Yan Ma,Lei Yan,Xiaohong Huang,Maode Ma,Dandan Li

DOI: https://doi.org/10.1109/JIOT.2020.2967464

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:Datagram transport layer security (DTLS) protocol is widely used in Internet of Things (IoT) for providing security services. The computational overhead makes it hard to implement DTLS on resource-constrained IoT devices. The two significant costly computations in the DTLS handshake are the Diffie-Hellman (DH) key exchange and the certificate verification. A simplified handshake protocol of DTLS (DTLShps) is proposed to reduce the computational overhead of the IoT devices for a general scenario of end-to-end communications based on software-defined networking (SDN). First, a controller is utilized to generate a symmetric key dynamically, then encrypt and distribute this key to two communicating IoT devices. Second, the certificate verification is shifted from the IoT device to the more powerful controller. Third, the controller replaces the DTLS server to make a cookie exchange with the DTLS client. Furthermore, the BAN logic and the tool Scyther are used to validate the security of our scheme. The performance evaluation shows that not only the computational overhead and the energy consumption in the IoT devices are effectively decreased but also the overall duration of the whole handshake is reduced.

Pengkun Li,Jinshu Su,Xiaofeng Wang

DOI: https://doi.org/10.1109/jiot.2020.2988126

IF: 10.6

2020-08-01

IEEE Internet of Things Journal

Abstract:Enabling end-to-end secure communication is essential for many Internet-of-Things (IoT) application scenarios. Transport-layer security (TLS) and datagram TLS (DTLS) are the de-facto protocols for communication security in the IP-based IoT. However, the current authentication approaches of TLS are confronted with the heavy overhead and security issues in the resource-constrained IoT scenario. On the other hand, the identity-based cryptography (IBC) becomes an attractive cryptographic solution for the IoT. Unfortunately, the current IBC-based proposals exist the problem of either high communication latency or low level of security. In this article, we propose the first lightweight secure transport protocol called iTLS, which delivers protected data in the first flight with perfect forward secrecy, and provides implicit mutual authentication without certificates. iTLS dynamically generates identity-based early keys before receiving a server response, allowing clients to send the encrypted data without additional round trips. Furthermore, it employs the ephemeral secret ticket to obtain an ephemeral server key in the previous connection. Therefore, the early key established afterward can provide full forward secrecy. Design and implementation in the form of extension make iTLS fully compatible with TLS 1.3 and easy to be converted to a DTLS version. Our evaluation shows that iTLS reduces the network traffic overhead by at least 61.2%, and handshake latency on an ideal network by at least 60% compared to the certificate-based TLS. The results demonstrate iTLS achieves strong adaptability on the low-power and lossy IoT networks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Gabriele Restuccia,Hannes Tschofenig,Emmanuel Baccelli

DOI: https://doi.org/10.48550/arXiv.2011.12035

2020-12-10

Abstract:Similarly to elsewhere on the Internet, practical security in the Internet of Things (IoT) is achieved by combining an array of mechanisms, at work at all layers of the protocol stack, in system software, and in hardware. Standard protocols such as Datagram Transport Layer Security (DTLS 1.2) and Transport Layer Security (TLS 1.2) are often recommended to secure communications to/from IoT devices. Recently, the TLS 1.3 standard was released and DTLS 1.3 is in the final stages of standardization. In this paper, we give an overview of version 1.3 of these protocols, and we provide the first experimental comparative performance analysis of different implementations and various configurations of these protocols, on real IoT devices based on low-power microcontrollers. We show how different implementations lead to different compromises. We measure and compare bytes-over-the-air, memory footprint, and energy consumption. We show that, when DTLS/TLS 1.3 requires more resources than DTLS/TLS 1.2, this additional overhead is quite reasonable. We also observe that, in some configurations, DTLS/TLS 1.3 actually decreases overhead and resource consumption. All in all, our study indicates that there is still room to optimize the existing implementations of these protocols.

