Mohammad Wazid,Ashok Kumar Das,Neeraj Kumar,Athanasios V. Vasilakos

DOI: https://doi.org/10.1016/j.future.2018.09.017

IF: 7.307

2019-02-01

Future Generation Computer Systems

Abstract:Fog computing (fog networking) is known as a decentralized computing infrastructure in which data, applications, compute as well as data storage are scattered in the most logical and efficient place among the data source (i.e., smart devices) and the cloud. It gives better services than cloud computing because it has better performance with reasonably low cost. Since the cloud computing has security and privacy issues, and fog computing is an extension of cloud computing, it is therefore obvious that fog computing will inherit those security and privacy issues from cloud computing. In this paper, we design a new secure key management and user authentication scheme for fog computing environment, called SAKA-FC. SAKA-FC is efficient as it only uses the lightweight operations, such as one-way cryptographic hash function and bitwise exclusive-OR (XOR), for the smart devices as they are resource-constrained in nature. SAKA-FC is shown to be secure with the help of the formal security analysis using the broadly accepted Real-Or-Random (ROR) model, the formal security verification using the widely-used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and also the informal security analysis. In addition, SAKA-FC is implemented for practical demonstration using the widely-used NS2 simulator.

Thankaraja Raja Sree,R. Harish,T. Veni

DOI: https://doi.org/10.1002/cpe.8054

2024-03-02

Concurrency and Computation Practice and Experience

Abstract:Summary As opposed to cloud servers, fog servers, and fog users may be malicious, so developing a mutual identity‐preserving authentication mechanism between them is a crucial and difficult problem in fog computing. Such a technique must conceal the user's true identity from the adversary; otherwise, the adversary will be able to determine which fog user and fog server are in communication. This article suggests a secure and reliable anonymous mutual authentication system for use at the network's edge between fog users and fog servers. With the aid of the registration authority (RA) in our system, they can verify one another and decide on a new session key that will be used to encrypt messages throughout the session. Fog users don't need to re‐register with RA to wander freely over the network and authenticate to any fog server that is within their range. The proposed technique only needs a small number of symmetric encryption/decryption and one‐way hash functions, making it easy to implement for fog‐user devices with limited resources. The new scheme's performance is evaluated in comparison to the existing one, showing that it is more resilient to various types of assaults (such as known plaintext attacks, man‐in‐the‐middle attacks, session hijacking, etc.). The widely used Automated Validation of Internet Security Protocols and Applications tool is used to verify the proposed system. The outcomes demonstrate that our approach can safely withstand different attacks and accomplish the desired outcomes. Additionally, the proposed method is tested in real‐world scenarios with the NS3 simulator.

computer science, theory & methods, software engineering

Kexian Liu,Jianfeng Guan,Xiaolong Hu,Jing Zhang,Jianli Liu,Hongke Zhang

2024-11-14

Abstract:To meet the diverse needs of users, the rapid advancement of cloud-edge-device collaboration has become a standard practice. However, this complex environment, particularly in untrusted (non-collaborative) scenarios, presents numerous security challenges. Authentication acts as the first line of defense and is fundamental to addressing these issues. Although many authentication and key agreement schemes exist, they often face limitations, such as being tailored to overly specific scenarios where devices authenticate solely with either the edge or the cloud, or being unsuitable for resource-constrained devices. To address these challenges, we propose an adaptive and efficient authentication and key agreement scheme (AEAKA) for Cloud-Edge-Device IoT environments. This scheme is highly adaptive and scalable, capable of automatically and dynamically initiating different authentication methods based on device requirements. Additionally, it employs an edge-assisted authentication approach to reduce the load on third-party trust authorities. Furthermore, we introduce a hash-based algorithm for the authentication protocol, ensuring a lightweight method suitable for a wide range of resource-constrained devices while maintaining security. AEAKA ensures that entities use associated authentication credentials, enhancing the privacy of the authentication process. Security proofs and performance analyses demonstrate that AEAKA outperforms other methods in terms of security and authentication efficiency.

