An Improved Identity-Based Anonymous Authentication Scheme Resistant to Semi-Trusted Server Attacks

In mobile edge computing, the computing tasks of IoT terminal devices with limited computing power often need to be offloaded to servers for processing. However, there are malicious attacks by adversaries and malicious behaviors of servers in the network, coupled with the use of insecure network channels for data information transmission. These factors seriously threaten the privacy and data security of terminal devices and users. Therefore, it is urgent to use a safe and efficient anonymous authentication key agreement mechanism to verify the legitimacy of the identities of computing participants and ensure the safe transmission of task data. Recently Jia et al. proposed an identity-based authentication scheme, which combines many advantages of previous work and is resistant to various attacks. However, we found that their scheme has security problems, such as offline key guessing attack, internal attack, and user anonymity problems. We classify them as semi-trusted server attacks. In order to solve these security problems, we propose an improved scheme to better realize the authentication function by using flexible and security-enhanced keys for terminal equipment (TE), while ensuring the anonymity of the TE through implicit ID. Furthermore, we provide formal security proof, formal security verification, and security analysis for the improved protocol. Compared with the previous scheme, the scheme has certain improvements in security and performance.