Author Identifier (ORCID)
Muhammad Waqas: https://orcid.org/0000-0003-0814-7544
Abstract
By utilizing the sensing and perception capabilities of various devices, the Internet of Things (IoT) enables more precise awareness of the real world, thereby enhancing management and resource utilization efficiency. However, due to their open deployment environments and frequent message exchanges, IoT endpoints are highly vulnerable to a wide range of security threats and privacy breaches, including forgery, data theft, and information leakage. Therefore, to address these challenges and ensure device legitimacy verification and secure data exchange among IoT devices, we propose a privacy-preserving and traceable certificateless anonymous mutual authentication scheme (PPT-CLAMA). PPT-CLAMA not only eliminates the need for a secure channel during key generation but also prevents attackers from tracing the real identity of devices through their own identity or public keys while providing pseudonym and anonymous authentication to devices, demonstrating greater practicality. Furthermore, through security proofs and analysis, PPT-CLAMA satisfies various high-level security properties, including mutual authentication, key agreement, nonrepudiation, unlinkability, perfect forward secrecy, known session-specific temporary information security, traceability, anonymity, and privacy preservation. The simulation results indicate that, compared to authentication and key agreement schemes, PPT-CLAMA reduces the average computational overhead and average communication overhead during the authentication process by 6.73% and 3.31%, respectively, demonstrating higher computational and communication efficiency.
Document Type
Journal Article
Date of Publication
1-1-2025
Publication Title
IEEE Transactions on Dependable and Secure Computing
Publisher
IEEE
School
School of Engineering
RAS ID
83716
Creative Commons License
This work is licensed under a Creative Commons Attribution-No Derivative Works 4.0 License.
Comments
This is an Author's Accepted Manuscript of an article published by IEEE. © 2025 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Gong, B., Wu, Y., Badshah, A., & Waqas, M. (2025). Privacy-preserving and traceable certificateless anonymous mutual authentication scheme for IoT. IEEE Transactions on Dependable and Secure Computing. Advance online publication. https://doi.org/10.1109/TDSC.2025.3597949