Liang Kou,Yiqi Shi,Liguo Zhang,Duo Liu,Qing Yang

DOI: https://doi.org/10.32604/cmc.2019.03760

2019-01-01

Abstract:With the development of computer hardware technology and network technology, the Internet of Things as the extension and expansion of traditional computing network has played an increasingly important role in all professions and trades and has had a tremendous impact on people lifestyle. The information perception of the Internet of Things plays a key role as a link between the computer world and the real world. However, there are potential security threats in the Perceptual Layer Network applied for information perception because Perceptual Layer Network consists of a large number of sensor nodes with weak computing power, limited power supply, and open communication links. We proposed a novel lightweight authentication protocol based on password, smart card and biometric identification that achieves mutual authentication among User, GWN and sensor node. Biometric identification can increase the non-repudiation feature that increases security. After security analysis and logical proof, the proposed protocol is proven to have a higher reliability and practicality.

Saeed Bamashmos,Naveen Chilamkurti,Ahmad Salehi Shahraki

DOI: https://doi.org/10.3390/s24113575

IF: 3.9

2024-06-02

Sensors

Abstract:Internet of Things (IoT) technology is evolving over the peak of smart infrastructure with the participation of IoT devices in a wide range of applications. Traditional IoT authentication methods are vulnerable to threats due to wireless data transmission. However, IoT devices are resource- and energy-constrained, so building lightweight security that provides stronger authentication is essential. This paper proposes a novel, two-layered multi-factor authentication (2L-MFA) framework using blockchain to enhance IoT devices and user security. The first level of authentication is for IoT devices, one that considers secret keys, geographical location, and physically unclonable function (PUF). Proof-of-authentication (PoAh) and elliptic curve Diffie–Hellman are followed for lightweight and low latency support. Second-level authentication for IoT users, which are sub-categorized into four levels, each defined by specific factors such as identity, password, and biometrics. The first level involves a matrix-based password; the second level utilizes the elliptic curve digital signature algorithm (ECDSA); and levels 3 and 4 are secured with iris and finger vein, providing comprehensive and robust authentication. We deployed fuzzy logic to validate the authentication and make the system more robust. The 2L-MFA model significantly improves performance, reducing registration, login, and authentication times by up to 25%, 50%, and 25%, respectively, facilitating quicker cloud access post-authentication and enhancing overall efficiency.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Mwrwan Abubakar,Zakwan Jaroucheh,Ahmed Al Dubai,Xiaodong Liu

DOI: https://doi.org/10.1109/smarttech54121.2022.00032

2022-01-01

Abstract:Two-factor authentication (2FA) is commonly used in Internet of Things (IoT) authentication to provide multi-layer protection. Tokens, often known as One-Time Passwords (OTP), are used to offer additional information. While this technique provides flexible verification and an additional layer of security, it still has a number of security issues. This is because it relies on third-party services to produce tokens or OTPs, which leads to serious information leakage issues. Additionally, relying on a third party to provide authentication tokens significantly increases the risk of exposure and attacks, as tokens can be stolen via Man-In-The-Middle (MITM) attacks. In trying to rectify this issue, in this paper, we propose and develop a blockchain-based two-factor authentication method for web-based access to sensor data. The proposed method provides a lightweight and user-centric authentication that makes use of Ethereum blockchain and smart contracts technologies. Then we provided performance and security analysis of our system. Based on the evaluation results, our method has proven to be effective and has the ability to facilitate reliable authentication.

