Xiaoyu Ji,Chaohao Li,Xinyan Zhou,Juchuan Zhang,Yanmiao Zhang,Wenyuan Xu

DOI: https://doi.org/10.1145/3399432

2020-01-01

ACM Transactions on Internet of Things

Abstract:Nowadays, most Internet of Things devices in smart homes rely on radio frequency channels for communication, making them exposed to various attacks such as spoofing and eavesdropping attacks. Existing methods using encryption keys may be inapplicable on these resource-constrained devices that cannot afford the computationally expensive encryption operations. Thus, in this article, we design a key-free communication method for such devices in a smart home. In particular, we introduce the Home-limited Channel (HLC) that can be accessed only within a house yet inaccessible for outside-house attackers. Utilizing HLCs, we propose HlcAuth, a challenge-response mechanism to authenticate the communications between smart devices without keys. The advantages of HlcAuth are low cost, lightweight as well as key-free, and requiring no human intervention. According to the security analysis, HlcAuth can defeat replay attacks, message-forgery attacks, and man-in-the-middle (MiTM) attacks, among others. We further evaluate HlcAuth in four different physical scenarios, and results show that HlcAuth achieves 100% true positive rate (TPR) within 4.2m for in-house devices while 0% false positive rate (FPR) for outside attackers, i.e., guaranteeing a high-level usability and security for in-house communications. Finally, we implement HlcAuth in both single-room and multi-room scenarios.

Yong Huang,Wei Wang,Hao Wang,Tao Jiang,Qian Zhang

DOI: https://doi.org/10.1109/twc.2020.2991111

IF: 10.4

2020-08-01

IEEE Transactions on Wireless Communications

Abstract:By adding users as a new dimension to connectivity, on-body Internet-of-Things (IoT) devices have gained considerable momentum in recent years, while raising serious privacy and safety issues. Existing approaches to authenticate these devices limit themselves to dedicated sensors or specified user motions, undermining their widespread acceptance. This paper overcomes these limitations with a general authentication solution by integrating wireless physical layer (PHY) signatures with upper-layer protocols. The key enabling techniques are constructing representative radio propagation profiles from received signals, and developing an adversarial multi-player neural network to accurately recognize underlying radio propagation patterns and facilitate on-body device authentication. Once hearing a suspicious transmission, our system triggers a PHY-based challenge-response protocol to defend in depth against active attacks. We prove that at equilibrium, our adversarial model can extract all information about propagation patterns and eliminate any irrelevant information caused by motion variances and environment changes. We build a prototype of our system using Universal Software Radio Peripheral (USRP) devices and conduct extensive experiments with various static and dynamic body motions in typical indoor and outdoor environments. The experimental results show that our system achieves an average authentication accuracy of 91.6%, with a high area under the receiver operating characteristic curve (AUROC) of 0.96 and a better generalization performance compared with the conventional non-adversarial approach.

telecommunications,engineering, electrical & electronic

Yongjian Liao,Yulu Liu,Yukuan Liang,Yu Wu,Xuyun Nie

DOI: https://doi.org/10.1109/jiot.2019.2959602

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT), recognized as one of the major technological revolutions in the century, is deployed and used today sociality. The related security issues are taken into account by the academia and industry. Recently, an online/offline certificateless signature scheme (OO-CLS) proposed by Saeed et al. is used to construct a heterogeneous remote anonymous authentication protocol (HRAAP) in wireless body area networks based on the IoT. However, in this article, we show that the scheme is vulnerable to the forgery attack which is not necessary to know any information except public system parameters. Furthermore, we show that the sensor node can generate the partial private keys and secret values of other sensor nodes after it obtains its partial private key. This causes that the HRAAP is also insecure. Finally, we improve the OO-CLS and analyze the security of our improved scheme.

Ge Wang,Haofan Cai,Chen Qian,Jinsong Han,Shouqian Shi,Xin Li,Han Ding,Wei Xi,Jizhong Zhao

DOI: https://doi.org/10.1145/3241539.3241541

2020-01-01

IEEE/ACM Transactions on Networking

Abstract:We provide the first solution to an important question, "how a physical-layer authentication method can defend against signal replay attacks''. It was believed that if an attacker can replay the exact same reply signal of a legitimate authentication object (such as an RFID tag), any physical-layer authentication method will fail. This paper presents Hu-Fu, the first physical layer RFID authentication protocol that is resilient to the major attacks including tag counterfeiting, signal replay, signal compensation, and brute-force feature reply. Hu-Fu is built on two fundamental ideas, namely inductive coupling of two tags and signal randomization. Hu-Fu does not require any hardware or protocol modification on COTS passive tags and can be implemented with COTS devices. We implement a prototype of Hu-Fu and demonstrate that it is accurate and robust to device diversity and environmental changes, including locations, distance, and temperature. Hu-Fu provides a new direction of battery-free/low-power device authentication that enables numerous IoT applications.

