Volume 19, Issue 2 (9-2022)
JSDP 2022, 19(2): 73-86 |
Back to browse issues page
University of Mazandaran
Abstract: (1189 Views)
Today, we are witnessing the expansion of various Internet of Things (IoT) applications and services such as monitoring and health. These services are delivered to users via smart devices anywhere and anytime. Forecasts show that the IoT, which is controlled online in the user environment, will reach 25 billion devices worldwide by 2020.
Data security is one of the main concerns in the IoT. The IoT is supposed to deal with a population of about billions of objects, so the number of malicious attacks can be very high and alarming given the global connection (anyone access) and the wide availability (access to any place at any time). However, these accesses can make security and privacy critical. Reports show that 26% of IoT attacks in 2019 were related to non-authentication, which is why IoT authentication has become one of the most sensitive security concepts. IoT devices are usually left unattended and this makes it easy for an attacker to target such equipment. For example, security breaches and unwanted changes in patient's health parameters in smart health care systems can cause wrong treatments or even lead to his death. The fact that each device in the IoT knows who it is communicating with and at what level of access is one of the important aspects of security, especially in cases where various devices with different capabilities have to perform common tasks and cooperate with each other. IoT authentication is a trust model to protect control access and data when information travels between devices.
So far, different methods have been proposed for authentication in the IoT network. These methods are usually based on the public key, private key, random key distribution, and hash function. A point that should be taken into account in IoT authentication is that IoT networks and devices have limited bandwidth, low memory, low processing power, and energy limitations. Therefore, the proposed method should pay special attention to such limitations. In addition, IoT authentication needs to ensure enhanced security features such as confidentiality, data integrity, reliability, maintainability, scalability, and privacy to their consumers.
This paper proposes a two-way or mutual authentication protocol in which both devices authenticate each other without human intervention in a smart home network. The proposed protocol is based on asymmetric encryption for authentication of devices, which have a shared private session key, along with hashing operations in the network. Also, to ensure the security of communications at each session, each device has a one-time private session key. The session keys are changed regularly to ensure the security of sessions between devices. The proposed protocol is programmed by HLPSL and simulated and verified by the SPAN and AVISPA tools. The security analysis results show the proposed protocol is extremely practical, and secure against potential attacks.
Data security is one of the main concerns in the IoT. The IoT is supposed to deal with a population of about billions of objects, so the number of malicious attacks can be very high and alarming given the global connection (anyone access) and the wide availability (access to any place at any time). However, these accesses can make security and privacy critical. Reports show that 26% of IoT attacks in 2019 were related to non-authentication, which is why IoT authentication has become one of the most sensitive security concepts. IoT devices are usually left unattended and this makes it easy for an attacker to target such equipment. For example, security breaches and unwanted changes in patient's health parameters in smart health care systems can cause wrong treatments or even lead to his death. The fact that each device in the IoT knows who it is communicating with and at what level of access is one of the important aspects of security, especially in cases where various devices with different capabilities have to perform common tasks and cooperate with each other. IoT authentication is a trust model to protect control access and data when information travels between devices.
So far, different methods have been proposed for authentication in the IoT network. These methods are usually based on the public key, private key, random key distribution, and hash function. A point that should be taken into account in IoT authentication is that IoT networks and devices have limited bandwidth, low memory, low processing power, and energy limitations. Therefore, the proposed method should pay special attention to such limitations. In addition, IoT authentication needs to ensure enhanced security features such as confidentiality, data integrity, reliability, maintainability, scalability, and privacy to their consumers.
This paper proposes a two-way or mutual authentication protocol in which both devices authenticate each other without human intervention in a smart home network. The proposed protocol is based on asymmetric encryption for authentication of devices, which have a shared private session key, along with hashing operations in the network. Also, to ensure the security of communications at each session, each device has a one-time private session key. The session keys are changed regularly to ensure the security of sessions between devices. The proposed protocol is programmed by HLPSL and simulated and verified by the SPAN and AVISPA tools. The security analysis results show the proposed protocol is extremely practical, and secure against potential attacks.
