Sangjukta Das,Suyel Namasudra

DOI: https://doi.org/10.1002/ett.4716

IF: 3.6

2023-01-04

Transactions on Emerging Telecommunications Technologies

Abstract:The proposed scheme consists of three entities, namely IoT device (IoTD), gateway, and central administrator (CA). An IoTD is a resource‐constrained device associated with a patient's body. It collects patients' real‐time healthcare data and sends them to the intended entity via a gateway device. The gateway acts as an intermediate entity between the IoTD and user. The CA is the central entity of the proposed scheme. In recent years, Internet of Things (IoT) technology has been adopted in numerous application areas, such as healthcare, agriculture, industrial automation, and many more. The use of IoT and other technologies like cloud computing and machine learning has made the modern healthcare system to be smart, automated, and efficient. However, the continuous proliferation of cyber‐attacks on IoT devices has increased IoT challenges like data security, privacy protection, authentication, and so forth. In smart healthcare systems, due to the lack of authentication protocols, attackers can undermine the availability, confidentiality, and integrity of both smart healthcare devices and data, which can be life‐threatening in some situations. In this article, a privacy‐preserving mutual authentication scheme for IoT‐enabled healthcare systems is proposed to achieve lightweight and effective authentication of network devices. To support the processing capabilities of the IoT devices, this proposed authentication scheme is designed using lightweight cryptographic primitives, namely XOR, concatenation, and hash operation. The proposed scheme can establish a secure session between an authorized device and a gateway, and prevent unauthorized devices from getting access to healthcare systems. The security analysis and performance analysis assess the proposed authentication technique's effectiveness over existing well‐known schemes.

telecommunications

Laleh Khajehzadeh,Hamid Barati,Ali Barati

DOI: https://doi.org/10.1007/s11042-024-19379-2

IF: 2.577

2024-05-22

Multimedia Tools and Applications

Abstract:The Internet of Things has opened up new opportunities in healthcare systems. Wireless sensor nodes are used to collect and exchange health-related data in the Internet of Things. In this integration, data is transmitted to medical professionals through unsecured channels to enable them to monitor patients' conditions in real-time. However, due to the high sensitivity of e-health records, there are key challenges such as security considerations, privacy, and authentication in data transmission in heterogeneous Internet of Things networks. This article examines the solution proposed by Masud and colleagues and points out the existing threats and vulnerabilities, such as node clone/replication attacks. To overcome these drawbacks, we propose an improved lightweight authentication protocol for a smart healthcare system. In the proposed protocol, the mutual authentication process consists of two steps. The doctor sends their information for authentication and the desired sensor node ID to the gateway for communication. After successful confirmation of authentication, the gateway node, in turn, sends a message to the sensor node to complete the authentication process. After confirming the authentication process, the node sends a message to the gateway to complete the authentication process and key agreement. Once the authentication process of the sensor node is confirmed, the gateway sends a message to the medical user based on their authentication along with the session key. The security of the proposed protocol is demonstrated through automatic validation of protocols using tools like ProVerif and internet security programs. Additionally, security features and performance analysis are compared to other schemes. The results show that the improved proposed protocol provides a higher level of security while ensuring computational and communication efficiency. It is also resistant to attacks such as mutual authentication, identity anonymity and untraceability, ensures data privacy, and provides perfect forward secrecy, among others.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Mian Ahmad Jan,Fazlullah Khan,Spyridon Mastorakis,Muhammad Adil,Aamir Akbar,Nicholas Stergiou

DOI: https://doi.org/10.1109/tgcn.2021.3077318

2021-09-01

IEEE Transactions on Green Communications and Networking

Abstract:Internet of Things (IoT) is considered as a key enabler of health informatics. IoT-enabled devices are used for in-hospital and in-home patient monitoring to collect and transfer biomedical data pertaining to blood pressure, electrocardiography (ECG), blood sugar levels, body temperature, etc. Among these devices, wearables have found their presence in a wide range of healthcare applications. These devices generate data in real-time and transmit them to nearby gateways and remote servers for processing and visualization. The data transmitted by these devices are vulnerable to a range of adversarial threats, and as such, privacy and integrity need to be preserved. In this paper, we present LightIoT, a lightweight and secure communication approach for data exchanged among the devices of a healthcare infrastructure. LightIoT operates in three phases: initialization, pairing, and authentication. These phases ensure the reliable transmission of data by establishing secure sessions among the communicating entities (wearables, gateways and a remote server). Statistical results exhibit that our scheme is lightweight, robust, and resilient against a wide range of adversarial attacks and incurs much lower computational and communication overhead for the transmitted data in the presence of existing approaches.

