Ping Dong,Namin Hou,Yuting Tang,Yushi Cheng,Xiaoyu Ji

DOI: https://doi.org/10.1016/j.hcc.2024.100222

2024-01-01

High-Confidence Computing

Abstract:The development of wireless communication network technology has provided people with diversified and convenient services. However, with the expansion of network scale and the increase in the number of devices, malicious attacks on wireless communication are becoming increasingly prevalent, causing significant losses. Currently, wireless communication systems authenticate identities through certain data identifiers. However, this software-based data information can be forged or replicated. This article proposes the authentication of device identity using the hardware fingerprint of the terminal’s Radio Frequency (RF) components, which possesses properties of being genuine, unique, and stable, holding significant implications for wireless communication security. Through the collection and processing of raw data, extraction of various features including time-domain and frequency-domain features, and utilizing machine learning algorithms for training and constructing a legal fingerprint database, it is possible to achieve close to a 97% recognition accuracy for Fifth Generation (5G) terminals of the same model. This provides an additional and robust hardware-based security layer for 5G communication security, enhancing monitoring capability and reliability.

Liang Kou,Yiqi Shi,Liguo Zhang,Duo Liu,Qing Yang

DOI: https://doi.org/10.32604/cmc.2019.03760

2019-01-01

Abstract:With the development of computer hardware technology and network technology, the Internet of Things as the extension and expansion of traditional computing network has played an increasingly important role in all professions and trades and has had a tremendous impact on people lifestyle. The information perception of the Internet of Things plays a key role as a link between the computer world and the real world. However, there are potential security threats in the Perceptual Layer Network applied for information perception because Perceptual Layer Network consists of a large number of sensor nodes with weak computing power, limited power supply, and open communication links. We proposed a novel lightweight authentication protocol based on password, smart card and biometric identification that achieves mutual authentication among User, GWN and sensor node. Biometric identification can increase the non-repudiation feature that increases security. After security analysis and logical proof, the proposed protocol is proven to have a higher reliability and practicality.

Namin Hou,Yushi Cheng,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ICCCS61882.2024.10603286

2024-01-01

Abstract:The advancement of Fifth-Generation (5G) technology has greatly enriched individuals' access to a broad array of convenient services, offering significant benefits in mobile communications, autonomous driving, smart homes, and the Internet of Things. However, with the increase in the number of network access devices, large and frequent data interactions have brought potential security risks to wireless networks, which are related to user privacy security, traffic safety, and even social security. Malicious intrusions targeting wireless communications have resulted in significant disruptions and incurred substantial losses. Presently, user identities in wireless communications rely on software-based data identifiers, which can be forged easily. This paper proposes a hardware-level device authentication mechanism that uses the intrinsic hardware characteristics of the transmitter (shown as impairments in the radio signal of the transmission link) for identity authentication. The resulting fingerprint is naturally distinctive and highly resistant to counterfeiting attempts. We use 5 devices across different models and 10 devices of the same model for experimental evaluation. Then we apply machine learning algorithms to construct a fingerprint database and device authentication, achieving an average of 82.4% precision, 89.9% recall, and 85.9% F1-score, which can help to safeguard the security of 5G communication.

Zhiwei Chen,Hong Wen,Wenjing Hou,Yixin Jiang,Liang Chen,Runhui Zhao,Xinyu Hou

DOI: https://doi.org/10.1109/mnet.002.2200635

IF: 10.294

2023-01-01

IEEE Network

Abstract:Motivated by rising voices of light weight high security for the Industrial Internet of Things (IIoT), in this article, we propose a cross-layer authentication scheme by taking advantage of both the radio frequency fingerprinting (RFF) and the blockchain trust. Due to the mobility of terminal devices in the IIoT network, the wireless terminal devices often move from one region to another region, which causes traditional RFF identification scheme to not be able to be adopted. In this article, the RFFs of the wireless terminal devices that are easy to invade are extracted and learned by the first access edge device. Then the learned model is shared with other edge devices by aiding with blockchain. This way, IIoT network identifies wireless terminal nodes with high security by using the unique structure of the transmitter waveform without adding any burden while repetitive training is avoided. Besides, an evaluation metric has been proposed to evaluate the performance of robust RFF identification in practical mobile scenarios. Lastly, this article further presents several research directions for RFF identification in practical mobile scenarios.