Ge Wang,Chen Qian,Haofan Cai,Jinsong Han,Han Ding,Jizhong Zhao

DOI: https://doi.org/10.1145/3127882.3127887

2017-01-01

Abstract:On battery-free IoT devices such as passive RFID tags, it is extremely difficult, if not impossible, to run cryptographic algorithms. Hence physical-layer identification methods are proposed to validate the authenticity of passive tags. However no existing physical-layer authentication method of RFID tags that can defend against the signal replay attack. This paper presents Hu-Fu, a new direction and the first solution of physical layer authentication that is resilient to the signal replay attack, based on the fact of inductive coupling of two adjacent tags. We present the theoretical model and system workflow. Experiments based on our implementation using commodity devices show that Hu-Fu is effective for physical-layer authentication.

Zhiqing Luo,Wei Wang,Qianyi Huang,Tao Jiang,Qian Zhang

DOI: https://doi.org/10.1109/tmc.2021.3084754

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:The low-power radio technologies open up many opportunities to facilitate Internet-of-Things (IoT) into our daily life, while their minimalist design also makes IoT devices vulnerable to many active attacks. Recent advances use an antenna array to extract fine-grained physical-layer signatures to identify the attackers, which adds burdens in terms of energy and hardware cost to IoT devices. In this paper, we present ShieldScatter, a lightweight system that attaches low-cost tags to single-antenna devices to shield the system from active attacks. The key insight of ShieldScatter is to intentionally create multi-path propagation signatures with the careful deployment of tags. These signatures can be used to construct a sensitive profile to identify the location of the signals' arrival, and thus detect the threat. In addition, we also design a tag-random scheme and a multiple receivers combination approach to detect a powerful attacker who has the strong priori knowledge of the legitimate user. We prototype ShieldScatter with USRPs and tags to evaluate our system in various environments. The results show that even when the powerful attacker is close to the legitimate device, ShieldScatter can mitigate 95 percent of attack attempts while triggering false alarms on just 7 percent of legitimate traffic.

computer science, information systems,telecommunications

Ge Wang,Chen Qian,Haofan Cai,Jinsong Han,Jizhong Zhao

DOI: https://doi.org/10.1145/3264877.3264878

2018-01-01

Abstract:We provide the first solution to an important question, "how a physical-layer RFID authentication method can defend against signal replay attacks". It was believed that if the attacker has a device that can replay the exact same reply signal of a legitimate tag, any physical-layer authentication method will fail. This paper presents Hu-Fu, the first physical layer RFID authentication protocol that is resilient to the major attacks including tag counterfeiting, signal replay, signal compensation, and brute-force feature reply. Hu-Fu is built on two fundamental ideas, namely inductive coupling of two tags and signal randomization. Hu-Fu does not require any hardware or protocol modification on COTS passive tags and can be implemented with COTS devices. We implement a prototype of Hu-Fu and demonstrate that it is accurate and robust to device diversity and environmental changes.

Zhishuo Zhang,Yu Sun,Wei Zhang,Yi Wu,Zhiguang Qin

DOI: https://doi.org/10.1088/1742-6596/1812/1/012038

2021-01-01

Journal of Physics Conference Series

Abstract:Abstract With the rapid advancements of semiconductor technologies and wireless communication, Internet-of-Things (IoT) based network has a wider range adoption in the smart city. The Wireless Body Area Network (WBAN) is a representative IoT based network designed to connect various wearable IoT devices, located inside or outside of a human body. The WBAN typically connects itself to the mobile network and Internet via the smartphones. But how to mutually authenticate the entities’ identities and ensure the data confidentiality and integrity during the data transmission over a channel have still been the most prominent challenge in the IoT based networks. To solve the abovementioned challenge, in this paper, we propose a strongly secure pairing-free certificateless authenticated key agreement (PF-CL-AKA) protocol with two-way identity-based authentication before extracting the secure session key for the smartphones and wearable IoT devices. Our protocol is provably secure in the Lippold model, which means our protocol is still secure as long as each party of the channel has at least one uncompromised partial private term.

