Liming Fang,Yang Li,Xinyu Yun,Zhenyu Wen,Shouling Ji,Weizhi Meng,Zehong Cao,M. Tanveer

DOI: https://doi.org/10.1109/jiot.2019.2944301

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:SDN has provided significant convenience for network providers and operators in cloud computing. Such a great advantage is extending to the Internet of Things network. However, it also increases the risk if the security of an SDN network is compromised. For example, if the network operator’s permission is illegally obtained by a hacker, he/she can control the entry of the SDN network. Therefore, an effective authentication scheme is needed to fit various application scenarios with high-security requirements. In this article, we design, implement, and evaluate a new authentication scheme called the hidden pattern (THP), which combines graphics password and digital challenge value to prevent multiple types of authentication attacks at the same time. We examined THP in the perspectives of both security and usability, with a total number of 694 participants in 63 days. Our evaluation shows that THP can provide better performance than the existing schemes in terms of security and usability.

Abdullah Al Hayajneh,Zakirul Alam Bhuiyan,Ian McAndrew,Md Zakirul Alam Bhuiyan

DOI: https://doi.org/10.3390/computers9010008

2020-02-07

Computers

Abstract:There has been an increase in the usage of Internet of Things (IoT), which has recently become a rising area of interest as it is being extensively used for numerous applications and devices such as wireless sensors, medical devices, sensitive home sensors, and other related IoT devices. Due to the demand to rapidly release new IoT products in the market, security aspects are often overlooked as it takes time to investigate all the possible vulnerabilities. Since IoT devices are internet-based and include sensitive and confidential information, security concerns have been raised and several researchers are exploring methods to improve the security among these types of devices. Software defined networking (SDN) is a promising computer network technology which introduces a central program named ‘SDN Controller’ that allows overall control of the network. Hence, using SDN is an obvious solution to improve IoT networking performance and overcome shortcomings that currently exist. In this paper, we (i) present a system model to effectively use SDN with IoT networks; (ii) present a solution for mitigating man-in-the-middle attacks against IoT that can only use HTTP, which is a critical attack that is hard to defend; and (iii) implement the proposed system model using Raspberry Pi, Kodi Media Center, and Openflow Protocol. Our system implementation and evaluations show that the proposed technique is more resilient to cyber-attacks.

N Bhagyasree,Nischal M R,Pavan Kumar,K Surendra

DOI: https://doi.org/10.48175/ijarsct-2863

2022-03-19

Abstract:The IoT connects many of the home appliances in the world, from intelligent thermostats to intelligent vehicles. By the end of 2015, we had 9 billion connected stuff. The Gartner forecast shows that the number of devices in the network will exceed 50 billion by 2020. Most of the connected devices in the existing network are based on obsolete security infrastructure and encryption, while many do not have provisions for remote updating of these devices. Taking into account the number of IoT devices, from off-shelf motion monitoring to machine tools, it is not possible to check which functions end up with any specific service or product. In short, this is the problem: you can't trust the integrity of the security of the device and determine exactly where the data is processed and stored. The SDN architecture is designed to increase the routing and networking performance of the existing networks by isolating the control plane from the data plane. The basic concept of Software Defined Networking can be applied to IoT Multi networks; however, the standard SDN implementations for wired networks are not directly suitable for distributed and ad-hoc mesh networks, which are common in IoT systems. However, the SDN architecture changes the pattern of communication of the IoT network, leading to a new approach to the manifestation of the Securities IoT network. Centralized data layer control and control layer not only simplifies data package management, but also increases safety. As mentioned above, the amount of data that flows into these systems is significant. Proper management of traffic and load balancing will help to simplify the data flow in some ways. The total system's power consumption may be reduced by the central station, which requires less power than the distributed control. To sum up, introducing SDN into IoT will help IoT and stimulate IoT in people's regular lives.

