A continuous authentication protocol without trust authority for zero trust architecture

Zero-trust security is a novel concept to cope with intricate access, which can not be handled by the conventional perimeter-based architecture anymore. The device-to-device continuous authentication protocol is one of the most crucial cornerstones, especially in the IoT scenario. In the zero-trust architecture, trust does not rely on any position, person or device. However, to the best of our knowledge, almost all existing device-to-device continuous authentication relies on a trust authority or a node to generate secret keys or secret values. This is betrayed by the principle of zero-trust architecture. In this paper, we employ the blockchain to eliminate the trusted node. One node is chosen to produce the public parameter and secret keys for two entities through the practical Byzantine fault tolerance consensus mechanism. Additionally, the devices are categorized into three folds: trusted device, suspected device and untrusted device. Only the first two can participate in authentication, and they have different lengths of security parameters and intervals to reach a better balance between security and efficiency. Then we prove the security of the initial authentication part in the eCK model and give an informal analysis of the continuous authentication part. Finally, we implement the proposed protocol on simulated devices. The result illustrates that our scheme is highly efficient, and the continuous authentication only costs around 0.1ms.