Cryptography and Security

Zhang, Kuan,Wang, Haoyang,Wang, Yirui,Yang, Kan

DOI: https://doi.org/10.1007/s12083-024-01676-0

IF: 3.488

2024-04-18

Peer-to-Peer Networking and Applications

Abstract:The authenticated key agreement (AKA) method used in the Internet of Things (IoT) provides identity authentication and agreed symmetric keys to encrypt large amounts of communication messages for devices and servers. With the rapid development of quantum computers and quantum algorithms, classical cryptographic algorithms become vulnerable to attacks by adversaries, leading to significant risks in IoT communication systems. Numerous lattice-based authentication key agreement (AKA) schemes have emerged to fortify communication systems against quantum attacks. However, due to the large size of the lattice cryptography public key, an excessive number of communication rounds can cause significant time delays. Meanwhile, many current lattice-based AKA schemes rely on weak security models like BR, CK, and ROR. These models can only capture partial adversary attacks. To this end, we propose a lower communication rounds lattice-based anonymous authenticated key agreement (LA-AKA) protocol under the seCK model. This protocol aims to achieve lower communication rounds under the robust security model, ensuring heightened security and efficiency within IoT communication systems.

computer science, information systems,telecommunications

Shehzad Ashraf Chaudhry,Khalid Yahya,Fadi Al-Turjman,Ming-Hour Yang

DOI: https://doi.org/10.1109/access.2020.3012121

IF: 3.9

2020-01-01

IEEE Access

Abstract:Among other security concerns, the reliable device to device direct communication is an important research aspect in sensor cloud system application of Internet of things (IoT). The access control mechanism can ensure the reliability through secure communication among two IoT devices without mediation of intermediate agent. Mainly, it requires twofold strategy involving the authentication of each other and session key establishment. Quite recently, in 2019, Das et al. proposed a certificate based lightweight access control and key agreement scheme for IoT devices (LACKA-IoT) to ensure smooth and secure access control and claimed LACKA-IoT to withstand the several attacks. Specifically, it is claimed that LACKA-IoT can resist device impersonation and man in middle attacks. However, the proof in this article refutes their claim and it is shown here, that LACKA-IoT is insecure against both device impersonation and man in middle attacks. An adversary just by using public parameters and by listening the communication channel can impersonate any device. Moreover, the same can also launch successful man in middle attack using public parameters and listened messages from public channel. An improved protocol iLACKA-IoT is then proposed in the paper. The iLACKA-IoT provides resistance against various types of threats and provides the required level of security, for evidence both formal validation through random or real (ROR) model as well as the informal validation through discussion on attack resilience is provided. The iLACKA-IoT is not only better in security but also provides performance efficiency as compared with LACKA-IoT and related schemes.

Bing Li,Guohe Zhang,Shaochong Lei,Haisheng Fu,Jinlei Wang

DOI: https://doi.org/10.1109/IEEECONF52377.2022.10013341

2022-01-01

Abstract:The quick development of the Internet of Things (IoT) makes the IoT devices become appealing targets of various cyberattacks. Authentication and key agreement (AKA) protocol are the most important measures to ensure the security of IoT. However, it is still quite challenging to devise proper AKA protocols for IoT because of the resource-constrained nature of IoT devices. In this paper, we have proposed a new lightweight AKA protocol for IoT based on elliptic curve cryptography (ECC). Our proposed AKA protocol can achieve mutual authentication and ECC-based session key establishment simultaneously. To enhance security and provide anonymity, our protocol uses the one-time password and dynamic identity information which are updated in every round of mutual authentication through a well-designed update operation. To assess our protocol, we carry out security and performance analyses. The obtained results show that our protocol with a high level of security has low complexity and small computational cost and is appropriate to be applied in resource-constrained IoT devices.

