物聯網(Internet of Things , IoT )是一個受到高度關注的議題，近年來，物聯網系統的安全性成為整個領域一個很重要的研究項目。相互認證(Mutual Authentication)在物聯網裝置與伺服器之間對於安全性成為了一個很重要的部分。基於單一鑰匙的認證在物聯網被廣泛的應用，但對於旁道攻擊(Side channel attack)或是字典攻擊(Dictionary attack)顯得非常脆弱、易被攻擊。在本研究中，提出了一個基於多把鑰匙的三階段輕量化互相認證機制。將整個系統分為：認證階段、溝通階段、改變金鑰階段，將數把鑰匙存放在本地端的資料庫，由一個鑰匙管理者(Key manager)進行管理，且為了防止長時間鑰匙內容不變有被竊的風險在，資料庫內的鑰匙會隨時間改變。本研究並解釋如何防止常見的攻擊手法，最後透過與其他認證系統比較，說明本研究為一個較為輕量的物聯網認證方法。

Internet of Things is an issue of much concerned and, in last few years, security of the IoT systems has become a field of important research activities.
Mutual authentication between IoT devices and IoT servers is an important part of secure IoT systems. Single password-based authentication is widely used in IoT system, but which is easily being attack by side channel attack or dictionary attack. In this paper, we propose a multi-key based three-phase lightweight mutual authentication. We separate whole system into: authentication phase, communication phase, key value changing phase, putting keys into a local database, and the keys are managed by a key manager. In order to prevent keys from stolen while long time passed, the keys in the database will changing through times. In this paper, we will explain how to defense common attack on IoT devices, and finally, we will compare to other authentication method to present that our method is a lightweight IoT authentication.

[1]A.Al-Fuqaha, M.Guizani, M.Mohammadi, M.Aledhari, andM.Ayyash, “Internet ofThings: A Survey on Enabling Technologies, Protocols, and Applications,” IEEE Commun.Surv. Tutorials, vol. 17, no. 4, pp. 2347–2376, 2015.
[2] The Internet of Things Reference Model, CISCO, San Jose, CA,USA, 2014. [Online]. Available: http://cdn.iotwf.com/resources/71/
[3] Jing, Q., Vasilakos, A. V., Wan, J., Lu, J., & Qiu, D.(2014). Security of the internet of things: Perspectives and challenges. Wireless Networks, 20(8), 2481-2501. IoT_Reference_Model_White_Paper_June_4_2014.pdf
[4] Genkin, D., Pachmanov, L., Pipman, I., and Tromer, E.ECDH key-extraction via low-bandwidth electromagnetic attacks on PCs. In Proceedings of the Cryptographers' Trackof the RSA Conference (CT-RSA 2016). Springer, 2016, 219–235
[5] Craig Ramsay & Jasper Lohuis, TEMPEST attacks against AES. October 2015.
[6] Dragan Peraković, Marko Periša, Ivan Cvitić "Analysis of the IoT impact on volume of DDoS attacks" XXXIISimpozijum o novim tehnologijama u poštanskom Itelekomunikacionom saobraćaju – PosTel 2015, Beograd, 1. I 2. December 2015.
[7] M. Aman, K. Chua, C. Kee, and B. Sikdar, “Mutual Authentication in IoT Systems using Physical Unclonable Functions,” IEEE Internet of Things Journal, Vol. PP, No. 99, pp. 1-1, May 2017
[8] T. Xu, J. B. Wendt, and M. Potkonjak, “Security of IoT systems: Design challenges and opportunities,” in Proc. IEEE/ACM ICCAD, San Jose,CA, USA, Nov. 2014, pp. 417–423.
[9] Security in the Internet of Things, Wind River, Alameda, CA,
USA, Jan. 2015. [Online]. Available: http://www.windriver.com/
whitepapers/security-in-the-internet-of-things/wr_security-in-the-internet-
of-things.pdf
[10] I. Hussain, M.C. Negi and N. Pandey, "A secure IoT-based power plant control using RSA and DES encryption techniques in data link layer", International Conference on Infocom Technologies and Unmanned Systems (Trends and Future Directions) (ICTUS), pp. 464-470, 2017.
