Liang Kou,Yiqi Shi,Liguo Zhang,Duo Liu,Qing Yang

DOI: https://doi.org/10.32604/cmc.2019.03760

2019-01-01

Abstract:With the development of computer hardware technology and network technology, the Internet of Things as the extension and expansion of traditional computing network has played an increasingly important role in all professions and trades and has had a tremendous impact on people lifestyle. The information perception of the Internet of Things plays a key role as a link between the computer world and the real world. However, there are potential security threats in the Perceptual Layer Network applied for information perception because Perceptual Layer Network consists of a large number of sensor nodes with weak computing power, limited power supply, and open communication links. We proposed a novel lightweight authentication protocol based on password, smart card and biometric identification that achieves mutual authentication among User, GWN and sensor node. Biometric identification can increase the non-repudiation feature that increases security. After security analysis and logical proof, the proposed protocol is proven to have a higher reliability and practicality.

Hanguang Luo,Tao Zou,Chunming Wu,Dan Li,Shunbin Li,Chu

DOI: https://doi.org/10.32604/cmc.2022.027118

2022-01-01

Abstract:In the emerging Industrial Internet of Things (IIoT), authentication problems have become an urgent issue for massive resource-constrained devices because traditional costly security mechanisms are not suitable for them. The security protocol designed for resource-constrained systems should not only be secure but also efficient in terms of usage of energy, storage, and processing. Although recently many lightweight schemes have been proposed, to the best of our knowledge, they are unable to address the problem of privacy preservation with the resistance of Denial of Service (DoS) attacks in a practical way. In this paper, we propose a lightweight authentication protocol based on the Physically Unclonable Function (PUF) to overcome the limitations of existing schemes. The protocol provides an ingenious authentication and synchronization mechanism to solve the contradictions amount forward secrecy, DoS attacks, and resource-constrained. The performance analysis and comparison show that the proposed scheme can better improve the authentication security and efficiency for resource-constrained systems in IIoT.

Daojing He,Yanchang Cai,Shanshan Zhu,Ziming Zhao,Sammy Chan,Mohsen Guizani

DOI: https://doi.org/10.1109/twc.2023.3257028

IF: 10.4

2023-01-01

IEEE Transactions on Wireless Communications

Abstract:The number of IoT devices is growing rapidly, and the interaction between devices and servers is also more frequent. However, IoT devices are often at the edge of the network, which leads their communications with the server to be completely exposed, making it more vulnerable to attacks. Moreover, IoT devices have limited energy and computational resources. Therefore, we propose in this paper a lightweight authentication and key exchange protocol with anonymity for IoT devices. The proposed scheme supports mutual authentication between IoT devices and the server. We verify the security of the protocol through formal and informal analyses. Finally, we compare security and performance with other protocols, which shows that our protocol has the advantages of being lightweight and secure.

Xuyang Ding,Xiaoxiang Wang,Ying Xie,Fagen Li

DOI: https://doi.org/10.1109/JIOT.2021.3088641

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:With the rapid development of Internet of Things (IoT) in recent years, the security of IoT becomes more and more prominent. To protect data privacy and device availability, identity authentication technology has been applied to the IoT environment. However, although scholars have designed a variety of authentication protocols for the IoT environment, the resource costs of these protocols are stil...

Daojing He,Ziming Zhao,Sammy Chan,Mohsen Guizani

DOI: https://doi.org/10.1109/jiot.2022.3204410

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT) is composed of a large number of miniaturized devices interconnected through the Internet. These devices, equipped with sensing, computing, and communication capabilities, can be used to remotely control the environment or the monitored infrastructure. However, IoT devices usually only have limited resources, and thus designing a lightweight security authentication protocol for them is a challenge. This article proposes an identity authentication protocol between embedded devices and server. The protocol uses the elliptic curve encryption algorithm and realizes the anonymity of the device by hashing their IDs and prevents the server from replay attacks by adding security attributes timestamp. We prove the security of the protocol and its resistance to security attacks and also formally verify it using the AVISPA tool. In addition, through experimental comparison with existing protocols, we demonstrate the performance superiority of the proposed protocol.