Dongdong Liu,Tiantian Ji

DOI: https://doi.org/10.1038/s41598-024-73480-y

IF: 4.6

2024-10-27

Scientific Reports

Abstract:The Internet of Things technology allows you to transfer data to any asset through communication networks such as the Internet or intranet. One of the most important problems is security, which includes confidentiality, authenticity validation, and completeness. Among security problems, the most important ones are ensuring authenticity and protecting privacy. The elliptic curve encryption algorithm is famous protocols for maintaining privacy and verifying authenticity. Despite the capabilities they have and provide good security against network attacks, they face challenges such as response time, delay in the authentication and authentication process, as well as the amount of memory consumed. Two-factor authentication (2FA) is a security process where users provide two different authentication factors to authenticate themselves. It also provides a higher level of security than authentication methods that rely on single-factor authentication (SFA). This article presents two novel methods for 2FA that use encryption techniques, scramble architecture, and chord architecture. These methods allow for the authentication process to be initiated by both parties involved in the communication. Three scenarios and three metrics of reaction time, memory usage, and connection latency were used to assess the efficacy of the suggested approach. The average reaction time is improved and is 0.012 s when the lengths of the finger table in the chord structure are increased to 10, 15, and 20. The findings show that the suggested approach reduces computing complexity, reaction time, and communication latency. It has an average reaction time of 0.016 s, an average memory use of 30,360 kb, and an average connection latency of 0.042 s.

multidisciplinary sciences

Sharma, Neha,Dhiman, Pankaj

DOI: https://doi.org/10.1007/s11042-024-19898-y

IF: 2.577

2024-08-30

Multimedia Tools and Applications

Abstract:Internet of Things (IoT) is an emerging technology with interconnected computing devices and sensors that communicate and share data over a network. Smart home applications are becoming more popular as devices and appliances work together. However, there are concerns about privacy and unauthorized access to data transmitted by smart devices in the SH-IoT network. Existing security measures are not always effective in preventing attacks. IoT systems need a unique addressing scheme to ensure reliable communication and maintain data privacy. Our SLAPSH (Secure and Lightweight Authenticated Protocol for Smart Home) is designed to provide a safe and authenticated connection between smart devices and IoT servers. Our proposed unique addressing scheme ensures the confidentiality and security of exchanged data. To achieve this, we have modified the conventional IPv6 protocol to assign a unique address to each smart device/appliance, which is authenticated at the target end. We have also implemented secure user authentication processes to prevent unauthorized access to smart devices/appliances. During our research, we carried out network simulations to assess the performance and end-to-end delay of the NS-3 network. We analyzed the security of our proposed scheme using the ROR model and AVISPA tool to ensure its protection against potential attacks. Our results indicate that the proposed technique is highly secure and can withstand attacks.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Shalli Rani,Himanshi Babbar,Gautam Srivastava,Thippa Reddy Gadekallu,Gaurav Dhiman

DOI: https://doi.org/10.1109/jiot.2022.3223576

IF: 10.6

2023-03-25

IEEE Internet of Things Journal

Abstract:Presently, trillions of Internet of Things (IoT) devices are in use, with many more projected to join IoT networks in the future. These IoT devices create a massive volume of data, which cannot be transmitted over the network without proper security and privacy. Furthermore, as the amount of information and variety of interconnected devices grows, problems, including excessive response time, bandwidth constraints, and scalability, emerge in proper network design. To solve the constraints of today's smart cities for next-generation networks, an effective, secure, and scalable distributed framework must be designed bringing computing and storage resources nearer to endpoints. In this article, combining the strengths of software-defined networks (SDNs) and blockchain technology, an innovative adaptable network infrastructure for smart cities is developed. The network is divided into different domains in which SDN will detect potential attacks and transmit the secured data to the blockchain. Our in-depth experimental analysis on performance evaluation show that the proposed framework achieves 12.75% improvement over baseline methodologies.

computer science, information systems,telecommunications,engineering, electrical & electronic

