Lin Yao,Lei Wang,Xiangwei Kong,Guowei Wu,Feng Xia

DOI: https://doi.org/10.1016/j.camwa.2010.01.010

IF: 3.218

2010-01-01

Computers & Mathematics with Applications

Abstract:In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic. Crown Copyright (C) 2010 Published by Elsevier Ltd. All rights reserved.

Liang Kou,Yiqi Shi,Liguo Zhang,Duo Liu,Qing Yang

DOI: https://doi.org/10.32604/cmc.2019.03760

2019-01-01

Abstract:With the development of computer hardware technology and network technology, the Internet of Things as the extension and expansion of traditional computing network has played an increasingly important role in all professions and trades and has had a tremendous impact on people lifestyle. The information perception of the Internet of Things plays a key role as a link between the computer world and the real world. However, there are potential security threats in the Perceptual Layer Network applied for information perception because Perceptual Layer Network consists of a large number of sensor nodes with weak computing power, limited power supply, and open communication links. We proposed a novel lightweight authentication protocol based on password, smart card and biometric identification that achieves mutual authentication among User, GWN and sensor node. Biometric identification can increase the non-repudiation feature that increases security. After security analysis and logical proof, the proposed protocol is proven to have a higher reliability and practicality.

Zhiqing Luo,Wei Wang,Jun Qu,Tao Jiang,Qian Zhang

DOI: https://doi.org/10.48550/arXiv.1810.07058

2018-10-16

Cryptography and Security

Abstract:The lightweight protocols and low-power radio technologies open up many opportunities to facilitate Internet-of-Things (IoT) into our daily life, while their minimalist design also makes IoT devices vulnerable to many active attacks due to the lack of sophisticated security protocols. Recent advances advocate the use of an antenna array to extract fine-grained physical-layer signatures to mitigate these active attacks. However, it adds burdens in terms of energy consumption and hardware cost that IoT devices cannot afford. To overcome this predicament, we present ShieldScatter, a lightweight system that attaches battery-free backscatter tags to single-antenna devices to shield the system from active attacks. The key insight of ShieldScatter is to intentionally create multi-path propagation signatures with the careful deployment of backscatter tags. These signatures can be used to construct a sensitive profile to identify the location of the signals' arrival, and thus detect the threat. We prototype ShieldScatter with USRPs and ambient backscatter tags to evaluate our system in various environments. The experimental results show that even when the attacker is located only 15 cm away from the legitimate device, ShieldScatter with merely three backscatter tags can mitigate 97% of spoofing attack attempts while at the same time trigger false alarms on just 7% of legitimate traffic.

Hanguang Luo,Tao Zou,Chunming Wu,Dan Li,Shunbin Li,Chu

DOI: https://doi.org/10.32604/cmc.2022.027118

2022-01-01

Abstract:In the emerging Industrial Internet of Things (IIoT), authentication problems have become an urgent issue for massive resource-constrained devices because traditional costly security mechanisms are not suitable for them. The security protocol designed for resource-constrained systems should not only be secure but also efficient in terms of usage of energy, storage, and processing. Although recently many lightweight schemes have been proposed, to the best of our knowledge, they are unable to address the problem of privacy preservation with the resistance of Denial of Service (DoS) attacks in a practical way. In this paper, we propose a lightweight authentication protocol based on the Physically Unclonable Function (PUF) to overcome the limitations of existing schemes. The protocol provides an ingenious authentication and synchronization mechanism to solve the contradictions amount forward secrecy, DoS attacks, and resource-constrained. The performance analysis and comparison show that the proposed scheme can better improve the authentication security and efficiency for resource-constrained systems in IIoT.

Zhiqing Luo,Wei Wang,Qianyi Huang,Tao Jiang,Qian Zhang

DOI: https://doi.org/10.1109/tmc.2021.3084754

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:The low-power radio technologies open up many opportunities to facilitate Internet-of-Things (IoT) into our daily life, while their minimalist design also makes IoT devices vulnerable to many active attacks. Recent advances use an antenna array to extract fine-grained physical-layer signatures to identify the attackers, which adds burdens in terms of energy and hardware cost to IoT devices. In this paper, we present ShieldScatter, a lightweight system that attaches low-cost tags to single-antenna devices to shield the system from active attacks. The key insight of ShieldScatter is to intentionally create multi-path propagation signatures with the careful deployment of tags. These signatures can be used to construct a sensitive profile to identify the location of the signals' arrival, and thus detect the threat. In addition, we also design a tag-random scheme and a multiple receivers combination approach to detect a powerful attacker who has the strong priori knowledge of the legitimate user. We prototype ShieldScatter with USRPs and tags to evaluate our system in various environments. The results show that even when the powerful attacker is close to the legitimate device, ShieldScatter can mitigate 95 percent of attack attempts while triggering false alarms on just 7 percent of legitimate traffic.

