Limin Zhang,Li Wang

DOI: https://doi.org/10.1186/s44147-024-00459-x

2024-01-01

Journal of Engineering and Applied Science

Abstract:Security is a crucial concern in the Internet of Things (IoT) ecosystem. Due to IoT devices' constrained processing and storage resources, providing reliable security solutions is challenging. Encryption is one of the most commonly used techniques to secure user data against unauthorized access. Therefore, it is essential to develop encryption solutions that have minimal impact on the performance of IoT devices. This study introduces a hybrid encryption approach that combines symmetric blowfish encryption with asymmetric elliptic curves. Blowfish encryption is used to encrypt large volumes of data, which could otherwise affect the execution time. In contrast, elliptic curve cryptography is utilized to ensure the security of the private key, which has a small size and does not increase the execution time significantly. The suggested approach provides advantages of both asymmetric and symmetric encryption methods, leading to an improvement in throughput and a reduction in execution time. The proposed approach was evaluated, yielding promising results in comparison to other cryptographic algorithms. The results show the optimization of more than 15% in the execution time and the efficiency increase by the proposed solution. This improvement represents security with the least impact on processing resources.

Dongfeng Fang,Yi Qian,Rose Qingyang Hu

DOI: https://doi.org/10.1109/jiot.2020.2970974

IF: 10.6

2020-04-01

IEEE Internet of Things Journal

Abstract:Internet-of-Things (IoT) applications have been rapidly deployed into pervasive environment, where both challenges and opportunities abound. On the one hand, a large number of IoT devices and their rich functions contribute significant volumes of data, which has brought tremendous convenience to the daily lives of end users. On the other hand, the heterogeneous IoT devices and a large amount of private information transmitted through networks also bring serious security and privacy issues. It is a big challenge to model IoT systems and trust relationships between different entities with a large number of heterogeneous IoT devices. In this article, we study a general IoT system architecture with consideration of heterogeneous IoT devices. Different trust models are proposed and analyzed based on the trust relationships between different entities in the IoT system. We propose a flexible and efficient authentication scheme with a consideration of heterogeneous IoT devices based on the least trust-required model. The proposed scheme provides security and privacy to resource-limited IoT devices flexibly and efficiently by utilizing IoT devices with better storage and computational ability. Moreover, secure data transmission is presented with contextual privacy and data integrity services. The proposed scheme achieves not only the mutual authentication, initial session key agreement, and data integrity but also anonymity, contextual privacy, forward security, end-to-end security, and key escrow resilience. Security analysis is presented to provide verification of the proposed protocol and security objectives. Moreover, performance evaluation is presented with comparison to the other schemes in terms of security features, computational overhead, and communication overhead. The performance comparisons show that our proposed scheme provides flexible and efficient security by consideration of heterogeneous IoT devices. With the higher proportion of resource-limited IoT devic-s, our proposed scheme outperforms other similar schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Wenzhan Zhang,Yanhui Zhang,Chong Guo,Qi An,Yuming Guo,Ximing Liu,Shijun Zhang,Junjia Huang

DOI: https://doi.org/10.1155/2022/3687332

IF: 3.12

2022-02-26

Computational Intelligence and Neuroscience

Abstract:The rapid development of the Internet of Things (IoT) has accelerated the integration of science and technology with life, enabling the public to start enjoying the convenience brought by intelligent living. However, there are multiple resource-constrained sensing devices in IoT, which are always facing various external or internal attacks, making it difficult to ensure the secure transmission of sensitive data in IoT. Therefore, to address the problem of data transmission in resource-constrained devices in IoT, we propose a new certificateless hybrid signcryption scheme for IoT. It is a novel scheme that satisfies confidentiality and unforgeability, showing higher computational efficiency and lower overhead of transmission. To prove that it satisfies the efficent transmission of IoT, we conduct simulation experiments, and the experimental results show that our proposed scheme has higher efficiency than the existing schemes.

mathematical & computational biology,neurosciences

Chen Wang,Jian Shen,Qi Liu,Yongjun Ren,Tong Li

DOI: https://doi.org/10.1155/2018/3680851

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:Internet of Things (IoT) is a research field that has been continuously developed and innovated in recent years and is also an important driving force for the improvement of people’s life in the future. There are lots of scenarios in IoT where we need to collaborate through devices to complete tasks; that is, a device sends data to other devices, and other devices operate on the aid of the data. These transmitted data are often users’ privacy data, such as medical data and grid data. We propose an instant encrypted transmission based security scheme for such scenarios in IoT. The analysis in this paper indicates that our scheme can guarantee the security of users’ data while ensuring rapid transmission and acquisition of instant IoT data.