Saud Khan,Chandra Thapa,Salman Durrani,Seyit Camtepe

DOI: https://doi.org/10.1109/JIOT.2023.3331362

2023-11-07

Abstract:Physical-layer authentication is a popular alternative to the conventional key-based authentication for internet of things (IoT) devices due to their limited computational capacity and battery power. However, this approach has limitations due to poor robustness under channel fluctuations, reconciliation overhead, and no clear safeguard distance to ensure the secrecy of the generated authentication keys. In this regard, we propose a novel, secure, and lightweight continuous authentication scheme for IoT device authentication. Our scheme utilizes the inherent properties of the IoT devices' transmission model as its source for seed generation and device authentication. Specifically, our proposed scheme provides continuous authentication by checking the access time slots and spreading sequences of the IoT devices instead of repeatedly generating and verifying shared keys. Due to this, access to a coherent key is not required in our proposed scheme, resulting in the concealment of the seed information from attackers. Our proposed authentication scheme for IoT devices demonstrates improved performance compared to the benchmark schemes relying on physical channels. Our empirical results find a near threefold decrease in the misdetection rate of illegitimate devices and close to zero false alarm rate in various system settings with varied numbers of active devices up to 200 and signal-to-noise ratio from 0 dB to 25 dB. Our proposed authentication scheme also has a lower computational complexity of at least half the computational cost of the benchmark schemes based on support vector machine and binary hypothesis testing in our studies. This further corroborates the practicality of our scheme for IoT deployments.

Cryptography and Security,Networking and Internet Architecture,Signal Processing

Chintan Patel

DOI: https://doi.org/10.48550/arXiv.2207.10353

2022-07-21

Abstract:The Internet of Things (IoT) is giving a boost to a plethora of new opportunities for the robust and sustainable deployment of cyber physical systems. The cornerstone of any IoT system is the sensing devices. These sensing devices have considerable resource constraints, including insufficient battery capacity, CPU capability, and physical security. Because of such resource constraints, designing lightweight cryptographic protocols is an opportunity. Remote User Authentication ensures that two parties establish a secure and durable session key. This study presents a lightweight and safe authentication strategy for the user-gateway (U GW) IoT network model. The proposed system is designed leveraging Elliptic Curve Cryptography (ECC). We undertake a formal security analysis with both the Automated Validation of Internet Security Protocols (AVISPA) and Burrows Abadi Needham (BAN) logic tools and an information security assessment with the Delev Yao channel. We use publish subscribe based Message Queuing Telemetry Transport (MQTT) protocol for communication. Additionally, the performance analysis and comparison of security features show that the proposed scheme is resilient to well known cryptographic threats.

Cryptography and Security

Mikail Mohammed Salim,Jungho Kang,Yi Pan,Jong Hyuk Park

DOI: https://doi.org/10.3934/mbe.2022546

2022-01-01

Mathematical Biosciences and Engineering

Abstract:Internet of Things (IoT) devices supporting intelligent cloud applications such as healthcare for hospitals rely on connecting with local base stations and access points to provide rich data analysis and real-time services to users. Devices authenticate with local base stations and perform handover operations to connect with access points with higher signal strength. Attackers disguise as valid base stations and access points using publicly accessible SSID information connect with local IoT devices during the handover process and give rise to data integrity and privacy concerns. This paper proposes a lightweight authentication scheme for private blockchain-based networks for securing devices from rogue base stations during the handover process. An authentication certificate is designed for base stations and machines in local clusters using SHA256 and modulo operations for enabling quick handover operations. The keys assigned to each device and base station joining the network are hashed, and their sizes are reduced using modulo operations. Furthermore, the compressed key size forms a certificate, which is used by the machines and the base stations to authenticate mutually. In comparison with existing studies, the performance analysis of the proposed scheme is based on the transmission of three messages required for completing the authentication process. Evaluation based on the Communication Overhead demonstrates a minimum improvement of 99.30% fewer bytes exchanged during the handover process and 89.58% reduced Storage Overhead compared with existing studies.

