Privacy-preserving fuzzy commitment schemes for secure IoT device authentication
Article type: Research Article
Authors: Kandan, M.a; * | Durai Murugan, A.b | Ramu, Gandikotac | Ramu, Gandikotad | Gnanamurthy, R.K.e | Bordoloi, Dibyahashf | Rawat, Swatig | Murugesan, h | Prasad, Pulicherla Sivai
Affiliations: [a] Department of Computing Technologies, School of Computing, Faculty of Engineering and Technology, SRM Institute of Science and Technology, Kattankulathur, Tamil Nadu, India | [b] Department of Computer Science and Business Systems, M. Kumarasamy College of Engineering, Karur, Tamilnadu, India | [c] Computer Science and Engineering Department, Institute of Aeronautical Engineering, Hyderabad, Telangana, India | [d] Department of Computer Science and Engineering, Koneru Lakshmaiah Education Foundation, Hyderabad, Telangana, India | [e] Department of ECE, VSB College of Engineering Technical Campus, Coimbatore, Tamilnadu, India | [f] Department of Computer Science and Engineering, Graphic Era Hill University, Dehradun, India | [g] M.M. Institute of Computer Technology & Business Management (MCA), Maharishi Markandeshwar (Deemed to Be University), Mullana-Ambala, Haryana, India | [h] Department of Computer Science and Engineering, R.M.D. Engineering College, Kavaraipettai, Thiruvallur, Tamilnadu, India | [i] Department of CSE, R.V.R. & J.C. College of Engineering, Guntur, Andhra Pradesh, India
Correspondence: [*] Corresponding author. M. Kandan, Department of Computing Technologies, School of Computing, Faculty of Engineering and Technology, SRM Institute of Science and Technology, Kattankulathur 603203, Tamil Nadu, India. E-mail: [email protected].
Abstract: Privacy-Preserving Fuzzy Commitment Schemes (PPFCS) have emerged as a promising solution for secure Internet of Things (IoT) device authentication, addressing the critical need for privacy and security in the rapidly growing IoT ecosystem. This paper presents a novel PPFCS-based authentication mechanism that protects sensitive user data and ensures secure communication between IoT devices. The proposed scheme leverages error-correcting codes (ECC) and cryptographic hash functions to achieve reliable and efficient authentication. The PPFCS framework allows IoT devices to authenticate themselves without revealing their true identity, preventing unauthorized access and preserving users’ privacy. Furthermore, our PPFCS-based authentication mechanism is resilient against various attacks, such as replay, man-in-the-middle, and brute-force attacks, by incorporating secure random nonce generation and timely key updates. We provide extensive experimental results and comparative analysis, demonstrating that the proposed PPFCS significantly outperforms existing authentication schemes in terms of security, privacy, and computational efficiency. As a result, the PPFCS offers a viable and effective solution for ensuring secure and privacy-preserving IoT device authentication, mitigating the risks associated with unauthorized access and potential data breaches in the IoT ecosystem.
Keywords: Privacy-preserving, fuzzy commitment, IoT device authentication, error-correcting codes, cryptographic hash functions
DOI: 10.3233/JIFS-234100
Journal: Journal of Intelligent & Fuzzy Systems, vol. Pre-press, no. Pre-press, pp. 1-9, 2023
