Two-factor authentication is increasingly demanded in the Internet of Things (IoT), especially those deployed in the critical infrastructure. However, resource and operational constraints of typical IoT devices are the key impediment, especially when the IoT device acts as a verifier. This paper proposes a novel authentication factor (namely, historical data) which, when combined with the conventional first authentication factor (a secret key), results in a scalable, lightweight two-factor entity authentication protocol for use in the IoT. In the new authentication factor, the data exchanged between a verifier and a prover is used as the secret information for the verifier to prove his identity to the verifier. Practically, the verifier needs all the historical data to prove his identity. Yet, through an innovative use of the proof of retrievability, the verifier only needs a constant storage regardless of the size of the historical data. Leveraging on the data retrieval and searching capability of contemporary big data technologies, the proposed authentication factor can achieve realtime, fault-tolerant verification. The use of historical data as an authentication factor has a very interesting leakage-resilience property. Besides, the proposed scheme demonstrates a tradeoff between security and computational overhead, and such scalability particularly suits the IoT, with devices of diverse capabilities.
展开▼