computer science, information systems,telecommunications

Zhiqing Luo,Wei Wang,Jiang Xiao,Qianyi Huang,Tao Jiang,Qian Zhang

DOI: https://doi.org/10.48550/arXiv.1808.06322

2018-08-20

Abstract:The vision of battery-free communication has made backscatter a compelling technology for on-body wearable and implantable devices. Recent advances have facilitated the communication between backscatter tags and on-body smart devices. These studies have focused on the communication dimension, while the security dimension remains vulnerable. It has been demonstrated that wireless connectivity can be exploited to send unauthorized commands or fake messages that result in device malfunctioning. The key challenge in defending these attacks stems from the minimalist design in backscatter. Thus, in this paper, we explore the feasibility of authenticating an on-body backscatter tag without modifying its signal or protocol. We present SecureScatter, a physical-layer solution that delegates the security of backscatter to an on-body smart device. To this end, we profile the on-body propagation paths of backscatter links, and construct highly sensitive propagation signatures to identify on-body backscatter links. We implement our design in a software radio and evaluate it with different backscatter tags that work at 2.4 GHz and 900 MHz. Results show that our system can identify on-body devices at 93.23% average true positive rate and 3.18% average false positive rate.

Human-Computer Interaction

Xi Hang Cao,Xiaojiang Du,E. Paul Ratazzi

DOI: https://doi.org/10.48550/arXiv.1902.03282

2019-02-08

Cryptography and Security

Abstract:Internet of Things (IoT) is ubiquitous because of its broad applications and the advance in communication technologies. The capabilities of IoT also enable its important role in homeland security and tactical missions, including Reconnaissance, Intelligence, Surveillance, and Target Acquisition (RISTA). IoT security becomes the most critical issue before its extensive use in military operations. While the majority of research focuses on smart IoT devices, treatments for legacy dumb network-ready devices are lacking; moreover, IoT devices deployed in a hostile environment are often required to be dumb due to the strict hardware constraints, making them highly vulnerable to cyber attacks. To mitigate the problem, we propose a light-weight authentication scheme for dumb IoT devices, in a case study of the UAV-sensor collaborative RISTA missions. Our scheme utilizes the covert channels in the physical layer for authentications and does not request conventional key deployments, key generations which may cause security risks and large overhead that a dumb sensor cannot afford. Our scheme operates on the physical layer, and thus it is highly portable and generalizable to most commercial and military communication protocols. We demonstrate the viability of our scheme by building a prototype system and conducting experiments to emulate the behaviors of UAVs and sensors in real scenarios.

Yongming Jin,Huiping Sun,Wei Xin,Song Luo,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-25243-3_6

2011-01-01

Abstract:The wide deployment of RFID systems has raised many concerns about the security and privacy. Many RFID authentication protocols are proposed for these low-cost RFID tags. However, most of existing RFID authentication protocols suffer from some feasible problems. In this paper, we first discuss the feasible problems that exist in some RFID authentication protocols. Then we propose a lightweight RFID mutual authentication protocol against these feasible problems. To the best of our knowledge, it is the first scalable RFID authentication protocol that based on the SQUASH scheme. The new protocol is lightweight and can provide the forward security. In every authentication session, the tag produces the random number and the response is fresh. It also prevents the asynchronization between the reader and the tag. Additionally, the new protocol is secure against such attacks as replay attack, denial of service attack, man-in-the-middle attack and so on. We also show that it requires less cost of computation and storage than other similar protocols.

Yuanyu Zhang,Yulong Shen,Hua Wang,Jianming Yong,Xiaohong Jiang

DOI: https://doi.org/10.1109/TASE.2015.2497663

IF: 6.636

2016-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:Wireless communication is one of the key technologies that actualize the Internet of Things (IoT) concept into the real world. Understanding the security performance of wireless communications lays the foundation for the security management of IoT. Eavesdropper collusion represents a significant threat to wireless communication security, while physical-layer security serves as a promising approach...

