To understand the problem raised in the paper, we have to clarify two important concepts included in its title. One of the concepts is yoking-proof-based authentication. The idea of a yoking-proof protocol for radio-frequency identifications (RFIDs) is outlined in Juels’ paper [1]. It means basically coupling or pairing (“yoking”) two devices having computationally limited resources. The yoking enforces that both devices should be present when scanning happens by a reading device. The other concept is cloud-assisted wearable devices, which include any Internet of Things (IoT) applications, sensors, or gadgets that can be connected to a cloud through some communicating device, for example, a smartphone, and can be worn on the body. In such a scenario, the specific wearable device and the cloud represent the two parties that should be (strongly) coupled.
IoT wearable devices constrain computational capacity, hence an appropriate protocol and cryptographic algorithm are required to ensure confidentiality, integrity, mutual trust, and protection against eavesdropping. These concerns contain mutually opposite demands so that a reasonable compromise should be found. The paper proposes a lightweight authentication protocol to implement a suitable identification mechanism in a secure manner.
The paper was published in a peer-reviewed journal; this fact is important for the reason that the paper contains a detailed mathematical formalism for the cryptographic procedures and algorithms. The basic idea for mutual authentication is a handshaking, a Diffie-Hellman-like method that takes into account the computational resource limitations when generating pseudo-random numbers and shares a secret key. The computationally heavy part of the algorithm is carried out in the cloud to perform the verification for wearable devices that are connected to the cloud through a smartphone. The protocol uses as a parameters the identification data of devices, the secret key, and a randomly generated hash to support the message exchange and to prove that the parties (devices, agent in the cloud) can mutually trust each other. The mathematics of the cryptographic procedures shown in the paper seems plausible. A formal security analysis proves the validity of the proposed algorithm [2].
A performance analysis is executed as well, to buttress the suitability of the algorithm in an environment that is computationally resource constrained and having real-time requirements. Only the resource-intensive hash generation was delegated to the IoT devices; the other computational tasks are carried out in the cloud so that the solution produces good performance in a real-time environment.
The paper might be interesting for researchers in the fields of security, ubiquitous computing, and IoT applications.