Sangjukta Das,Suyel Namasudra

DOI: https://doi.org/10.1109/TCBB.2022.3230053

Abstract:The rapid development of Big Data technology supports the advancement of many fields like industrial automation, smart healthcare, distributed systems, and many more. Big data is large and heterogeneous data generated from different sources, such as Internet of Things (IoT) devices, weather forecasting, traffic management systems, etc. However, in a distributed smart healthcare industry, unauthorized users or devices can illegally access healthcare Big Data, as well as control the sensor or IoT-enabled devices connected to a patient's body. They can even alter patients' healthcare Big Data by inserting false and misleading data, which may even cause death to the patient. This study presents a lightweight privacy-preserving user authentication scheme to solve the above-said problems in a distributed smart healthcare system. The proposed scheme prevents unauthorized users from getting access to the healthcare system by establishing a secure session for the authorized user. Here, the password protection mechanism allows only a legitimate user to access and modify the patient's healthcare Big Data. The security strength and effectiveness of the proposed authentication scheme is evaluated in this article, which show that it is more efficient and secure than the state-of-the-art schemes.

Vassileios Aivaliotis,Kyriaki Tsantikidou,Nicolas Sklavos

DOI: https://doi.org/10.3390/s22114269

2022-06-03

Abstract:Health 4.0 is a new promising addition to the healthcare industry that innovatively includes the Internet of Things (IoT) and its heterogeneous devices and sensors. The result is the creation of numerous smart health applications that can be more effective, reliable, scalable and cost-efficient while facilitating people with their everyday life and health conditions. Nevertheless, without proper guidance, the employment of IoT-based health systems can be complicated, especially with regard to security challenges such susceptible application displays. An appropriate comprehension of the structure and the security demands of IoT-based multi-sensor systems and healthcare infrastructures must first be achieved. Furthermore, new architectures that provide lightweight, easily implementable and efficient approaches must be introduced. In this paper, an overview of IoT integration within the healthcare domain as well as a methodical analysis of efficient smart health frameworks, which mainly employ multiple resource and energy-constrained devices and sensors, will be presented. An additional concern of this paper will be the security requirements of these key IoT components and especially of their wireless communications. As a solution, a lightweight-based security scheme, which utilizes the lightweight cryptographic primitive LEAIoT, will be introduced. The proposed hardware-based design displays exceptional results compared to the original CPU-based implementation, with a 99.9% increase in key generation speed and 96.2% increase in encryption/decryption speed. Finally, because of its lightweight and flexible implementation and high-speed keys' setup, it can compete with other common hardware-based cryptography architectures, where it achieves lower hardware utilization up to 87.9% with the lowest frequency and average throughput.

Brou Bernard Ehui,Yiran Han,Hua Guo,Jianwei Liu

DOI: https://doi.org/10.23919/jcin.2022.9815201

2022-01-01

Journal of Communications and Information Networks

Abstract:Due to the resource-constrained of Internet of things (IoT) devices, the traditional cryptography protocols are not suitable for IoT environments. When they can be implemented, their performances often are not acceptable. As a result, a lightweight protocol is required to cope with these challenges. To address security challenges in IoT networks, we present a lightweight mutual authentication protocol for IoT. The protocol aims to provide a secure mutual authentication mechanisms between the sensor node and gateway using a lightweight cryptography algorithms. The protocol is relied on two main shared secret keys, a permanent key (κ p ) used for encrypting messages during the mutual authentication phase and an update key (κ u ) used for the communication session. The session key is constantly updated after a pre-defined session time (sess time i ) by using the previous session information. We used a lightweight cryptography mechanisms that includes symmetric-key cryptography, hash-based message authentication code (HMAC), and hash function to design the protocol. We analyze the protocol using the Barrows-Abadi-Needham (BAN)-logic method and the results show that the proposed scheme has good security and performance compared to existing related protocols. It can provide a secure mutual authentication mechanism in the IoT environment.

Arif Raza,Salabat Khan,Shivanshu Shrivastava,M. Wasim Abbas Ashraf,Ting Wang,Kaishun Wu,Wang Lu

DOI: https://doi.org/10.1016/j.comnet.2024.110537

IF: 5.493

2024-05-26

Computer Networks

Abstract:With the increasing adoption rate of Internet of Things (IoT) devices in smart home applications, it is vital to safeguard the privacy and security of information, communications among IoT devices, and the underlying infrastructure. In open communication scenarios, an adversary can easily tamper with data transmitted by IoT communication devices. This paper proposes a softwarized lightweight authentication key agreement scheme for smart home applications in Software-Defined IoT (SDIoT) environment. The proposed scheme comprises registration, authentication, and key selection phases. Devices are registered in the registration phase after the successful completion of validation checks, while sessions' keys are granted to the registered devices in the authentication phase. In the final phase, controllers classify IoT devices based on pre-defined parameters and impose class-specific access control based on classification. The security of the proposed scheme is validated using the widely accepted AVISPAs verification tool against a strong adversary. Simulation results demonstrate that our proposed scheme outperforms existing schemes in terms of running time, computation complexity, and energy consumption. It is found that the proposed scheme has significant cost-effectiveness.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Dongfeng Fang,Yi Qian,Rose Qingyang Hu