Gholam Reza Zargar,Hamid Barati,Ali Barati

DOI: https://doi.org/10.1007/s10586-024-04565-6

2024-06-26

Cluster Computing

Abstract:The Internet of Things (IoT) is a network where physical objects with unique addresses can connect and communicate with each other through the Internet and telecommunications networks. However, the current methods of user authentication in this environment have limitations due to the need for a lightweight authentication process and limited resources. Therefore, this paper proposes a mutual authentication protocol for IoT that uses blockchain technology. The proposed protocol has a lightweight and secure architecture by using of Elliptic-Curve Cryptography and incorporates the AVISPA tool and BAN logic for formal/informal security analysis. Compared to previous protocols, this proposed protocol is more efficient in terms of communication and computation costs and is more resistant to various attacks.

computer science, information systems, theory & methods

Ayushi Jain,Mehak Garg,Anvita Gupta,Shivangi Batra,Bhawna Narwal

DOI: https://doi.org/10.1007/s11227-024-06026-8

IF: 3.3

2024-04-10

The Journal of Supercomputing

Abstract:A healthcare-focused version of the Internet of Things (IoT), the Internet of Medical Things (IoMT) enables real-time monitoring and remote medical support via integrated medical devices, programs, and support solutions. However, patients' safety and anonymity are in jeopardy by the open access networks employed in IoMT, which makes the systems susceptible to several threats and security lapses. By harnessing the synergies of blockchain, cloud computing, and digital twins, this study presents a comprehensive architecture and a secure lightweight authentication mechanism (which integrates the benefits offered by Yu and Park, Yu et al., and Amintoshi et al.) that addresses these concerns. The suggested method entails using session keys for secure communication while authenticating medical professionals and patients through a gateway. Cloud computing offers a flexible and robust framework for managing and storing medical data. Additionally, it simulates digital twins to enable data-driven decision-making and predictive analysis, and the incorporation of blockchain offers a decentralized and immutable ledger for recording and validating patient data and transaction logs enhancing data integrity, transparency, and traceability. Healthcare systems may confidently embrace the potential of IoMT by implementing this framework since it offers promising solutions to enhance the security and confidentiality of patient data in IoMT while supporting the provision of the best healthcare services, especially in emergency scenarios like the COVID-19 pandemic. The suggested approach is subjected to a thorough security evaluation using AVISPA, demonstrating its resistance to various attacks. A comparative analysis has also been carried out to assess the performance and computational cost of IoMT-BADT in comparison with other authentication schemes.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Shanvendra Rai,Rituparna Paul,Subhasish Banerjee,Preetisudha Meher

DOI: https://doi.org/10.1007/s11042-024-18625-x

IF: 2.577

2024-03-27

Multimedia Tools and Applications

Abstract:The Internet of Medical Things (IoMT) provides such flexibility in our society where anyone can get medical treatment at any time, from anywhere. IoMT is a type of network where different resource-constraint physiological sensors are deployed in and/or on the human body that connects with the internet through the Gateway node, for monitoring purposes. However, due to the open nature of communication in the IoMT; the security, and privacy of patients' sensed data is very challenging, and that needs to be addressed, because any modification or alteration to it may lead to putting the life of a patient in danger. In this context, Chunka et al. proposed an authentication and key agreement (AKA) scheme for IoMT and claimed that the scheme has many security features and is easy to deploy. Unfortunately, it came to notice during this research that the scheme is vulnerable to multiple attacks, including replay, insider, smart card loss, eavesdropping, and server spoofing attacks, additionally failing to establish the session key agreement. So to overcome this issue, an efficient and improved multi-factor lightweight mutual AKA scheme is proposed through this article by incorporating a PUF-enabled sensor node and smart card for the users. To prove the superiority of the proposed schemes and to demonstrate the security features, the scheme is verified by formal security proof using the ROR model and informal proof using the AVISPA tool kit. In the end, a comprehensive analysis covering security, performance, and a comparative evaluation with existing similar approaches along with the Chunka et al. scheme demonstrates that the suggested approach not only achieves a higher level of protection against commonly recognized threats but also maintains an economically efficient mechanism concerning sensor nodes.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Inderpal Singh,Balraj Singh

