With the increasing number of smart mobile devices, applications based on mobile network take an indispensable role in the Internet of Things. Due to the limited computing power and restricted storage capacity of mobile devices, it is very necessary to design a secure and lightweight authentication scheme for mobile devices. As a lightweight cryptographic primitive, the hash chain is widely used in various cryptographic protocols and one-time password systems. However, most of the existing research work focuses on solving its inherent limitations and deficiencies, while ignoring its security issues. We propose a novel construction of hash chain that consists of multiple different hash functions of different output lengths and employ it in a time-based one-time password (TOTP) system for mobile device authentication. The security foundation of our construction is that the order of the hash functions is confidential and the security analysis demonstrates that it is more secure than other constructions. Moreover, we discuss the degeneration of our construction and implement the scheme in a mobile device. The simulation experiments show that the attacker cannot increase the probability of guessing the order by eavesdropping on the invalid passwords.

中文翻译：

---

基于新型哈希链的智能移动设备认证方案

随着智能移动设备数量的增加，基于移动网络的应用在物联网中扮演着不可或缺的角色。由于移动设备的有限计算能力和有限的存储容量，因此非常有必要为移动设备设计安全且轻便的身份验证方案。作为一种轻量级的密码原语，哈希链广泛用于各种密码协议和一次性密码系统中。但是，大多数现有的研究工作都集中在解决其固有的局限性和不足之处，而忽略了其安全性问题。我们提出了一种新颖的散列链结构，该散列链由多个具有不同输出长度的不同散列函数组成，并在基于时间的一次性密码（TOTP）系统中用于移动设备身份验证。我们构造的安全性基础是哈希函数的顺序是机密的，安全性分析表明它比其他构造更安全。此外，我们讨论了构造的退化并在移动设备中实现了该方案。仿真实验表明，攻击者无法通过窃听无效密码来提高猜测顺序的可能性。