Cryptography and Security,Networking and Internet Architecture

Arif Raza,Salabat Khan,Shivanshu Shrivastava,M. Wasim Abbas Ashraf,Ting Wang,Kaishun Wu,Wang Lu

DOI: https://doi.org/10.1016/j.comnet.2024.110537

IF: 5.493

2024-05-26

Computer Networks

Abstract:With the increasing adoption rate of Internet of Things (IoT) devices in smart home applications, it is vital to safeguard the privacy and security of information, communications among IoT devices, and the underlying infrastructure. In open communication scenarios, an adversary can easily tamper with data transmitted by IoT communication devices. This paper proposes a softwarized lightweight authentication key agreement scheme for smart home applications in Software-Defined IoT (SDIoT) environment. The proposed scheme comprises registration, authentication, and key selection phases. Devices are registered in the registration phase after the successful completion of validation checks, while sessions' keys are granted to the registered devices in the authentication phase. In the final phase, controllers classify IoT devices based on pre-defined parameters and impose class-specific access control based on classification. The security of the proposed scheme is validated using the widely accepted AVISPAs verification tool against a strong adversary. Simulation results demonstrate that our proposed scheme outperforms existing schemes in terms of running time, computation complexity, and energy consumption. It is found that the proposed scheme has significant cost-effectiveness.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Dongfeng Fang,Yi Qian,Rose Qingyang Hu

DOI: https://doi.org/10.1109/jiot.2020.2970974

IF: 10.6

2020-04-01

IEEE Internet of Things Journal

Abstract:Internet-of-Things (IoT) applications have been rapidly deployed into pervasive environment, where both challenges and opportunities abound. On the one hand, a large number of IoT devices and their rich functions contribute significant volumes of data, which has brought tremendous convenience to the daily lives of end users. On the other hand, the heterogeneous IoT devices and a large amount of private information transmitted through networks also bring serious security and privacy issues. It is a big challenge to model IoT systems and trust relationships between different entities with a large number of heterogeneous IoT devices. In this article, we study a general IoT system architecture with consideration of heterogeneous IoT devices. Different trust models are proposed and analyzed based on the trust relationships between different entities in the IoT system. We propose a flexible and efficient authentication scheme with a consideration of heterogeneous IoT devices based on the least trust-required model. The proposed scheme provides security and privacy to resource-limited IoT devices flexibly and efficiently by utilizing IoT devices with better storage and computational ability. Moreover, secure data transmission is presented with contextual privacy and data integrity services. The proposed scheme achieves not only the mutual authentication, initial session key agreement, and data integrity but also anonymity, contextual privacy, forward security, end-to-end security, and key escrow resilience. Security analysis is presented to provide verification of the proposed protocol and security objectives. Moreover, performance evaluation is presented with comparison to the other schemes in terms of security features, computational overhead, and communication overhead. The performance comparisons show that our proposed scheme provides flexible and efficient security by consideration of heterogeneous IoT devices. With the higher proportion of resource-limited IoT devic-s, our proposed scheme outperforms other similar schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Wenzhan Zhang,Yanhui Zhang,Chong Guo,Qi An,Yuming Guo,Ximing Liu,Shijun Zhang,Junjia Huang

DOI: https://doi.org/10.1155/2022/3687332

IF: 3.12

2022-02-26

Computational Intelligence and Neuroscience

Abstract:The rapid development of the Internet of Things (IoT) has accelerated the integration of science and technology with life, enabling the public to start enjoying the convenience brought by intelligent living. However, there are multiple resource-constrained sensing devices in IoT, which are always facing various external or internal attacks, making it difficult to ensure the secure transmission of sensitive data in IoT. Therefore, to address the problem of data transmission in resource-constrained devices in IoT, we propose a new certificateless hybrid signcryption scheme for IoT. It is a novel scheme that satisfies confidentiality and unforgeability, showing higher computational efficiency and lower overhead of transmission. To prove that it satisfies the efficent transmission of IoT, we conduct simulation experiments, and the experimental results show that our proposed scheme has higher efficiency than the existing schemes.

