Privacy-preserving and traceable certificateless anonymous mutual authentication scheme for IoT

Author Identifier (ORCID)

Muhammad Waqas: https://orcid.org/0000-0003-0814-7544

Abstract

By utilizing the sensing and perception capabilities of various devices, the Internet of Things (IoT) enables more precise awareness of the real world, thereby enhancing management and resource utilization efficiency. However, due to their open deployment environments and frequent message exchanges, IoT endpoints are highly vulnerable to a wide range of security threats and privacy breaches, including forgery, data theft, and information leakage. Therefore, to address these challenges and ensure device legitimacy verification and secure data exchange among IoT devices, we propose a privacy-preserving and traceable certificateless anonymous mutual authentication scheme (PPT-CLAMA). PPT-CLAMA not only eliminates the need for a secure channel during key generation but also prevents attackers from tracing the real identity of devices through their own identity or public keys while providing pseudonym and anonymous authentication to devices, demonstrating greater practicality. Furthermore, through security proofs and analysis, PPT-CLAMA satisfies various high-level security properties, including mutual authentication, key agreement, nonrepudiation, unlinkability, perfect forward secrecy, known session-specific temporary information security, traceability, anonymity, and privacy preservation. The simulation results indicate that, compared to authentication and key agreement schemes, PPT-CLAMA reduces the average computational overhead and average communication overhead during the authentication process by 6.73% and 3.31%, respectively, demonstrating higher computational and communication efficiency.

Document Type

Journal Article

Date of Publication

1-1-2025

Publication Title

IEEE Transactions on Dependable and Secure Computing

Publisher

IEEE

School

School of Engineering

RAS ID

83716

Comments

Gong, B., Wu, Y., Badshah, A., & Waqas, M. (2025). Privacy-preserving and traceable certificateless anonymous mutual authentication scheme for IoT. IEEE Transactions on Dependable and Secure Computing. Advance online publication. https://doi.org/10.1109/TDSC.2025.3597949

Copyright

subscription content

Link to Full Text

Share

 
COinS
 

Link to publisher version (DOI)

10.1109/TDSC.2025.3597949