A secure lightweight authentication mechanism for IoT devices in generic domain

The Internet of Things prompt deployment enhances the security concerns of these systems in recent years. The enormous exchange of sensory information between devices raises the necessity for a secure authentication scheme for Internet of Things devices. Despite many proposed schemes, providing authenticated and secure communication for Internet of Things devices is still an open issue. This research addresses challenges pertaining to the Internet of Things authentication, verification, and communication, and proposes a new secure lightweight mechanism for Internet of Things devices in the generic domain. The proposed authentication method utilizes environmental variables obtained by sensors to allow the system to identify genuine devices and reject anomalous connections

An authentic-based privacy preservation protocol for smart e-healthcare systems in iot

© 2013 IEEE. Emerging technologies rapidly change the essential qualities of modern societies in terms of smart environments. To utilize the surrounding environment data, tiny sensing devices and smart gateways are highly involved. It has been used to collect and analyze the real-time data remotely in all Industrial Internet of Things (IIoT). Since the IIoT environment gathers and transmits the data over insecure public networks, a promising solution known as authentication and key agreement (AKA) is preferred to prevent illegal access. In the medical industry, the Internet of Medical Things (IoM) has become an expert application system. It is used to gather and analyze the physiological parameters of patients. To practically examine the medical sensor-nodes, which are imbedded in the patient\u27s body. It would in turn sense the patient medical information using smart portable devices. Since the patient information is so sensitive to reveal other than a medical professional, the security protection and privacy of medical data are becoming a challenging issue of the IoM. Thus, an anonymity-based user authentication protocol is preferred to resolve the privacy preservation issues in the IoM. In this paper, a Secure and Anonymous Biometric Based User Authentication Scheme (SAB-UAS) is proposed to ensure secure communication in healthcare applications. This paper also proves that an adversary cannot impersonate as a legitimate user to illegally access or revoke the smart handheld card. A formal analysis based on the random-oracle model and resource analysis is provided to show security and resource efficiencies in medical application systems. In addition, the proposed scheme takes a part of the performance analysis to show that it has high-security features to build smart healthcare application systems in the IoM. To this end, experimental analysis has been conducted for the analysis of network parameters using NS3 simulator. The collected results have shown superiority in terms of the packet delivery ratio, end-to-end delay, throughput rates, and routing overhead for the proposed SAB-UAS in comparison to other existing protocols

Contributions to Securing Software Updates in IoT

The Internet of Things (IoT) is a large network of connected devices. In IoT, devices can communicate with each other or back-end systems to transfer data or perform assigned tasks. Communication protocols used in IoT depend on target applications but usually require low bandwidth. On the other hand, IoT devices are constrained, having limited resources, including memory, power, and computational resources. Considering these limitations in IoT environments, it is difficult to implement best security practices. Consequently, network attacks can threaten devices or the data they transfer. Thus it is crucial to react quickly to emerging vulnerabilities. These vulnerabilities should be mitigated by firmware updates or other necessary updates securely. Since IoT devices usually connect to the network wirelessly, such updates can be performed Over-The-Air (OTA). This dissertation presents contributions to enable secure OTA software updates in IoT. In order to perform secure updates, vulnerabilities must first be identified and assessed. In this dissertation, first, we present our contribution to designing a maturity model for vulnerability handling. Next, we analyze and compare common communication protocols and security practices regarding energy consumption. Finally, we describe our designed lightweight protocol for OTA updates targeting constrained IoT devices. IoT devices and back-end systems often use incompatible protocols that are unable to interoperate securely. This dissertation also includes our contribution to designing a secure protocol translator for IoT. This translation is performed inside a Trusted Execution Environment (TEE) with TLS interception. This dissertation also contains our contribution to key management and key distribution in IoT networks. In performing secure software updates, the IoT devices can be grouped since the updates target a large number of devices. Thus, prior to deploying updates, a group key needs to be established among group members. In this dissertation, we present our designed secure group key establishment scheme. Symmetric key cryptography can help to save IoT device resources at the cost of increased key management complexity. This trade-off can be improved by integrating IoT networks with cloud computing and Software Defined Networking (SDN).In this dissertation, we use SDN in cloud networks to provision symmetric keys efficiently and securely. These pieces together help software developers and maintainers identify vulnerabilities, provision secret keys, and perform lightweight secure OTA updates. Furthermore, they help devices and systems with incompatible protocols to be able to interoperate

Healthcare 5.0 Security Framework: Applications, Issues and Future Research Directions