Guanglu Wei,Kai Fan,Kuan Zhang,Haoyang Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/jiot.2023.3323275

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:In recent years, the Internet of Things (IoT) has gained immense popularity in various aspects of work, learning, and daily life. Within the Internet of Things realm, there is a growing concern regarding communication security issues between users and servers. However, addressing the communication security between servers is equally imperative, which has not received as much attention. To this end, we propose a certificateless anonymous authenticated key agreement (AKA) algorithm based on Learning with Errors (LWE) and Inhomogeneous Small Integer Solution (ISIS) security assumptions. Our scheme provides strong resistance to quantum attacks and protects the privacy of communication servers. It also has constant communication costs and lower computational requirements than existing lattice-based anonymous AKA algorithms on the broadcast channel. Additionally, the proposed scheme eliminates the resource consumption of managing complex certificates and addresses the security risks associated with key escrow in the key generation center (KGC). Through security and performance analysis, we demonstrate that our approach can enhance the security of IoT-based healthcare systems while significantly improving communication efficiency. Our proposed scheme provides a promising solution to security issues related to server communication in IoT systems.

computer science, information systems,telecommunications,engineering, electrical & electronic

Seyedsina Nabavirazavi,S. Sitharama Iyengar

DOI: https://doi.org/10.48550/arXiv.2210.16367

2022-10-29

Abstract:The rapid development of IoT networks has led to a research trend in designing effective security features for them. Due to the power-constrained nature of IoT devices, the security features should remain as lightweight as possible. Currently, most of the IoT network traffic is unencrypted. The leakage of smart devices' unencrypted data can come with the significant cost of a privacy breach. To have a secure channel with encrypted traffic, two endpoints in a network have to authenticate each other and calculate a short-term key. They can then communicate through an authenticated and secure channel. This process is referred to as authenticated key exchange (AKE). Although Datagram Transport Layer Security (DTLS) offers an AKE protocol for IoT networks, research has proposed more efficient and case-specific alternatives. This paper presents LAKEE, a straightforward, lightweight AKE protocol for IoT networks. Our protocol employs elliptic curve cryptography for generating a short-term session key. It reduces the communication and computational overhead of its alternatives while maintaining or improving their security strength. The simplicity and low overhead of our protocol make it a fit for a network of constrained devices.

Cryptography and Security

Lu Wei,Jie Cui,Hong Zhong,Irina Bolodurina,Lu Liu

DOI: https://doi.org/10.1109/tdsc.2021.3135016

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Recently, the fog computing concept has been introduced into vehicular ad-hoc networks (VANETs) to formulate fog-based VANETs. Since the communication channels between vehicles and fog nodes are open and insecure, it is necessary to construct an authenticated key agreement (AKA) scheme for securing the channels. The existing AKA schemes have two main deficiencies. One is that the computational and communication overhead are not low enough to satisfy the requirements of delay-sensitive applications. The other is that the multi-trusted-authority (multi-TA) model has not been considered. To solve the deficiencies, we propose a lightweight and conditional privacy-preserving AKA scheme, where the main steps are designed with symmetric cryptography methods. The design can reduce the computational and communication overhead of the AKA process. Additionally, we consider the multi-TA model in the AKA process to solve the single-point-of-failure issue. By integrating Cuckoo filter into the multi-TA model, the secrecy of real identities of legal vehicles is guaranteed and the identity revocation function for illegal vehicles is supported in the AKA process. The security proof and analysis show that our proposed scheme satisfies the essential security and privacy requirements of VANETs. The performance analysis shows that our proposed scheme outperforms other related and represented schemes.

computer science, information systems, software engineering, hardware & architecture