mathematical & computational biology,neurosciences

Jingxu Xiao,Chaowen Chang,Yingying Ma,Chenli Yang,Lu Yuan

DOI: https://doi.org/10.3934/mbe.2024148

2024-01-01

Mathematical Biosciences and Engineering

Abstract:In the realm of the Internet of Things (IoT), ensuring the security of communication links and evaluating the safety of nodes within these links remains a significant challenge. The continuous threat of anomalous links, harboring malicious switch nodes, poses risks to data transmission between edge nodes and between edge nodes and cloud data centers. To address this critical issue, we propose a novel trust evaluation based secure multi-path routing (TESM) approach for IoT. Leveraging the software-defined networking (SDN) architecture in the data transmission process between edge nodes, TESM incorporates a controller comprising a security verification module, a multi-path routing module, and an anomaly handling module. The security verification module ensures the ongoing security validation of data packets, deriving trust scores for nodes. Subsequently, the multi-path routing module employs multi-objective reinforcement learning to dynamically generate secure multiple paths based on node trust scores. The anomaly handling module is tasked with handling malicious switch nodes and anomalous paths. Our proposed solution is validated through simulation using the Ryu controller and P4 switches in an SDN environment constructed with Mininet. The results affirm that TESM excels in achieving secure data forwarding, malicious node localization, and the secure selection and updating of transmission paths. Notably, TESM introduces a minimal 12.4% additional forwarding delay and a 5.46% throughput loss compared to traditional networks, establishing itself as a lightweight yet robust IoT security defense solution.

mathematical & computational biology

Nguyen Van Tanh,Ngo Quang Tri,Mai Manh Trung

DOI: https://doi.org/10.11591/ijeecs.v23.i3.pp1727-1735

2021-09-01

Indonesian Journal of Electrical Engineering and Computer Science

Abstract:With the strong development of Internet platforms today, many new technologies are applied in most areas of human social life. The development of the internet of things (IoT) has brought to the networking world many innovations with new protocols. Along with that is the complexity of security issues that greatly affect personal data, and limited resources in information technology development and applications. Many security solutions have been researched but none of them is completely effective for the IoT network because of the characteristics of energy, limited resources, processing capacity as well as operating costs. Therefore, we propose an effective solution for comprehensive protection of IoT systems against attacks to network security with improved security protocols. By combining security solutions on the layers of the IoT and code improvement, algorithmic enhancement positively contributes to this important task. In the article, we propose to improve and combine the DTLS Protocol and the overhearing mechanism and then have some experiments to prove the effectiveness, feasibility, economical and appropriate on popular IoT network models.

Lei Liu,Wei Feng,Chen,Yuru Zhang,Dapeng Lan,Xiaoming Yuan,Sahil Vashisht

DOI: https://doi.org/10.1109/infocomwkshps50562.2020.9163070

2020-01-01

Abstract:Software Defined Networking (SDN) is a promising platform to secure and manage large-scale Internet of Things (IoT) due to its separated control and data plane functionality as well as programmability in the network. The original design of SDN faces single point of failure, and therefore several decentralized SDN architectures for IoT were proposed. However, practical SDN may be deployed by various networking operators, which incurs the conflict between data security of different networking operators and cooperative network management among them. Existing schemes cannot well support the cooperative network management among multiple controllers and meanwhile guarantee data security. To tackle this problem, we propose a blockchain based SDN framework for IoT called BS-IoT. BS-IoT introduces blockchain into SDN to support secure and cooperative network management. Besides, we leverage blockchain sharding for better efficiency and improve it with secure multi-party computation (SMPC) to make it suitable for decentralized SDN management with data security. The security analysis illustrate the security and effectiveness of our scheme.

Abdullah Al Hayajneh,Zakirul Alam Bhuiyan,Ian McAndrew,Md Zakirul Alam Bhuiyan

DOI: https://doi.org/10.3390/computers9010008

2020-02-07

Computers

Abstract:There has been an increase in the usage of Internet of Things (IoT), which has recently become a rising area of interest as it is being extensively used for numerous applications and devices such as wireless sensors, medical devices, sensitive home sensors, and other related IoT devices. Due to the demand to rapidly release new IoT products in the market, security aspects are often overlooked as it takes time to investigate all the possible vulnerabilities. Since IoT devices are internet-based and include sensitive and confidential information, security concerns have been raised and several researchers are exploring methods to improve the security among these types of devices. Software defined networking (SDN) is a promising computer network technology which introduces a central program named ‘SDN Controller’ that allows overall control of the network. Hence, using SDN is an obvious solution to improve IoT networking performance and overcome shortcomings that currently exist. In this paper, we (i) present a system model to effectively use SDN with IoT networks; (ii) present a solution for mitigating man-in-the-middle attacks against IoT that can only use HTTP, which is a critical attack that is hard to defend; and (iii) implement the proposed system model using Raspberry Pi, Kodi Media Center, and Openflow Protocol. Our system implementation and evaluations show that the proposed technique is more resilient to cyber-attacks.

