Chenyu Wang,Ding Wang,Haowei Wang,Guoai Xu,Jing Sun,Huaxiong Wang

DOI: https://doi.org/10.1007/978-981-15-0758-8_8

2019-01-01

Abstract:With the exponential growth of interconnected devices, Internet of Things has played an indispensable part of our modern life. However, the constraint of the devices greatly limits the development of IoT and has become one of the major bottlenecks for the large-scale deployment of the devices. Cloud computing, as a technique for the analysis and storage of a large amount of heterogeneity data, is a key solution to this. However, the integrating of IoT and cloud computing also brings new security and privacy challenge. Therefore, an authentication mechanism must be provided to verify user’s identity and ensure the data be accessed without authorization. However, we found most of the authentication schemes for IoT do not truly integrate the cloud computing thus are not suitable for IoT. To improve this unsatisfactory condition, we depicted the architecture of the cloud-assisted IoT environment, and for the first time designed a new secure and privacy preserving user authentication scheme for cloud-assisted IoT environment. Furthermore, we compared the proposed scheme with several related schemes from security functions and performance, the result showed the superiority of our scheme.

Jun Zhou,Zhenfu Cao,Xiaolei Dong,Athanasios V. Vasilakos

DOI: https://doi.org/10.1109/mcom.2017.1600363cm

IF: 9.03

2017-01-01

IEEE Communications Magazine

Abstract:The Internet of Things is increasingly becoming a ubiquitous computing service, requiring huge volumes of data storage and processing. Unfortunately, due to the unique characteristics of resource constraints, self-organization, and short-range communication in IoT, it always resorts to the cloud for outsourced storage and computation, which has brought about a series of new challenging security and privacy threats. In this article, we introduce the architecture and unique security and privacy requirements for the next generation mobile technologies on cloud-based IoT, identify the inappropriateness of most existing work, and address the challenging issues of secure packet forwarding and efficient privacy preserving authentication by proposing new efficient privacy preserving data aggregation without public key homomorphic encryption. Finally, several interesting open problems are suggested with promising ideas to trigger more research efforts in this emerging area.

Yongkai Fan,Guanqun Zhao,Wenqian Shang,Jingtao Shang,Weiguo Lin,Zhen Wang

DOI: https://doi.org/10.1109/icccn49398.2020.9209646

2020-01-01

Abstract:The cloud computing, as a more distributed and more efficient paradigm with better performance, has played an important role in many fields. The cloud environment under the IoT has also assumed many roles such as the storage, the processor, the service provider and so on. However, the complex deployment and usage environment of the IoT brings new security risks to cloud computing. In response to this situation, this poster preliminarily designed a security scheme for the cloud environment of IoT. Based on the identity verification algorithms and blockchain technology, the credibility of data stored in the cloud can be ensured, while the security of data transmission from the cloud to data consumers is achieved.

Junhui Zhao,Huanhuan Hu,Fanwei Huang,Yingxuan Guo,Longxia Liao

DOI: https://doi.org/10.3390/electronics12081812

IF: 2.9

2023-04-12

Electronics

Abstract:This paper mainly summarizes three aspects of information security: Internet of Things (IoT) authentication technology, Internet of Vehicles (IoV) trust management, and IoV privacy protection. Firstly, in an industrial IoT environment, when a user wants to securely access data from IoT sensors in real-time, they may face network attacks due to the data being transmitted through an open channel. In order to solve this problem, we innovatively propose a user and device authentication model integrated with cloud computing, introduce an algorithm related to protocol design, and summarize the research direction of developing a more lightweight algorithm when designing security protocols in the future. Secondly, for mobile IoT applications, such as IoV, information collection and distribution is realized by establishing a network between vehicles and infrastructure. IoV will face security threats such as information insecurity and privacy disclosure. We introduce a typical trust management model for the IoV, which solves the problem of information unreliability by storing vehicle trust values. In the future, we are committed to making the process of computing node credibility using a trust model more robust. Finally, aiming at the privacy protection of the IoV, we propose a cross-domain anonymous authentication system model based on blockchain. The user's auxiliary authentication information is stored in the blockchain, and the auxiliary authentication information of any registered user can be obtained from the blockchain. The privacy protection of cross-domain authentication can be realized through anonymous authentication, which greatly saves the communication cost of cross-domain authentication. In the future, we will try to use deep learning or federated learning to integrate with blockchain for actual deployment.

