物聯網連結了各種不同可以能夠透過網路連線的裝置，在低運算能力消耗及有限的記憶體空間下，物聯網裝置提供使用者大量的資訊和服務。但急速增長的物聯網裝置在安全及隱私的需求上可能會對使用者造成潛在的危害。因此，開始有許多輕量化的使用者認證研究兩大隱私需求:使用者匿名及訊息的保密性，提供了保護。然而在現行大部分的文獻中，這兩大需求幾乎都是透過一個可信任的第三方(TTP)來提供保證，一旦第三方的保護被破壞，使用者的身分及訊息內容都會被攻擊者知道。另外，雖然有些研究能夠透過分散使用者資訊到不同的實體來提供更好的匿名性保護，但系統需要相當高的成本，對於資源有限的物聯網裝置並不友善。我們提出的方法中，只需要透過一個半可信的第三方(STTP)便能讓身份的匿名保護成為一項獨立的服務。我們設計了一個輕量化可撤銷的匿名認證協定。在我們設計的協定中，只需要使用到負擔極低的輕量化加密方式，如物理不可複製函數(PUF)、雜湊函數和異或運算。並且我們的設計會分散第三方能力，來提供更好的安全性及隱私保證。

The Internet of Things (IoT) represents all physical devices that can be connected to the Internet. With low computational power and limited memory space, billions of IoT devices provide great amount of information and services. However, the dramatically increasing number of the IoT devices cause various security and privacy concerns to the users. Hence, several lightweight user authentication schemes have been proposed recently to achieve two imperative privacy features, user anonymity and message confidentiality. Unfortunately, most of these proposals employ only on trusted third party (TTP) to maintain both features, which let the adversary obtain private information of both identity and content for all users by breaking into the TTP. Although other proposals distribute of user identities into several parties to support anonymity, the following massive cost makes them not attractive to be implemented in IoT environment. Here, we propose that identity protection can be an independent service provided with only a semi-trusted TP (STTP) in IoT environment. This paper proposes a lightweight revocable anonymous authentication scheme using only lightweight cryptographic primitives such as Physically Unclonable Function (PUF), one-way hash function, exclusive-or operations. Through decentralized trust, the proposed scheme fulfills stronger security and privacy guarantee compared to the previous works.

[1] Y. Lindell, "Anonymous authentication," Journal of Privacy and Confidentiality, 2(2):4, 2007..
[2] D. Goldschlag, M.Reed and P. Syverson, "Onion Routing for Anonymous and Private Internet Connections," Communications of the ACM, 1999, pp. 39-41
[3] P. Syverson G.Tsudik, M.Reed and C. Landwehr, "Towards an Analysis of Onion Routing Security, " Workshop on Design Issues in Anonymity and Unobservability, 2000
[4] M.K. Reiter and A.D. Rubin, "Crowds: Anonymity for Web Transactions, " ACM Transactions on Information and System Security, 1998, PP66-92.
[5] P. Venkitasubramaniam and A. Mishra, "Anonymity of memory limited Chaum mixes under timing analysis: An information theoretic perspective", IEEE Trans. Inf. Theory, vol. 61, no. 2, pp. 996-1009, Feb. 2015.
[6] R.L. Rivest, A. Shamir and Y. Tauman, "How to Leak a Secret, "ASIACRYPT 2001, Springer-Verlag(LNCS 2248), 2001, pp. 552-565.
[7] David Chaum and Eug`ene Van Heyst, "Group signatures," In D.W. Davies, editor, Advances in Cryptology — Eurocrypt ’91, pages 257–265, Berlin, 1991. SpringerVerlag. Lecture Notes in Computer Science No. 547
[8] U. Chatterjee, R. S. Chakraborty, and D. Mukhopadhyay, “A PUF-based secure communication protocol for IoT,” ACM Trans. Embedded Comput. Syst., vol. 16, no. 3, p. 67, 2017.
[9] A. Braeken, “PUF based authentication protocol for IoT,” Symmetry,vol. 10, no. 8, p. 352, 2018.
[10] S. Garg, K. Kaur, G. Kaddoum and K.-K. R. Choo, "Towards secure and provable authentication for Internet of Things: Realizing industry 4.0", IEEE Internet Things J
[11] S. Janbabaei, H. Gharaee and N. Mohammadzadeh, "Lightweight, anonymous and mutual authentication in IoT infrastructure," 2016 8th International Symposium on Telecommunications (IST), Tehran, 2016, pp. 162-166, doi: 10.1109/ISTEL.2016.7881802.