Daojing He,Ziming Zhao,Sammy Chan,Mohsen Guizani

DOI: https://doi.org/10.1109/jiot.2022.3204410

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT) is composed of a large number of miniaturized devices interconnected through the Internet. These devices, equipped with sensing, computing, and communication capabilities, can be used to remotely control the environment or the monitored infrastructure. However, IoT devices usually only have limited resources, and thus designing a lightweight security authentication protocol for them is a challenge. This article proposes an identity authentication protocol between embedded devices and server. The protocol uses the elliptic curve encryption algorithm and realizes the anonymity of the device by hashing their IDs and prevents the server from replay attacks by adding security attributes timestamp. We prove the security of the protocol and its resistance to security attacks and also formally verify it using the AVISPA tool. In addition, through experimental comparison with existing protocols, we demonstrate the performance superiority of the proposed protocol.

Rohit Sharma,Rajeev Arya

DOI: https://doi.org/10.1007/s40747-021-00576-7

2021-11-23

Abstract:Abstract Nowadays, the utilization of IoT technology has been rapidly increased in various applications such as smart city, smart banking, smart transport, etc. The internet of things allows the user to collect the data easily using the different sensors installed at various locations in the open environment. The data collection process by the IoT sensors is giving access to the various services. However, due to the open communication medium, it is difficult to provide secure access to these services. In this paper, a data transmission technique has been proposed, which will provide secure communication in IoT infrastructure for smart city applications. In this method, each IoT sensor have to prove their legitimacy to the reader and the base station before the transmission of data. Hence, the IoT sensors can transmit the required data in a secure and efficient way. In the proposed technique, the proof of correction shows that the required information is not supposed to send through an online medium, it is obtained at the receiver using the Euclidean parameters shared by the IoT sensors. The proposed technique is compatible to provide the security against most of the attacks performed by the attackers. Two random variables and complex mathematical calculation are making the proposed technique more reliable than others. This technique will significantly improve the security of different data transmission services which will be helpful to improve the smart city infrastructure.

computer science, artificial intelligence

Mikail Mohammed Salim,Jungho Kang,Yi Pan,Jong Hyuk Park

DOI: https://doi.org/10.3934/mbe.2022546

2022-01-01

Mathematical Biosciences and Engineering

Abstract:Internet of Things (IoT) devices supporting intelligent cloud applications such as healthcare for hospitals rely on connecting with local base stations and access points to provide rich data analysis and real-time services to users. Devices authenticate with local base stations and perform handover operations to connect with access points with higher signal strength. Attackers disguise as valid base stations and access points using publicly accessible SSID information connect with local IoT devices during the handover process and give rise to data integrity and privacy concerns. This paper proposes a lightweight authentication scheme for private blockchain-based networks for securing devices from rogue base stations during the handover process. An authentication certificate is designed for base stations and machines in local clusters using SHA256 and modulo operations for enabling quick handover operations. The keys assigned to each device and base station joining the network are hashed, and their sizes are reduced using modulo operations. Furthermore, the compressed key size forms a certificate, which is used by the machines and the base stations to authenticate mutually. In comparison with existing studies, the performance analysis of the proposed scheme is based on the transmission of three messages required for completing the authentication process. Evaluation based on the Communication Overhead demonstrates a minimum improvement of 99.30% fewer bytes exchanged during the handover process and 89.58% reduced Storage Overhead compared with existing studies.

Daojing He,Yanchang Cai,Shanshan Zhu,Ziming Zhao,Sammy Chan,Mohsen Guizani

DOI: https://doi.org/10.1109/twc.2023.3257028

IF: 10.4

2023-01-01

IEEE Transactions on Wireless Communications

Abstract:The number of IoT devices is growing rapidly, and the interaction between devices and servers is also more frequent. However, IoT devices are often at the edge of the network, which leads their communications with the server to be completely exposed, making it more vulnerable to attacks. Moreover, IoT devices have limited energy and computational resources. Therefore, we propose in this paper a lightweight authentication and key exchange protocol with anonymity for IoT devices. The proposed scheme supports mutual authentication between IoT devices and the server. We verify the security of the protocol through formal and informal analyses. Finally, we compare security and performance with other protocols, which shows that our protocol has the advantages of being lightweight and secure.