Healthcare 5.0 is a system that can be deployed to provide various healthcare services. It does these services by utilising a new generation of information technologies, such as Internet of Things (IoT), Artificial Intelligence (AI), Big data analytics, blockchain and cloud computing. Due to the introduction of healthcare 5.0, the paradigm has been now changed. It is disease-centered to patient-centered care where it provides healthcare services and supports to the people. However, there are several security issues and challenges in healthcare 5.0 which may cause the leakage or alteration of sensitive healthcare data. This demands that we need a robust framework in order to secure the data of healthcare 5.0, which can facilitate different security related procedures like authentication, access control, key management and intrusion detection. Therefore, in this review article, we propose the design of a secure generalized healthcare 5.0 framework. The details of various applications of healthcare 5.0 along with the security requirements and threat model of healthcare 5.0 are provided. Next, we discuss about the existing security mechanisms in healthcare 5.0 along with their performance comparison. Some future research directions are finally discussed for the researchers working in healthcare 5.0 domain

A Method for Securing Symmetric Keys for Internet of Things Enabled Distributed Data Systems

This study introduces an innovative method for securing symmetric keys in Internet of Things (IoT)-enabled distributed data systems, focusing on enhancing data security while optimizing encryption and decryption times. Through a comprehensive analysis of various encryption algorithms—TEA, XTEA, BLOCK TEA (XXTEA), and the proposed NTSA algorithm—across different key sizes and file sizes, we aim to demonstrate the significant improvements our method offers over existing techniques. Our research meticulously evaluated the performance of these algorithms, employing random variations to encryption and decryption times to simulate real-world variability and assess the algorithms' efficiency and security robustness. The findings reveal that the NTSA algorithm, in particular, showcases superior performance, offering an approximate improvement of 10% to 15% in encryption and decryption times over traditional methods such as TEA and XTEA, and an even more considerable enhancement compared to BLOCK TEA (XXTEA). The key contribution of this study lies in its provision of a secure, efficient framework for symmetric key encryption in IoT-enabled distributed environments. By optimizing key size and algorithm selection, our method not only secures data against potential cyber threats but also ensures high-speed data processing—a critical requirement in the IoT domain where the volume of data transactions and the need for real-time processing are ever-increasing. The proposed method significantly advances the field of data security in distributed systems, especially within the context of the burgeoning IoT landscape. It underscores the importance of algorithmic efficiency and strategic key management in bolstering the security and performance of modern digital ecosystems

An Efficient Lightweight Provably Secure Authentication Protocol for Patient Monitoring Using Wireless Medical Sensor Networks

The refurbishing of conventional medical network with the wireless medical sensor network has not only amplified the efficiency of the network but concurrently posed different security threats. Previously, Servati and Safkhani had suggested an Internet of Things (IoT) based authentication scheme for the healthcare environment promulgating a secure protocol in resistance to several attacks. However, the analysis demonstrates that the protocol could not withstand user, server, and gateway node impersonation attacks. Further, the protocol fails to resist offline password guessing, ephemeral secret leakage, and gateway-by-passing attacks. To address the security weaknesses, we furnish a lightweight three-factor authentication framework employing the fuzzy extractor technique to safeguard the user’s biometric information. The Burrows-Abadi-Needham (BAN) logic, Real-or-Random (ROR) model, and Scyther simulation tool have been imposed as formal approaches for establishing the validity of the proposed work. The heuristic analysis stipulates that the proposed work is impenetrable to possible threats and offers several security peculiarities like forward secrecy and three-factor security. A thorough analysis of the preexisting works with the proposed ones corroborates the intensified security and efficiency with the reduced computational, communication, and security overheads

Lightweight mutual authentication and privacy preservation schemes for IOT systems.

