Liang Kou,Yiqi Shi,Liguo Zhang,Duo Liu,Qing Yang

DOI: https://doi.org/10.32604/cmc.2019.03760

2019-01-01

Abstract:With the development of computer hardware technology and network technology, the Internet of Things as the extension and expansion of traditional computing network has played an increasingly important role in all professions and trades and has had a tremendous impact on people lifestyle. The information perception of the Internet of Things plays a key role as a link between the computer world and the real world. However, there are potential security threats in the Perceptual Layer Network applied for information perception because Perceptual Layer Network consists of a large number of sensor nodes with weak computing power, limited power supply, and open communication links. We proposed a novel lightweight authentication protocol based on password, smart card and biometric identification that achieves mutual authentication among User, GWN and sensor node. Biometric identification can increase the non-repudiation feature that increases security. After security analysis and logical proof, the proposed protocol is proven to have a higher reliability and practicality.

Ziyi Su,Shiwei Wang,Hongliu Cai,Jiaxuan Huang,Yourong Chen,Xudong Zhang,Muhammad Alam

DOI: https://doi.org/10.3390/electronics13183735

IF: 2.9

2024-09-21

Electronics

Abstract:Current authentication schemes based on zero-knowledge proof (ZKP) still face issues such as high computation costs, low efficiency, and security assurance difficulty. Therefore, we propose a secure and efficient authentication scheme (SEAS) for large-scale IoT devices based on ZKP. In the initialization phase, the trusted authority creates prerequisites for device traceability and system security. Then, we propose a new registration method to ensure device anonymity. In the identity tracing and revocation phase, we revoke the real identity of abnormal devices by decrypting and updating group public keys, avoiding their access and reducing revocation costs. In the authentication phase, we check the arithmetic relationship between blind certificates, proofs, and other random data. We propose a new anonymous batch authentication method to effectively reduce computation costs, enhance authentication efficiency, and guarantee device authentication security. Security analysis and experimental results show that an SEAS can ensure security and effectively reduce verification time and energy costs. Its security and performance exceed existing schemes.

engineering, electrical & electronic,computer science, information systems,physics, applied

Hanguang Luo,Tao Zou,Chunming Wu,Dan Li,Shunbin Li,Chu

DOI: https://doi.org/10.32604/cmc.2022.027118

2022-01-01

Abstract:In the emerging Industrial Internet of Things (IIoT), authentication problems have become an urgent issue for massive resource-constrained devices because traditional costly security mechanisms are not suitable for them. The security protocol designed for resource-constrained systems should not only be secure but also efficient in terms of usage of energy, storage, and processing. Although recently many lightweight schemes have been proposed, to the best of our knowledge, they are unable to address the problem of privacy preservation with the resistance of Denial of Service (DoS) attacks in a practical way. In this paper, we propose a lightweight authentication protocol based on the Physically Unclonable Function (PUF) to overcome the limitations of existing schemes. The protocol provides an ingenious authentication and synchronization mechanism to solve the contradictions amount forward secrecy, DoS attacks, and resource-constrained. The performance analysis and comparison show that the proposed scheme can better improve the authentication security and efficiency for resource-constrained systems in IIoT.

Jianhong Zhang,Wenle Bai,Yuehai Wang

DOI: https://doi.org/10.1109/access.2019.2899828

IF: 3.9

2019-01-01

IEEE Access

Abstract:The Internet of Things (IoT) is the internetworking of terminal physical devices depends on application programming interfaces and sensors to be connected to the Internet for collecting and exchanging data. According to the characteristics of IoT, it can provide rich services for the terminal user. However, the centralized cloud computing-based storage architecture in IoT faces many challenges, such as data security, identity privacy, and high latency. To overcome these challenges, this paper introduces an IoT network storage architecture based on mobile edge computing, which not only achieves low-latency message response and computation offloading of the terminal user but also preserves identity-privacy of the terminal user. Afterward, we presented a novel non-interactive pairing-free ID-based proxy re-signature scheme (ID-PRS), which is a kernel technique to construct the aforementioned storage architecture. Compared with most of proxy re-signature schemes constructed based on traditional public-key-infrastructure, the proposed scheme avoids expensive pairing operation and intricate certificate-maintenance. And it is demonstrated to be provably secure under the classic security assumptions: integer factoring problem and the RSA assumption. Finally, in contrast to the other two ID-PRS schemes, the proposed ID-PRS scheme has more advantages in terms of security, functionability, and computation costs. Thus, it is very suitable to be applied to the resource-constrained mobile users.