Akash Gupta,Gaurav S. Kasbekar

DOI: https://doi.org/10.48550/arXiv.2105.09687

2021-07-27

Abstract:Home automation Internet of Things (IoT) systems have recently become a target for several types of attacks. In this paper, we present an authentication and key agreement protocol for a home automation network based on the ZigBee standard, which connects together a central controller and several end devices. Our scheme performs mutual authentication between end devices and the controller, which is followed by device-to-device communication. The scheme achieves confidentiality, message integrity, anonymity, unlinkability, forward and backward secrecy, and availability. Our scheme uses only simple hash and XOR computations and symmetric key encryption, and hence is resource-efficient. We show using a detailed security analysis and numerical results that our proposed scheme provides better security and anonymity, and is more efficient in terms of computation time, communication cost, and storage cost than schemes proposed in prior works.

Cryptography and Security,Networking and Internet Architecture

Mikail Mohammed Salim,Jungho Kang,Yi Pan,Jong Hyuk Park

DOI: https://doi.org/10.3934/mbe.2022546

2022-01-01

Mathematical Biosciences and Engineering

Abstract:Internet of Things (IoT) devices supporting intelligent cloud applications such as healthcare for hospitals rely on connecting with local base stations and access points to provide rich data analysis and real-time services to users. Devices authenticate with local base stations and perform handover operations to connect with access points with higher signal strength. Attackers disguise as valid base stations and access points using publicly accessible SSID information connect with local IoT devices during the handover process and give rise to data integrity and privacy concerns. This paper proposes a lightweight authentication scheme for private blockchain-based networks for securing devices from rogue base stations during the handover process. An authentication certificate is designed for base stations and machines in local clusters using SHA256 and modulo operations for enabling quick handover operations. The keys assigned to each device and base station joining the network are hashed, and their sizes are reduced using modulo operations. Furthermore, the compressed key size forms a certificate, which is used by the machines and the base stations to authenticate mutually. In comparison with existing studies, the performance analysis of the proposed scheme is based on the transmission of three messages required for completing the authentication process. Evaluation based on the Communication Overhead demonstrates a minimum improvement of 99.30% fewer bytes exchanged during the handover process and 89.58% reduced Storage Overhead compared with existing studies.

Haijiang Xie,Jizhong Zhao

DOI: https://doi.org/10.1007/s12083-014-0287-x

IF: 3.488

2014-01-01

Peer-to-Peer Networking and Applications

Abstract:The state of art authentication schemes are tightly linked with encryption or crypto systems, which provides concrete foundations to move towards the concept of access control by confirming the user identity. However the openness of the computer network makes the identity credentials vulnerable even transmitted as cipher text especially in lots of peer-to-peer (P2P) networks. The malicious attackers can possibly steal and fake the user identity by eavesdropping, hijacking, cryptanalysis and forging. In this paper, a novel identity authentication mechanism is proposed based on the reverse usage of the Network Covert Channel (NCC) which is originally designed by attackers to create stealth communication. Different from NCC, where the packet intervals can be exploited as the data carrier to transmit the unauthorized information, we exploit such capability in Network-Covert-Channel-based Identity Authentication (NCCIA) to transmit the identity tag. By validating user identity in a covert manner, we provide a more secure authentication method compared with many existing approaches. A NCCIA demo system is designed on a FTP Platform to verify our method. The experiments demonstrate the NCCIA can prevent the attackers from eavesdropping while maintaining transmission efficiency.

Binbin Yu,Hongtu Li

DOI: https://doi.org/10.1177/1550147719879379

IF: 1.938

2019-09-01

International Journal of Distributed Sensor Networks

Abstract:Home-based multi-sensor Internet of Things, as a typical application of Internet of Things, interconnects a variety of intelligent sensor devices and appliances to provide intelligent services to individuals in a ubiquitous way. As families become more and more intelligent, complex, and technology-dependent, there is less and less need for human intervention. Recently, many security attacks have shown that Internet home-based Internet of Things have become a vulnerable target, leading to personal privacy problems. For example, eavesdroppers can acquire the identity of specific devices or sensors through public channels, which is not secure, to infer individual public life in the home area network. Authentication is the essential portion of many secure systems processing of verifying and declaring identity. Before providing confidential information, home-based-Internet of Things service authenticates users and devices. The communication and processing capabilities of intelligent devices are limited. Therefore, in home-based Internet of Things, lightweight authentication and key agreement technology are very important to resist known attacks. This article proposes an anonymous authenticated key agreement protocol using pairing-based cryptography. The protocol proposed in this article provides lightweight computation and ensures the security of communication between home-based multi-sensor Internet of Things network and Internet network.

computer science, information systems,telecommunications

Nilesh Chakraborty,Jian-Qiang Li,Samrat Mondal,Chengwen Luo,Huihui Wang,Mamoun Alazab,Fei Chen,Yi Pan