engineering, electrical & electronic,computer science, information systems,physics, applied

Wei Wang,Peng Xu,Laurence Tianruo Yang

DOI: https://doi.org/10.1109/mcc.2018.111122026

2018-01-01

IEEE Cloud Computing

Abstract:The cloud-assisted Internet of Things (IoT) provides a promising solution to data booming problems for the ability constraints of individual objects. However, with the leverage of cloud, IoT faces new security challenges for data mutuality between two parties, which is introduced for the first time in this paper and not currently addressed by traditional approaches. We investigate a secure cloud-assisted IoT data managing method to protect data confidentiality when collecting, storing, and accessing IoT data while limiting to effects of IoT scalability. We further present numerical results to show that the method is practical.

DOI: https://doi.org/10.1186/s13638-023-02245-4

2023-04-28

EURASIP Journal on Wireless Communications and Networking

Abstract:With the continuous progress of the Internet of Things (IoT) technology, IoT devices have gradually penetrated all aspects of life. However, due to rapid data growth, IoT devices with limited memory resources cannot store massive data. Cloud computing is an Internet-centric network that can provide security services and data storage. The combination of IoT devices with cloud computing considerably promotes resource sharing, facilitates users' access to information at any time, and provides users with corresponding cloud computing services on time. Because the information transmitted through public channels is easily intercepted, tampered with, and eavesdropped on by malicious attackers. As a result, users' and servers' private information are disclosed. Numerous scholars have proposed different authentication protocols in this environment to protect the communications between users and servers. Amin et al. devised a smart card based authentication protocol. Unfortunately, Kang et al. demonstrated that their protocol was insecure. Huang et al. discovered Kang et al.'s improvement also has security flaws and then designed a protocol to enhance security. In this paper, we first show that Huang et al.'s protocol cannot resist privileged insider and temporary value disclosure attacks. Afterward, we propose an enhanced protocol based on their protocol. Finally, we use formal/informal security analysis to demonstrate the security of the improved protocol. The comparison results are indicated that our protocol has lower computational and communication costs under the same security level.

telecommunications,engineering, electrical & electronic

Chenyu Wang,Ding Wang,Yihe Duan,Xiaofeng Tao

DOI: https://doi.org/10.1109/TIFS.2023.3272772

2023-01-01

Abstract:Cloud-assisted Internet of Things (IoT) overcomes the resource-constrained nature of the traditional IoT and is developing rapidly in such fields as smart grids and intelligent transportation. In a cloud-assisted IoT system, users can remotely control the IoT devices and send specific instructions to them. If the users' identities are not verified, adversaries can pretend as legitimate users to send fake and malicious instructions to IoT devices, thereby compromising the security of the entire system. Thus, a sound authentication mechanism is indispensable to ensure security. At the same time, it should be noted that a gateway may connect to massive IoT devices with the exponential growth of interconnected devices in a cloud-assisted IoT system. The efficiency of authentication schemes is easily impacted by the computation capability of the gateway. Recently, several schemes have been designed for cloud-assisted IoT systems, but they have problems of one kind or another, making them not suitable for cloud-assisted IoT systems. In this paper, we take a typical scheme (proposed at IEEE TDSC 2020) as an example to identify the common weaknesses and challenges of designing a user authentication scheme for cloud-assisted IoT systems. In addition, we propose a new secure user authentication scheme with lightweight computation on gateways. The proposed scheme provides secure access between remote users and IoT devices with many ideal attributions, such as forward secrecy and multi-factor security. Meanwhile, the security of this scheme is proved under the random-oracle model, heuristic analysis, the ProVerif tool, and BAN logic. Compared with ten state-of-the-art schemes in security and performance, the proposed scheme achieves all the listed twelve security requirements with minimum computation and storage costs on gateways.

