Post-quantum secure anonymous authentication for smart cities
Abstract
The explosive growth of smart city infrastructures demands secure and private message exchange between heterogeneous IoT devices deployed in the city. Standard authentication schemes, primarily based on elliptic curve cryptography (ECC) or symmetric primitives, are vulnerable to future quantum adversaries and, thus, are not suitable for extended deployment in public urban settings. In this work, we introduce a new post-quantum anonymous authentication scheme that is based on key encapsulation via CRYSTALS-Kyber and signatures via CRYSTALS-Dilithium. This scheme is able to provide mutual authentication, user anonymity, perfect forward secrecy, and lightweight communication, making it applicable to resource-constrained environments in typical scenarios of smart cities. We provide a formal security proof of our construction under the RealOr-Random model for quantum adversaries (ROR-Q) and an informal analysis showing security against a number of attacks, including impersonation, replay, man-in-the-middle, and key compromise. We provide experimental evaluation on constrained platforms to show the feasibility of the protocol in terms of computational cost and the efficiency of the proposed solution for bandwidth validation for modern smart city applications.
Authors
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