Abdelouadoud Stambouli,Luigi Logrippo

DOI: https://doi.org/10.3390/jcp4030023

2024-07-20

Journal of Cybersecurity and Privacy

Abstract:Data security on the Internet of Things (IoT) is usually implemented through encryption. This paper presents a solution based on routing, in which data are forwarded only to entities that are intended to receive them according to security requirements of secrecy (also called confidentiality), integrity, and conflicts. Our solution is generic in the sense that it can be used in any network, together with encryption as appropriate. We use the fact that, in any network, security requirements generate a partial order of equivalence classes of entities, and each entity can be labeled according to the position of its equivalence class in the partial order. Routing tables among entities can be compiled using the labels. The method is demonstrated in this paper for software-defined networking (SDN) routers and controllers. We propose a centralized IoT architecture with a cloud structure using SDN as networking infrastructure, where storage entities (i.e., cloud servers) are associated with application entities. A small ‘hospital’ example is shown for illustration. Procedures for network reconfigurations are presented. We also demonstrate the method for the normal case where different partial orders, representing distinct but concurrent security requirements, coexist among a set of entities. The method proposed does not impose an overhead on the normal functioning of SDN networks since it requires calculations only when the network must be reconfigured because of administrative intervention or policies. These occasional updates can be done efficiently and offline.

computer science, information systems, interdisciplinary applications, software engineering

Liming Fang,Yang Li,Xinyu Yun,Zhenyu Wen,Shouling Ji,Weizhi Meng,Zehong Cao,M. Tanveer

DOI: https://doi.org/10.1109/jiot.2019.2944301

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:SDN has provided significant convenience for network providers and operators in cloud computing. Such a great advantage is extending to the Internet of Things network. However, it also increases the risk if the security of an SDN network is compromised. For example, if the network operator’s permission is illegally obtained by a hacker, he/she can control the entry of the SDN network. Therefore, an effective authentication scheme is needed to fit various application scenarios with high-security requirements. In this article, we design, implement, and evaluate a new authentication scheme called the hidden pattern (THP), which combines graphics password and digital challenge value to prevent multiple types of authentication attacks at the same time. We examined THP in the perspectives of both security and usability, with a total number of 694 participants in 63 days. Our evaluation shows that THP can provide better performance than the existing schemes in terms of security and usability.

Leonardo Perugini,Andrea Vesco

2024-10-08

Abstract:The paper presents a step forward in the design and implementation of a Transport Layer Security (TLS) handshake protocol that enables the use of Verifiable Credential (VC) while maintaining full compliance with RFC-8446 and preserving all the security features of TLS 1.3. The improvement over our previous work lies in the handshake design, which now only uses messages already defined for TLS 1.3. The design has an incredibly positive impact on the implementation, as we made minimal changes to the OpenSSL library and relied mostly on a novel external provider to handle VC and Decentralized IDentifier (DID) related operations. The experimental results prove the feasibility of the design and show comparable performance to the original solution based on Public Key Infrastructure (PKI) and X.509 certificates. These results pave the way for the adoption of Self-Sovereign Identity in large-scale Internet of Things (IoT) systems, with a clear benefit in terms of reducing the cost of identity management.

Cryptography and Security

Sharma, Neha,Dhiman, Pankaj

DOI: https://doi.org/10.1007/s11042-024-19898-y

IF: 2.577

2024-08-30

Multimedia Tools and Applications

Abstract:Internet of Things (IoT) is an emerging technology with interconnected computing devices and sensors that communicate and share data over a network. Smart home applications are becoming more popular as devices and appliances work together. However, there are concerns about privacy and unauthorized access to data transmitted by smart devices in the SH-IoT network. Existing security measures are not always effective in preventing attacks. IoT systems need a unique addressing scheme to ensure reliable communication and maintain data privacy. Our SLAPSH (Secure and Lightweight Authenticated Protocol for Smart Home) is designed to provide a safe and authenticated connection between smart devices and IoT servers. Our proposed unique addressing scheme ensures the confidentiality and security of exchanged data. To achieve this, we have modified the conventional IPv6 protocol to assign a unique address to each smart device/appliance, which is authenticated at the target end. We have also implemented secure user authentication processes to prevent unauthorized access to smart devices/appliances. During our research, we carried out network simulations to assess the performance and end-to-end delay of the NS-3 network. We analyzed the security of our proposed scheme using the ROR model and AVISPA tool to ensure its protection against potential attacks. Our results indicate that the proposed technique is highly secure and can withstand attacks.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Xinbin Zuo,Xue Pang,Pengping Zhang,Junsan Zhang,Tao Dong,Peiying Zhang

