Post-quantum Remote Device Authentication and Data Analysis Protocols for IoT

Advances in networking and hardware technology have made the design and deployment of Internet of Things (IoTs) and decentralised applications a trend. For example, the fog computing concept and its associated edge computing technologies are pushing computations to the edge so that data aggregation can be avoided to some extent. This naturally brings benefits such as efficiency and privacy, but on the other hand, it forces data analysis tasks to be carried out in a distributed manner. Hence, we will focus on establishing a secure channel between an edge device and a server and performing data analysis with privacy protection.

In this thesis, we first studied the state-of-art Key Exchange (KE) and Authenticated Key Exchange (AKE) protocols in the literature, including security properties, security models for various security properties, existing KE and AKE schemes of pre-quantum and post-quantum era with varied authentication factors.

As a result of the above research, a novel IoT-oriented security model for AKE protocol is introduced. In addition to the general security properties satisfaction, we also define several detailed security games for the desired security properties of perfect forward secrecy, key compromise impersonation resilience and server compromise impersonation resilience.

Furthermore, by studying the current multi-factor AKE protocols in the literature, we are inspired by the usage of bigdata in the IoT setting for the authentication and session key establishment propose. With this in mind, we proposed a bigdata-facilitated two-party AKE protocol for IoT systems that uses the bigdata as one of the authentication factors. Moreover, we also proposed a modular framework for constructing IoT-server AKE in post-quantum setting. It is flexible that it can integrate with a public key encryption and a KE component.

In addition to this, we notice that as IoT generates and collects more and more data, the need to perform data analysis increases at the same time. In order to avoid the performance limitations of IoT devices, ease the burden of the server, and also guarantee the quality of service of IoT applications, we presented a privacy-preserving decentralised Singular Value Decomposition (SVD) for fog architecture, which could be considered as a multi-IoT and multi-server setting and provides protection for the bigdata set.

Next, we would like to further integrate the SVD results from different subsets using a federated learning mechanism. Privacy protection is always a fundamental requirement we need to consider; with this in mind, we proposed a privacy-preserving federated SVD scheme with secure aggregation. The results from the different edge devices are securely aggregated with the server and returned to the individual devices for further applications.