Najmun Nisa,Adnan Shahid Khan,Zeeshan Ahmad,Johari Abdullah

DOI: https://doi.org/10.1002/nem.2258

2024-01-14

International Journal of Network Management

Abstract:This research article proposes a novel system called Two‐Phase Authentication for Attack Detection (TPAAD) that aims to enhance the security of software‐defined networking by mitigating denial‐of‐service attacks. The methodology utilized in our study involves the implementation of packet filtration and ML classification techniques, which are subsequently followed by the targeted restriction of malevolent network traffic. Software‐defined networking (SDN) has received considerable attention and adoption owing to its inherent advantages, such as enhanced scalability, increased adaptability, and the ability to exercise centralized control. However, the control plane of the system is vulnerable to denial‐of‐service (DoS) attacks, which are a primary focus for attackers. These attacks have the potential to result in substantial delays and packet loss. In this study, we present a novel system called Two‐Phase Authentication for Attack Detection that aims to enhance the security of SDN by mitigating DoS attacks. The methodology utilized in our study involves the implementation of packet filtration and machine learning classification techniques, which are subsequently followed by the targeted restriction of malevolent network traffic. Instead of completely deactivating the host, the emphasis lies on preventing harmful communication. Support vector machine and K‐nearest neighbours algorithms were utilized for efficient detection on the CICDoS 2017 dataset. The deployed model was utilized within an environment designed for the identification of threats in SDN. Based on the observations of the banned queue, our system allows a host to reconnect when it is no longer contributing to malicious traffic. The experiments were run on a VMware Ubuntu, and an SDN environment was created using Mininet and the RYU controller. The results of the tests demonstrated enhanced performance in various aspects, including the reduction of false positives, the minimization of central processing unit utilization and control channel bandwidth consumption, the improvement of packet delivery ratio, and the decrease in the number of flow requests submitted to the controller. These results confirm that our Two‐Phase Authentication for Attack Detection architecture identifies and mitigates SDN DoS attacks with low overhead.

computer science, information systems,telecommunications

Bruce Ndibanje,Hoon-Jae Lee,Sang-Gon Lee

DOI: https://doi.org/10.3390/s140814786

IF: 3.9

2014-08-13

Sensors

Abstract:Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al. (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18-21 June 2012, pp. 588-592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

R. Venkatesan,Maya P. Shelke,L. Sharmila,R. Aishwarya,G. Umadevi,M. V. Ishwarya

DOI: https://doi.org/10.1007/s11277-024-11231-y

IF: 2.017

2024-05-30

Wireless Personal Communications

Abstract:IoT is one of the most promising frontier technologies for the future, according to recent academic studies and industry circles. IoT security, on the other hand, has obvious flaws for which there is currently no viable fix. As new technologies emerge, cloud robotics' potential uses continue to grow. IoT security flaws and threats are consequently constantly being discovered. IoT gadgets normally convey information across different wired and remote organizations. IoT security issues have grown to be a big problem that needs to be fixed if these technologies are to advance. A chain of functional robotics devices (RD) makes use of an Authentication Based Remote Device System to maintain a distributed key whose data records cannot be altered or falsified. Biometrics techniques use the body of a person as a key; therefore, it is unnecessary to purchase a passport, smart card, ID card, or key. Each body part has a unique identity to achieve personal identification. However, biometrics requires numerous data to be stored for a person, and these types of systems are not always reliable because humans change over time. In the meantime, cloud robotics and the Internet of Things naturally share a number of distinct capabilities. The highlight point network is what the Personality Based Distant Gadget Validation technique utilizes. IoT applications can use cloud technologies appropriately to achieve various network security features like device privacy protection, information authentication, access control, and data encryption due to similarities between the two.

telecommunications

Ramesh Mandali,B. Tirapathi Reddy,Mandali, Ramesh,Tirapathi Reddy, B.