Bing Li,Guohe Zhang,Shaochong Lei,Haisheng Fu,Jinlei Wang

DOI: https://doi.org/10.1109/IEEECONF52377.2022.10013341

2022-01-01

Abstract:The quick development of the Internet of Things (IoT) makes the IoT devices become appealing targets of various cyberattacks. Authentication and key agreement (AKA) protocol are the most important measures to ensure the security of IoT. However, it is still quite challenging to devise proper AKA protocols for IoT because of the resource-constrained nature of IoT devices. In this paper, we have proposed a new lightweight AKA protocol for IoT based on elliptic curve cryptography (ECC). Our proposed AKA protocol can achieve mutual authentication and ECC-based session key establishment simultaneously. To enhance security and provide anonymity, our protocol uses the one-time password and dynamic identity information which are updated in every round of mutual authentication through a well-designed update operation. To assess our protocol, we carry out security and performance analyses. The obtained results show that our protocol with a high level of security has low complexity and small computational cost and is appropriate to be applied in resource-constrained IoT devices.

Brou Bernard Ehui,Yiran Han,Hua Guo,Jianwei Liu

DOI: https://doi.org/10.23919/jcin.2022.9815201

2022-01-01

Journal of Communications and Information Networks

Abstract:Due to the resource-constrained of Internet of things (IoT) devices, the traditional cryptography protocols are not suitable for IoT environments. When they can be implemented, their performances often are not acceptable. As a result, a lightweight protocol is required to cope with these challenges. To address security challenges in IoT networks, we present a lightweight mutual authentication protocol for IoT. The protocol aims to provide a secure mutual authentication mechanisms between the sensor node and gateway using a lightweight cryptography algorithms. The protocol is relied on two main shared secret keys, a permanent key (κ p ) used for encrypting messages during the mutual authentication phase and an update key (κ u ) used for the communication session. The session key is constantly updated after a pre-defined session time (sess time i ) by using the previous session information. We used a lightweight cryptography mechanisms that includes symmetric-key cryptography, hash-based message authentication code (HMAC), and hash function to design the protocol. We analyze the protocol using the Barrows-Abadi-Needham (BAN)-logic method and the results show that the proposed scheme has good security and performance compared to existing related protocols. It can provide a secure mutual authentication mechanism in the IoT environment.

Shanyao Ren,Yizhong Liu,Beiyuan Yu,Jianwei Liu,Dongyu Li

DOI: https://doi.org/10.1109/jiot.2023.3332943

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The inherent massive heterogeneous devices and open channels in the Internet of Things (IoT) present significant challenges for identity authentication between devices and cloud servers. For this issue, reliable protocols ensure the legality of participants and act as a crucial method to provide security for authentication. In previous research, schemes devised by researchers exhibit certain security vulnerabilities, making it challenging to withstand comprehensive network attacks, e.g., stolen device attacks, replay attacks, impersonation, etc. Additionally, some protocols have complex interaction processes, which incur significant computational redundancy and resource loss. Motivated by this, this article proposes an anonymous and certificateless lightweight authentication protocol (ACLAP) for device-to-server and device-to-device based on elliptic curve cryptography. It improves the communication quality between devices and cloud servers and solves the security risks in authentication. In the scheme, we utilize device users' passwords and biometric features as verification credentials without storing any trusted proofs on the cloud server. We address the issue of resource consumption caused by numerous devices in the IoT environment. From formal security analysis and comparisons with other works, our protocol has preferable security performance and effectively saves communication resources for authentication. Simulation results demonstrate the feasibility and practical significance of the scheme.

WANG Zhenyu,GUO Yang,LI Shaoqing,HOU Shen,DENG Ding

DOI: https://doi.org/10.11959/j.issn.1000-436x.2022125

2022-01-01

Abstract:Aiming at the problem that complex security primitives in existing schemes were not suitable for resource-constrained IoT devices, a lightweight efficient anonymous identity authentication protocol for IoT devices was designed based on physical unclonable function (PUF).Through the formal security model and ProVerif tool, it was proved that the protocol satisfies 13 security properties such as information confidentiality, integrity, un-traceability, and forward/backward secrecy.Compared with existing relevant protocols, the computing overhead of the protocol on the device side and the server side is 0.468 ms and 0.072 ms respectively, and the device storage and communication overheads are 256 bit and 896 bit respectively, which is highly suitable for lightweight IoT devices with limited resources.