DOI: https://doi.org/10.1007/s40998-024-00748-4

2024-09-11

Iranian Journal of Science and Technology Transactions of Electrical Engineering

Abstract:Internet of Things (IoT) applications are popularly involved in day-to-day life. The increase in utilization leads to an increase in network traffic. The incoming users have different intentions in the network and hence security is essential. The data user accesses the data in the cloud that is collected from IoT devices. A large-scale IoT environment has challenges in the provisioning of security as well as the management of access control mechanisms. The problem is a generation of policies and authenticating devices with minimum credentials. In this paper, Blockchain-based decentralized authentication and access control systems are designed. The process of authentication is conducted for the data owner and data user by considering identity, device type, IP address and signature, PUF, and biometric respectively. PUF stands for Physical Unclonable Function, which is a hardware-based security feature that generates a unique identifier for a device based on its physical properties, SALSA20 and PRESENT are encryption algorithms used in the proposed system to encrypt data chunks. SALSA20 is a stream cipher that generates a keystream to encrypt data, while PRESENT is a block cipher that encrypts data in fixed-size blocks These authentication credentials are managed in the blockchain. The credentials are stored in encrypted form using the Key schedule PRESENT algorithm. In the authentication of data users, the number of credentials is selected using fuzzy logic that improves security. To assure data storage security, the data is split into two chunks, and it is encrypted using SALSA20 and PRESENT algorithm. The proposed model is developed in an ifogsim simulator, and the performance metrics are evaluated in terms of authentication time, storage efficiency, running time, throughput, latency, and blocksize.

engineering, electrical & electronic

Laleh Khajehzadeh,Hamid Barati,Ali Barati

DOI: https://doi.org/10.1007/s11042-024-19379-2

IF: 2.577

2024-05-22

Multimedia Tools and Applications

Abstract:The Internet of Things has opened up new opportunities in healthcare systems. Wireless sensor nodes are used to collect and exchange health-related data in the Internet of Things. In this integration, data is transmitted to medical professionals through unsecured channels to enable them to monitor patients' conditions in real-time. However, due to the high sensitivity of e-health records, there are key challenges such as security considerations, privacy, and authentication in data transmission in heterogeneous Internet of Things networks. This article examines the solution proposed by Masud and colleagues and points out the existing threats and vulnerabilities, such as node clone/replication attacks. To overcome these drawbacks, we propose an improved lightweight authentication protocol for a smart healthcare system. In the proposed protocol, the mutual authentication process consists of two steps. The doctor sends their information for authentication and the desired sensor node ID to the gateway for communication. After successful confirmation of authentication, the gateway node, in turn, sends a message to the sensor node to complete the authentication process. After confirming the authentication process, the node sends a message to the gateway to complete the authentication process and key agreement. Once the authentication process of the sensor node is confirmed, the gateway sends a message to the medical user based on their authentication along with the session key. The security of the proposed protocol is demonstrated through automatic validation of protocols using tools like ProVerif and internet security programs. Additionally, security features and performance analysis are compared to other schemes. The results show that the improved proposed protocol provides a higher level of security while ensuring computational and communication efficiency. It is also resistant to attacks such as mutual authentication, identity anonymity and untraceability, ensures data privacy, and provides perfect forward secrecy, among others.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Muhammad Shehzad Aslam,Ayesha Altaf,Faiza Iqbal,Natasha Nigar,Juan Castanedo Galán,Daniel Gavilanes Aray,Isabel de la Torre Díez,Imran Ashraf

DOI: https://doi.org/10.1371/journal.pone.0304774

IF: 3.7

2024-07-10

PLoS ONE

Abstract:The IoT (Internet of Things) has played a promising role in e-healthcare applications during the last decade. Medical sensors record a variety of data and transmit them over the IoT network to facilitate remote patient monitoring. When a patient visits a hospital he may need to connect or disconnect medical devices from the medical healthcare system frequently. Also, multiple entities (e.g., doctors, medical staff, etc.) need access to patient data and require distinct sets of patient data. As a result of the dynamic nature of medical devices, medical users require frequent access to data, which raises complex security concerns. Granting access to a whole set of data creates privacy issues. Also, each of these medical user need to grant access rights to a specific set of medical data, which is quite a tedious task. In order to provide role-based access to medical users, this study proposes a blockchain-based framework for authenticating multiple entities based on the trust domain to reduce the administrative burden. This study is further validated by simulation on the infura blockchain using solidity and Python. The results demonstrate that role-based authorization and multi-entities authentication have been implemented and the owner of medical data can control access rights at any time and grant medical users easy access to a set of data in a healthcare system. The system has minimal latency compared to existing blockchain systems that lack multi-entity authentication and role-based authorization.