Han Zhang,Qian Wang,Xiaoli Zhang,Yi He,Bo Tang,Qi Li

DOI: https://doi.org/10.1109/mcom.001.2300390

IF: 9.03

2024-01-01

IEEE Communications Magazine

Abstract:Internet of things (IoT) networks allow cross-device interactions to achieve various intelligent applications, for example, smart homes and smart commercial spaces. However, cross-device interactions are often protected by inadequate authorization mechanisms, making them susceptible to various attacks, including connection-based attacks, application impersonation attacks, and so on. In this article, we propose a zero-trust IoT network architecture, OUTSIDE, designed to provide fine-grained authorization for IoT applications. It achieves the application-level authorization at the network layer by encoding the capability information of applications into verifiable tokens. Meanwhile, it enables a zero-trust service for per-packet verification, ensuring that every packet is sent by an authorized application with proper access privileges. Particularly, our architecture is versatile and compatible with various IoT protocols. We prototype and deploy OUTSIDE in Raspberry Pis and ESP32 microcontrollers running over the constrained application protocol (CoAP). The experimental results show that our architecture incurs negligible performance degradation.

Dongfeng Fang,Yi Qian,Rose Qingyang Hu

DOI: https://doi.org/10.1109/jiot.2020.2970974

IF: 10.6

2020-04-01

IEEE Internet of Things Journal

Abstract:Internet-of-Things (IoT) applications have been rapidly deployed into pervasive environment, where both challenges and opportunities abound. On the one hand, a large number of IoT devices and their rich functions contribute significant volumes of data, which has brought tremendous convenience to the daily lives of end users. On the other hand, the heterogeneous IoT devices and a large amount of private information transmitted through networks also bring serious security and privacy issues. It is a big challenge to model IoT systems and trust relationships between different entities with a large number of heterogeneous IoT devices. In this article, we study a general IoT system architecture with consideration of heterogeneous IoT devices. Different trust models are proposed and analyzed based on the trust relationships between different entities in the IoT system. We propose a flexible and efficient authentication scheme with a consideration of heterogeneous IoT devices based on the least trust-required model. The proposed scheme provides security and privacy to resource-limited IoT devices flexibly and efficiently by utilizing IoT devices with better storage and computational ability. Moreover, secure data transmission is presented with contextual privacy and data integrity services. The proposed scheme achieves not only the mutual authentication, initial session key agreement, and data integrity but also anonymity, contextual privacy, forward security, end-to-end security, and key escrow resilience. Security analysis is presented to provide verification of the proposed protocol and security objectives. Moreover, performance evaluation is presented with comparison to the other schemes in terms of security features, computational overhead, and communication overhead. The performance comparisons show that our proposed scheme provides flexible and efficient security by consideration of heterogeneous IoT devices. With the higher proportion of resource-limited IoT devic-s, our proposed scheme outperforms other similar schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Qiao Tian,Yun Lin,Xinghao Guo,Jin Wang,Osama AlFarraj,Amr Tolba