DOI: https://doi.org/10.1007/s42979-023-02047-x

2023-09-10

SN Computer Science

Abstract:In the current period, the number of mobile users is rapidly expanding with a complicated network setup with a large amount of network traffic, which results in data overload. Insufficient network bandwidth causes data overloading. Data overloading can be mitigated by implementing a potential solution to deal with the massive network traffic. Despite the fact that the capabilities of mobile networks are rapidly expanding, the aforementioned issue persists as we move from cellular to advanced wireless networks. To keep up with the ever-increasing number of internet users, offloading techniques have become increasingly popular in mobile computing. As the number of users and the volume of data they generate grows, the network's capacity is taxed, and this is where offloading techniques come in to help. However, in many situations, authentication is absolutely necessary for the formation of a connection. As a result, the study presents a data offloading method for mobile computing that is both safe and cost-effective, as well as successful in managing network traffic. Individuals' personal information might also constitute a severe privacy risk to users. Anticipating the legitimacy of the nodes and secret key negotiation helps avoid these dangers. Developing a mutual authentication and secret key exchange system for resource-constrained networks that is secure and private in all ways is a difficult challenge. Integrate key exchange authentication with an efficient data offloading approach to maintain data confidentiality and integrity in the whole network during transmission is the primary goal of the research. This research presents a Unique Tokenized Authentication Technique based Data Offloading approach using Key Exchange (UTAT-DO-KE) model is proposed in this research for maintaining data integrity in heterogeneous networks during data communication. In this case, performance analysis can be done to lower the time it takes to authenticate and run the application. When compared to the current procedures, the proposed model will improve network performance while simultaneously reducing data traffic.

Binbin Yu,Hongtu Li

DOI: https://doi.org/10.1177/1550147719879379

IF: 1.938

2019-09-01

International Journal of Distributed Sensor Networks

Abstract:Home-based multi-sensor Internet of Things, as a typical application of Internet of Things, interconnects a variety of intelligent sensor devices and appliances to provide intelligent services to individuals in a ubiquitous way. As families become more and more intelligent, complex, and technology-dependent, there is less and less need for human intervention. Recently, many security attacks have shown that Internet home-based Internet of Things have become a vulnerable target, leading to personal privacy problems. For example, eavesdroppers can acquire the identity of specific devices or sensors through public channels, which is not secure, to infer individual public life in the home area network. Authentication is the essential portion of many secure systems processing of verifying and declaring identity. Before providing confidential information, home-based-Internet of Things service authenticates users and devices. The communication and processing capabilities of intelligent devices are limited. Therefore, in home-based Internet of Things, lightweight authentication and key agreement technology are very important to resist known attacks. This article proposes an anonymous authenticated key agreement protocol using pairing-based cryptography. The protocol proposed in this article provides lightweight computation and ensures the security of communication between home-based multi-sensor Internet of Things network and Internet network.

computer science, information systems,telecommunications

Waseem Iqbal,Haider Abbas,Pan Deng,Jiafu Wan,Bilal Rauf,Yawar Abbas,Imran Rashid

DOI: https://doi.org/10.1109/jiot.2020.3024058

IF: 10.6

2021-06-15

IEEE Internet of Things Journal

Abstract:The smart connected devices are the first choice of cybercriminals for spreading spy wares and different security attacks. The current security standards and protocols for Internet of Things (IoT) have failed in providing security to these devices. In addition, IoT market giants are producing nonsecure smart products in order to grab the open market. Furthermore, low resources of IoT devices, limits the traditional host-based protection solutions like anti-virus, IDS, IPS, etc. To overcome the resource constraintness and security barriers of smart devices, a network-level security architecture based on lightweight cryptographic parameters is required. Software-defined networking (SDN) is a new networking paradigm to overcome the control, management, and security issues in traditional networking. The SDN controller handles all the computation and complexities at the network level, rather than smart devices. In this research, we first present a new privacy-preserving security architecture for SDN-based smart homes. Subsequently, an anonymous lightweight authentication mechanism (ALAM) is designed based on the proposed security architecture core foundations. Furthermore, the security characteristics of the proposed protocol are formally analyzed using Burrows–Abadi–Needham (BAN) logic and ProVerif, followed by informal security analysis. Finally, performance evaluation and comparative analysis of the scheme is carried out.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kiran Dewangan,Mina Mishra,Naveen Kumar Dewangan