Mahdi Nikooghadam,Haleh Amintoosi,Saru Kumari

DOI: https://doi.org/10.1007/s11277-021-08430-2

IF: 2.017

2021-04-03

Wireless Personal Communications

Abstract:The advent of smart and pervasive devices have paved the way for the development of Internet of Things in which, various smart devices collect information about the daily life of people and share it to the scientists and specialists. There are numerous applications in the domain of IoT such as smart healthcare systems in which, wearable devices collect health-related data from the users and transmit it for further processes. However, security challenges are a major concern in the success of smart healthcare applications. Specifically, to protect the security of communications among the wearable sensor devices and the gateways/servers, a secure and lightweight authentication scheme is needed. Recently, Li et al. proposed a lightweight authentication scheme for smart wearable systems (IEEE Internet Things J. 10.1109/JIOT.2020.2984618). Their protocol makes use of fuzzy extractor technique and lightweight operations such as bitwise XOR operations and cryptographic hash function. However, in this comment, we prove that Li et al.'s scheme is prone to the stolen wearable device attack and user impersonation attack. We also discuss the causes and provide some suggestions as the remedy.

telecommunications

Fengqi Li,Hui Xu,Qingqing Song,Lupeng Zhang,Xuefeng Du,Ning Tong,Deguang Wang

DOI: https://doi.org/10.1109/jiot.2023.3308725

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Although combining the Internet of Things (IoT) and industrial scenarios has brought about a technological revolution, it has also caused equipment security issues. Due to the characteristics of Industrial Internet of Things (IIoT) devices with a wide distribution, complex application scenarios, considerable differences in node performance, and device heterogeneity, spoofing attacks and third-party attacks are common. Identity authentication for IIoT devices can solve this dilemma. However, most existing authentication technologies involve a trade-off between traditional centralised certificate issuance and sacrificing device storage resources, resulting in lower efficiency of IIoT device authentication, and the process is complicated. Therefore, ensuring the security and trustworthiness of device identities in the IIoT is imminent. In this paper, we propose an IIoT device authentication scheme based on an editable blockchain, that can solve the problem of the device’s low energy while satisfying the useage needs of large-scale scenarios. In particular, we created a suite of secure, efficient, and innovative technical solutions for this protocol. Firstly, to solve the problem of the authentication difficulty between industrial devices, we propose a lightweight identity authentication protocol called BLMA. Moreover, we propose the vPBFT algorithm and introduce the online and offline signature algorithm to reduce communication overhead and resource consumption between devices. Finally, considering the top security and dynamics of the IIoT environment, we use the chameleon hash function to build a hash chain of authentication results. Extensive simulation and experimental results demonstrate the reliability of our protocol.

computer science, information systems,telecommunications,engineering, electrical & electronic