[11] V. L. Shivraj, M. A. Rajan, M. Singh, and P. Balamuralidhar, “One time password authentication scheme based on elliptic curves for Internet of Things (IoT),” in Proc. Nat. Symp. Inf. Technol. Towards New Smart World (NSITNSW), Riyadh, Saudi Arabia, Feb. 2015, pp. 1–6.
[12] Kumar Sekhar Roy and Hemanta Kumar Kalita, "A Survey on Authentication Schemes in IoT", 2017 International Conference on Information Technology (ICIT), pp. 202-207, 2017.
[13] N. Floissac and Y. L'hyver, "From AES-128 to AES-192 and AES-256 How to Adapt Differential Fault Analysis Attacks on Key Expansion", Fault Diagnosis and Tolerance in Cryptography (FDTC) 2011 Workshop on, pp. 43-53, 28-28 Sept. 2011.
[14] Kalra, S., & Sood, S. K. (2015). Secure authentication scheme for IoT and cloud servers. Pervasive and Mobile Computing, 24, 210-223.
[15] Porambage, P., Schmitt, C., Kumar, P., Gurtov, A., &Ylianttila, M. (2014). PAuthKey: A pervasive authentication protocol and key establishment scheme for wireless sensor networks in distributed IoT applications. International Journal
of Distributed Sensor Networks, 10(7), 357430.
[16] Danger, J. L., Guilley, S., Hoogvorst, P., Murdica, C., & Naccache, D. (2013). A synthesis of side-channel attacks on elliptic curve cryptography in smart-cards. Journal of Cryptographic Engineering, 3(4), 241-265.
[17] L. A. Tawalbeh and T. F. Somani, "More secure Internet of Things using robust encryption algorithms against side channel attacks", AICCSA, pp. 1-6, Nov 2016.
[18] C. Li et al., "Securing SDN infrastructure of IoT–fog networks from MitM attacks", IEEE Internet Things J., vol. 4, no. 5, pp. 1156-1164, Oct. 2017.
[19] Irfan A. Landge and Hannan Satopay, "Secured IoT Through Hashing Using MD5", IEEE 2018 Fourth International Conference on AEEICB, Feb. 2018.
[20] James Jin Kang ; Kiran Fahd ; Sitalakshmi Venkatraman ; Rolando Trujillo-Rasua ; Paul Haskell-Dowland,” Hybrid Routing for Man-in-the-Middle (MITM) Attack Detection in IoT Networks”, 2019 29th International Telecommunication Networks and Applications Conference (ITNAC)
[21] Pammu, A. A., Chong, K. S., Ho, W. G., & Gwee, B. H.(2016, October). Interceptive side channel attack on AES-128wireless communications for IoT applications. In Circuits and Systems (APCCAS), 2016 IEEE Asia Pacific Conference on (pp. 650-653). IEEE.
[22] M. Daud, R. Rasiah, M. George, D. Asirvatham, A. F. A. Rahman and A. Ab Halim, "Denial of service:(DoS) Impact on sensors", 2018 4th International Conference on Information Management (ICIM) (pp. 270-274), 2018, May.
Telecommunications Conference, 2003. GLOBECOM'03. IEEE. Vol. 3. IEEE, 2003.
[23] M. Daud, R. Rasiah, M. George, D. Asirvatham, A. F. A. Rahman and A. Ab Halim, "Denial of service:(DoS) Impact on sensors", 2018 4th International Conference on Information Management (ICIM) (pp. 270-274), 2018, May.
Telecommunications Conference, 2003. GLOBECOM'03. IEEE. Vol. 3. IEEE, 2003.
[24]T. Shah and S. Venkatesan, "Authentication of iot device and iot server using secure vaults", 2018 17th IEEE International Conference On Trust Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), pp. 819-824, Aug 2018.