocols satisfy the desirable security requirements and are secure against authentication attacks.