Non-interactive authentication and confidential information exchange for mobile environments

Abstract

The growing number of devices that can connect to the Internet has given rise to a new concept that is having much impact nowadays, the Internet of Things. Thus, it is necessary to devise innovative security schemes to become accustomed to this new dimension of the Internet, where everything is connected to everything. This paper describes a new scheme for authentication and exchange of confidential information in the non-secure environment of the Internet of Things. The proposal is based on the concept of non-interactive zero-knowledge proofs, allowing that in a single communication, relevant data may be inferred for verifying the legitimacy of network nodes, and for sharing a session key. The proposal has been developed for the platforms built on the Android Open Source Project so it can be used both in smartphones and wearable devices. This paper provides a full description of the design, implementation and analysis of the proposed scheme. It also includes a comparison to similar schemes, which has revealed promising results.