DOI: https://doi.org/10.1109/jiot.2020.2970974

IF: 10.6

2020-04-01

IEEE Internet of Things Journal

Abstract:Internet-of-Things (IoT) applications have been rapidly deployed into pervasive environment, where both challenges and opportunities abound. On the one hand, a large number of IoT devices and their rich functions contribute significant volumes of data, which has brought tremendous convenience to the daily lives of end users. On the other hand, the heterogeneous IoT devices and a large amount of private information transmitted through networks also bring serious security and privacy issues. It is a big challenge to model IoT systems and trust relationships between different entities with a large number of heterogeneous IoT devices. In this article, we study a general IoT system architecture with consideration of heterogeneous IoT devices. Different trust models are proposed and analyzed based on the trust relationships between different entities in the IoT system. We propose a flexible and efficient authentication scheme with a consideration of heterogeneous IoT devices based on the least trust-required model. The proposed scheme provides security and privacy to resource-limited IoT devices flexibly and efficiently by utilizing IoT devices with better storage and computational ability. Moreover, secure data transmission is presented with contextual privacy and data integrity services. The proposed scheme achieves not only the mutual authentication, initial session key agreement, and data integrity but also anonymity, contextual privacy, forward security, end-to-end security, and key escrow resilience. Security analysis is presented to provide verification of the proposed protocol and security objectives. Moreover, performance evaluation is presented with comparison to the other schemes in terms of security features, computational overhead, and communication overhead. The performance comparisons show that our proposed scheme provides flexible and efficient security by consideration of heterogeneous IoT devices. With the higher proportion of resource-limited IoT devic-s, our proposed scheme outperforms other similar schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yu-Sheng Yang,Shih-Hsiung Lee,Jie-Min Wang,Chu-Sing Yang,Yuen-Min Huang,Ting-Wei Hou

DOI: https://doi.org/10.3390/s23104970

IF: 3.9

2023-05-23

Sensors

Abstract:With the promotion of Industry 4.0, which emphasizes interconnected and intelligent devices, several factories have introduced numerous terminal Internet of Things (IoT) devices to collect relevant data or monitor the health status of equipment. The collected data are transmitted back to the backend server through network transmission by the terminal IoT devices. However, as devices communicate with each other over a network, the entire transmission environment faces significant security issues. When an attacker connects to a factory network, they can easily steal the transmitted data and tamper with them or send false data to the backend server, causing abnormal data in the entire environment. This study focuses on investigating how to ensure that data transmission in a factory environment originates from legitimate devices and that related confidential data are encrypted and packaged. This paper proposes an authentication mechanism between terminal IoT devices and backend servers based on elliptic curve cryptography and trusted tokens with packet encryption using the TLS protocol. Before communication between terminal IoT devices and backend servers can occur, the authentication mechanism proposed in this paper must first be implemented to confirm the identity of the devices and, thus, the problem of attackers imitating terminal IoT devices transmitting false data is resolved. The packets communicated between devices are also encrypted, preventing attackers from knowing their content even if they steal the packets. The authentication mechanism proposed in this paper ensures the source and correctness of the data. In terms of security analysis, the proposed mechanism in this paper effectively withstands replay attacks, eavesdropping attacks, man-in-the-middle attacks, and simulated attacks. Additionally, the mechanism supports mutual authentication and forward secrecy. In the experimental results, the proposed mechanism demonstrates approximately 73% improvement in efficiency through the lightweight characteristics of elliptic curve cryptography. Moreover, in the analysis of time complexity, the proposed mechanism exhibits significant effectiveness.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Peng Hao,Xianbin Wang,Weiming Shen