DOI: https://doi.org/10.1109/jiot.2020.3025274

IF: 10.6

2021-03-01

IEEE Internet of Things Journal

Abstract:In the era of the Internet of Things (IoT), people access many applications through smartphones for controlling smart devices. Therefore, such a centralized node must follow a robust access control mechanism so that an intruder cannot control the connected devices. Recent reports suggest that password can be used as an authentication factor for accessing the smart setups. However, this static information can be compromised under the light of different machine learning (ML)-empowered attack mechanisms. Alarmingly, different sensors used in the IoT setup can also expose this static information to the adversaries. Password-based authentication that uses a challenge–response strategy is an effective solution for handling such threat scenarios. In this article, at first, we show that no existing usable challenge–response protocol is safe to be used in the public area network. Following this, we propose a challenge–response protocol that is more secure to use in the public domain. By using eight classifiers, we show that a learning-based threat specific to our protocol has a marginal impact on the method's security standard. The discussion in this article also suggests that the proposed protocol has usability and security advantages compared to the existing state of the art (e.g., reduces the number of interactions between the user and verifier by a factor of 0.5).

computer science, information systems,telecommunications,engineering, electrical & electronic

Rajshekhar Das,Akshay Gadre,Shanghang Zhang,Swarun Kumar,Jose M. F. Moura

DOI: https://doi.org/10.1109/icc.2018.8422832

2018-01-01

Abstract:At its peak, the Internet-of-Things will largely be composed of low-power devices with wireless radios attached. Yet, secure authentication of these devices amidst adversaries with much higher power and computational capability remains a challenge, even for advanced cryptographic and wireless security protocols. For instance, a high-power software radio could simply replay chunks of signals from a low-power device to emulate it. This paper presents a deep-learning classifier that learns hardware imperfections of low-power radios that are challenging to emulate, even for high- power adversaries. We build an LSTM framework, specifically sensitive to signal imperfections that persist over long durations. Experimental results from a testbed of 30 low-power nodes demonstrate high resilience to advanced software radio adversaries.

Tianjie Cao,Peng Shen,Elisa Bertino

DOI: https://doi.org/10.1109/isecs.2008.73

2008-01-01

Abstract:To reduce the computational load on both the back-end database and the tags, Ha et al. proposed a low-cost and strong-security (LCSS) RFID authentication protocol. In this paper, we identify two effective attacks, a desynchronization attack and a spoofing attack, against the LCSS protocol. The former attack can break the synchronization between the RFID reader and the tag in a single protocol run so that they can not authenticate each other in any following protocol run. The latter can impersonate a legal tag to spoof the RFID reader by extracting the ID of a specific tag during the authentication process. Moreover, we point out the potential countermeasure by adding an integrity check to improve the security.

Jie Cai,Han Jiang,Qiuliang Xu,Guangshi Lv,Minghao Zhao,Hao Wang

DOI: https://doi.org/10.1007/978-3-030-02744-5_10

2018-01-01

Abstract:In recent years, IoT devices have been widely used in the newly-emerging technologized such as crowd-censoring and smart city. Authentication among each IoT node plays a central role in secure communications. Generally, zero-knowledge identification scheme enables one party to authenticate himself without disclosing any additional information. However, a zero-knowledge based protocol normally involves heavily computational or interactive overhead, which is unaffordable for lightweight IoT devices. In this paper, we propose a modified zero-knowledge identification scheme based on that of Silva, Cayrel and Lindner (SCL, for short). The security of our scheme relies on the existence of a commitment scheme and on the hardness of ISIS problem (i.e., a hardness assumption that can be reduced to worst-case lattice problems). We present the detail construction and security proof in this paper.

Jianhua Li,Jiong Jin,Lingjuan Lyu,Dong Yuan,Yingying Yang,Longxiang Gao,Chao Shen

DOI: https://doi.org/10.48550/arXiv.2011.06325

2020-11-12

Abstract:Numerous resource-limited smart objects (SOs) such as sensors and actuators have been widely deployed in smart environments, opening new attack surfaces to intruders. The severe security flaw discourages the adoption of the Internet of things in smart living. In this paper, we leverage fog computing and microservice to push certificate authority (CA) functions to the proximity of data sources. Through which, we can minimize attack surfaces and authentication latency, and result in a fast and scalable scheme in authenticating a large volume of resource-limited devices. Then, we design lightweight protocols to implement the scheme, where both a high level of security and low computation workloads on SO (no bilinear pairing requirement on the client-side) is accomplished. Evaluations demonstrate the efficiency and effectiveness of our scheme in handling authentication and registration for a large number of nodes, meanwhile protecting them against various threats to smart living. Finally, we showcase the success of computing intelligence movement towards data sources in handling complicated services.