DOI: https://doi.org/10.3390/s20041213

IF: 3.9

2020-02-22

Sensors

Abstract:With the continuous development of science and engineering technology, our society has entered the era of the mobile Internet of Things (MIoT). MIoT refers to the combination of advanced manufacturing technologies with the Internet of Things (IoT) to create a flexible digital manufacturing ecosystem. The wireless communication technology in the Internet of Things is a bridge between mobile devices. Therefore, the introduction of machine learning (ML) algorithms into MIoT wireless communication has become a research direction of concern. However, the traditional key-based wireless communication method demonstrates security problems and cannot meet the security requirements of the MIoT. Based on the research on the communication of the physical layer and the support vector data description (SVDD) algorithm, this paper establishes a radio frequency fingerprint (RFF or RF fingerprint) authentication model for a communication device. The communication device in the MIoT is accurately and efficiently identified by extracting the radio frequency fingerprint of the communication signal. In the simulation experiment, this paper introduces the neighborhood component analysis (NCA) method and the SVDD method to establish a communication device authentication model. At a signal-to-noise ratio (SNR) of 15 dB, the authentic devices authentication success rate (ASR) and the rogue devices detection success rate (RSR) are both 90%.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Songlin Chen,Hong Wen,Jinsong Wu,Aidong Xu,Yixin Jiang,Huanhuan Song,Yi Chen

DOI: https://doi.org/10.3390/s19163610

IF: 3.9

2019-01-01

Sensors

Abstract:In this paper, a light-weight radio frequency fingerprinting identification (RFFID) scheme that combines with a two-layer model is proposed to realize authentications for a large number of resource-constrained terminals under the mobile edge computing (MEC) scenario without relying on encryption-based methods. In the first layer, signal collection, extraction of RF fingerprint features, dynamic feature database storage, and access authentication decision are carried out by the MEC devices. In the second layer, learning features, generating decision models, and implementing machine learning algorithms for recognition are performed by the remote cloud. By this means, the authentication rate can be improved by taking advantage of the machine-learning training methods and computing resource support of the cloud. Extensive simulations are performed under the IoT application scenario. The results show that the novel method can achieve higher recognition rate than that of traditional RFFID method by using wavelet feature effectively, which demonstrates the efficiency of our proposed method.

Siwei Li,Hui Zhang,Hui Shi,Maode Ma,Cong Wang

DOI: https://doi.org/10.1007/s11227-024-06262-y

IF: 3.3

2024-06-04

The Journal of Supercomputing

Abstract:The distributed authentication of a large number of resource-constrained power terminal devices (PTDs) is crucial for ensuring the security of the power IoT communication. However, existing solutions are inadequate in terms of security (such as vulnerability to single point failures or insider attacks) and communication costs, which do not meet the requirements of the power IoT environment. Therefore, we propose a zero-trust-based mutual authentication scheme in cloud-edge-end collaboration power IoT environment based on blockchain technology. The proposed solution involves deploying a distributed multi-point zero-trust engine around dense PTDs to collect real-time identity information. Through the maintenance of an alliance blockchain, the edge server securely shares and traces identity information, preventing tampering and effectively blocking threats related to lost terminals during authentication. Additionally, a lightweight ECC key management scheme ensures the security of authentication information. The proposed scheme effectively defends against common attacks such as replay attacks and identity forgery attacks through informal security analysis, while its security is evaluated using the Canetti and Krawczyk (CK) adversary models. Performance evaluation results demonstrate that the proposed scheme achieves effectiveness without the compromising required security attributes, which obtains up to 58% improvement 58% improvement in computation delay and a 56.9% improvement in communication costs over previous state-of-the-art methods.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Jinsong Han,Feng Lin,Wenbo Shen,Kui Ren