Dae-Hwi Lee,Im-Yeong Lee

DOI: https://doi.org/10.3390/s20185350

2020-09-18

Abstract:In the Internet of Things (IoT) environment, more types of devices than ever before are connected to the internet to provide IoT services. Smart devices are becoming more intelligent and improving performance, but there are devices with little computing power and low storage capacity. Devices with limited resources will have difficulty applying existing public key cryptography systems to provide security. Therefore, communication protocols for various kinds of participating devices should be applicable in the IoT environment, and these protocols should be lightened for resources-restricted devices. Security is an essential element in the IoT environment, so for secure communication, it is necessary to perform authentication between the communication objects and to generate the session key. In this paper, we propose two kinds of lightweight authentication and key agreement schemes to enable fast and secure authentication among the objects participating in the IoT environment. The first scheme is an authentication and key agreement scheme with limited resource devices that can use the elliptic curve Qu-Vanstone (ECQV) implicit certificate to quickly agree on the session key. The second scheme is also an authentication and key agreement scheme that can be used more securely, but slower than first scheme using certificateless public key cryptography (CL-PKC). In addition, we compare and analyze existing schemes and propose new schemes to improve security requirements that were not satisfactory.

Chintan Patel

DOI: https://doi.org/10.48550/arXiv.2207.10353

2022-07-21

Abstract:The Internet of Things (IoT) is giving a boost to a plethora of new opportunities for the robust and sustainable deployment of cyber physical systems. The cornerstone of any IoT system is the sensing devices. These sensing devices have considerable resource constraints, including insufficient battery capacity, CPU capability, and physical security. Because of such resource constraints, designing lightweight cryptographic protocols is an opportunity. Remote User Authentication ensures that two parties establish a secure and durable session key. This study presents a lightweight and safe authentication strategy for the user-gateway (U GW) IoT network model. The proposed system is designed leveraging Elliptic Curve Cryptography (ECC). We undertake a formal security analysis with both the Automated Validation of Internet Security Protocols (AVISPA) and Burrows Abadi Needham (BAN) logic tools and an information security assessment with the Delev Yao channel. We use publish subscribe based Message Queuing Telemetry Transport (MQTT) protocol for communication. Additionally, the performance analysis and comparison of security features show that the proposed scheme is resilient to well known cryptographic threats.

Cryptography and Security

Kai Fan,Chen Zhang,Kan Yang,Hui Li,Yintang Yang

DOI: https://doi.org/10.3390/app8122506

2018-01-01

Abstract:The Internet of Things (IoT) aims to achieve the interconnection of all devices in our lives. Due to the complex network environment, the IoT with mobile devices often faces many security problems, such as privacy leakages and identity forgery attacks. As a developing technology in mobile IoT, near field communication (NFC) is widely used in electronic payments and identity authentications. The current NFC studies mainly focus on payment technology, but there are a few studies on privacy protection and the lightweight requirements in the mobile IoT authentication protocol. We focus on the lightweight privacy protection authentication technology in mobile IoT. In the paper, we summarize the clustering model in mobile IoT networks and propose a lightweight authentication protocol. A security analysis shows that the protocol can resist many security threats, such as privacy leakages, identity forgeries, and replay attacks. The simulation also shows that the protocol is lightweight, with the utilization of look-up-tables (LUTs) and registers in our protocol being less than 0.5%. Our work can provide a secure and lightweight mobile authentication serve in the NFC-based mobile IoT network such as smart home and office attendance.

Guanglei Zhao,Xianping Si,Jingcheng Wang,Xiao Long,Ting Hu

DOI: https://doi.org/10.1109/ICMIC.2011.5973767

2011-01-01

Abstract:This paper presents a novel mutual identity authentication scheme which can be applied securely in Internet of Things. Based on secure hash algorithm(SHA), feature extraction and elliptic curve cryptography(ECC), we propose an asymmetric mutual authentication scheme between the platform and the terminal node, which imposes light computation and communication cost, through security analysis it is also shown that the proposed scheme is secure and feasible for applications in the Internet of Things.

