A computer implemented system and method for lightweight authentication on datagram transport for internet of things

摘要

A computer implemented system and method for lightweight authentication on datagram transport for internet of things provides a robust authentication scheme based on challenge response type of exchanges between two endpoints sharing a pre-shared secret. A symmetric key-based security mechanism is utilized in the present disclosure where key management is integrated with authentication. It provides mutual authentication wherein the end-points in the system are provisioned with a pre-shared secret during a provisioning phase and a client database is provided at the server side for client identification. The system comprises random number generators for generation of nonces, and key generators to generate secret key and session key. The nonces and keys are valid only during the session and thus help in providing secure authentication across sessions. The system can be further adapted on transport layer security protocols like DTLS and can be integrated with application layer protocols like CoAP for constrained devices. 200 Authentication request from client with a unique id Client response encrypted with - 206 received key and nonce challenge 202 Server challenge to client with to server nonce including keying element 204 Server challenge deciphered 208 at client with shared secret Client response No satisfies the server 212 Client not authenticated Yes Client authenticated and key 210 sharing completion Server response to client 214 challenge 220 Server not No Server response Servr no Nosatisfies the authenticated c client challenge? Yes Server authenticated 218 222 N Secure channel establishment with key sharing