DOI: https://doi.org/10.1109/comcomap51192.2020.9398887

2020-01-01

Abstract:With the improvement of people’s living standards, more and more network users access the network, including a large number of infrastructure, these devices constitute the Internet of things(IoT). With the rapid expansion of devices in the IoT, the data transmission between the IoT has become more complex, and the security issues are facing greater challenges. SDN as a mature network architecture, its security has been affirmed by the industry, it separates the data layer from the control layer, thus greatly improving the security of the network. In this paper, we apply the SDN to the IoT, and propose a IoT network architecture based on SDN. In this architecture, we not only make use of the security features of SDN, but also deploy different security modules in each layer of SDN to integrate, analyze and plan various data through the IoT, which undoubtedly improves the security performance of the network. In the end, we give a comprehensive introduction to the system and verify its performance.

Wei Yang,Xiaohong Li,Zhiyong Feng,Jianye Hao

DOI: https://doi.org/10.1109/iceccs.2017.24

2017-01-01

Abstract:The widely used TLS protocol is vulnerable to Man-in-the-Middle (MITM) attacks in public WiFis. Such attacks arise since most users are often unable to verify server certificates properly and even worse, the implement of client authentication is typically decoupled from TLS session establishment. These two authentication procedures could be bound cryptographically in the establishment of TLS sessions, and a TLS security-enhanced mechanism (TLSsem) is proposed to detect and defense MITM attacks in public WiFis. TLSsem deals with the TLS mutual authentication through a way that combines pre-binding with certificate validation. Servers take advantage of pre-binding to generate identity credentials for users as pre-shared keys. Afterwards, the mutual authentication between clients and servers is realized in certificate validation by using the identity credentials, and also the forged server certificate is detected on the server side by checking this certificate. In addition, to ensure the reliability of wireless communications in this malicious public WiFis, an TLS shared service based on random port hopping is implemented to reallocate the reliable ports for data transmission against the interception by MITM attackers. We implement a prototype and verify its effectiveness by a thorough set of experiments in the real network environment. Evaluation results show that our mechanism can significantly increase the security of TLS communication in public WiFis without introducing noticeable overhead.

Yu-Sheng Yang,Shih-Hsiung Lee,Jie-Min Wang,Chu-Sing Yang,Yuen-Min Huang,Ting-Wei Hou

DOI: https://doi.org/10.3390/s23104970

IF: 3.9

2023-05-23

Sensors

Abstract:With the promotion of Industry 4.0, which emphasizes interconnected and intelligent devices, several factories have introduced numerous terminal Internet of Things (IoT) devices to collect relevant data or monitor the health status of equipment. The collected data are transmitted back to the backend server through network transmission by the terminal IoT devices. However, as devices communicate with each other over a network, the entire transmission environment faces significant security issues. When an attacker connects to a factory network, they can easily steal the transmitted data and tamper with them or send false data to the backend server, causing abnormal data in the entire environment. This study focuses on investigating how to ensure that data transmission in a factory environment originates from legitimate devices and that related confidential data are encrypted and packaged. This paper proposes an authentication mechanism between terminal IoT devices and backend servers based on elliptic curve cryptography and trusted tokens with packet encryption using the TLS protocol. Before communication between terminal IoT devices and backend servers can occur, the authentication mechanism proposed in this paper must first be implemented to confirm the identity of the devices and, thus, the problem of attackers imitating terminal IoT devices transmitting false data is resolved. The packets communicated between devices are also encrypted, preventing attackers from knowing their content even if they steal the packets. The authentication mechanism proposed in this paper ensures the source and correctness of the data. In terms of security analysis, the proposed mechanism in this paper effectively withstands replay attacks, eavesdropping attacks, man-in-the-middle attacks, and simulated attacks. Additionally, the mechanism supports mutual authentication and forward secrecy. In the experimental results, the proposed mechanism demonstrates approximately 73% improvement in efficiency through the lightweight characteristics of elliptic curve cryptography. Moreover, in the analysis of time complexity, the proposed mechanism exhibits significant effectiveness.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Xiaoliang Wang,Ke Xu,Wenlong Chen,Qi Li,Meng Shen,Bo Wu