Prarthana J. Mehta,Balu L. Parne,Sankita J. Patel

DOI: https://doi.org/10.1007/s12083-023-01494-w

IF: 3.488

2023-05-20

Peer-to-Peer Networking and Applications

Abstract:The Smart Grid (SG) improves the reliability and efficiency of the data sharing and communication of the traditional power grid system. This enhancement brings security requirements such as mutual Authentication and Key Agreement (AKA) among the Smart Meters (SMs) and Service Providers (SPs). Several authentication and key agreement frameworks are designed in the literature to preserve SM privacy and maintain secure transmission of data among the communicating entities in SG networks. However, some of the existing schemes either suffer from security limitations or generate high computation overhead. To overcome these drawbacks recently, Khan et al. proposed a Lightweight Authentication and Key Agreement Framework (LAKAF). However, it is observed that their framework did not maintain user anonymity and secrecy of the session key. As a countermeasure to these limitations, we propose a Security Enhanced Lightweight Authentication and Key Agreement Framework (SE-LAKAF) based on the fuzzy extractor, elliptic curve cryptography, and AES-based hybrid encryption decryption mechanism. The theoretical security analysis demonstrates that the proposed framework protects the network from replay, impersonation, denial of service, and man-in-the-middle attacks, maintains the session key security and user anonymity. The proposed framework is formally verified using well known AVISPA tool, BAN logic and random oracle model. Further, the performance analysis illustrates that the SE-LAKAF generates competitive communication and computation overheads with improved security compared to other existing frameworks.

computer science, information systems,telecommunications

Michał Jarosz,Konrad Wrona,Zbigniew Zieliński

DOI: https://doi.org/10.3390/electronics13193932

IF: 2.9

2024-10-05

Electronics

Abstract:One of the main security challenges when federating separate Internet of Things (IoT) administrative domains is effective Identity and Access Management, which is required to establish trust and secure communication between federated IoT devices. The primary goal of the work is to develop a "lightweight" protocol to enable authentication and authorization of IoT devices in federated environments and ensure the secure communication of IoT devices. We propose a novel Lightweight Authentication and Authorization Framework for Federated IoT (LAAFFI) which takes advantage of the unique fingerprint of IoT devices based on their configuration and additional hardware modules, such as Physical Unclonable Function, to provide flexible authentication and authorization based on Distributed Ledger technology. Moreover, LAAFFI supports IoT devices with limited computing resources and devices not equipped with secure storage space. We implemented a prototype of LAAFFI and evaluated its performance in the Hyperledger Fabric-based IoT framework. Three main metrics were evaluated: latency, throughput (number of operations or transactions per second), and network resource utilization rate (transmission overhead introduced by the LAAFFI protocol). The performance tests conducted confirmed the high efficiency and suitability of the protocol for federated IoT environments. Also, all LAAFFI components are scalable as confirmed by tests. We formally evaluated LAAFFI security using Verifpal as a formal verification tool. Based on the models developed for Verifpal, we validated their security properties, such as message secrecy, authenticity, and freshness. Our results show that the proposed solution can improve the security of federated IoT environments while providing zero-day interoperability and high scalability. Compared to existing solutions, LAAFFI is more efficient due to the use of symmetric cryptography and algorithms adapted for operations involving IoT devices. LAAFFI supports multiple authorization mechanisms, and since it also offers authentication and accountability, it meets the requirements of Authentication, Authorization and Accounting (AAA). It uses Distributed Ledger (DL) and smart contracts to ensure that the request complies with the policies agreed between the organizations. LAAFFI offers authentication of devices belonging to a single organization and different organizations, with the assurance that the encryption key will be shared with another device only if the appropriate security policy is met. The proposed protocol is particularly useful for ensuring the security of federated IoT environments created ad hoc for special missions, e.g., operations conducted by NATO countries and disaster relief operations Humanitarian Assistance and Disaster Relief (HADR) involving military forces and civilian services, where immediate interoperability is required.

engineering, electrical & electronic,computer science, information systems,physics, applied