Lu Zhou,Xiong Li,Kuo-Hui Yeh,Chunhua Su,Wayne Chiu

DOI: https://doi.org/10.1016/j.future.2018.08.038

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:Recently, authentication technologies integrated with the Internet of Things (IoT) and cloud computing have been promptly investigated for secure data retrieval and robust access control on large-scale IoT networks. However, it does not have a best practice for simultaneously deploying IoT and cloud computing with robust security. In this study, we present a novel authentication scheme for IoT-based architectures combined with cloud servers. To pursue the best efficiency, lightweight crypto-modules, such as one-way hash function and exclusive-or operation, are adopted in our authentication scheme. It not only removes the computation burden but also makes our proposed scheme suitable for resource-limited objects, such as sensors or IoT devices. Through the formal verification delivered by Proverif, the security robustness of the proposed authentication scheme is guaranteed. Furthermore, the performance evaluation presents the practicability of our proposed scheme in which a user-acceptable computation cost is achieved.

Yujian Zhang,Yuhao Luo,Xing Chen,Fei Tong,Yuwei Xu,Jun Tao,Guang Cheng

DOI: https://doi.org/10.1155/2022/9686049

IF: 1.968

2022-01-01

Security and Communication Networks

Abstract:Internet of Things (IoT) has been ubiquitous in both industrial and living areas, but also known for its weak security. Being as the first defense line against various cyberattacks, authentication is even more critical to IoT applications. Moreover, there has been a growing demand for cross-domain collaboration, leading to an increasing need for cross-domain authentication. Recently, certificate-based authentication schemes have been extensively studied. However, many of these schemes are not efficient in computation, storage, and communication, which are highly required in IoT. In this paper, we propose a lightweight authentication scheme based on consortium blockchain and design a cryptocurrency-like digital token to build trust. Furthermore, trust lifecycle management is performed by manipulating the amount of tokens. The comprehensive analysis and evaluation demonstrate that the proposed scheme is resistant to various common attacks and more efficient than competitor schemes in terms of storage, communication, and authentication cost.

Xi Hang Cao,Xiaojiang Du,E. Paul Ratazzi

DOI: https://doi.org/10.48550/arXiv.1902.03282

2019-02-08

Cryptography and Security

Abstract:Internet of Things (IoT) is ubiquitous because of its broad applications and the advance in communication technologies. The capabilities of IoT also enable its important role in homeland security and tactical missions, including Reconnaissance, Intelligence, Surveillance, and Target Acquisition (RISTA). IoT security becomes the most critical issue before its extensive use in military operations. While the majority of research focuses on smart IoT devices, treatments for legacy dumb network-ready devices are lacking; moreover, IoT devices deployed in a hostile environment are often required to be dumb due to the strict hardware constraints, making them highly vulnerable to cyber attacks. To mitigate the problem, we propose a light-weight authentication scheme for dumb IoT devices, in a case study of the UAV-sensor collaborative RISTA missions. Our scheme utilizes the covert channels in the physical layer for authentications and does not request conventional key deployments, key generations which may cause security risks and large overhead that a dumb sensor cannot afford. Our scheme operates on the physical layer, and thus it is highly portable and generalizable to most commercial and military communication protocols. We demonstrate the viability of our scheme by building a prototype system and conducting experiments to emulate the behaviors of UAVs and sensors in real scenarios.

Xingwen Zhao,Dexin Li,Hui Li

DOI: https://doi.org/10.3390/s22197510

IF: 3.9

2022-01-01

Sensors

Abstract:Because the majority of information in the industrial Internet of things (IIoT) is transmitted over an open and insecure channel, it is indispensable to design practical and secure authentication and key agreement protocols. Considering the weak computational power of sensors, many scholars have designed lightweight authentication protocols that achieve limited security properties. Moreover, these existing protocols are mostly implemented in a single-gateway scenario, whereas the multigateway scenario is not considered. To deal with these problems, this paper presents a novel three-factor authentication and key agreement protocol based on elliptic curve cryptography for IIoT environments. Based on the elliptic curve Diffie-Hellman problem, we present a protocol achieving desirable forward and backward secrecy. The proposed protocol applies to single-gateway and is also extended to multigateway simultaneously. A formal security analysis is described to prove the security of the proposed scheme. Finally, the comparison results demonstrate that our protocol provides more security attributes at a relatively lower computational cost.

