Lightweight Secure Identity Authentication Scheme for Restricted IoT Devices

With the wide application of IoT in many fields, IoT security has become the main reason to hinder the development of IoT. Two-way authentication of IoT devices is a basic requirement to ensure the communication security of IoT devices, however, for IoT devices with limited computation, storage and energy, the security schemes in traditional Internet cannot be applied to the restricted IoT devices. To solve these problems, this paper designs a lightweight secure authentication scheme for constrained IoT devices. The scheme uses pre-shared key (PSK) combined with temporary key generated by temporary elliptic curve (ECDHE) to generate a session key for the session, and completes the challenge answer by the session key to achieve two-way authentication of the device. The scheme is implemented by ActiveMQ and FuseSource MQTT, and experiments are conducted to compare different metrics with ECDHE-RSA cipher suite and AugMQTT authentication scheme in TLS protocol, respectively. The experimental results show that the authentication scheme designed in this paper makes up for the forward security defect in the AugMQTT authentication scheme, and the scheme is more secure; compared with the ECDHE-RSA authentication method, the execution time and CPU usage are reduced by 20% and the bandwidth usage is reduced by nearly 50%, and the scheme is more lightweight and suitable for resource-constrained IoT devices.