DOI: https://doi.org/10.1109/mnet.011.1900380

IF: 10.294

2020-01-01

IEEE Network

Abstract:The rapid development of the Internet of Things (IoT) has made impressive achievements, raising a heated discussion about IoT big data, in which data security and privacy issues are key concerns. Due to the ubiquity of IoT, IoT big data has not only brought convenience to people's daily lives, but also increased the potential attack surfaces for cybercriminals. At the same time, considering the characteristics of resource constraints and heterogeneity, with traditional network security solutions it can be difficult to achieve ideal results in the IoT environment, which further exacerbates the challenges faced by IoT big data security. In this case, the advantages introduced by software defined networking (SDN) have the potential to meet the challenges of IoT security risks. To this aim, we propose an ID-based SDN secure network architecture called IBSDN. Different from the traditional SDN solution, IBSDN is committed to providing IoT with endogenous trusted services on the network side by embedding unforgeable terminal identities in the data stream. This network-level trusted service can prevent IoT terminals from consuming restricted resources for the sake of security, providing greater scalability and manageability for network security monitoring.

Mikail Mohammed Salim,Jungho Kang,Yi Pan,Jong Hyuk Park

DOI: https://doi.org/10.3934/mbe.2022546

2022-01-01

Mathematical Biosciences and Engineering

Abstract:Internet of Things (IoT) devices supporting intelligent cloud applications such as healthcare for hospitals rely on connecting with local base stations and access points to provide rich data analysis and real-time services to users. Devices authenticate with local base stations and perform handover operations to connect with access points with higher signal strength. Attackers disguise as valid base stations and access points using publicly accessible SSID information connect with local IoT devices during the handover process and give rise to data integrity and privacy concerns. This paper proposes a lightweight authentication scheme for private blockchain-based networks for securing devices from rogue base stations during the handover process. An authentication certificate is designed for base stations and machines in local clusters using SHA256 and modulo operations for enabling quick handover operations. The keys assigned to each device and base station joining the network are hashed, and their sizes are reduced using modulo operations. Furthermore, the compressed key size forms a certificate, which is used by the machines and the base stations to authenticate mutually. In comparison with existing studies, the performance analysis of the proposed scheme is based on the transmission of three messages required for completing the authentication process. Evaluation based on the Communication Overhead demonstrates a minimum improvement of 99.30% fewer bytes exchanged during the handover process and 89.58% reduced Storage Overhead compared with existing studies.

Shehzad Ashraf Chaudhry,Khalid Yahya,Fadi Al-Turjman,Ming-Hour Yang

DOI: https://doi.org/10.1109/access.2020.3012121

IF: 3.9

2020-01-01

IEEE Access

Abstract:Among other security concerns, the reliable device to device direct communication is an important research aspect in sensor cloud system application of Internet of things (IoT). The access control mechanism can ensure the reliability through secure communication among two IoT devices without mediation of intermediate agent. Mainly, it requires twofold strategy involving the authentication of each other and session key establishment. Quite recently, in 2019, Das et al. proposed a certificate based lightweight access control and key agreement scheme for IoT devices (LACKA-IoT) to ensure smooth and secure access control and claimed LACKA-IoT to withstand the several attacks. Specifically, it is claimed that LACKA-IoT can resist device impersonation and man in middle attacks. However, the proof in this article refutes their claim and it is shown here, that LACKA-IoT is insecure against both device impersonation and man in middle attacks. An adversary just by using public parameters and by listening the communication channel can impersonate any device. Moreover, the same can also launch successful man in middle attack using public parameters and listened messages from public channel. An improved protocol iLACKA-IoT is then proposed in the paper. The iLACKA-IoT provides resistance against various types of threats and provides the required level of security, for evidence both formal validation through random or real (ROR) model as well as the informal validation through discussion on attack resilience is provided. The iLACKA-IoT is not only better in security but also provides performance efficiency as compared with LACKA-IoT and related schemes.