[12] A. J. Paverd, A. Martin, and I. Brown, “Modelling and Automatically Analysing Privacy Properties for Honest-but-Curious Adversaries,” Tech. Rep., 2014. [Online]. Available: https://www.cs.ox.ac.uk/people/ andrew.paverd/casper/ca -sper-privacy-report.pdf.
[13] Charles Herder, Meng-Day (Mandel) Yu, Farinaz Koushanfar, and Srinivas Devadas, "Physical Unclonable Functions and Applications: A Tutorial," Proceedings of the IEEE, vol. 102, Aug. 2014, pp. 1126-1141.
[14] G. E. Suh, and S. Devadas, "Pysical Unclonable Functions for Device Authentication and Secret Key Generation," Proceedings of IEEE/ACM DAC, June 2007, pp. 9-14.
[15] V. T. Kilari, S. Misra and G. Xue, "Revocable anonymity based authentication for vehicle to grid (V2G) communications," 2016 IEEE International Conference on Smart Grid Communications (SmartGridComm), Sydney, NSW, 2016, pp. 351-356, doi: 10.1109/SmartGridComm.2016.7778786.
[16] H. Xiong and Z. Qin, "Revocable and Scalable Certificateless Remote Authentication Protocol With Anonymity for Wireless Body Area Networks," in IEEE Transactions on Information Forensics and Security, vol. 10, no. 7, pp. 1442-1455, July 2015, doi: 10.1109/TIFS.2015.2414399.
[17] M. Aman, K. Chua, C. Kee and B. Sikdar, "Mutual Authentication in IoT Systems using Physical Unclonable Functions", IEEE Internet of Things Journal, vol. PP, no. 99, pp. 1-1, May 2017
[18] N.N. Anandakumar, M.S. Hashmi and S.K. Sanadhya, "Compact Implementations of FPGA based PUFs with Enhanced Performance", 2017 30th International Conference on VLSI Design and 2017 16th International Conference on Embedded Systems (VLSID), pp. 161-166, 2017..
[19] M Majzoobi, R University, Houston et al., Automated Design Implementation and Evaluation of Arbiter-based PUF on FPGA using Programmable Delay Lines, [online] Available: eprint.iacr.org
[20] Durga Prasad Sahoo, Debdeep Mukhopadhyay, Rajat Subhra Chakraborty, and Phuong Ha Nguyen. A Multiplexer-Based Arbiter PUF Composition with Enhanced Reliability and Security. IEEE Transactions on Computers, 67(3):403–417, 2018.
[21] M. Burrows, M. Abadi, and R. Needham, “A logic of authentication”, ACM Transactions on Computer Systems, 8, February 1990.
[22] W. Mao and C. Boyd, “Towards formal analysis of security protocols”, Proc. Computer Security Foundations Workshop VI, pp. 147-158, June 1993.
[23] D. Dolev and A.C. Yao, "On the security of public-key protocols", IEEE Transactions on Information Theory, vol. 29, no. 8, pp. 198-208, August 1983.
[24] M. Kocheta, N. Sujatha, K. Sivakanya, R. Srikanth, S. Shetty and P. V. Ananda Mohan, "A review of some recent stream ciphers," 2013 International conference on Circuits, Controls and Communications (CCUBE), Bengaluru, 2013, pp. 1-6.
[25] F. De Santis, A. Schauer and G. Sigl, "ChaCha20-Poly1305 authenticated encryption for high-speed embedded IoT applications," Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017, Lausanne, 2017, pp. 692-697, doi: 10.23919/DATE.2017.7927078.
[26] Hwang, T-L., & Gope, P. (2015). IAR-CTR and IAR-CFB: Integrity aware real-time based counter and cipher feedback modes. Security and Communication Networks, 8(18), 3939-3952. https://doi.org/10.1002/sec.1312
[27] M. A. Kumar and R. Bhakthavatchalu, "FPGA based delay PUF implementation for security applications," 2017 International Conference on Technological Advancements in Power and Energy ( TAP Energy), Kollam, 2017, pp. 1-6.