Internet of Things (IoT) presents a holistic and transformative approach for providing services in different domains. IoT creates an atmosphere of interaction between humans and the surrounding physical world through various technologies such as sensors, actuators, and the cloud. Theoretically, when everything is connected, everything is at risk. The rapid growth of IoT with the heterogeneous devices that are connected to the Internet generates new challenges in protecting and preserving user’s privacy and ensuring the security of our lives. IoT systems face considerable challenges in deploying robust authentication protocols because some of the IoT devices are resource-constrained with limited computation and storage capabilities to implement the currently available authentication mechanism that employs computationally expensive functions. The limited capabilities of IoT devices raise significant security and privacy concerns, such as ensuring personal information confidentiality and integrity and establishing end-to-end authentication and secret key generation between the communicating device to guarantee secure communication among the communicating devices. The ubiquity nature of the IoT device provides adversaries more attack surfaces which can lead to tragic consequences that can negatively impact our everyday connected lives. According to [1], authentication and privacy protection are essential security requirements. Therefore, there is a critical need to address these rising security and privacy concerns to ensure IoT systems\u27 safety. This dissertation identifies gaps in the literature and presents new mutual authentication and privacy preservation schemes that fit the needs of resource-constrained devices to improve IoT security and privacy against common attacks. This research enhances IoT security and privacy by introducing lightweight mutual authentication and privacy preservation schemes for IoT based on hardware biometrics using PUF, Chained hash PUF, dynamic identities, and user’s static and continuous biometrics. The communicating parties can anonymously communicate and mutually authenticate each other and locally establish a session key using dynamic identities to ensure the user’s unlinkability and untraceability. Furthermore, virtual domain segregation is implemented to apply security policies between nodes. The chained-hash PUF mechanism technique is implemented as a way to verify the sender’s identity. At first, this dissertation presents a framework called “A Lightweight Mutual Authentication and Privacy-Preservation framework for IoT Systems” and this framework is considered the foundation of all presented schemes. The proposed framework integrates software and hardware-based security approaches that satisfy the NIST IoT security requirements for data protection and device identification. Also, this dissertation presents an architecture called “PUF Hierarchal Distributed Architecture” (PHDA), which is used to perform the device name resolution. Based on the proposed framework and PUF architecture, three lightweight privacy-preserving and mutual authentication schemes are presented. The Three different schemes are introduced to accommodate both stationary and mobile IoT devices as well as local and distributed nodes. The first scheme is designed for the smart homes domain, where the IoT devices are stationary, and the controller node is local. In this scheme, there is direct communication between the IoT nodes and the controller node. Establishing mutual authentication does not require the cloud service\u27s involvement to reduce the system latency and offload the cloud traffic. The second scheme is designed for the industrial IoT domain and used smart poultry farms as a use case of the Industrial IoT (IIoT) domain. In the second scheme, the IoT devices are stationary, and the controller nodes are hierarchical and distributed, supported by machine-to-machine (M2M) communication. The third scheme is designed for smart cities and used IoV fleet vehicles as a use case of the smart cities domain. During the roaming service, the mutual authentication process between a vehicle and the distributed controller nodes represented by the Roadside Units (RSUs) is completed through the cloud service that stores all vehicle\u27s security credentials. After that, when a vehicle moves to the proximity of a new RSU under the same administrative authority of the most recently visited RSU, the two RSUs can cooperate to verify the vehicle\u27s legitimacy. Also, the third scheme supports driver static and continuous authentication as a driver monitoring system for the sake of both road and driver safety. The security of the proposed schemes is evaluated and simulated using two different methods: security analysis and performance analysis. The security analysis is implemented through formal security analysis and informal security analysis. The formal analysis uses the Burrows–Abadi–Needham logic (BAN) and model-checking using the automated validation of Internet security protocols and applications (AVISPA) toolkit. The informal security analysis is completed by: (1) investigating the robustness of the proposed schemes against the well-known security attacks and analyze its satisfaction with the main security properties; and (2) comparing the proposed schemes with the other existing authentication schemes considering their resistance to the well-known attacks and their satisfaction with the main security requirements. Both the formal and informal security analyses complement each other. The performance evaluation is conducted by analyzing and comparing the overhead and efficiency of the proposed schemes with other related schemes from the literature. The results showed that the proposed schemes achieve all security goals and, simultaneously, efficiently and satisfy the needs of the resource-constrained IoT devices

Secure and Lightweight Authentication Protocols for Devices in Internet of Things

The Internet of Things (IoT) has become an intriguing trend worldwide as it allows any smart device with an IP address to participate in a highly immersive and connected environment that integrates physical, digital and social aspects of the user’s lives. The perpetual growth of IoT devices is resulting in less attention on the security side allowing attackers to find easy ways to exploit the devices. Hence, security is one of the important and challenging research areas in IoT. Furthermore, the resource-constrained nature of these devices results in poor performance when the traditional security protocols are used. In this thesis, we propose secure and lightweight authentication protocols for devices in IoT. A centralized network model is considered where the devices in the perception layer are mutually authenticated with the gateway of the system. A mutual authentication mechanism which uses symmetric key negotiation using Elliptic Curve Diffie-Hellman(ECDH) in the registration part of the protocol to protect the credentials of the devices and at the same time it minimizes the computation cost on the devices. At the end of the authentication, key agreement based on the symmetric key cryptography is established between the sensor devices and the gateway. Further, Elliptic Curve Integrated Encryption Scheme (ECIES) method is used to avoid the possibility of man-in-the-middle attack(MITM) in the registration phase of the previous protocol. An informal security verification of the protocols is presented which proves that they are resilient against perception layer attacks. The performance evaluation based on the metrics such as execution time, communication cost, computation cost of the protocol has been performed after the protocol is simulated in the Cooja simulator under Contiki OS environment. Further, the comparison results with the existing protocols show that the proposed system is lightweight as it provides low computation cost and better execution time