Dongdong Liu,Tiantian Ji

DOI: https://doi.org/10.1038/s41598-024-73480-y

IF: 4.6

2024-10-27

Scientific Reports

Abstract:The Internet of Things technology allows you to transfer data to any asset through communication networks such as the Internet or intranet. One of the most important problems is security, which includes confidentiality, authenticity validation, and completeness. Among security problems, the most important ones are ensuring authenticity and protecting privacy. The elliptic curve encryption algorithm is famous protocols for maintaining privacy and verifying authenticity. Despite the capabilities they have and provide good security against network attacks, they face challenges such as response time, delay in the authentication and authentication process, as well as the amount of memory consumed. Two-factor authentication (2FA) is a security process where users provide two different authentication factors to authenticate themselves. It also provides a higher level of security than authentication methods that rely on single-factor authentication (SFA). This article presents two novel methods for 2FA that use encryption techniques, scramble architecture, and chord architecture. These methods allow for the authentication process to be initiated by both parties involved in the communication. Three scenarios and three metrics of reaction time, memory usage, and connection latency were used to assess the efficacy of the suggested approach. The average reaction time is improved and is 0.012 s when the lengths of the finger table in the chord structure are increased to 10, 15, and 20. The findings show that the suggested approach reduces computing complexity, reaction time, and communication latency. It has an average reaction time of 0.016 s, an average memory use of 30,360 kb, and an average connection latency of 0.042 s.

multidisciplinary sciences

Peng Hao,Xianbin Wang,Weiming Shen

DOI: https://doi.org/10.1109/access.2018.2859781

IF: 3.9

2018-01-01

IEEE Access

Abstract:Nowadays, Internet of Things (IoT) devices are rapidly proliferating to support a vast number of end-to-end (E2E) services and applications, which require reliable device authentication for E2E data security. However, most low-cost IoT end devices with limited computing resources have difficulties in executing the increasingly complicated cryptographic security protocols, resulting in increased vulnerability of the virtual authentication credentials to malicious cryptanalysis. An attacker possessing compromised credentials could be deemed legitimate by the conventional cryptography-based authentication. Although inherently robust to upper-layer unauthorized cryptanalysis, the device-to-device physical-layer (PHY) authentication is practically difficult to be applied to the E2E IoT scenario and to be integrated with the existing, well-established cryptography primitives without any conflict. This paper proposes an enhanced E2E IoT device authentication that achieves seamless integration of PHY security into traditional asymmetric cryptography-based authentication schemes. Exploiting the collaboration of several intermediate nodes (e.g., edge gateway, access point, and full-function device), multiple radio-frequency features of an IoT device can be estimated, quantized, and used in the proposed PHY identity-based cryptography for key protection. A closed-form expression of the generated PHY entropy is derived for measuring the security enhancement. The evaluation results of our cross-layer authentication demonstrate an elevated resistance to various computation-based impersonation attacks. Furthermore, the proposed method does not impose any extra implementation overhead on resource-constrained IoT devices.

Mingyuan Xin

DOI: https://doi.org/10.1109/cyberc.2015.9

2015-09-01

Abstract:Internet of things has be broadly applied for home, industry, and many other applications. For these applications, secure information transmission becomes a critical issue to ensure the system safety. Hybrid encryption technique is a new cryptographic paradigm and it can be applied to the Internet of Things. It provides the benefit of the symmetric key and asymmetric key performance. It enables strong security and low computational complexity. In this paper, we proposed a mixed encryption algorithm to provide information integrity, confidentiality, non-repudiation on the data transmission for Internet of Things. We demonstrate the security efficiency with the comparison with traditional encryption algorithms.

Yuan Ji,Tian Ye,Xiang -Yang Li

DOI: https://doi.org/10.1109/bigcom57025.2022.00027

2022-01-01

Abstract:With the gradual development of the Internet of Things, people rely more and more on the Internet of Things devices to assist their daily lives. The permissions of IoT devices make it easy for them to rescue or destroy our lives. This paper proposes a new scalable IoT security framework (ISDF), which uses the unforgeable physical layer characteristics of IoT devices as the verification basis to identify illegal devices. This framework combined with the identifier generation algorithm to generate a unique trusted identifier. Under the verification of more than a dozen devices such as bluetooth, wifi, and voice, the identifiers we generate have high robustness and stability, the accuracy of verification is more than 93%. Compared with existing solutions, our framework has the advantages of supporting multimodality and high verification success rate.