Wei Liu,Feng Zhao,Lewis Nkenyereye,Shalli Rani,Keqin Li,Jianhui Lv

DOI: https://doi.org/10.1109/JBHI.2024.3408215

2024-06-03

Abstract:The Internet of Medical Things (IoMT) has transformed traditional healthcare systems by enabling real-time monitoring, remote diagnostics, and data-driven treatment. However, security and privacy remain significant concerns for IoMT adoption due to the sensitive nature of medical data. Therefore, we propose an integrated framework leveraging blockchain and explainable artificial intelligence (XAI) to enable secure, intelligent, and transparent management of IoMT data. First, the traceability and tamper-proof of blockchain are used to realize the secure transaction of IoMT data, transforming the secure transaction of IoMT data into a two-stage Stackelberg game. The dual-chain architecture is used to ensure the security and privacy protection of the transaction. The main-chain manages regular IoMT data transactions, while the side-chain deals with data trading activities aimed at resale. Simultaneously, the perceptual hash technology is used to realize data rights confirmation, which maximally protects the rights and interests of each participant in the transaction. Subsequently, medical time-series data is modeled using bidirectional simple recurrent units to detect anomalies and cyberthreats accurately while overcoming vanishing gradients. Lastly, an adversarial sample generation method based on local interpretable model-agnostic explanations is provided to evaluate, secure, and improve the anomaly detection model, as well as to make it more explainable and resilient to possible adversarial attacks. Simulation results are provided to illustrate the high performance of the integrated secure data management framework leveraging blockchain and XAI, compared with the benchmarks.

Mutaz Elradi S. Saeed,Qun-Ying Liu,Guiyun Tian,Bin Gao,Fagen Li

DOI: https://doi.org/10.1109/jiot.2018.2876133

IF: 10.6

2018-01-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) is a new technology which offers enormous applications that make people's lives more convenient and enhances cities' development. In particular, smart healthcare applications in IoT have been receiving increasing attention for industrial and academic research. However, due to the sensitiveness of medical information, security and privacy issues in IoT healthcare systems are very important. Designing an efficient secure scheme with less computation time and energy consumption is a critical challenge in IoT healthcare systems. In this paper, a lightweight online/offline certificateless signature (L-OOCLS) is proposed, then a heterogeneous remote anonymous authentication protocol (HRAAP) is designed to enable remote wireless body area networks (WBANs) users to anonymously enjoy healthcare service based on the IoT applications. The proposed L-OOCLS scheme is proven secure in random oracle model and the proposed HRAAP can resist various types of attacks. Compared with the existing relevant schemes, the proposed HRAAP achieves less computation overhead as well as less power consumption on WBANs client. In addition, to nicely meet the application in the IoT, an application scenario is given.

Taher M. Ghazal,Mohammad Kamrul Hasan,Siti Norul Huda Abdallah,Khairul Azmi Abubakkar

DOI: https://doi.org/10.1145/3523283

2022-04-01

Abstract:The Internet of Medical Things (IoMT) is a definite IoT connecting atmosphere that contracts with communication via intelligent medical equipment. Activity detection, motion tracking, information extraction, consumer retrieval, etc., have all been solved due to advances in the autonomous study of human behavior from multimedia information processing. Though the IoT connecting atmosphere enables and provisions our daily actions, it too has certain disadvantages. IoTgrieves from numerous safety and confidentiality challenges, such as reiteration, impersonation, man-in-the-middle, remote hijacking, privileged-insider attack, denial of service (DoS) attacks, password guessing, and malware bouts. Hence, in this paper, Private Blockchain and Fuzzy Logic based Attack Detection system (PBFL-ADS) has been proposed for secure IoMT disease prediction using Multimedia Information Processing techniques. The proposed method utilizes Bayesian inference-based trust administration to perceived malevolent nodes in Health Smartphone Structures (HSS) for PBFL-ADS. This paper focuses on the specific form of IoMT called HSS because smartphones have been widely used in the healthcare profession. Then, blockchains have been utilized to improve Bayesian trust management's efficacy in detecting hostile nodes in HSSs. The effectiveness of the suggested technique has been assessed, and test results show that blockchain technology helps identify fraudulent nodes with an acceptable workload. The proposed PBFL-ADS method increases the HS2 scenario 1.1, processor utilization at nodes 33.5%, pattern recognition ratio 92.1%.and server utilization 40.1%.