DOI: https://doi.org/10.1145/3313294.3313380

2019-01-01

Abstract:We have witnessed a tremendous growth of Internet of Things (IoT) and popularization of IoT devices in past decades, including wireless sensors, smart phones, wearable devices, smart tags, activity trackers, and the like. These devices are widely deployed to enable intelligent computing and services in our daily life, such as the logistics, retailing, healthcare to be used in the smart city. However, trustworthy authentication in IoT becomes a key challenge towards a smooth and rapid development of IoT. According to a survey by Altman Vilandrie & Company [1], due to the lack of authentication and other system protections, small and medium-sized enterprises suffer a losses of up to 13% of their annual revenues from attacks on IoT systems. In the IoT environment, trust also becomes ubiquitous. Merely authenticating individual users or devices is not enough, because collaborative interaction and cooperation among users, devices, and environments are critical in IoT. In such circumstance, information is shared, data is fused, and all elements, including the human, device, and environment, are highly integrated. Thus, the authentication requirement for IoT applications should be characterized as temporally-spatially consistent, human-and-environment-in-the-loop, and continuously trustworthy. Unfortunately, conventional authentication methods failed to meet above demands. The main reasons are as follows. • Existing approaches usually perform authentication on the user and device separately. Meanwhile, there is scarcely seen the authentication carried out in the environment. An attacker can eavesdrop in the communication, counterfeit the authentication tokens or proofs [2], or just simply carry out replaying attacks to impersonate the actual user or device [3]. • Existing authentication systems have little consideration on the spatio-temporal nature of IoT computing and services. Besides the authenticity of data, users, and devices, it is also necessary to ensure the spatiotemporal consistence of the computing and services. In other words, a transaction in IoT also requires the au-

Sekhar Rajendran,Zhi Sun,Feng Lin,Kui Ren

DOI: https://doi.org/10.48550/arXiv.2006.06895

2020-12-06

Abstract:In Internet of Things, where billions of devices with limited resources are communicating with each other, security has become a major stumbling block affecting the progress of this technology. Existing authentication schemes-based on digital signatures have overhead costs associated with them in terms of computation time, battery power, bandwidth, memory, and related hardware costs. Radio frequency fingerprint (RFF), utilizing the unique device-based information, can be a promising solution for IoT. However, traditional RFFs have become obsolete because of low reliability and reduced user capability. Our proposed solution, Metasurface RF-Fingerprinting Injection (MeRFFI), is to inject a carefully-designed radio frequency fingerprint into the wireless physical layer that can increase the security of a stationary IoT device with minimal overhead. The injection of fingerprint is implemented using a low cost metasurface developed and fabricated in our lab, which is designed to make small but detectable perturbations in the specific frequency band in which the IoT devices are communicating. We have conducted comprehensive system evaluations including distance, orientation, multiple channels where the feasibility, effectiveness, and reliability of these fingerprints are validated. The proposed MeRFFI system can be easily integrated into the existing authentication schemes. The security vulnerabilities are analyzed for some of the most threatening wireless physical layer-based attacks.

Signal Processing,Cryptography and Security,Systems and Control

Abdurrahman Elmaghbub,Bechir Hamdaoui

DOI: https://doi.org/10.1109/mwc.001.2300420

IF: 12.777

2024-04-12

IEEE Wireless Communications

Abstract:Next-generation networks aim for comprehensive connectivity, interconnecting humans, machines, devices, and systems seamlessly. This interconnectivity raises concerns about privacy and security, given the potential network-wide impact of a single compromise. To address this challenge, the Zero Trust (ZT) paradigm emerges as a key method for safeguarding network integrity and data confidentiality. This work introduces EPS-CNN, a novel deep-learning-based wireless device identification framework designed to serve as the device authentication layer within the ZT architecture, with a focus on resource-constrained IoT devices. At the core of EPS-CNN, a Convolutional Neural Network (CNN) is utilized to generate the device identity from a unique RF signal representation, known as the Double-Sided Envelope Power Spectrum (EPS), which effectively captures the device-specific hardware characteristics while ignoring device-unrelated information. Experimental evaluations show that the proposed framework achieves over 99%, 93%, and 95% of testing accuracy when tested in same-domain (day, location, and channel), crossday, and cross-location scenarios, respectively. Our findings demonstrate the superiority of the proposed framework in enhancing the accuracy, robustness, and adaptability of deep learning-based methods, thus offering a pioneering solution for enabling ZT IoT device identification.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Biao Zhang,Shuo Yang,Xinran Zheng,Xingjun Wang