Rupesh Bhandari,V B Kirubanand,Kirubanand V B

DOI: https://doi.org/10.11591/ijece.v9i5.pp3732-3738

2019-10-01

International Journal of Electrical and Computer Engineering (IJECE)

Abstract:Internet of things is the latest booming innovation in the current period, which lets the physical entity to process and intervene with the virtual entities. As all the entities are connected with each other, it generates load of data, which lacks proper security and privacy standards. Cryptography is one of the domains of Network Security, which is one such mechanism that helps the data transmission process to be secure enough over the wireless or wired channel and along with that, it provides authenticity, confidentiality, integrity of data and prevents repudiation. In this paper, we have proposed an alternate enhanced cryptographic solution combing the characteristic of symmetric, asymmetric encryption algorithms and Public Key Server. Here, the key pairs of end points (User’s Device and IoT device) are generated using Elliptic Curve Cryptography and the respective public keys are registered in Public Key Server along with their unique MAC address. Thereafter, both the ends will agree on one common private secret key, which will be the base for further cryptographic process using AES algorithm. This model can be called as multi-phase protection mechanism. It will make the process of data transmission secure enough that no intermediate can tamper the data.

Yonghao Zhu,Dongfen Li,Yangyang Jiang,Xiaoyu Hua,You Fu,Jie Zhou,Yuqiao Tan,Xiaolong Yang

DOI: https://doi.org/10.3390/sym16121589

2024-11-29

Symmetry

Abstract:Quantum communication holds great potential for enhancing the security and efficiency of the Internet of Things (IoT). However, existing schemes often overlook device identity authentication, leaving systems vulnerable to unauthorized access, and rely on third-party controllers, which increase complexity and undermine trust. This paper proposes a novel asymmetric bidirectional quantum communication scheme tailored for IoT, integrating device identity authentication and information transmission without requiring third-party controllers. We provide a detailed description of the scheme's application scenarios in IoT, conduct a security analysis of the identity authentication module, and experimentally validate the feasibility of the information transmission module. Additionally, we analyze the impact of quantum noise on the proposed scheme and compare it with existing approaches, highlighting its advantages in terms of resource consumption and efficiency.

multidisciplinary sciences

Xi Luo,Lihua Yin,Chao Li,Chonghua Wang,Fuyang Fang,Chunsheng Zhu,Zhihong Tian

DOI: https://doi.org/10.1109/access.2020.2978525

IF: 3.9

2020-01-01

IEEE Access

Abstract:While Internet-of-Things (IoT) significantly facilitates the convenience of people's daily life, the lack of security practice raises the risk of privacy-sensitive user data leakage. Securing data transmission among IoT devices is therefore a critical capability of IoT environments such as Intelligent Connected Vehicles, Smart Home, Intelligent City and so forth. However, cryptographic communication scheme is challenged by the limited resource of low-cost IoT devices, even negligible extra CPU usage of battery-powered sensors would result in dramatical decrease of the battery life. In this paper, to minimize the resource consumption, we propose a communication protocol involving only the symmetric key-based scheme, which provides ultra-lightweight yet effective encryptions to protect the data transmissions. Symmetric keys generated in this protocol are delegated based on a chaotic system, i.e., Logistic Map, to resist against the key reset and device capture attacks. We semantically model such protocol and analyze the security properties. Moreover, the resource consumption is also evaluated to guarantee runtime efficacy.

Kai Fan,Qi Luo,Kuan Zhang,Yintang Yang

DOI: https://doi.org/10.1016/j.ins.2019.08.006

2017-01-01

Abstract:Radio Frequency Identification (RFID) makes it a supporting technology for the Internet of things (IoT). While RFID has been widely used and developed rapidly, its security and privacy issues cannot be ignored. With the development of cloud computing, cloud based RFID system has become a new solution. Protecting the security of RFID system in cloud environment is particularly important. Not verifying the tag or reader when reading message will have serious consequences, which may suffer many secure issues, such as intercept, modifying, replaying, DoS and synchronization. This paper puts forward an efficient and reliable RFID security authentication scheme in cloud environment. The protocol combines the logic encryption operation with timestamp, which can resist DoS attacks and anti-synchronization attacks. The proposed protocol not only can well solve the RFID security and privacy issues, but also can use the powerful cloud computing capabilities to process data.