Guanglu Wei,Kai Fan,Kuan Zhang,Haoyang Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/jiot.2023.3323275

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:In recent years, the Internet of Things (IoT) has gained immense popularity in various aspects of work, learning, and daily life. Within the Internet of Things realm, there is a growing concern regarding communication security issues between users and servers. However, addressing the communication security between servers is equally imperative, which has not received as much attention. To this end, we propose a certificateless anonymous authenticated key agreement (AKA) algorithm based on Learning with Errors (LWE) and Inhomogeneous Small Integer Solution (ISIS) security assumptions. Our scheme provides strong resistance to quantum attacks and protects the privacy of communication servers. It also has constant communication costs and lower computational requirements than existing lattice-based anonymous AKA algorithms on the broadcast channel. Additionally, the proposed scheme eliminates the resource consumption of managing complex certificates and addresses the security risks associated with key escrow in the key generation center (KGC). Through security and performance analysis, we demonstrate that our approach can enhance the security of IoT-based healthcare systems while significantly improving communication efficiency. Our proposed scheme provides a promising solution to security issues related to server communication in IoT systems.

computer science, information systems,telecommunications,engineering, electrical & electronic

Fenhua Bai,Zikang Wang,Kai Zeng,Chi Zhang,Tao Shen,Xiaohui Zhang,Bei Gong

DOI: https://doi.org/10.1016/j.cose.2024.104136

IF: 5.105

2024-09-29

Computers & Security

Abstract:With the widespread adoption of Internet of Things (IoT) devices, remote attestation is crucial for ensuring their security. However, current schemes that require a central verifier or interactive approaches are expensive and inefficient for collaborative autonomous systems. Furthermore, the security of the software state cannot be guaranteed before or between successive attestations, leaving devices vulnerable to Time-Of-Check-Time-Of-Use (TOCTOU) attacks, as well as confidentiality issues arising from pre-sharing software information with the verifier. Therefore, we propose the Secure mutual Attestation against TOCTOU Zero-Knowledge proof based for IoT devices (ZKSA), which allows devices to mutually attest without a central verifier, and the attestation result is transparent while preserving confidentiality. We implement a ZKSA prototype on a Raspberry Pi 3B, demonstrating its feasibility and security. Even if malware is removed before the next attestation, it will be detected and the detection time is typically constant. Simulations show that compared to other schemes for mutual attestation, such as DIAT and CFRV, ZKSA exhibits scalability. When the prover attests to numerous verifier devices, ZKSA reduces the verification time from linear to constant.

computer science, information systems

Jianhua Li,Jiong Jin,Lingjuan Lyu,Dong Yuan,Yingying Yang,Longxiang Gao,Chao Shen

DOI: https://doi.org/10.48550/arXiv.2011.06325

2020-11-12

Abstract:Numerous resource-limited smart objects (SOs) such as sensors and actuators have been widely deployed in smart environments, opening new attack surfaces to intruders. The severe security flaw discourages the adoption of the Internet of things in smart living. In this paper, we leverage fog computing and microservice to push certificate authority (CA) functions to the proximity of data sources. Through which, we can minimize attack surfaces and authentication latency, and result in a fast and scalable scheme in authenticating a large volume of resource-limited devices. Then, we design lightweight protocols to implement the scheme, where both a high level of security and low computation workloads on SO (no bilinear pairing requirement on the client-side) is accomplished. Evaluations demonstrate the efficiency and effectiveness of our scheme in handling authentication and registration for a large number of nodes, meanwhile protecting them against various threats to smart living. Finally, we showcase the success of computing intelligence movement towards data sources in handling complicated services.