DOI: https://doi.org/10.1007/s11845-020-02425-x

Abstract:Internet of Things is a fast growing technology and a network of devices in which everything (smart objects or smart devices) are associated to the internet for effective exchange of information between these connected objects. Internet of Things (IoT) serves as a method for healthcare and acts as an essential part in broad range of real-time healthcare monitoring applications. Previous work shows networked sensor devices, either equipped on the body or embedded inside living being or a camera, make possible in gathering real-time information to evaluate physical and mental health state of the patient by collecting body temperature, blood pressure, patient's image, etc. Communicating this collected real-time data to the doctor, making accurate assessment on the data gathered and notifying the patient is challenging task in the IoT. The architechture of Internet of Things comprises of three layers, and it is the network of devices embedded with sensor, software, and electronics, enabling this device to communicate with each other and exchange data over a computer network. The IoT-based real-time healthcare systems are highly vulnerable to cyber-attacks as the numbers of sensors are deployed in an unprotected network. These may even introduce the attacks, which cannot be monitored and controlled. This paper attempts to review the previous work done and a new scheme has been proposed, the new lightweight authentication protocol for smart real-time healthcare. The proposed scheme requires implementation with the authentication protocol. It is important to satisfy the major parameters of security: confidentiality, integrity, authentication, and access control. In this paper our focus is on the authentication of devices.

Tran Khanh Dang,Khanh T.K. Tran

DOI: https://doi.org/10.48550/arXiv.1903.10018

2019-03-25

Abstract:Wireless sensor networks consist of a large number of distributed sensor nodes so that potential risks are becoming more and more unpredictable. The new entrants pose the potential risks when they move into the secure zone. To build a door wall that provides safe and secured for the system, many recent research works applied the initial authentication process. However, the majority of the previous articles only focused on the Central Authority (CA) since this leads to an increase in the computation cost and energy consumption for the specific cases on the Internet of Things (IoT). Hence, in this article, we will lessen the importance of these third parties through proposing an enhanced authentication mechanism that includes key management and evaluation based on the past interactions to assist the objects joining a secured area without any nearby CA. We refer to a mobility dataset from CRAWDAD collected at the University Politehnica of Bucharest and rebuild into a new random dataset larger than the old one. The new one is an input for a simulated authenticating algorithm to observe the communication cost and resource usage of devices. Our proposal helps the authenticating flexible, being strict with unknown devices into the secured zone. The threshold of maximum friends can modify based on the optimization of the symmetric-key algorithm to diminish communication costs (our experimental results compare to previous schemes less than 2000 bits) and raise flexibility in resource-constrained environments.

Cryptography and Security

S. Satheesh Kumar,Manjula Sanjay Koti

DOI: https://doi.org/10.1007/s13721-021-00329-z

2021-08-12

Network Modeling Analysis in Health Informatics and Bioinformatics

Abstract:In recent decades, broad range of Internet of Things (IoT) technologies are deployed such as machine to machine communication, Internet Technologies (IT), robots, smart devices, and wireless sensor networks. IoT is a spectacular technology in the modern world of IT in which the objects can do data transmission and connect using the intranet or internet networks. Data security and privacy is one of the top most challenging issue where several researchers are showing interest that to especially in healthcare domain. For this reason, a hybrid combination of Elliptic Curve Digital Signature Algorithm (ECDSA), Rivest Cipher 4 (RC4), and Secure Hash Algorithm (SHA-256) is proposed for protecting the reliable data which is transmitted from the IoT based healthcare systems. In the proposed model, the ECDSA is used for improving the RC4 in which the encryption of key is processed by ECDSA for performing the XOR operation in RC4. Furthermore, the security is ensured by transforming the incoming data using the SHA-256 technique. Experimental results show that the proposed model outperforms for 10 MB of data in terms of encryption time that obtained as 631 ms, decryption time is 616 ms, and throughput obtained by the proposed models is 11.71 MB/ms when compared with other existing techniques such as ECC+3DES+SHA-256, RC4+AES+SHA-256, and ECC+RC2+SHA-256.

