Anti-Quantum Certificateless Group Authentication for Massive Accessing IoT Devices

Internet of Things (IoT) is one of the most representative application scenarios in the 5G and 6G era. The concurrent access of massive IoT devices definitely poses enormous communication, computation, and certificate management challenges to the wireless authentication. Moreover, the emergence of quantum computing makes classical cryptography-based authentication protocols, such as 5G-AKA, more easier to be broken. Facing the challenges posed by the massive concurrent authentication and quantum attacks, this paper proposes a lattice cryptography based group authentication scheme, where lattice-based aggregate signature algorithm and identity-based encryption (IBE) are leveraged to achieve simultaneous authentication of concurrent accessed devices. The proposed authentication scheme eliminates the process of public key certificate management, greatly reducing the storage overhead of core network. Moreover, the utilization of lattice cryptography enables the resistance of quantum attacks. The proposed solution does not rely on additional security assumptions such as security channel or trusted group center, making it more flexible to be deployed in actual network scenario. Finally, formal security analysis of the proposed protocol is provided with the tool ProVerif. It is demonstrated that the proposed protocol can satisfy the goals of identity privacy, authentication, data confidentiality and forward secrecy. In addition, compared with existing advanced solutions, the outperformance of the proposed scheme in terms of computation overhead, signaling overhead, communication overhead, and security properties is validated with simulations.