Article number: 6
Type of Study: Research |
Subject:
Paper
Received: 2020/04/15 | Accepted: 2022/01/19 | Published: 2022/09/30 | ePublished: 2022/09/30
Received: 2020/04/15 | Accepted: 2022/01/19 | Published: 2022/09/30 | ePublished: 2022/09/30
References
1. [1] M. El-hajj, A. Fadlallah, M. Chamoun, and A. Serhrouchni, "A survey of internet of things (IoT) Authentication schemes," Sensors, vol. 19, pp. 1141, 2019. [DOI:10.3390/s19051141] [PMID] [PMCID]
2. [2] M. Wazid, A. K. Das, R. Hussain, G. Succi, and J. J. Rodrigues, "Authentication in cloud-driven IoT-based big data environment: Survey and outlook," Journal of Systems Architecture, vol. 97, pp. 185-196, 2019. [DOI:10.1016/j.sysarc.2018.12.005]
3. [3] M. Saadeh, A. Sleit, M. Qatawneh, and W. Almobaideen, "Authentication techniques for the internet of things: A survey," in 2016 cybersecurity and cyberforensics conference (CCC), 2016, pp. 28-34. [DOI:10.1109/CCC.2016.22]
4. [4] S. Kalra and S. K. Sood, "Secure authentication scheme for IoT and cloud servers," Pervasive and Mobile Computing, vol. 24, pp. 210-223, 2015. [DOI:10.1016/j.pmcj.2015.08.001]
5. [5] M. A. Crossman and H. Liu, "Study of authentication with IoT testbed," in 2015 IEEE International Symposium on Technologies for Homeland Security (HST), 2015, pp. 1-7. [DOI:10.1109/THS.2015.7225303] [PMID] [PMCID]
6. [6] H. Ren, Y. Song, S. Yang, and F. Situ, "Secure smart home: A voiceprint and internet based authentication system for remote accessing," in 2016 11th International Conference on Computer Science & Education (ICCSE), 2016, pp. 247-251. [DOI:10.1109/ICCSE.2016.7581588] [PMCID]
7. [7] A. Ukil, S. Bandyopadhyay, A. Bhattacharyya, and A. Pal, "Lightweight security scheme for vehicle tracking system using CoAP," in Proceedings of the International Workshop on Adaptive Security, 2013, pp. 1-8. [DOI:10.1145/2523501.2523504]
8. [8] L. Barreto, A. Celesti, M. Villari, M. Fazio, and A. Puliafito, "An authentication model for IoT clouds," in 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), 2015, pp. 1032-1035. [DOI:10.1145/2808797.2809361]
9. [9] S. Janbabaei, H. Gharaee, and N. Mohammadzadeh, "The Lightweight Authentication Scheme with Capabilities of Anonymity and Trust in Internet of Things (IoT)," Signal and Data Processing, vol. 15, no. 4, pp. 111-122, 2019. [DOI:10.29252/jsdp.15.4.111]
10. [10] M. Dammak, O. R. M. Boudia, M. A. Messous, S. M. Senouci, and C. Gransart, "Token-based lightweight authentication to secure IoT networks," in 2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC), 2019: IEEE, pp. 1-4. [DOI:10.1109/CCNC.2019.8651825]
11. [11] K. Park et al., "LAKS-NVT: Provably Secure and Lightweight Authentication and Key Agreement Scheme without Verification Table in Medical Internet of Things," IEEE Access, vol. 8, pp. 119387-119404, 2020. [DOI:10.1109/ACCESS.2020.3005592]
12. [12] V. Plantevin, A. Bouzouane, B. Bouchard, and S. Gaboury, "Towards a more reliable and scalable architecture for smart home environments," Journal of Ambient Intelligence and Humanized Computing, vol. 10, pp. 2645-2656, 2019. [DOI:10.1007/s12652-018-0954-5]
13. [13] I. Lee and K. Lee, "The Internet of Things (IoT): Applications, investments, and challenges for enterprises," Business Horizons, vol. 58, pp. 431-440, 2015. [DOI:10.1016/j.bushor.2015.03.008]
14. [14] V. Hassija, V. Chamola, V. Saxena, D. Jain, P. Goyal, and B. Sikdar, "A survey on IoT security: application areas, security threats, and solution architectures," IEEE Access, vol. 7, pp. 82721-82743, 2019. [DOI:10.1109/ACCESS.2019.2924045]
15. [15] N. Moustafa, "A Systemic IoT-Fog-Cloud Architecture for Big-Data Analytics and Cyber Security Systems: A Review of Fog Computing," arXiv preprint arXiv:1906.01055, 2019.
16. [16] Y. Atwady and M. Hammoudeh, "A survey on authentication techniques for the internet of things," in Proceedings of the International Conference on Future Networks and Distributed Systems, 2017. [DOI:10.1145/3102304.3102312]
17. [17] V. Shivraj, M. Rajan, M. Singh, and P. Balamuralidhar, "One time password authentication scheme based on elliptic curves for Internet of Things (IoT)," in 2015 5th National Symposium on Information Technology: Towards New Smart World (NSITNSW), 2015, pp. 1-6. [DOI:10.1109/NSITNSW.2015.7176384]
18. [18] W.-T. Su, W.-M. Wong, and W.-C. Chen, "A survey of performance improvement by group-based authentication in IoT," in 2016 International Conference on Applied System Innovation (ICASI), 2016, pp. 1-4.
19. [19] F. Chu, R. Zhang, R. Ni, and W. Dai, "An improved identity authentication scheme for internet of things in heterogeneous networking environments," in 2013 16th International Conference on Network-Based Information Systems, 2013, pp. 589-593. [DOI:10.1109/NBiS.2013.98]
20. [20] X. Yao, X. Han, X. Du, and X. Zhou, "A lightweight multicast authentication mechanism for small scale IoT applications," IEEE Sensors Journal, vol. 13, pp. 3693-3701, 2013. [DOI:10.1109/JSEN.2013.2266116]
21. [21] N. Shone, C. Dobbins, W. Hurst, and Q. Shi, "Digital memories based mobile user authentication for IoT," in 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing, 2015, pp. 1796-1802. [DOI:10.1109/CIT/IUCC/DASC/PICOM.2015.270]
22. [22] H. Tschofenig, "Fixing user authentication for the internet of things (iot)," Datenschutz und Datensicherheit-DuD, vol. 40, pp. 222-224, 2016. [DOI:10.1007/s11623-016-0582-1]
23. [23] L. Takkinen, "Analysing security protocols with AVISPA," in TKK T-110.7290 research seminar on network security, 2006.
24. [24] S. Emerson, Y.-K. Choi, D.-Y. Hwang, K.-S. Kim, and K.-H. Kim, "An OAuth based authentication mechanism for IoT networks," in 2015 International Conference on Information and Communication Technology Convergence (ICTC), 2015, pp. 1072-1074. [DOI:10.1109/ICTC.2015.7354740]
25. [25] http://www.avispa-project.org/, online, 2020.
| Rights and permissions | |
 |
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. |