| 发明名称 |
System and Method for Continuous Authentication in Internet of Things |
| 摘要 |
A system for continuous authentication of internet of things (IoT) devices in a communication network utilizes lightweight authentication for a sequence of message transmissions in a specific time-frame. A claimer device and a verifier device are in communication with the network. The claimer is configured to define a time frame and a time flag for an authentication session for a predetermined maximum number of messages, generate a time-bound share from a secret key, calculate a share authenticator for the share, combine a claimer identity (ID), a verifier ID, a message payload, the share, the share authenticator, a time flag, a timestamp, and message authenticator into a message, and send the message to the verifier within the time period. The verifier is configured to receive the message from the claimer, verify the message freshness, verify authenticity of the time flag and timestamp, and reveal and check the authenticity of the share. |
| 申请公布号 |
US2016352732(A1) |
申请公布日期 |
2016.12.01 |
| 申请号 |
US201615130083 |
申请日期 |
2016.04.15 |
| 申请人 |
Massachusetts lnstitute of Technology |
发明人 |
Bamasag Omaimah Omar;Youcef-Toumi Kamal |
| 分类号 |
H04L29/06;H04L9/32;H04L9/30 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. An internet of things (IoT) claimer device in communication with a verifier device, the claimer device comprising:
a network interface configured to communicate with the verifier device; and a processor and a memory storing non-transitory instructions for execution by the processor, wherein the processor and memory have limited capacities in comparison with a general purpose computer, wherein the processor is configured to perform functionality of the following units:
an authenticator generator unit configured to generate a time-bound share;a MAC generating unit; anda timing control unit configured to generate a timeslot; and the processor is further configured to perform a protocol comprising the following steps:
defining a time period for a continuous authentication session for a maximum number of messages;generating a time-bound share from a secret key;defining a time flag associated with the timeslot;calculating a share authenticator for the share;combining a claimer identity (ID), a verifier identity (ID), a message payload, the share, the share authenticator, a time flag, a timestamp, and a message authenticator into a message; andtransmitting the message to the verifier within the time period, wherein the continuous authentication session provides for authentication of multiple messages in the time period. |
| 地址 |
Cambridge MA US |