computer science, artificial intelligence

Jiliang Li,Zhou Su,Deke Guo,Kim-Kwang Raymond Choo,Yusheng Ji

DOI: https://doi.org/10.1109/jiot.2021.3055827

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Designing efficient and secure mutual authentication and key agreement (MAAKA) protocols for Internet of Medical Things (IoMT) has been shown to be challenging, mainly due to the different security and privacy requirements in complex settings. Existing schemes generally are subject to a number of limitations, ranging from performance to security issues. In this article, we introduce a provably secure and lightweight MAAKA (PSL-MAAKA) protocol for fully public channels in IoMT. First, the proposed scheme is lightweight since the major operations in the stage of authentication and key agreement are hash operation and XOR operation, respectively. Second, this article proves the security of the presented protocol taking the advantage of the random oracle model. Next, this article gives that security requirements in IoMT could be satisfied through our presented MAAKA protocol. Finally, we demonstrate that it enjoys optimal performance than other competing schemes, in terms of communication overhead, computation overhead, and storage overhead.

Taewoong Kang,Naryun Woo,Jihyeon Ryu

DOI: https://doi.org/10.1109/access.2024.3373879

IF: 3.9

2024-03-12

IEEE Access

Abstract:In the rapidly evolving environment of wireless medical sensor networks (WMSN) and the internet of medical things (IoMT), remote medical support has seen unprecedented advancements. It is essential that the data relayed from the sensors must be trustworthy and unaltered, and that the sensors themselves are genuine. Wireless networks, however, have inherent vulnerabilities. In addition, since WMSN is directly linked to patients' lives, its continuous availability is crucial. Considerable efforts have been made to maintain the integrity and authenticity of such data. However, many studies have failed to address the problem of a single point of failure (SPOF). This issue has been particularly detrimental to patients who require ongoing management. To address this issue and ensure the protection of the authenticity and integrity of patient data, we suggest the implementation of an authentication scheme based on blockchain technology. In 2022, Yu et al. introduced a blockchain-integrated authentication and key generation scheme for WMSN using Physical Unclonable Functions (PUFs), effectively addressing the SPOF problem by conducting mutual authentication through smart contracts without relying on centralized servers. Our research found that this scheme inadvertently shared critical parameters, including challenge-response pairs and important private keys, with the blockchain network, making it vulnerable to various breaches. We present an enhanced protocol designed to mitigate these security challenges. By limiting the data interaction with smart contracts and ensuring only relevant parties access crucial parameters, our approach reduces the risk of public information disclosure on the blockchain. This not only mitigates the SPOF issue but also efficiently helps in prevention of physical attacks. We prove that our proposed system prevents known security vulnerabilities through informal and formal analysis using the Scyther, Proverif, and BAN logic. Furthermore, the proposed scheme offers 67.37% reduction in computation costs and 3.67% in communication costs, presenting an efficient and secure solution for WMSN in the IoMT landscape.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xiao Chen,BaoCheng Wang,Haibin Li

DOI: https://doi.org/10.1016/j.jisa.2024.103708

IF: 4.96

2024-01-25

Journal of Information Security and Applications

Abstract:The Internet of Medical Things (IoMT) has found widespread application in the healthcare system, leveraging the integration of wireless communication and cloud computing to revolutionize modern healthcare practices. This paradigm, however, poses security vulnerabilities since malicious actors might exploit the public channel to impersonate legitimate devices or services and steal sensitive data. Before transmitting sensitive information , it is critical to build authentication between wearable devices and servers. Despite various proposed solutions, present approaches suffer from constraints like as sensitivity to quantum attacks and high computation overhead, necessitating additional advancement. To address these challenges, this article presents a privacy-preserving multi-factor authentication scheme with post-quantum security to enhance the security of cloud-enable IoMT. The proposed scheme utilizes hash operations and error reconciliation technology to provide highly secure and flexible authentication suitable for the cloud environment. The scheme's security is provable under the Real-Or-Random (ROR) model, meeting common security requirements in wireless network. This article also presents a thorough comparison of our proposed scheme with state-of-the-art methods, showcasing a well-balanced trade-off between security and overhead.

