How to Authenticate a Device? Formal Authentication Models for M2M Communications Defending against Ghost Compromising Attack

摘要

In Machine-to-Machine (M2M) communications, authentication of a device is of upmost importance for applications of Internet of Things. As traditional authentication schemes always assume the presence of a person, most authentication technologies cannot be applied in machine-centric M2M context. In this paper, we make the first attempt to formally model the authentication in M2M. We first model four attacking adversaries that can formulate all possible attacks in M2M, which are channel eavesdropping attack, credential compromise attack, function compromise attack, and ghost compromise attack. Next, we propose four models to tackle those corresponding adversaries, namely, credential-based model, machine-metrics-based model, reference-based model, and witness-based model. We also illustrate several concrete attacking methods and authentication approaches. We proof the authentication security for all proposed models and compare them for clarity. Our models present soundness and completeness in terms of authentication security, which can guide the design and analysis of concrete authentication protocols. Particularly, we construct a uniform authentication framework for M2M context and point out all possible authentication mechanisms in M2M.