Dongfeng Fang,Yi Qian,Rose Qingyang Hu

DOI: https://doi.org/10.1109/jiot.2020.2970974

IF: 10.6

2020-04-01

IEEE Internet of Things Journal

Abstract:Internet-of-Things (IoT) applications have been rapidly deployed into pervasive environment, where both challenges and opportunities abound. On the one hand, a large number of IoT devices and their rich functions contribute significant volumes of data, which has brought tremendous convenience to the daily lives of end users. On the other hand, the heterogeneous IoT devices and a large amount of private information transmitted through networks also bring serious security and privacy issues. It is a big challenge to model IoT systems and trust relationships between different entities with a large number of heterogeneous IoT devices. In this article, we study a general IoT system architecture with consideration of heterogeneous IoT devices. Different trust models are proposed and analyzed based on the trust relationships between different entities in the IoT system. We propose a flexible and efficient authentication scheme with a consideration of heterogeneous IoT devices based on the least trust-required model. The proposed scheme provides security and privacy to resource-limited IoT devices flexibly and efficiently by utilizing IoT devices with better storage and computational ability. Moreover, secure data transmission is presented with contextual privacy and data integrity services. The proposed scheme achieves not only the mutual authentication, initial session key agreement, and data integrity but also anonymity, contextual privacy, forward security, end-to-end security, and key escrow resilience. Security analysis is presented to provide verification of the proposed protocol and security objectives. Moreover, performance evaluation is presented with comparison to the other schemes in terms of security features, computational overhead, and communication overhead. The performance comparisons show that our proposed scheme provides flexible and efficient security by consideration of heterogeneous IoT devices. With the higher proportion of resource-limited IoT devic-s, our proposed scheme outperforms other similar schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jianhua Li,Jiong Jin,Lingjuan Lyu,Dong Yuan,Yingying Yang,Longxiang Gao,Chao Shen

DOI: https://doi.org/10.48550/arXiv.2011.06325

2020-11-12

Abstract:Numerous resource-limited smart objects (SOs) such as sensors and actuators have been widely deployed in smart environments, opening new attack surfaces to intruders. The severe security flaw discourages the adoption of the Internet of things in smart living. In this paper, we leverage fog computing and microservice to push certificate authority (CA) functions to the proximity of data sources. Through which, we can minimize attack surfaces and authentication latency, and result in a fast and scalable scheme in authenticating a large volume of resource-limited devices. Then, we design lightweight protocols to implement the scheme, where both a high level of security and low computation workloads on SO (no bilinear pairing requirement on the client-side) is accomplished. Evaluations demonstrate the efficiency and effectiveness of our scheme in handling authentication and registration for a large number of nodes, meanwhile protecting them against various threats to smart living. Finally, we showcase the success of computing intelligence movement towards data sources in handling complicated services.

Cryptography and Security,Networking and Internet Architecture

Jianghua Liu,Jian Yang,Wei Wu,Xinyi Huang,Yang Xiang

DOI: https://doi.org/10.1109/tc.2022.3207138

IF: 3.183

2023-04-08

IEEE Transactions on Computers

Abstract:Recent advancements in the Internet of Things (IoT) and cloud computing technologies have accelerated the development of various practical applications, including healthcare systems. Adequately revealing the collected healthcare data in a cloud-assisted healthcare IoT system brings a huge potential for improving the safety, quality, and efficiency of healthcare services. However, often the data collected in a healthcare IoT system is vital and sensitive. The dissemination of such data is also vulnerable to malicious attacks such as tampering, eavesdropping, and forgery. Thus, disseminated data's integrity, authenticity, and privacy are elementary security demands to end-users and owners. Also, the resource-constrained nature of healthcare IoT devices invalidates the existing solutions. To address the above challenges, we propose a lightweight and secure redactable signature scheme with coarse-grained additional redaction control (CRS) for secure dissemination of healthcare data in a cloud-assisted healthcare IoT system. The security analysis indicates our CRS is secure against signature forgery, additional redaction attacks, and redacted version linkability. Compared to other existing solutions, our scheme can achieve some level of security but less computational complexity and communication overhead.