Cryptography and Security,Networking and Internet Architecture

Kui Ma,Yanwei Zhou,Ying Wang,Chunsheng Dong,Zhe Xia,Bo Yang,Mingwu Zhang

DOI: https://doi.org/10.1109/jsyst.2023.3269597

IF: 4.802

2023-01-01

IEEE Systems Journal

Abstract:The Internet of Things (IoT) is helpful in making people's life more convenient and efficient. To ensure that the nodes within IoT can interact securely, a certificateless signature (CLS) can be used to protect message authentication in the IoT. Recently, some concrete constructions of CLS schemes have been proposed in the literature, but through our analyses, we demonstrate that some existing CLS schemes cannot keep their claimed security because of various security flaws. For example, a valid signature can be forged by any Type I adversary by replacing the corresponding user's public key. In this article, we describe the security flaws that need to be addressed and introduce a novel CLS scheme without using bilinear mapping. The existential unforgeability in our proposed scheme can be proved based on the hardness of the elliptic curve discrete logarithm problem in the random oracle model. The comparison with existing CLS schemes shows that our scheme not only enjoys more security features but also is more efficient in computation. Moreover, we introduce an identity authentication protocol as the application of our proposed CLS scheme, which achieves mutual authentication and anonymity in communications.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Yang Zhang,Yu Tang,Chaoyang Li,Hua Zhang,Haseeb Ahmad

DOI: https://doi.org/10.3390/s24134188

IF: 3.9

2024-06-28

Sensors

Abstract:The Internet of Things (IoT) plays an essential role in people's daily lives, such as healthcare, home, traffic, industry, and so on. With the increase in IoT devices, there emerge many security issues of data loss, privacy leakage, and information temper in IoT network applications. Even with the development of quantum computing, most current information systems are weak to quantum attacks with traditional cryptographic algorithms. This paper first establishes a general security model for these IoT network applications, which comprises the blockchain and a post-quantum secure identity-based signature (PQ-IDS) scheme. This model divides these IoT networks into three layers: perceptual, network, and application, which can protect data security and user privacy in the whole data-sharing process. The proposed PQ-IDS scheme is based on lattice cryptography. Bimodal Gaussian distribution and the discrete Gaussian sample algorithm are applied to construct the fundamental difficulty problem of lattice assumption. This assumption can help resist the quantum attack for information exchange among IoT devices. Meanwhile, the signature mechanism with IoT devices' identity can guarantee non-repudiation of information signatures. Then, the security proof shows that the proposed PQ-IDS can obtain the security properties of unforgeability, non-repudiation, and non-transferability. The efficiency comparisons and performance evaluations show that the proposed PQ-IDS has good efficiency and practice in IoT network applications.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Pengbo Xu,Huici Wu,Xiaofeng Tao,Chenyu Wang,Dajiang Chen,Guoshun Nan

DOI: https://doi.org/10.1109/jiot.2024.3353807

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) is one of the most representative application scenarios in the 5G and 6G era. The concurrent access of massive IoT devices definitely poses enormous communication, computation, and certificate management challenges to the wireless authentication. Moreover, the emergence of quantum computing makes classical cryptography-based authentication protocols, such as 5G-AKA, more easier to be broken. Facing the challenges posed by the massive concurrent authentication and quantum attacks, this paper proposes a lattice cryptography based group authentication scheme, where lattice-based aggregate signature algorithm and identity-based encryption (IBE) are leveraged to achieve simultaneous authentication of concurrent accessed devices. The proposed authentication scheme eliminates the process of public key certificate management, greatly reducing the storage overhead of core network. Moreover, the utilization of lattice cryptography enables the resistance of quantum attacks. The proposed solution does not rely on additional security assumptions such as security channel or trusted group center, making it more flexible to be deployed in actual network scenario. Finally, formal security analysis of the proposed protocol is provided with the tool ProVerif. It is demonstrated that the proposed protocol can satisfy the goals of identity privacy, authentication, data confidentiality and forward secrecy. In addition, compared with existing advanced solutions, the outperformance of the proposed scheme in terms of computation overhead, signaling overhead, communication overhead, and security properties is validated with simulations.

computer science, information systems,telecommunications,engineering, electrical & electronic