Cryptography and Security,Networking and Internet Architecture

Xiong Wang,Yuan Teng,Yaping Chi,Hongbo Hu

DOI: https://doi.org/10.3390/sym14112394

2022-01-01

Symmetry

Abstract:With the rapid development of the Internet of Things (IoT) industry, the smart home is fully integrated with people’s shelter and transportation, which facilitates people’s daily life. A smart home without a security authentication mechanism will inevitably cause a series of security threats. This is essentially a problem of symmetry model worth solving. In fact, researchers have designed various authentication schemes to verify the identity of users and to ensure smart devices can be legally accessed through authorization in the smart home. In 2021, Yu proposed a three-factor anonymous authentication scheme for smart homes using lightweight symmetric encryption primitives and stated that their scheme is resistant to various known security attacks. However, after careful analysis, we found that Yu’s scheme needs further improvement in node capture attack and offline password guessing attack and that forward security cannot be guaranteed. Therefore, we first design a robust three-factor anonymous authentication scheme for smart homes based on asymmetric encryption Elliptic Curve Cryptography (ECC). Then, we perform formal and informal security analysis in which the formal analysis tools include Burrows-Abadi-Needham (BAN) logic and Scyther simulation tool to prove that the proposed scheme can achieve user anonymity, untraceability, and session key forward security. Meanwhile, mutual authentication is performed, and the scheme is resistant to all known attacks described in this article. Finally, a performance comparison is made in terms of efficiency, which shows that our scheme can have certain advantages with those newly designed schemes, achieve a delicate balance in performance and safety, and is more practical for the real smart home environment.

Zhiwei Zhao,Geyong Min,Yaoyao Pang,Weifeng Gao,Jiamei Lv

DOI: https://doi.org/10.1109/sahcn.2019.8824935

2019-01-01

Abstract:The openness of indoor WiFi networks makes it prone to spoofing attacks and password leakage/sharing, where undesired users may be able to access the network resources. The fundamental reason is that the actual communication range is much larger than the valid authentication range, leaving undesired users the same chance to access the network from invalid authentication ranges. The existing works exploit various features of wireless signals to identify legitimate/undesired users. Either frequent measurement/learning of signal features or hardware modifications are required. In this paper, we identify visible light (VL) as a good indicator to distinguish the positions of the accessing users due to its frequency diversity. Based on this observation, we propose VL-Auth, a novel Authentication framework based on VL for indoor WiFi networks, which uses the VL features as credentials to authenticate WiFi users. VL-Auth can be easily installed on commercial-off-the-shelf (COTS) devices and do not require frequent measurement/learning of the VL features. We implement VL-Auth with OpenWrt and Android devices. The evaluation results show that compared to the existing works, VL-Auth can accurately identify legitimate/undesired users and the connection delay is also reduced.

Abbas Acar,Hossein Fereidooni,Tigist Abera,Amit Kumar Sikder,Markus Miettinen,Hidayet Aksu,Mauro Conti,Ahmad-Reza Sadeghi,Selcuk Uluagac

DOI: https://doi.org/10.1145/3395351.3399421

2020-05-14

Abstract:A myriad of IoT devices such as bulbs, switches, speakers in a smart home environment allow users to easily control the physical world around them and facilitate their living styles through the sensors already embedded in these devices. Sensor data contains a lot of sensitive information about the user and devices. However, an attacker inside or near a smart home environment can potentially exploit the innate wireless medium used by these devices to exfiltrate sensitive information from the encrypted payload (i.e., sensor data) about the users and their activities, invading user privacy. With this in mind,in this work, we introduce a novel multi-stage privacy attack against user privacy in a smart environment. It is realized utilizing state-of-the-art machine-learning approaches for detecting and identifying the types of IoT devices, their states, and ongoing user activities in a cascading style by only passively sniffing the network traffic from smart home devices and sensors. The attack effectively works on both encrypted and unencrypted communications. We evaluate the efficiency of the attack with real measurements from an extensive set of popular off-the-shelf smart home IoT devices utilizing a set of diverse network protocols like WiFi, ZigBee, and BLE. Our results show that an adversary passively sniffing the traffic can achieve very high accuracy (above 90%) in identifying the state and actions of targeted smart home devices and their users. To protect against this privacy leakage, we also propose a countermeasure based on generating spoofed traffic to hide the device states and demonstrate that it provides better protection than existing solutions.

Cryptography and Security