Hsiao-Ling Wu,Chin-Chen Chang,Yao-Zhu Zheng,Long-Sheng Chen,Chih-Cheng Chen

DOI: https://doi.org/10.3390/s20195604

IF: 3.9

2020-09-30

Sensors

Abstract:The Internet of Things (IoT) is currently the most popular field in communication and information techniques. However, designing a secure and reliable authentication scheme for IoT-based architectures is still a challenge. In 2019, Zhou et al. showed that schemes pro-posed by Amin et al. and Maitra et al. are vulnerable to off-line guessing attacks, user tracking attacks, etc. On this basis, a lightweight authentication scheme based on IoT is proposed, and an authentication scheme based on IoT is proposed, which can resist various types of attacks and realize key security features such as user audit, mutual authentication, and session security. However, we found weaknesses in the scheme upon evaluation. Hence, we proposed an enhanced scheme based on their mechanism, thus achieving the security requirements and resisting well-known attacks.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Hongwei Luo,Chao Wang,Hao Luo,Fan Zhang,Feng Lin,Guoai Xu

DOI: https://doi.org/10.1109/JIOT.2021.3050710

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Internet-of-Things (IoT) devices are widely deployed nowadays. A large number of smart home IoT devices are hosted on a cloud server for easy management. Users can use their accounts to initiate operations and management on IoT devices through a cloud server, such as updating firmware and configuring devices. However, the cloud account may be hacked resulting in adversarial attacks to the hosted I...

Xiaofeng Wu,Fangyuan Ren,Yiming Li,Zhenwei Chen,Xiaoling Tao

DOI: https://doi.org/10.1155/2021/9921036

2021-01-01

Wireless Communications and Mobile Computing

Abstract:With the rapid development of the Internet of Things (IoT) technology, it has been widely used in various fields. IoT device as an information collection unit can be built into an information management system with an information processing and storage unit composed of multiple servers. However, a large amount of sensitive data contained in IoT devices is transmitted in the system under the actual wireless network environment will cause a series of security issues and will become inefficient in the scenario where a large number of devices are concurrently accessed. If each device is individually authenticated, the authentication overhead is huge, and the network burden is excessive. Aiming at these problems, we propose a protocol that is efficient authentication for Internet of Things devices in information management systems. In the proposed scheme, aggregated certificateless signcryption is used to complete mutual authentication and encrypted transmission of data, and a cloud server is introduced to ensure service continuity and stability. This scheme is suitable for scenarios where large-scale IoT terminal devices are simultaneously connected to the information management system. It not only reduces the authentication overhead but also ensures the user privacy and data integrity. Through the experimental results and security analysis, it is indicated that the proposed scheme is suitable for information management systems.

Lu Zhou,Xiong Li,Kuo-Hui Yeh,Chunhua Su,Wayne Chiu

DOI: https://doi.org/10.1016/j.future.2018.08.038

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:Recently, authentication technologies integrated with the Internet of Things (IoT) and cloud computing have been promptly investigated for secure data retrieval and robust access control on large-scale IoT networks. However, it does not have a best practice for simultaneously deploying IoT and cloud computing with robust security. In this study, we present a novel authentication scheme for IoT-based architectures combined with cloud servers. To pursue the best efficiency, lightweight crypto-modules, such as one-way hash function and exclusive-or operation, are adopted in our authentication scheme. It not only removes the computation burden but also makes our proposed scheme suitable for resource-limited objects, such as sensors or IoT devices. Through the formal verification delivered by Proverif, the security robustness of the proposed authentication scheme is guaranteed. Furthermore, the performance evaluation presents the practicability of our proposed scheme in which a user-acceptable computation cost is achieved.

Dongfeng Fang,Yi Qian,Rose Qingyang Hu

DOI: https://doi.org/10.1109/jiot.2020.2970974

IF: 10.6

2020-04-01

IEEE Internet of Things Journal

Abstract:Internet-of-Things (IoT) applications have been rapidly deployed into pervasive environment, where both challenges and opportunities abound. On the one hand, a large number of IoT devices and their rich functions contribute significant volumes of data, which has brought tremendous convenience to the daily lives of end users. On the other hand, the heterogeneous IoT devices and a large amount of private information transmitted through networks also bring serious security and privacy issues. It is a big challenge to model IoT systems and trust relationships between different entities with a large number of heterogeneous IoT devices. In this article, we study a general IoT system architecture with consideration of heterogeneous IoT devices. Different trust models are proposed and analyzed based on the trust relationships between different entities in the IoT system. We propose a flexible and efficient authentication scheme with a consideration of heterogeneous IoT devices based on the least trust-required model. The proposed scheme provides security and privacy to resource-limited IoT devices flexibly and efficiently by utilizing IoT devices with better storage and computational ability. Moreover, secure data transmission is presented with contextual privacy and data integrity services. The proposed scheme achieves not only the mutual authentication, initial session key agreement, and data integrity but also anonymity, contextual privacy, forward security, end-to-end security, and key escrow resilience. Security analysis is presented to provide verification of the proposed protocol and security objectives. Moreover, performance evaluation is presented with comparison to the other schemes in terms of security features, computational overhead, and communication overhead. The performance comparisons show that our proposed scheme provides flexible and efficient security by consideration of heterogeneous IoT devices. With the higher proportion of resource-limited IoT devic-s, our proposed scheme outperforms other similar schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

R. Venkatesan,Maya P. Shelke,L. Sharmila,R. Aishwarya,G. Umadevi,M. V. Ishwarya

DOI: https://doi.org/10.1007/s11277-024-11231-y

IF: 2.017

2024-05-30

Wireless Personal Communications

Abstract:IoT is one of the most promising frontier technologies for the future, according to recent academic studies and industry circles. IoT security, on the other hand, has obvious flaws for which there is currently no viable fix. As new technologies emerge, cloud robotics' potential uses continue to grow. IoT security flaws and threats are consequently constantly being discovered. IoT gadgets normally convey information across different wired and remote organizations. IoT security issues have grown to be a big problem that needs to be fixed if these technologies are to advance. A chain of functional robotics devices (RD) makes use of an Authentication Based Remote Device System to maintain a distributed key whose data records cannot be altered or falsified. Biometrics techniques use the body of a person as a key; therefore, it is unnecessary to purchase a passport, smart card, ID card, or key. Each body part has a unique identity to achieve personal identification. However, biometrics requires numerous data to be stored for a person, and these types of systems are not always reliable because humans change over time. In the meantime, cloud robotics and the Internet of Things naturally share a number of distinct capabilities. The highlight point network is what the Personality Based Distant Gadget Validation technique utilizes. IoT applications can use cloud technologies appropriately to achieve various network security features like device privacy protection, information authentication, access control, and data encryption due to similarities between the two.

telecommunications

HE Ming,CHEN Guo-hua,LIANG Wen-hui,LAI Hai-guang,LING Chen

DOI: https://doi.org/10.3969/j.issn.1002-137x.2012.05.013

2012-01-01

Computer Science

Abstract:The Internet of Things implements information intelligence relying on the powerful data processing capability of cloud computing.However,it is not worthy of user trust that cloud computing manages data and services.According to cloud data security issues in the environment of the IoT,the cloud data storage security and privacy policies were raised,in order to ensure the accuracy and privacy of user data in the cloud.The experimental results show that the program is effective and flexible,and can resist the Byzantine failure,malicious modification of data,and even server collusion attack.

Junhui Zhao,Fanwei Huang,Huanhuan Hu,Longxia Liao,Dongming Wang,Lisheng Fan

DOI: https://doi.org/10.1016/j.adhoc.2024.103427

IF: 4.816

2024-01-31

Ad Hoc Networks

Abstract:5G technology has been applied and popularized, leading to the widespread usage of the Internet of Things (IoT) in various areas such as intelligent transportation, home security, fire protection, industrial monitoring, healthcare, and data collection intelligence. Data sharing is one of the key factors for successful application in these fields. However, real-time data sharing through open channels may result in transmitted messages being illegally accessed by attackers, leading to privacy breaches. At present, most existing authentication schemes focus on single gateway authentication models. In order to overcome issues such as elevated communication overhead, reduced network performance, and inefficient cross-domain access in the single gateway model with larger network sizes, we introduce a multi-gateway lightweight authentication scheme as a solution. Firstly, our scheme is based on a three-factor authentication scheme of Chebyshev chaotic mapping, hash function, and XOR operation. This scheme achieves secure authentication between sensor nodes and users, establishes session keys, and also supports user key updates. Secondly, through security analysis, we demonstrate that the proposed scheme resists internal disguise attacks, sensor capture attacks, temporary secret leakage attacks, and achieves forward security of session keys. We additionally provide a demonstration of the semantic security of session keys by utilizing a Random Oracle Model (ROM). Finally, compared to other schemes, the results show that our proposed scheme has lower communication overhead and computational resource requirements, and is more in line with the requirements of lightweight device security authentication in the IoT.

computer science, information systems,telecommunications

Aniruddha Bhattacharjya,Xiaofeng Zhong,Jing Wang,Xing Li

DOI: https://doi.org/10.1007/978-3-319-92564-6_7

2018-01-01

Abstract:The Internet of Things (IoT) signifies the interconnection of exceedingly heterogeneous networked entities, for instance, sensors, actuators, smart phones, etc. In accord with concrete functions, the network structure of the IoT is divided into three hierarchies: the bottom hierarchy is the sensing equipment for information acquisition; the middle hierarchy is the network for data transmission, whereas the top hierarchy is intended for applications and middleware. The uniqueness of the IoT proclaims new challenges to security requirements, dissimilar from previous technology trends. Moreover, to guarantee resilience, fail-over and recovery mechanisms must be provided to uphold operations under failure or attacks, and to return to normal operations (failure/attack mitigation). To uphold the end-to-end method, the gateway requirements to endure invisible to the communicating endpoints. The Constrained …

Amar Alsheavi,Ammar Hawbani,Wajdy Othman,XINGFU WANG,Gamil Qaid,Liang Zhao,Ahmed Al-Dubai,Liu Zhi,A.S. Ismail,Rutvij Jhaveri,Saeed Alsamhi,Mohammed A. A. Al-qaness

DOI: https://doi.org/10.1145/3703444

IF: 16.6

2024-01-01

ACM Computing Surveys

Abstract:In the ever-evolving information technology landscape, the Internet of Things (IoT) is a groundbreaking concept that bridges the physical and digital worlds. It is the backbone of an increasingly sophisticated interactive environment, yet it is a subject of intricate security challenges spawned by its multifaceted manifestations. Central to securing IoT infrastructures is the crucial aspect of authentication, necessitating a comprehensive examination of its nuances, including benefits, challenges, opportunities, trends, and societal implications. In this paper, we thoroughly review the IoT authentication protocols, addressing the main challenges such as privacy protection, scalability, and human factors that may impact security. Through exacting analysis, we evaluate the strengths and weaknesses of existing authentication protocols and conduct a comparative performance analysis to evaluate their effectiveness and scalability in securing IoT environments and devices. At the end of this study, we summarize the main findings and suggest ways to improve the security of IoT devices in the future.