Yang Yang,Wenyi Xue,Jianfei Sun,Guomin Yang,Yingjiu Li,Hwee Hwa Pang,Robert H. Deng

DOI: https://doi.org/10.1109/tifs.2024.3409070

IF: 7.231

2024-06-14

IEEE Transactions on Information Forensics and Security

Abstract:Space Information Network (SIN) enables universal Internet connectivity for any object, even in remote and extreme environments where deploying a cellular network is difficult. Access authentication is crucial for ensuring user access control in SIN and preventing unauthorized entities from gaining access to network services. However, due to the complex communication environment in SIN, including exposed links and higher signal delay, designing a secure and efficient authentication scheme presents a significant challenge. In this paper, we propose a secure communication protocol for SIN with periodic k-time anonymous authentication (named PkT-SIN) that allows satellite users to anonymously authenticate to ground stations at most k times in each single time period. An efficient handover mechanism is designed to ensure seamless communication for satellite users to communicate with different satellites and ground stations, taking into account the dynamic topology of SIN. As a core component of PkT-SIN, we propose a novel primitive, periodic k-time keyed-verification anonymous credential (PkT-KVAC), that enables users to derive k tokens from a credential for anonymous and unlinkable authentication. On the other hand, a verifier can always recognize a reused token from a dishonest user. PkT-KVAC is of independent contribution to anonymous authentication in pay-per-use business scenarios. Formal security proofs confirm that PkT-SIN and PkT-KVAC have desired security features. The supremacy of their computing features is demonstrated through comprehensive comparison and rigorous performance analysis.

computer science, theory & methods,engineering, electrical & electronic

Lalitha Sravanti Dasu,Mannav Dhamija,Gurram Dishitha,Ajith Vivekanandan,V. Sarasvathi

DOI: https://doi.org/10.2478/cait-2023-0016

2023-06-01

Cybernetics and Information Technologies

Abstract:Abstract Defending against identity-based threats, which have predominantly increased in the era of remote access and working, requires non-conventional, dynamic, intelligent, and strategic means of authenticating and authorizing. This paper aims at devising detailed risk-scoring algorithms for five real-time use cases to make identity security adaptive and risk-based. Zero-trust principles are incorporated by collecting sign-in logs and analyzing them continually to check for any anomalies, making it a dynamic approach. Users are categorized as risky and non-risky based on the calculated risk scores. While many adaptive security mechanisms have been proposed, they confine identities only to users. This paper also considers devices as having an identity and categorizes them as safe or unsafe devices. Further, results are displayed on a dashboard, making it easy for security administrators to analyze and make wise decisions like multifactor authentication, mitigation, or any other access control decisions as such.