Bo Zhang,Tao Zhang,Zesheng Xi,Ping Chen,Jin Wei,Yu Liu

DOI: https://doi.org/10.3390/electronics13050984

IF: 2.9

2024-03-06

Electronics

Abstract:With the rapid development of the Internet of Things (IoT), ensuring secure communication between devices has become a crucial challenge. This paper proposes a novel secure communication solution by extracting wireless channel state information (CSI) features from IoT devices to generate a device identity. Due to the instability of the wireless channel, the CSI features are fuzzy and time-varying; thus, we a employ locally sensitive hashing (LSH) algorithm to ensure the stability of the generated identity in a dynamically changing wireless channel environment. Furthermore, zero-knowledge proofs are utilized to guarantee the authenticity and effectiveness of the generated identity. Finally, the identity generated using the aforementioned approach is integrated into an IBE communication scheme, which involves the fuzzy extraction of channel state information from IoT devices, stable identity extraction for fuzzy IoT devices using LSH, and the use of zero-knowledge proofs to ensure the authenticity of the generated identity. This identity is then employed as the identity information in identity-based encryption (IBE), constructing the device's public key for achieving confidential communication between devices.

engineering, electrical & electronic,computer science, information systems,physics, applied

Hsiao-Ling Wu,Chin-Chen Chang,Yao-Zhu Zheng,Long-Sheng Chen,Chih-Cheng Chen

DOI: https://doi.org/10.3390/s20195604

IF: 3.9

2020-09-30

Sensors

Abstract:The Internet of Things (IoT) is currently the most popular field in communication and information techniques. However, designing a secure and reliable authentication scheme for IoT-based architectures is still a challenge. In 2019, Zhou et al. showed that schemes pro-posed by Amin et al. and Maitra et al. are vulnerable to off-line guessing attacks, user tracking attacks, etc. On this basis, a lightweight authentication scheme based on IoT is proposed, and an authentication scheme based on IoT is proposed, which can resist various types of attacks and realize key security features such as user audit, mutual authentication, and session security. However, we found weaknesses in the scheme upon evaluation. Hence, we proposed an enhanced scheme based on their mechanism, thus achieving the security requirements and resisting well-known attacks.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Shehzad Ashraf Chaudhry,Khalid Yahya,Fadi Al-Turjman,Ming-Hour Yang

DOI: https://doi.org/10.1109/access.2020.3012121

IF: 3.9

2020-01-01

IEEE Access

Abstract:Among other security concerns, the reliable device to device direct communication is an important research aspect in sensor cloud system application of Internet of things (IoT). The access control mechanism can ensure the reliability through secure communication among two IoT devices without mediation of intermediate agent. Mainly, it requires twofold strategy involving the authentication of each other and session key establishment. Quite recently, in 2019, Das et al. proposed a certificate based lightweight access control and key agreement scheme for IoT devices (LACKA-IoT) to ensure smooth and secure access control and claimed LACKA-IoT to withstand the several attacks. Specifically, it is claimed that LACKA-IoT can resist device impersonation and man in middle attacks. However, the proof in this article refutes their claim and it is shown here, that LACKA-IoT is insecure against both device impersonation and man in middle attacks. An adversary just by using public parameters and by listening the communication channel can impersonate any device. Moreover, the same can also launch successful man in middle attack using public parameters and listened messages from public channel. An improved protocol iLACKA-IoT is then proposed in the paper. The iLACKA-IoT provides resistance against various types of threats and provides the required level of security, for evidence both formal validation through random or real (ROR) model as well as the informal validation through discussion on attack resilience is provided. The iLACKA-IoT is not only better in security but also provides performance efficiency as compared with LACKA-IoT and related schemes.