engineering, electrical & electronic,computer science, hardware & architecture

Mikail Mohammed Salim,Jungho Kang,Yi Pan,Jong Hyuk Park

DOI: https://doi.org/10.3934/mbe.2022546

2022-01-01

Mathematical Biosciences and Engineering

Abstract:Internet of Things (IoT) devices supporting intelligent cloud applications such as healthcare for hospitals rely on connecting with local base stations and access points to provide rich data analysis and real-time services to users. Devices authenticate with local base stations and perform handover operations to connect with access points with higher signal strength. Attackers disguise as valid base stations and access points using publicly accessible SSID information connect with local IoT devices during the handover process and give rise to data integrity and privacy concerns. This paper proposes a lightweight authentication scheme for private blockchain-based networks for securing devices from rogue base stations during the handover process. An authentication certificate is designed for base stations and machines in local clusters using SHA256 and modulo operations for enabling quick handover operations. The keys assigned to each device and base station joining the network are hashed, and their sizes are reduced using modulo operations. Furthermore, the compressed key size forms a certificate, which is used by the machines and the base stations to authenticate mutually. In comparison with existing studies, the performance analysis of the proposed scheme is based on the transmission of three messages required for completing the authentication process. Evaluation based on the Communication Overhead demonstrates a minimum improvement of 99.30% fewer bytes exchanged during the handover process and 89.58% reduced Storage Overhead compared with existing studies.

Yonghao Zhu,Dongfen Li,Yangyang Jiang,Xiaoyu Hua,You Fu,Jie Zhou,Yuqiao Tan,Xiaolong Yang

DOI: https://doi.org/10.3390/sym16121589

2024-11-29

Symmetry

Abstract:Quantum communication holds great potential for enhancing the security and efficiency of the Internet of Things (IoT). However, existing schemes often overlook device identity authentication, leaving systems vulnerable to unauthorized access, and rely on third-party controllers, which increase complexity and undermine trust. This paper proposes a novel asymmetric bidirectional quantum communication scheme tailored for IoT, integrating device identity authentication and information transmission without requiring third-party controllers. We provide a detailed description of the scheme's application scenarios in IoT, conduct a security analysis of the identity authentication module, and experimentally validate the feasibility of the information transmission module. Additionally, we analyze the impact of quantum noise on the proposed scheme and compare it with existing approaches, highlighting its advantages in terms of resource consumption and efficiency.

multidisciplinary sciences

Feng Zhu,Peng Li,He Xu,Ruchuan Wang

DOI: https://doi.org/10.3390/s20174846

IF: 3.9

2020-08-27

Sensors

Abstract:The Internet of Things (IoT) has been integrated into legacy healthcare systems for the purpose of improving healthcare processes. As one of the key technologies of IoT, radio frequency identification (RFID) technology has been applied to offer services like patient monitoring, drug administration, and medical asset tracking. However, people have concerns about the security and privacy of RFID-based healthcare systems, which require a proper solution. To solve the problem, recently in 2019, Fan et al. proposed a lightweight RFID authentication scheme in the IEEE Network. They claimed that their scheme can resist various attacks in RFID systems with low implementation cost, and thus is suitable for RFID-based healthcare systems. In this article, our contributions mainly consist of two parts. First, we analyze the security of Fan et al.’s scheme and find out its security vulnerabilities. Second, we propose a novel lightweight authentication scheme to overcome these security weaknesses. The security analysis shows that our scheme can satisfy the necessary security requirements. Besides, the performance evaluation demonstrates that our scheme is of low cost. Thus, our scheme is well-suited for practical RFID-based healthcare systems.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Saud Khan,Chandra Thapa,Salman Durrani,Seyit Camtepe

DOI: https://doi.org/10.1109/JIOT.2023.3331362

2023-11-07

Abstract:Physical-layer authentication is a popular alternative to the conventional key-based authentication for internet of things (IoT) devices due to their limited computational capacity and battery power. However, this approach has limitations due to poor robustness under channel fluctuations, reconciliation overhead, and no clear safeguard distance to ensure the secrecy of the generated authentication keys. In this regard, we propose a novel, secure, and lightweight continuous authentication scheme for IoT device authentication. Our scheme utilizes the inherent properties of the IoT devices' transmission model as its source for seed generation and device authentication. Specifically, our proposed scheme provides continuous authentication by checking the access time slots and spreading sequences of the IoT devices instead of repeatedly generating and verifying shared keys. Due to this, access to a coherent key is not required in our proposed scheme, resulting in the concealment of the seed information from attackers. Our proposed authentication scheme for IoT devices demonstrates improved performance compared to the benchmark schemes relying on physical channels. Our empirical results find a near threefold decrease in the misdetection rate of illegitimate devices and close to zero false alarm rate in various system settings with varied numbers of active devices up to 200 and signal-to-noise ratio from 0 dB to 25 dB. Our proposed authentication scheme also has a lower computational complexity of at least half the computational cost of the benchmark schemes based on support vector machine and binary hypothesis testing in our studies. This further corroborates the practicality of our scheme for IoT deployments.