DOI: https://doi.org/10.1109/wcnc57260.2024.10571244

2024-01-01

Abstract:Network technology developments are blurring the security boundary of the Internet of Things (IoT), making it difficult for traditional border-based security architectures to cope with endless internal attacks. The Zero Trust Architecture (ZTA), with its core concept of “Never Trust, Always Verify”, effectively addresses this problem. Continuous Authentication (CA) is an indispensable component of the zero trust IoT. However, existing CA protocols are impractical to deploy on zero trust IoT due to their dependence on specific properties and thirst for resources. Therefore, this paper proposes a continuous authentication protocol, namely STCA, that uses stacked tokens to ensure the legitimacy of entities during a whole session. Through the theoretical analysis and simulation results, STCA resists several common attacks. The comparison analysis indicates that STCA has a better performance compared with related CA protocols, thereby demonstrating it is more suitable for zero trust IoT.

Junqing Zhang,Sekhar Rajendran,Zhi Sun,Roger Woods,Lajos Hanzo

DOI: https://doi.org/10.1109/mwc.2019.1800455

IF: 12.777

2019-01-01

IEEE Wireless Communications

Abstract:A low-complexity, yet secure framework is proposed for protecting the IoT and for achieving both authentication and secure communication. In particular, the slight random difference among transceivers is extracted for creating a unique radio frequency fingerprint and for ascertaining the unique user identity. The wireless channel between any two users is a perfect source of randomness and can be exploited as cryptographic keys. This can be applied to the physical layer of the communications protocol stack. This article reviews these protocols and shows how they can be integrated to provide a complete IoT security framework. We conclude by outlining the future challenges in applying these compelling physical layer security techniques to the IoT.

Bo Zhang,Tao Zhang,Yuanyuan Ma,Zesheng Xi,Chuan He,Yunfan Wang,Zhuo Lv

DOI: https://doi.org/10.3390/electronics13020384

IF: 2.9

2024-01-18

Electronics

Abstract:Radio frequency fingerprint (RFF) identification represents a promising technique for lightweight device authentication. However, current research on RFF primarily focuses on the close-set recognition assumption. Moreover, the high computational complexity and excessive latency during the identification stage represent an intolerable burden for Internet of Things (IoT) devices. In this paper, we propose a deep-learning-based RFF identification framework in relation to open-set scenarios. Specifically, we leverage a simulated training scheme, in which we strategically designate certain devices as simulated unknowns. This allows us to fine-tune our extractor to better handle open-set recognition. Additionally, we construct an exemplar set that only contains representative RFF features to further reduce time consumption in the identification stage. The experiments are carried out on a hardware platform involving LoRa devices and using a USRP N210 software-defined radio receiver. The results show that the proposed framework can achieve 90.23% accuracy for rogue device detection and 93.85% accuracy for legitimate device classification. Furthermore, it is observed that using an exemplar set consisting of half the total data size can reduce the time overhead by 58% compared to using the entire dataset.

engineering, electrical & electronic,computer science, information systems,physics, applied

Wenlong Zhu,Changli Zhou,Linmei Jiang

DOI: https://doi.org/10.3390/electronics13061026

IF: 2.9

2024-03-09

Electronics

Abstract:With the rapid popularization of current Internet of Things (IoT) technology and 5G networks, as well as the continuous updating of new service lifestyles and businesses, the era of big data processing for the IoT has arrived. However, centralizing all data for processing in the cloud can lead to issues such as communication latency and privacy breaches. To solve these problems, edge computing, as a new network architecture close to terminal data sources and supporting low latency services, has gradually emerged. In this context, cloud edge collaborative computing has become an important network architecture. With the changing security requirements and communication methods of cloud edge collaborative network architecture, traditional authentication key agreement protocols are no longer applicable. Therefore, a new IoT authentication and key agreement protocol needs to be designed to solve this problem. This study proposes an IoT accessible solution for cloud edge collaboration. This scheme adopts a chaotic mapping algorithm to achieve efficient authentication. It ensures the anonymity and untraceability of users. Following this, we conducted strict security verification using BAN logic and Scyther tools. Through experimental comparative analysis, the research results show that the protocol performs better than other schemes while ensuring security. This indicates that the protocol can achieve efficient authentication and key negotiation in cloud edge collaborative network architecture, providing a secure and reliable solution for the accessibility of the IoT.