Zhang, Kuan,Wang, Haoyang,Wang, Yirui,Yang, Kan

DOI: https://doi.org/10.1007/s12083-024-01676-0

IF: 3.488

2024-04-18

Peer-to-Peer Networking and Applications

Abstract:The authenticated key agreement (AKA) method used in the Internet of Things (IoT) provides identity authentication and agreed symmetric keys to encrypt large amounts of communication messages for devices and servers. With the rapid development of quantum computers and quantum algorithms, classical cryptographic algorithms become vulnerable to attacks by adversaries, leading to significant risks in IoT communication systems. Numerous lattice-based authentication key agreement (AKA) schemes have emerged to fortify communication systems against quantum attacks. However, due to the large size of the lattice cryptography public key, an excessive number of communication rounds can cause significant time delays. Meanwhile, many current lattice-based AKA schemes rely on weak security models like BR, CK, and ROR. These models can only capture partial adversary attacks. To this end, we propose a lower communication rounds lattice-based anonymous authenticated key agreement (LA-AKA) protocol under the seCK model. This protocol aims to achieve lower communication rounds under the robust security model, ensuring heightened security and efficiency within IoT communication systems.

computer science, information systems,telecommunications

Dongfeng Fang,Yi Qian,Rose Qingyang Hu

DOI: https://doi.org/10.1109/jiot.2020.2970974

IF: 10.6

2020-04-01

IEEE Internet of Things Journal

Abstract:Internet-of-Things (IoT) applications have been rapidly deployed into pervasive environment, where both challenges and opportunities abound. On the one hand, a large number of IoT devices and their rich functions contribute significant volumes of data, which has brought tremendous convenience to the daily lives of end users. On the other hand, the heterogeneous IoT devices and a large amount of private information transmitted through networks also bring serious security and privacy issues. It is a big challenge to model IoT systems and trust relationships between different entities with a large number of heterogeneous IoT devices. In this article, we study a general IoT system architecture with consideration of heterogeneous IoT devices. Different trust models are proposed and analyzed based on the trust relationships between different entities in the IoT system. We propose a flexible and efficient authentication scheme with a consideration of heterogeneous IoT devices based on the least trust-required model. The proposed scheme provides security and privacy to resource-limited IoT devices flexibly and efficiently by utilizing IoT devices with better storage and computational ability. Moreover, secure data transmission is presented with contextual privacy and data integrity services. The proposed scheme achieves not only the mutual authentication, initial session key agreement, and data integrity but also anonymity, contextual privacy, forward security, end-to-end security, and key escrow resilience. Security analysis is presented to provide verification of the proposed protocol and security objectives. Moreover, performance evaluation is presented with comparison to the other schemes in terms of security features, computational overhead, and communication overhead. The performance comparisons show that our proposed scheme provides flexible and efficient security by consideration of heterogeneous IoT devices. With the higher proportion of resource-limited IoT devic-s, our proposed scheme outperforms other similar schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Min Guo,Dongjuan Ma,Feng Jing,Huiping Zheng,Xiaojie Liu,Penghui Liu,Yun Ju

DOI: https://doi.org/10.3233/jcm-226750

2023-05-13

Journal of Computational Methods in Sciences and Engineering

Abstract:In order to study the standard security access authentication mechanism of intelligent sensing terminals of massive power Internet of Things, In order to study the standard secure access authentication mechanism of intelligent sensing terminal of massive power Internet of Things, a new privacy protection method widely used in block chain is proposed to prove identity. The traditional power IoT cloud-side interaction security access MQTT protocol still has a lot of room for adaptation and optimization. First, the proposed non-interactive zero-knowledge proof identity authentication method reduces the time of traditional standard secure access authentication process; Second, it reduced the computing resources consumed in a large number of intelligent sensors access authentication. The comparison results show that, the access authentication time of this method is 30%∼50% less than that of the traditional secure access authentication process. The computing resources consumed during authentication are reduced by 20% to 30% compared with traditional security and secrecy mechanisms.