Cryptography and Security,Networking and Internet Architecture,Signal Processing

Premkumar, N.,Kumar, B. Santhosh

DOI: https://doi.org/10.1007/s11277-024-11596-0

IF: 2.017

2024-11-06

Wireless Personal Communications

Abstract:Recently, Fog computing become a hot research area with the fast development of Internet of Things (IoT) which cannot be handled efficiently by the traditional cloud computing. The essence of Fog computing is to place some datacenters at the edge of the network called as Edge DataCenters (EDCs) or fog nodes with limited storage and processing capabilities, which is closer to the location of data sources, and located between cloud datacenter and the data source. This EDCs serve as a storage and processing point in the network and act as a middle layer between cloud datacenter and IoT in the fog hierarchy. Since most of the EDCs are positioned in isolated environments, the need for secure authentication is of major importance. Thus, ensuring that only legitimate EDCs are allowed in the environment become an attractive research problem. There are few techniques have been proposed in the past for authenticating EDCs to discover legitimate EDCs and permit secure communication. Unfortunately, such techniques involved memory intensive and complex calculations which pay no attention to the resource limitation nature of the EDCs. Thus, to address these challenges, a lightweight strong authentication algorithm has been proposed to ensure safe communication between EDCs. The computation costs of the proposed scheme is low compared to other solutions, thus it has been proved lightweight and can be a suitable solution for resource constrained devices.

telecommunications

Hsiao-Ling Wu,Chin-Chen Chang,Yao-Zhu Zheng,Long-Sheng Chen,Chih-Cheng Chen

DOI: https://doi.org/10.3390/s20195604

IF: 3.9

2020-09-30

Sensors

Abstract:The Internet of Things (IoT) is currently the most popular field in communication and information techniques. However, designing a secure and reliable authentication scheme for IoT-based architectures is still a challenge. In 2019, Zhou et al. showed that schemes pro-posed by Amin et al. and Maitra et al. are vulnerable to off-line guessing attacks, user tracking attacks, etc. On this basis, a lightweight authentication scheme based on IoT is proposed, and an authentication scheme based on IoT is proposed, which can resist various types of attacks and realize key security features such as user audit, mutual authentication, and session security. However, we found weaknesses in the scheme upon evaluation. Hence, we proposed an enhanced scheme based on their mechanism, thus achieving the security requirements and resisting well-known attacks.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Xinzhong Su,Youyun Xu

DOI: https://doi.org/10.3390/s24227119

IF: 3.9

2024-11-06

Sensors

Abstract:Authentication is considered one of the most critical technologies for the next generation of the Internet of Medical Things (IoMT) due to its ability to significantly improve the security of sensors. However, higher frequency cyber-attacks and more intrusion methods significantly increase the security risks of IoMT sensor devices, resulting in more and more patients' privacy being threatened. Different from traditional IoT devices, sensors are generally considered to be based on low-cost hardware designs with limited storage resources; thus, authentication techniques for IoMT scenarios might not be applicable anymore. In this paper, we propose an efficient three-factor cluster-based user authentication protocol (3ECAP). Specifically, we establish the security association between the user and the sensor cluster through fine-grained access control based on Merkle, which perfectly achieves the segmentation of permission. We then demonstrate that 3ECAP can address the privilege escalation attack caused by permission segmentation. Moreover, we further analyze the security performance and communication cost using formal and non-formal security analysis, Proverif, and NS3. Simulation results demonstrated the robustness of 3ECAP against various cyber-attacks and its applicability in an IoMT environment with limited storage resources.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Xutong Jiang,Ruihan Dou,Qiang He,Xuyun Zhang,Wanchun Dou

DOI: https://doi.org/10.1002/spe.3206

2024-01-01

Abstract:Edge computing is regarded as an extension of cloud computing that brings computing and storage resources to the network edge. For some Industrial Internet of Things (IIoT) applications such as supply-chain supervision and collaboration, Internet of Vehicles, real-time video analysis and so forth, users should be authenticated before visiting the geographically distributed edge servers. Limited by the considerable latency between the cloud and edge servers, and the limited capacity of edge servers, it is infeasible to copy the authentication method from cloud servers when users are authenticated in edge servers. In view of this challenge, this paper proposes a novel token-based authentication scheme, named EdgeAuth, that enables fast edge user authentication through collaboration among cloud servers and edge servers. Under the EdgeAuth scheme, edge servers can rapidly verify the credentials of users who have been authenticated by the cloud server. EdgeAuth can also protect users from a series of authentication attacks, for example, the replay attack, DoS attack and man-in-the-middle attack. The results of experiments conducted on a simulated edge computing environment validate the usefulness of EdgeAuth through a comparison in latency and throughput against two baseline schemes.