A lightweight zero-trust authentication architecture for IoT via unified enhanced FAST-SM9 and dynamic re-authentication

Authentication is a crucial challenge for Internet of Things (IoT) security, especially in open, distributed and resource-constrained environments. Current methods have significant shortcomings in terms of efficiency, adaptability, and ability to cope with complicated security threats. Therefore, this paper proposes a lightweight authentication framework for Cloud-Edge-End, which integrates the enhanced Fast Authentication and Signature Trust for SM9 (FAST-SM9) algorithm and zero-trust Dynamic Re-authentication (zero-trust-DRA) mechanism. First, FAST-SM9 effectively reduces protocol overhead, and meanwhile ensuring security by organically integrating authentication and signature processes. Its architectural optimization reduces the number of communication rounds by 40% and simplifies trust negotiation between heterogeneous layers without affecting the integrity of encryption mechanisms. To enhance runtime protection, the designed zero-trust-DRA mechanism also introduces context-aware, time-windowed based re-authentication techniques so as to efficiently defend against risks such as session hijacking and credential leakage. In addition, the Dynamic Identity Token Generation Mechanism (DITGM) enhances the security and flexibility of the system by incorporating multi-factor attributes such as fingerprints and OTP seeds into time-sensitive tokens. Experimental results show that this scheme reduces latency by 56.6% and energy consumption by 63% compared to traditional PKI edge authentication methods, and effectively resists related attacks. The formal tool AVISPA verification further confirms its security. The scalability testing also proves its applicability in IoT. A feasible path is provided for efficient and secure identity authentication in distributed systems, which helps to promote the development of zero-trust security systems.