engineering, electrical & electronic,computer science, information systems,physics, applied

Aly S. Abdalla,Joshua Moore,Nisha Adhikari,Vuk Marojevic

2024-03-07

Abstract:The open radio access network (O-RAN) offers new degrees of freedom for building and operating advanced cellular networks. Emphasizing on RAN disaggregation, open interfaces, multi-vendor support, and RAN intelligent controllers (RICs), O-RAN facilitates adaptation to new applications and technology trends. Yet, this architecture introduces new security challenges. This paper proposes leveraging zero trust principles for O-RAN security. We introduce zero trust RAN (ZTRAN), which embeds service authentication, intrusion detection, and secure slicing subsystems that are encapsulated as xApps. We implement ZTRAN on the open artificial intelligence cellular (OAIC) research platform and demonstrate its feasibility and effectiveness in terms of legitimate user throughput and latency figures. Our experimental analysis illustrates how ZTRAN's intrusion detection and secure slicing microservices operate effectively and in concert as part of O-RAN Alliance's containerized near-real time RIC. Research directions include exploring machine learning and additional threat intelligence feeds for improving the performance and extending the scope of ZTRAN.

Cryptography and Security,Emerging Technologies,Systems and Control

Seunghwan Son,Deokkyu Kwon,Sangwoo Lee,Hyeokchan Kwon,Youngho Park

DOI: https://doi.org/10.1109/access.2024.3484522

IF: 3.9

2024-10-29

IEEE Access

Abstract:The sixth generation (6G) is the next generation of wireless communication technology, is not limited to cellular networks but can be used to provide better services in all areas of wireless communication, including vehicles, drones, and smart homes. However, these advancements in 6G technology require further security considerations. In earlier networks, authentication schemes were designed to rely on a secure channel between the core network and access points. The 6G network is an open, distributed network that integrates multiple domains and entities and cannot guarantee secure channels in the network. The 6G network requires a new security authentication scheme that applies the zero-trust model. Therefore, this study proposes a zero-trust authentication scheme with access control for 6G-enabled Internet of Things environments. The scheme uses blockchain technology for mutual authentication in a distributed environment and lightweight attribute-based encryption to ensure dynamic access control and network efficiency. This study compares the proposed authentication method with existing methods and demonstrates that this scheme has better performance and security. To the best of our knowledge, this paper is the first to propose a specific authentication protocol with access control considering the zero-trust model in a 6G environment.

computer science, information systems,telecommunications,engineering, electrical & electronic

Wei Ren,Ruoting Xiong,Yizhi Liu,G. Min,Tianqing Zhu,Xiaohan Hao,K. Choo

DOI: https://doi.org/10.1109/TC.2022.3157996

IF: 3.183

2023-02-01

IEEE Transactions on Computers

Abstract:Internet-of-Things (IoT) are increasingly operating in the zero-trust environments where any devices and systems may be compromised and hence untrusted. In addition, data collected by and sent from IoT devices may be shared with and processed by edge computing systems, in order to reduce the reliance on centralized (cloud) servers, leading to further security and privacy issues. To cope with these challenges, this paper proposes an innovative blockchain-enabled information sharing solution in zero-trust context to guarantee anonymity yet entity authentication, data privacy yet data trustworthiness, and participant stimulation yet fairness. This new solution is able to support filtering of fabricated information through smart contracts, effective voting, and consensus mechanisms, which can prevent unauthenticated participants from sharing garbage information. We also prove that the proposed solution is secure in the universal composability framework, and further evaluate its performance over an Ethereum-based blockchain platform to demonstrate its utility.

Computer Science,Engineering