Fei Chen,Duming Luo,Tao Xiang,Ping Chen,Junfeng Fan,Hong-Linh Truong

DOI: https://doi.org/10.1145/3447625

IF: 16.6

2022-01-01

ACM Computing Surveys

Abstract:Recent years have seen the rapid development and integration of the Internet of Things (IoT) and cloud computing. The market is providing various consumer-oriented smart IoT devices; the mainstream cloud service providers are building their software stacks to support IoT services. With this emerging trend even growing, the security of such smart IoT cloud systems has drawn much research attention in recent years. To better understand the emerging consumer-oriented smart IoT cloud systems for practical engineers and new researchers, this article presents a review of the most recent research efforts on existing, real, already deployed consumer-oriented IoT cloud applications in the past five years using typical case studies. Specifically, we first present a general model for the IoT cloud ecosystem. Then, using the model, we review and summarize recent, representative research works on emerging smart IoT cloud system security using 10 detailed case studies, with the aim that the case studies together provide insights into the insecurity of current emerging IoT cloud systems. We further present a systematic approach to conduct a security analysis for IoT cloud systems. Based on the proposed security analysis approach, we review and suggest potential security risk mitigation methods to protect IoT cloud systems. We also discuss future research challenges for the IoT cloud security area.

Yicheng Yu,Liang Hu,Jianfeng Chu

DOI: https://doi.org/10.3390/sym12010150

2020-01-01

Symmetry

Abstract:The integration of Internet of things (IoT) and cloud computing technology has made our life more convenient in recent years. Cooperating with cloud computing, Internet of things can provide more efficient and practical services. People can accept IoT services via cloud servers anytime and anywhere in the IoT-based cloud computing environment. However, plenty of possible network attacks threaten the security of users and cloud servers. To implement effective access control and secure communication in the IoT-based cloud computing environment, identity authentication is essential. In 2016, He et al. put forward an anonymous authentication scheme, which is based on asymmetric cryptography. It is claimed that their scheme is capable of withstanding all kinds of known attacks and has good performance. However, their scheme has serious security weaknesses according to our cryptanalysis. The scheme is vulnerable to insider attack and DoS attack. For overcoming these weaknesses, we present an improved authentication and key agreement scheme for IoT-based cloud computing environment. The automated security verification (ProVerif), BAN-logic verification, and informal security analysis were performed. The results show that our proposed scheme is secure and can effectively resist all kinds of known attacks. Furthermore, compared with the original scheme in terms of security features and performance, our proposed scheme is feasible.

Feifei Wang,Guosheng Xu,Guoai Xu,Yuejie Wang,Junhao Peng

DOI: https://doi.org/10.1155/2020/3805058

2020-01-01

Abstract:With the development of Internet of Things (IoT) technologies, Internet-enabled devices have been widely used in our daily lives. As a new service paradigm, cloud computing aims at solving the resource-constrained problem of Internet-enabled devices. It is playing an increasingly important role in resource sharing. Due to the complexity and openness of wireless networks, the authentication protocol is crucial for secure communication and user privacy protection. In this paper, we discuss the limitations of a recently introduced IoT-based authentication scheme for cloud computing. Furthermore, we present an enhanced three-factor authentication scheme using chaotic maps. The session key is established based on Chebyshev chaotic-based Diffie-Hellman key exchange. In addition, the session key involves a long-term secret. It ensures that our scheme is secure against all the possible session key exposure attacks. Besides, our scheme can effectively update user password locally. Burrows-Abadi-Needham logic proof confirms that our scheme provides mutual authentication and session key agreement. The formal analysis under random oracle model proves the semantic security of our scheme. The informal analysis shows that our scheme is immune to diverse attacks and has desired features such as three-factor secrecy. Finally, the performance comparisons demonstrate that our scheme provides optimal security features with an acceptable computation and communication overheads.