Premkumar, N.,Kumar, B. Santhosh

DOI: https://doi.org/10.1007/s11277-024-11596-0

IF: 2.017

2024-11-06

Wireless Personal Communications

Abstract:Recently, Fog computing become a hot research area with the fast development of Internet of Things (IoT) which cannot be handled efficiently by the traditional cloud computing. The essence of Fog computing is to place some datacenters at the edge of the network called as Edge DataCenters (EDCs) or fog nodes with limited storage and processing capabilities, which is closer to the location of data sources, and located between cloud datacenter and the data source. This EDCs serve as a storage and processing point in the network and act as a middle layer between cloud datacenter and IoT in the fog hierarchy. Since most of the EDCs are positioned in isolated environments, the need for secure authentication is of major importance. Thus, ensuring that only legitimate EDCs are allowed in the environment become an attractive research problem. There are few techniques have been proposed in the past for authenticating EDCs to discover legitimate EDCs and permit secure communication. Unfortunately, such techniques involved memory intensive and complex calculations which pay no attention to the resource limitation nature of the EDCs. Thus, to address these challenges, a lightweight strong authentication algorithm has been proposed to ensure safe communication between EDCs. The computation costs of the proposed scheme is low compared to other solutions, thus it has been proved lightweight and can be a suitable solution for resource constrained devices.

telecommunications

Bander A. Alzahrani,Shehzad Ashraf Chaudhry,Ahmed Barnawi,Wenjing Xiao,Min Chen,Abdullah Al-Barakati

DOI: https://doi.org/10.1007/s12652-020-02349-5

IF: 3.662

2020-09-17

Journal of Ambient Intelligence and Humanized Computing

Abstract:In 2019, Banerjee et al. (IEEE Int Things J 6(5):8739–8752, 2019; https://doi.org/10.1109/JIOT.2019.2931372) proposed an authenticated key agreement scheme to facilitate the session establishment resulting into a session key between a user and a smart device for IoT based networks. As per their claim, the scheme of Banerjee et al. provides known security features and resist all known attacks using only lightweight symmetric key primitives. The analysis in this paper; however, shows that the scheme of Banerjee et al. cannot complete normally. The user in their scheme, after sending a request message may never receive the response from smart device. This incorrectness results into total in applicability of Banerjee et al.'s scheme. Moreover, it is also shown that their scheme has weaknesses against stolen verifier attack. Then an improved lightweight authentication scheme for IoT deployments (ILAS-IoT) is proposed in this article. ILAS-IoT performs the process correctly by increasing very little computation and communication overheads. The proposed ILAS-IoT also resists stolen verifier and all known attacks, which is evident from the formal and informal security analysis.

computer science, information systems,telecommunications, artificial intelligence

Vijay Karnatak,Amit Kumar Mishra,Neha Tripathi,Mohammad Wazid,Jaskaran Singh,Ashok Kumar Das

DOI: https://doi.org/10.1002/spy2.353

2023-11-03

Security and Privacy

Abstract:Fog computing is a distributed computing architecture, as opposed to depending entirely on centralized cloud servers, which brings the processing of data, functionality of an application, and its storage closer to the network's edge, where it can be closer to the data source or an end‐user device. Some of the potential applications of the fog computing‐based Internet of Things (IoT)‐enabled system are smart healthcare, smart agriculture, smart manufacturing, intelligent transportation system, and smart cities (i.e., in parking management, lighting control, traffic control, and security of civilians). The fog computing‐based IoT‐enabled system is vulnerable to various attacks. Therefore, one needs to deploy security mechanisms, like authentication, access control, key management, and malware detection, in order to secure its communication. In this article, we design a signature‐based access control and key management scheme for fog computing‐based IoT‐enabled big data applications (in short, SBAC‐FC). A detailed security analysis and performance comparison of the SBAC‐FC with other similar existing schemes reveal that the SBAC‐FC surpasses the existing schemes in terms of security and functionality characteristics, as well as complexity overheads.