computer science, information systems

Anu Raj,Shiva Prakash

DOI: https://doi.org/10.1007/s40009-023-01383-z

2024-02-20

National Academy Science Letters

Abstract:Nowadays, the demand for the Internet of Medical Things (IoMT) is likely to be driven by the need for real-time health monitoring to handle chronic diseases. Designing a distributed and reliable access control and user authentication scheme for IoMT involves multiple layers of security measures to ensure the integrity, confidentiality, as well as availability of sensitive patient data. However, the major problem with smart healthcare systems is data security and privacy. Blockchain can resolve these issues due to its immutability and transparency features. Most of the existing research enhances security and data privacy but they do not consider the overhead, delay, and scalability. The clustering-based proposed approach adopted the real-world issues of blockchain, i.e., delay, and scalability. It is an efficient access control approach that enables users to establish their desired access control policy to protect their private medical data. It uses a dual chain mechanism in which the access policies are stored in one chain, while the data transactions are stored in another chain. This approach addresses the challenge of access control resolution by enabling data owners to decide their desirable access policies. The experimental results show the efficiency of the proposed scheme in terms of processing time, computational time and its resilience against various security threats.

multidisciplinary sciences

Salem Aljanah,Ning Zhang,Siok Wah Tay

DOI: https://doi.org/10.1109/access.2022.3170844

IF: 3.9

2022-01-01

IEEE Access

Abstract:Existing authentication solutions proposed for Internet of Things (IoT) provide a single Level of Assurance (LoA) regardless of the sensitivity levels of the resources or interactions between IoT devices being protected. For effective (with adequate level of protection) and efficient (with as low overhead costs as possible) protections, it may be desirable to tailor the protection level in response to the sensitivity level of the resources, as a stronger protection level typically imposes a higher level of overhead costs. In this paper, we investigate how to facilitate multi-LoA authentication for IoT by proposing a multi-factor multi-level and interaction based (M2I) authentication framework. The framework implements LoA linked and interaction based authentication. Two interaction modes, P2P (Peer-to-Peer) and O2M (One-to-Many), are investigated via the design of two corresponding protocols. Evaluation results show that adopting the O2M interaction mode in authentication in the related use-case scenarios can cut communication cost significantly; compared with that of the Kerberos protocol, the O2M protocol reduces the communication cost by 42%~45%. The protocols are also more efficient. The P2P and O2M protocol, respectively, reduce the computational cost by 70%~72% and 81%~82%, in comparison with that of Kerberos. The evaluation results also show that the two-factor authentication option costs twice as much as that of the one-factor option.

Yan Zhang,Bing Li,Jiaxin Wu,Bo Liu,Rui Chen,Jinke Chang

DOI: https://doi.org/10.1109/jiot.2022.3176192

IF: 10.6

2022-11-15

IEEE Internet of Things Journal

Abstract:Industrial Internet of Things (IIoT) has emerged as a prospective technology that improves the productivity and automation level for industrial applications. Devices from cooperative IIoT domains will communicate and collaborate on the increasingly complicated manufacturing tasks. To secure cross-domain device collaborations, we propose combining the blockchain with multifactor authentication. Because the multifactor authentication conforms to IIoT devices’ operation modes and brings higher security levels, and the blockchain technology contributes to building trust among different domains. However, this combined usage still has limitations in terms of the potential loss of factor attack, the storage overhead on the blockchain, and the contradiction between efficiency and privacy preservation. Motivated by these facts, in this article, we develop a privacy-preserving blockchain-based multifactor device authentication protocol for cross-domain IIoT. Specifically, multiple factors are additionally encoded by the hardware fingerprint into random numbers, before being transformed into key materials. The blockchain only stores each domain’s dynamic accumulator, which accumulates derived key materials for devices, thereby reducing the overhead. Moreover, the on-chain accumulator is leveraged to efficiently verify the unlinkable identities of cross-domain IIoT devices. The security of our protocol is formally proved, and the security features and functionalities are, respectively, discussed. A proof-of-concept prototype was implemented to prove the efficiency and reliability. The comparison results indicate that the on-chain storage is greatly reduced. Finally, the smart contract’s performance was evaluated to show scalability.

computer science, information systems,telecommunications,engineering, electrical & electronic