DOI: https://doi.org/10.1109/access.2018.2859781

IF: 3.9

2018-01-01

IEEE Access

Abstract:Nowadays, Internet of Things (IoT) devices are rapidly proliferating to support a vast number of end-to-end (E2E) services and applications, which require reliable device authentication for E2E data security. However, most low-cost IoT end devices with limited computing resources have difficulties in executing the increasingly complicated cryptographic security protocols, resulting in increased vulnerability of the virtual authentication credentials to malicious cryptanalysis. An attacker possessing compromised credentials could be deemed legitimate by the conventional cryptography-based authentication. Although inherently robust to upper-layer unauthorized cryptanalysis, the device-to-device physical-layer (PHY) authentication is practically difficult to be applied to the E2E IoT scenario and to be integrated with the existing, well-established cryptography primitives without any conflict. This paper proposes an enhanced E2E IoT device authentication that achieves seamless integration of PHY security into traditional asymmetric cryptography-based authentication schemes. Exploiting the collaboration of several intermediate nodes (e.g., edge gateway, access point, and full-function device), multiple radio-frequency features of an IoT device can be estimated, quantized, and used in the proposed PHY identity-based cryptography for key protection. A closed-form expression of the generated PHY entropy is derived for measuring the security enhancement. The evaluation results of our cross-layer authentication demonstrate an elevated resistance to various computation-based impersonation attacks. Furthermore, the proposed method does not impose any extra implementation overhead on resource-constrained IoT devices.

Kiran Dewangan,Mina Mishra,Naveen Kumar Dewangan

DOI: https://doi.org/10.1007/s11845-020-02425-x

Abstract:Internet of Things is a fast growing technology and a network of devices in which everything (smart objects or smart devices) are associated to the internet for effective exchange of information between these connected objects. Internet of Things (IoT) serves as a method for healthcare and acts as an essential part in broad range of real-time healthcare monitoring applications. Previous work shows networked sensor devices, either equipped on the body or embedded inside living being or a camera, make possible in gathering real-time information to evaluate physical and mental health state of the patient by collecting body temperature, blood pressure, patient's image, etc. Communicating this collected real-time data to the doctor, making accurate assessment on the data gathered and notifying the patient is challenging task in the IoT. The architechture of Internet of Things comprises of three layers, and it is the network of devices embedded with sensor, software, and electronics, enabling this device to communicate with each other and exchange data over a computer network. The IoT-based real-time healthcare systems are highly vulnerable to cyber-attacks as the numbers of sensors are deployed in an unprotected network. These may even introduce the attacks, which cannot be monitored and controlled. This paper attempts to review the previous work done and a new scheme has been proposed, the new lightweight authentication protocol for smart real-time healthcare. The proposed scheme requires implementation with the authentication protocol. It is important to satisfy the major parameters of security: confidentiality, integrity, authentication, and access control. In this paper our focus is on the authentication of devices.

Junhui Zhao,Fanwei Huang,Huanhuan Hu,Longxia Liao,Dongming Wang,Lisheng Fan

DOI: https://doi.org/10.1016/j.adhoc.2024.103427

IF: 4.816

2024-01-31

Ad Hoc Networks

Abstract:5G technology has been applied and popularized, leading to the widespread usage of the Internet of Things (IoT) in various areas such as intelligent transportation, home security, fire protection, industrial monitoring, healthcare, and data collection intelligence. Data sharing is one of the key factors for successful application in these fields. However, real-time data sharing through open channels may result in transmitted messages being illegally accessed by attackers, leading to privacy breaches. At present, most existing authentication schemes focus on single gateway authentication models. In order to overcome issues such as elevated communication overhead, reduced network performance, and inefficient cross-domain access in the single gateway model with larger network sizes, we introduce a multi-gateway lightweight authentication scheme as a solution. Firstly, our scheme is based on a three-factor authentication scheme of Chebyshev chaotic mapping, hash function, and XOR operation. This scheme achieves secure authentication between sensor nodes and users, establishes session keys, and also supports user key updates. Secondly, through security analysis, we demonstrate that the proposed scheme resists internal disguise attacks, sensor capture attacks, temporary secret leakage attacks, and achieves forward security of session keys. We additionally provide a demonstration of the semantic security of session keys by utilizing a Random Oracle Model (ROM). Finally, compared to other schemes, the results show that our proposed scheme has lower communication overhead and computational resource requirements, and is more in line with the requirements of lightweight device security authentication in the IoT.