Wenzhan Zhang,Yanhui Zhang,Chong Guo,Qi An,Yuming Guo,Ximing Liu,Shijun Zhang,Junjia Huang

DOI: https://doi.org/10.1155/2022/3687332

IF: 3.12

2022-02-26

Computational Intelligence and Neuroscience

Abstract:The rapid development of the Internet of Things (IoT) has accelerated the integration of science and technology with life, enabling the public to start enjoying the convenience brought by intelligent living. However, there are multiple resource-constrained sensing devices in IoT, which are always facing various external or internal attacks, making it difficult to ensure the secure transmission of sensitive data in IoT. Therefore, to address the problem of data transmission in resource-constrained devices in IoT, we propose a new certificateless hybrid signcryption scheme for IoT. It is a novel scheme that satisfies confidentiality and unforgeability, showing higher computational efficiency and lower overhead of transmission. To prove that it satisfies the efficent transmission of IoT, we conduct simulation experiments, and the experimental results show that our proposed scheme has higher efficiency than the existing schemes.

mathematical & computational biology,neurosciences

Yonghao Zhu,Dongfen Li,Yangyang Jiang,Xiaoyu Hua,You Fu,Jie Zhou,Yuqiao Tan,Xiaolong Yang

DOI: https://doi.org/10.3390/sym16121589

2024-11-29

Symmetry

Abstract:Quantum communication holds great potential for enhancing the security and efficiency of the Internet of Things (IoT). However, existing schemes often overlook device identity authentication, leaving systems vulnerable to unauthorized access, and rely on third-party controllers, which increase complexity and undermine trust. This paper proposes a novel asymmetric bidirectional quantum communication scheme tailored for IoT, integrating device identity authentication and information transmission without requiring third-party controllers. We provide a detailed description of the scheme's application scenarios in IoT, conduct a security analysis of the identity authentication module, and experimentally validate the feasibility of the information transmission module. Additionally, we analyze the impact of quantum noise on the proposed scheme and compare it with existing approaches, highlighting its advantages in terms of resource consumption and efficiency.

multidisciplinary sciences

Wenlong Zhu,Changli Zhou,Linmei Jiang

DOI: https://doi.org/10.3390/electronics13061026

IF: 2.9

2024-03-09

Electronics

Abstract:With the rapid popularization of current Internet of Things (IoT) technology and 5G networks, as well as the continuous updating of new service lifestyles and businesses, the era of big data processing for the IoT has arrived. However, centralizing all data for processing in the cloud can lead to issues such as communication latency and privacy breaches. To solve these problems, edge computing, as a new network architecture close to terminal data sources and supporting low latency services, has gradually emerged. In this context, cloud edge collaborative computing has become an important network architecture. With the changing security requirements and communication methods of cloud edge collaborative network architecture, traditional authentication key agreement protocols are no longer applicable. Therefore, a new IoT authentication and key agreement protocol needs to be designed to solve this problem. This study proposes an IoT accessible solution for cloud edge collaboration. This scheme adopts a chaotic mapping algorithm to achieve efficient authentication. It ensures the anonymity and untraceability of users. Following this, we conducted strict security verification using BAN logic and Scyther tools. Through experimental comparative analysis, the research results show that the protocol performs better than other schemes while ensuring security. This indicates that the protocol can achieve efficient authentication and key negotiation in cloud edge collaborative network architecture, providing a secure and reliable solution for the accessibility of the IoT.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yongxin Liu,Jian Wang,Jianqiang Li,Houbing Song,Thomas Yang,Shuteng Niu,Zhong Ming

DOI: https://doi.org/10.1109/JIOT.2020.3018677

2020-08-28

Abstract:The Internet of Things (IoT) provides applications and services that would otherwise not be possible. However, the open nature of IoT make it vulnerable to cybersecurity threats. Especially, identity spoofing attacks, where an adversary passively listens to existing radio communications and then mimic the identity of legitimate devices to conduct malicious activities. Existing solutions employ cryptographic signatures to verify the trustworthiness of received information. In prevalent IoT, secret keys for cryptography can potentially be disclosed and disable the verification mechanism. Non-cryptographic device verification is needed to ensure trustworthy IoT. In this paper, we propose an enhanced deep learning framework for IoT device identification using physical layer signals. Specifically, we enable our framework to report unseen IoT devices and introduce the zero-bias layer to deep neural networks to increase robustness and interpretability. We have evaluated the effectiveness of the proposed framework using real data from ADS-B (Automatic Dependent Surveillance-Broadcast), an application of IoT in aviation. The proposed framework has the potential to be applied to accurate identification of IoT devices in a variety of IoT applications and services. Codes and data are available in IEEE Dataport.

Machine Learning,Signal Processing