Urvashi Sangwan

DOI: https://doi.org/10.52783/jes.3233

2024-05-02

Abstract:Through the network's infrastructure, the IoT can impart perception, recognition, and remote control to inanimate objects. Due to IoT's characteristics, it's possible to integrate the real world into a digital system, which improves precision, productivity, and bottom line. While traditional internet infrastructure comprises of highly capable computers and servers, IoT gadgets have limited processing power and storage space. The authentication and key agreement system SecureAuthKey is very lightweight. The suggested technique is meant to solve the security and privacy problems that plague modern constraint-based CPS programmes. A lightweight approach for authenticating cyber-physical objects is one of the expected outcomes. Adaptation and autonomy in cyber-physical systems need not be compromised by a lack of trust or security in users' data or the devices themselves, according to a new type of security algorithm. To provide flexibility and scalability, a new middleware module has been developed on the Raspberry platform to facilitate communication between CPS-based devices and services. Secure Internet of Things (IoT) evaluation methodology that may be used in a variety of contexts and is user-focused. With the suggested system, the two CPS units will be able to authenticate one another. When a network grows larger, the possibility of an attack rises. Therefore, the IoT network is much more susceptible to attacks than conventional networks. As the number of connected devices grows, so do the number of potential threats to their security. To protect the IoT ecosystem from current threats, cutting-edge technology is essential. The proposed approach must be very efficient and have low computational overheads. It creates random session keys to protect wireless transmissions. The system is protected from a variety of cyber threats. The current constraint-based CPS system requires a new lightweight security solution.

Arif Raza,Salabat Khan,Shivanshu Shrivastava,M. Wasim Abbas Ashraf,Ting Wang,Kaishun Wu,Wang Lu

DOI: https://doi.org/10.1016/j.comnet.2024.110537

IF: 5.493

2024-05-26

Computer Networks

Abstract:With the increasing adoption rate of Internet of Things (IoT) devices in smart home applications, it is vital to safeguard the privacy and security of information, communications among IoT devices, and the underlying infrastructure. In open communication scenarios, an adversary can easily tamper with data transmitted by IoT communication devices. This paper proposes a softwarized lightweight authentication key agreement scheme for smart home applications in Software-Defined IoT (SDIoT) environment. The proposed scheme comprises registration, authentication, and key selection phases. Devices are registered in the registration phase after the successful completion of validation checks, while sessions' keys are granted to the registered devices in the authentication phase. In the final phase, controllers classify IoT devices based on pre-defined parameters and impose class-specific access control based on classification. The security of the proposed scheme is validated using the widely accepted AVISPAs verification tool against a strong adversary. Simulation results demonstrate that our proposed scheme outperforms existing schemes in terms of running time, computation complexity, and energy consumption. It is found that the proposed scheme has significant cost-effectiveness.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Shanvendra Rai,Rituparna Paul,Subhasish Banerjee,Preetisudha Meher,Rai, Shanvendra,Paul, Rituparna,Banerjee, Subhasish,Meher, Preetisudha

DOI: https://doi.org/10.1007/s11276-024-03690-9

IF: 2.701

2024-03-07

Wireless Networks

Abstract:Wireless medical sensor network (WMSN) is an application of the Internet of Things (IoT) that plays a very important role in today's era for the healthcare industry, especially after the COVID-19 pandemic. To maintain the security and privacy of the real-time health information of the users or patients, the proper mutual authentication and key agreement (AKA) is the foremost necessity. In this context, Shadi Nashwan proposed an end-to-end authentication scheme for a healthcare IoT system i.e. WMSN, and claimed that their scheme could resist so many existing possible threats and could maintain a low computational cost too. Unfortunately, during this research, it is found that their scheme can be threatened by eavesdropping and jamming/desynchronization attacks and have many computational flaws, as well. Moreover, they also assumed that the gateway node (GWN) is always trustworthy, but in reality, it is not always feasible, as the GWN may act as a local server. Hence, in this article, a new AKA scheme has been proposed using the user's physiological information like ECG data in order to make the WMSN more secure and reliable. In addition, the proposed scheme can resist many well-known threats like GWN spoofing attack, key escrow problem and can guard against GWN stolen database problem, also. To proof the superiority of the proposed scheme, the informal and formal security analysis have been performed using automated validation of internet security protocols and applications (i.e. AVISPA) and Burrows–Abadi–Needham (BAN) logic, respectively. Based on the comparative study with existing schemes concerning security features, computational and communicational cost, and storage requirement; the proposed scheme can perform better than the existing schemes and well suitable for practical implementations.

computer science, information systems,telecommunications,engineering, electrical & electronic