Zero-trust security is a novel concept to cope with intricate access,which can not be handled by the conventional perimeter-based architecture any-more.The device-to-device continuous authentication protocol is one of the most crucial cornerstones,es-pecially in the IoT scenario.In the zero-trust archi-tecture,trust does not rely on any position,person or device.However,to the best of our knowledge,almost all existing device-to-device continuous authentication relies on a trust authority or a node to generate secret keys or secret values.This is betrayed by the principle of zero-trust architecture.In this paper,we employ the blockchain to eliminate the trusted node.One node is chosen to produce the public parameter and secret keys for two entities through the practical Byzantine fault tolerance consensus mechanism.Additionally,the devices are categorized into three folds:trusted device,suspected device and untrusted device.Only the first two can participate in authentication,and they have different lengths of security parameters and in-tervals to reach a better balance between security and efficiency.Then we prove the security of the initial authentication part in the eCK model and give an in-formal analysis of the continuous authentication part.Finally,we implement the proposed protocol on sim-ulated devices.The result illustrates that our scheme is highly efficient,and the continuous authentication only costs around 0.1ms.

Lei Meng;Daochao Huang;Jiahang An;Xianwei Zhou;Fuhong Lin

School of Computer and Communication Engineering,University of Science and Technology Beijing,Beijing 100083,China;National Computer Network Emergency Response Technical Team/Coordination Center of China(CNCERT/CC),Beijing 100029,China;Shunde Graduate School of University of Science and Technology Beijing,Guangdong,528399,China

中国通信（英文版）

[1]Lei Meng;Daochao Huang;Jiahang An;Xianwei Zhou;Fuhong Lin-.A Continuous Authentication Protocol Without Trust Authority for Zero Trust Architecture)[J].中国通信（英文版）,2022(08):198-213

betrayed,tervals,eCK

Continuous,Authentication,Protocol,Without,Trust,Authority,Zero,Architecture,security,novel,concept,cope,intricate,access,which,can,not,handled,by,conventional,perimeter,architecture,any,more,continuous,authentication,protocol,crucial,cornerstones,pecially,IoT,scenario,In,zero,does,rely,position,person,However,best,our,knowledge,almost,existing,relies,authority,node,generate,secret,keys,values,This,principle,this,paper,employ,blockchain,eliminate,One,chosen,produce,public,two,entities,through,practical,Byzantine,fault,tolerance,consensus,mechanism,Additionally,devices,are,categorized,into,three,folds,suspected,untrusted,Only,first,participate,they,have,different,lengths,parameters,reach,better,balance,between,efficiency,Then,prove,initial,model,give,formal,analysis,Finally,implement,proposed,sim,ulated,result,illustrates,that,scheme,highly,efficient,only,costs,around,1ms

0.549957