computer science, information systems,telecommunications

Yang Yang,Xianghan Zheng,Chunming Tang

DOI: https://doi.org/10.1016/j.jnca.2016.11.017

IF: 7.574

2017-07-01

Journal of Network and Computer Applications

Abstract:Internet of Things (IoT) connects various kinds of sensors and smart devices using the internet to collect data. The adoption of IoT in medical care field will bring great convenient to both doctors and patients for effective illness monitoring and diagnosis. Due to the high value of medical data and the openness character of health IoT, the protection of data confidentiality is of crucial importance. In this paper, we propose a novel distributed secure data management with keyword search system for health IoT. Since the patients are usually managed by diverse medical institutions, the proposed system enables distributed access control of protected health information (PHI) among different medical domains. On the other hand, the accumulation of electronic health records (EHR) makes effective data retrieval a challenge task. Our scheme could provide efficient keyword search function on cross-domain PHI. For the resource limited devices in health IoT, it is an essential requirement to design lightweight algorithms in the secure data management system. The proposed system realizes lightweight data encryption, lightweight keyword trapdoor generation and lightweight data recovery, which leaves very few computations to user's terminal. The security of this system is reduced to the decisional bilinear Diffie-Hellman (DBDH) assumption. The comparison analysis is made between this scheme and other existing systems. The extensive experiments on both laptop and smart phone platforms show that the proposed scheme has greatly improved the computation efficiency and requires much less communication cost.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Daojing He,Yanchang Cai,Shanshan Zhu,Ziming Zhao,Sammy Chan,Mohsen Guizani

DOI: https://doi.org/10.1109/twc.2023.3257028

IF: 10.4

2023-01-01

IEEE Transactions on Wireless Communications

Abstract:The number of IoT devices is growing rapidly, and the interaction between devices and servers is also more frequent. However, IoT devices are often at the edge of the network, which leads their communications with the server to be completely exposed, making it more vulnerable to attacks. Moreover, IoT devices have limited energy and computational resources. Therefore, we propose in this paper a lightweight authentication and key exchange protocol with anonymity for IoT devices. The proposed scheme supports mutual authentication between IoT devices and the server. We verify the security of the protocol through formal and informal analyses. Finally, we compare security and performance with other protocols, which shows that our protocol has the advantages of being lightweight and secure.

Guanjie Cheng,Yewei Wang,Shuiguang Deng,Zhengzhe Xiang,Xueqiang Yan,Peng Zhao,Schahram Dustdar

DOI: https://doi.org/10.1109/tsc.2023.3349305

IF: 11.019

2024-01-01

IEEE Transactions on Services Computing

Abstract:The property of Internet of Things (IoT) applications is their capability to execute tasks through the collaboration of interconnected IoT objects. However, IoT collaborations face significant challenges due to security threats that undermine their reliability. An uncertified task publisher may deceive IoT devices into executing illegal tasks, while malicious attackers may intercept and modify transmitted data. Existing works on IoT trusted management issues tend to concentrate on individual aspects, such as authentication, privacy protection, and access control. However, trusted management for IoT collaboration is a multifaceted and intricate endeavor that necessitates a comprehensive approach. To fill this gap, we propose a lightweight authentication-driven trusted management framework that includes a novel authentication and key agreement scheme to guarantee the validity of task publishers, with greatly reduced overheads compared to recent works. The framework also incorporates a distributed data storage scheme and a fine-grained access control mechanism. We record the interactive messages on the blockchain to ensure behavior traceability. We evaluate the authentication scheme through comparative experiments and formal security analysis, demonstrating its efficiency and effectiveness. The experimental results of data storage and acquisition in real-world IoT environments indicate that the proposed framework is a feasible solution for reliable IoT collaboration.

computer science, information systems, software engineering

Mahdi Nikooghadam,Haleh Amintoosi,Saru Kumari

DOI: https://doi.org/10.1007/s11277-021-08430-2

IF: 2.017

2021-04-03

Wireless Personal Communications

Abstract:The advent of smart and pervasive devices have paved the way for the development of Internet of Things in which, various smart devices collect information about the daily life of people and share it to the scientists and specialists. There are numerous applications in the domain of IoT such as smart healthcare systems in which, wearable devices collect health-related data from the users and transmit it for further processes. However, security challenges are a major concern in the success of smart healthcare applications. Specifically, to protect the security of communications among the wearable sensor devices and the gateways/servers, a secure and lightweight authentication scheme is needed. Recently, Li et al. proposed a lightweight authentication scheme for smart wearable systems (IEEE Internet Things J. 10.1109/JIOT.2020.2984618). Their protocol makes use of fuzzy extractor technique and lightweight operations such as bitwise XOR operations and cryptographic hash function. However, in this comment, we prove that Li et al.'s scheme is prone to the stolen wearable device attack and user impersonation attack. We also discuss the causes and provide some suggestions as the remedy.

telecommunications