Mukesh Soni,Dileep Kumar Singh

DOI: https://doi.org/10.1007/s11277-021-08565-2

IF: 2.017

2021-05-27

Wireless Personal Communications

Abstract:The concept of wireless body area network (WBAN) is conquered the medical field while considering hospitals, patients, doctors to exchange crucial health data for efficient medical services. Health data includes personal medical information of patients, quality of life, reproductive outcomes, and behavioral information. While transferring health data for medical treatment/review, it is essential to provide proper security during device-to-device communication among WBAN players. Researchers have suggested different health data transmission mechanisms to achieve security, but these schemes are weak against various security attacks, such as modification, session key disclosure, impersonation, replay, man-in-the-middle, and stolen smart card, making crucial information in a susceptible situation specifically for patients. Further, they require high computational resources during WBAN communications. In this paper, we propose a secure and lightweight health authentication and key agreement protocol using low-cost operations. To confirm the robustness of the proposed mechanism, we do security analysis against various security attacks. Based on the computational analysis, the proposed protocol comparatively takes less execution cost, computation time, and power consumption. Moreover, LAKA requires around 57% less communication overhead and 15% less storage cost.

telecommunications

Inderpal Singh,Balraj Singh

DOI: https://doi.org/10.1007/s40998-024-00748-4

2024-09-11

Iranian Journal of Science and Technology Transactions of Electrical Engineering

Abstract:Internet of Things (IoT) applications are popularly involved in day-to-day life. The increase in utilization leads to an increase in network traffic. The incoming users have different intentions in the network and hence security is essential. The data user accesses the data in the cloud that is collected from IoT devices. A large-scale IoT environment has challenges in the provisioning of security as well as the management of access control mechanisms. The problem is a generation of policies and authenticating devices with minimum credentials. In this paper, Blockchain-based decentralized authentication and access control systems are designed. The process of authentication is conducted for the data owner and data user by considering identity, device type, IP address and signature, PUF, and biometric respectively. PUF stands for Physical Unclonable Function, which is a hardware-based security feature that generates a unique identifier for a device based on its physical properties, SALSA20 and PRESENT are encryption algorithms used in the proposed system to encrypt data chunks. SALSA20 is a stream cipher that generates a keystream to encrypt data, while PRESENT is a block cipher that encrypts data in fixed-size blocks These authentication credentials are managed in the blockchain. The credentials are stored in encrypted form using the Key schedule PRESENT algorithm. In the authentication of data users, the number of credentials is selected using fuzzy logic that improves security. To assure data storage security, the data is split into two chunks, and it is encrypted using SALSA20 and PRESENT algorithm. The proposed model is developed in an ifogsim simulator, and the performance metrics are evaluated in terms of authentication time, storage efficiency, running time, throughput, latency, and blocksize.

engineering, electrical & electronic

Jianhua Li,Jiong Jin,Lingjuan Lyu,Dong Yuan,Yingying Yang,Longxiang Gao,Chao Shen

DOI: https://doi.org/10.48550/arXiv.2011.06325

2020-11-12

Abstract:Numerous resource-limited smart objects (SOs) such as sensors and actuators have been widely deployed in smart environments, opening new attack surfaces to intruders. The severe security flaw discourages the adoption of the Internet of things in smart living. In this paper, we leverage fog computing and microservice to push certificate authority (CA) functions to the proximity of data sources. Through which, we can minimize attack surfaces and authentication latency, and result in a fast and scalable scheme in authenticating a large volume of resource-limited devices. Then, we design lightweight protocols to implement the scheme, where both a high level of security and low computation workloads on SO (no bilinear pairing requirement on the client-side) is accomplished. Evaluations demonstrate the efficiency and effectiveness of our scheme in handling authentication and registration for a large number of nodes, meanwhile protecting them against various threats to smart living. Finally, we showcase the success of computing intelligence movement towards data sources in handling complicated services.