Brou Bernard Ehui,Yiran Han,Hua Guo,Jianwei Liu

DOI: https://doi.org/10.23919/jcin.2022.9815201

2022-01-01

Journal of Communications and Information Networks

Abstract:Due to the resource-constrained of Internet of things (IoT) devices, the traditional cryptography protocols are not suitable for IoT environments. When they can be implemented, their performances often are not acceptable. As a result, a lightweight protocol is required to cope with these challenges. To address security challenges in IoT networks, we present a lightweight mutual authentication protocol for IoT. The protocol aims to provide a secure mutual authentication mechanisms between the sensor node and gateway using a lightweight cryptography algorithms. The protocol is relied on two main shared secret keys, a permanent key (κ p ) used for encrypting messages during the mutual authentication phase and an update key (κ u ) used for the communication session. The session key is constantly updated after a pre-defined session time (sess time i ) by using the previous session information. We used a lightweight cryptography mechanisms that includes symmetric-key cryptography, hash-based message authentication code (HMAC), and hash function to design the protocol. We analyze the protocol using the Barrows-Abadi-Needham (BAN)-logic method and the results show that the proposed scheme has good security and performance compared to existing related protocols. It can provide a secure mutual authentication mechanism in the IoT environment.

Lu Zhou,Xiong Li,Kuo-Hui Yeh,Chunhua Su,Wayne Chiu

DOI: https://doi.org/10.1016/j.future.2018.08.038

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:Recently, authentication technologies integrated with the Internet of Things (IoT) and cloud computing have been promptly investigated for secure data retrieval and robust access control on large-scale IoT networks. However, it does not have a best practice for simultaneously deploying IoT and cloud computing with robust security. In this study, we present a novel authentication scheme for IoT-based architectures combined with cloud servers. To pursue the best efficiency, lightweight crypto-modules, such as one-way hash function and exclusive-or operation, are adopted in our authentication scheme. It not only removes the computation burden but also makes our proposed scheme suitable for resource-limited objects, such as sensors or IoT devices. Through the formal verification delivered by Proverif, the security robustness of the proposed authentication scheme is guaranteed. Furthermore, the performance evaluation presents the practicability of our proposed scheme in which a user-acceptable computation cost is achieved.

Yu-Sheng Yang,Shih-Hsiung Lee,Jie-Min Wang,Chu-Sing Yang,Yuen-Min Huang,Ting-Wei Hou

DOI: https://doi.org/10.3390/s23104970

IF: 3.9

2023-05-23

Sensors

Abstract:With the promotion of Industry 4.0, which emphasizes interconnected and intelligent devices, several factories have introduced numerous terminal Internet of Things (IoT) devices to collect relevant data or monitor the health status of equipment. The collected data are transmitted back to the backend server through network transmission by the terminal IoT devices. However, as devices communicate with each other over a network, the entire transmission environment faces significant security issues. When an attacker connects to a factory network, they can easily steal the transmitted data and tamper with them or send false data to the backend server, causing abnormal data in the entire environment. This study focuses on investigating how to ensure that data transmission in a factory environment originates from legitimate devices and that related confidential data are encrypted and packaged. This paper proposes an authentication mechanism between terminal IoT devices and backend servers based on elliptic curve cryptography and trusted tokens with packet encryption using the TLS protocol. Before communication between terminal IoT devices and backend servers can occur, the authentication mechanism proposed in this paper must first be implemented to confirm the identity of the devices and, thus, the problem of attackers imitating terminal IoT devices transmitting false data is resolved. The packets communicated between devices are also encrypted, preventing attackers from knowing their content even if they steal the packets. The authentication mechanism proposed in this paper ensures the source and correctness of the data. In terms of security analysis, the proposed mechanism in this paper effectively withstands replay attacks, eavesdropping attacks, man-in-the-middle attacks, and simulated attacks. Additionally, the mechanism supports mutual authentication and forward secrecy. In the experimental results, the proposed mechanism demonstrates approximately 73% improvement in efficiency through the lightweight characteristics of elliptic curve cryptography. Moreover, in the analysis of time complexity, the proposed mechanism exhibits significant effectiveness.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation