Mobile networks are set to play a crucial role as backbone network in IoT deployments due to their low cost, broad coverage, high bandwidth, and low latency. However, a challenging security issue prevalent in mobile networks across the various generations including 4G, is identity privacy. In a recent standard for 5G mobile network: 3GPP TS 33.501, an Elliptic Curve Integrated Encryption Scheme (ECIES) is adopted to tackle this issue. While this mechanism seems to provide a reasonable solution for modern smart phones, it may not be best suitable for resource constrained IoT devices because of the computationally intensive calculations involved in elliptic curve cryptography. In this paper, an alternative lightweight scheme for identity privacy of IoT devices in 5G mobile network is proposed. This new scheme called ‘HashXor’ requires only two Hash operations and three Xor operations for the IoT device to achieve its objective. The scheme is found safe and logically correct through security analysis and formal analysis (using AVISPA tool). Through an execution time analysis in the ATmega328P microchip, the scheme is found to be computationally efficient compared to ECIES and few other recent proposals in this area.

由于移动网络的低成本，广泛覆盖，高带宽和低延迟，它们将在IoT部署中作为骨干网发挥至关重要的作用。但是，在包括4G在内的各代移动网络中普遍存在的一个具有挑战性的安全问题是身份隐私。在最近的5G移动网络标准：3GPP TS 33.501中，采用了椭圆曲线集成加密方案（ECIES）来解决此问题。尽管此机制似乎为现代智能手机提供了合理的解决方案，但由于椭圆曲线加密技术涉及计算量大的计算，因此它可能并不最适合资源受限的IoT设备。本文提出了5G移动网络中IoT设备身份隐私的另一种轻量级方案。这种称为“ HashXor”的新方案仅需要两个Hash操作和三个Xor操作即可实现IoT设备的目标。通过安全分析和形式分析（使用AVISPA工具），可以发现该方案安全且在逻辑上是正确的。通过在ATmega328P芯片中执行时间的分析，发现该方案与ECIES和该领域的其他一些近期提议相比，在计算上是高效的。