Yu-Sheng Yang,Shih-Hsiung Lee,Jie-Min Wang,Chu-Sing Yang,Yuen-Min Huang,Ting-Wei Hou

DOI: https://doi.org/10.3390/s23104970

IF: 3.9

2023-05-23

Sensors

Abstract:With the promotion of Industry 4.0, which emphasizes interconnected and intelligent devices, several factories have introduced numerous terminal Internet of Things (IoT) devices to collect relevant data or monitor the health status of equipment. The collected data are transmitted back to the backend server through network transmission by the terminal IoT devices. However, as devices communicate with each other over a network, the entire transmission environment faces significant security issues. When an attacker connects to a factory network, they can easily steal the transmitted data and tamper with them or send false data to the backend server, causing abnormal data in the entire environment. This study focuses on investigating how to ensure that data transmission in a factory environment originates from legitimate devices and that related confidential data are encrypted and packaged. This paper proposes an authentication mechanism between terminal IoT devices and backend servers based on elliptic curve cryptography and trusted tokens with packet encryption using the TLS protocol. Before communication between terminal IoT devices and backend servers can occur, the authentication mechanism proposed in this paper must first be implemented to confirm the identity of the devices and, thus, the problem of attackers imitating terminal IoT devices transmitting false data is resolved. The packets communicated between devices are also encrypted, preventing attackers from knowing their content even if they steal the packets. The authentication mechanism proposed in this paper ensures the source and correctness of the data. In terms of security analysis, the proposed mechanism in this paper effectively withstands replay attacks, eavesdropping attacks, man-in-the-middle attacks, and simulated attacks. Additionally, the mechanism supports mutual authentication and forward secrecy. In the experimental results, the proposed mechanism demonstrates approximately 73% improvement in efficiency through the lightweight characteristics of elliptic curve cryptography. Moreover, in the analysis of time complexity, the proposed mechanism exhibits significant effectiveness.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Dipanwita Sadhukhan,Sangram Ray,G. P. Biswas,M. K. Khan,Mou Dasgupta

DOI: https://doi.org/10.1007/s11227-020-03318-7

IF: 3.3

2020-05-07

The Journal of Supercomputing

Abstract:Internet of things (IoT) has become a new era of communication technology for performing information exchange. With the immense increment of usage of smart devices, IoT services become more accessible. To perform secure transmission of data between IoT network and remote user, mutual authentication, and session key negotiation play a key role. In this research, we have proposed an ECC-based three-factor remote user authentication scheme that runs in the smart device and preserves privacy, and data confidentiality of the communicating user. To support our claim, multiple cryptographic attacks are analyzed and found that the proposed scheme is not vulnerable to those attacks. Finally, the computation and communication overheads of the proposed scheme are compared with other existing protocols to confirm that the proposed scheme is lightweight. A formal security analysis using AVISPA simulation tool has been done that confirms the proposed scheme is robust against relevant security threats.

Wei Peng,Song Liu,Kunlun Peng,Jin Wang,Jin Liang

DOI: https://doi.org/10.1109/iccsnt.2016.8070234

2016-01-01

Abstract:Nowadays, the Internet of Things (IoT) is receiving more attention in commercial and academic research, especially about its security property. However, current protocols cannot satisfy the requirement of various IoT applications and introduce some problems. There are three typical problems: traditional public key infrastructure (PKI) apply in IoT will incur great overhead, wireless sensor network (WSN) will be directly fronted with the attack of the Internet, and the centralized publish/subscribe paradigm using in IoT, like MQTT, will become a performance bottleneck. In this paper, we proposed a secure publish/subscribe protocol for IoT, using identity-based cryptography instead of PKI to accomplish identity authentication and applying the concept of trust zone to isolate WSN from the Internet so as to enhance its security. Also, we deploy the service into local gateway instead of centralized server in a distributed method, which can decrease the local accessing delay and overcome single point failure. In the end, a prototype has been implemented on real system and verified the effectiveness of our protocol.