Cryptography and Security,Networking and Internet Architecture

Qingyang Zhang,Xiaolong Zhou,Hong Zhong,Jie Cui,Jiaxin Li,Debiao He

DOI: https://doi.org/10.1109/tifs.2024.3451357

IF: 7.231

2024-09-11

IEEE Transactions on Information Forensics and Security

Abstract:Several authentication and key agreement (AKA) schemes have been proposed to ensure secure communication in the Industrial Internet of Things (IIoT). However, most of these schemes face two primary problems. First, they cannot resist various attacks, such as impersonation and device capture attacks. Second, these schemes overlook the resource-constrained IIoT devices, failing to guarantee lightweight overhead for device operations. Therefore, we propose a novel and efficient AKA scheme. Utilizing the chameleon hash function and physical unclonable function, the proposed scheme implements a lightweight overhead for both authentication parties while maintaining the overhead of the gateway within a reasonable range. Furthermore, we implement device anonymity based on lightweight operations such as hash and XOR. In addition, we perform a rigorous security analysis using the widely accepted Real-Or-Random model, BAN logic, and Proverif tool. Finally, through heuristic analysis and experiments, we substantiate that our scheme surpasses the compared schemes in terms of both security attributes and system overhead.

computer science, theory & methods,engineering, electrical & electronic

Awaneesh Kumar Yadav,An Braeken,Manoj Misra

DOI: https://doi.org/10.1007/s11227-023-05064-y

IF: 3.3

2023-02-24

The Journal of Supercomputing

Abstract:Fog and dew computing represent relatively new computing paradigms in the literature. The main idea is to offload the computation processes from the device to a more nearby fog or dew server, who further forwards it to the central server. In the case of dew computing, the dew server is considered to lose connection with the central server and should be able to function autonomously most of the time. In the literature, several public-key-based tripartite schemes, offering a full set of security features, have been proposed that can serve the purpose. However, due to the large difference in performance between symmetric and public key-based cryptographic algorithms, this paper proposes a symmetric key-based authentication and key agreement protocol, consisting of a long and a short authentication process, addressing both fog and dew computing scenarios. Moreover, we conduct the informal and formal (ROR logic, GNY logic, and Scyther tool) security analysis to ensure that the scheme satisfies the most important security features described in the literature, in addition to offering protection against a semi-trusted third party. Furthermore, we assess the performance of the long and the short authentication phases in terms of computational, communication, storage costs, and energy consumption, revealing that it is less expensive than its competitors. Additionally, we show that when compared to its competitors, the long and the short authentication phases have less overhead when unknown attacks occur. We also use the NS2 network simulator tool to execute a real-time implementation of the long and the short authentication phase to ensure that it is realistic in practical implementation.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Saud Khan,Chandra Thapa,Salman Durrani,Seyit Camtepe

DOI: https://doi.org/10.1109/JIOT.2023.3331362

2023-11-07

Abstract:Physical-layer authentication is a popular alternative to the conventional key-based authentication for internet of things (IoT) devices due to their limited computational capacity and battery power. However, this approach has limitations due to poor robustness under channel fluctuations, reconciliation overhead, and no clear safeguard distance to ensure the secrecy of the generated authentication keys. In this regard, we propose a novel, secure, and lightweight continuous authentication scheme for IoT device authentication. Our scheme utilizes the inherent properties of the IoT devices' transmission model as its source for seed generation and device authentication. Specifically, our proposed scheme provides continuous authentication by checking the access time slots and spreading sequences of the IoT devices instead of repeatedly generating and verifying shared keys. Due to this, access to a coherent key is not required in our proposed scheme, resulting in the concealment of the seed information from attackers. Our proposed authentication scheme for IoT devices demonstrates improved performance compared to the benchmark schemes relying on physical channels. Our empirical results find a near threefold decrease in the misdetection rate of illegitimate devices and close to zero false alarm rate in various system settings with varied numbers of active devices up to 200 and signal-to-noise ratio from 0 dB to 25 dB. Our proposed authentication scheme also has a lower computational complexity of at least half the computational cost of the benchmark schemes based on support vector machine and binary hypothesis testing in our studies. This further corroborates the practicality of our scheme for IoT deployments.

Cryptography and Security,Networking and Internet Architecture,Signal Processing