The Meeting of Acquaintances: A Cost-efficient Authentication Scheme for Light-weight Objects with Transient Trust Level and Plurality Approach

Wireless sensor networks consist of a large number of distributed sensor nodes so that potential risks are becoming more and more unpredictable. The new entrants pose the potential risks when they move into the secure zone. To build a door wall that provides safe and secured for the system, many recent research works applied the initial authentication process. However, the majority of the previous articles only focused on the Central Authority (CA) since this leads to an increase in the computation cost and energy consumption for the specific cases on the Internet of Things (IoT). Hence, in this article, we will lessen the importance of these third parties through proposing an enhanced authentication mechanism that includes key management and evaluation based on the past interactions to assist the objects joining a secured area without any nearby CA. We refer to a mobility dataset from CRAWDAD collected at the University Politehnica of Bucharest and rebuild into a new random dataset larger than the old one. The new one is an input for a simulated authenticating algorithm to observe the communication cost and resource usage of devices. Our proposal helps the authenticating flexible, being strict with unknown devices into the secured zone. The threshold of maximum friends can modify based on the optimization of the symmetric-key algorithm to diminish communication costs (our experimental results compare to previous schemes less than 2000 bits) and raise flexibility in resource-constrained environments.Comment: 27 page

A Multi-Factor Homomorphic Encryption based Method for Authenticated Access to IoT Devices

Authentication is the first defence mechanism in many electronic systems, including Internet of Things (IoT) applications, as it is essential for other security services such as intrusion detection. As existing authentication solutions proposed for IoT environments do not provide multi-level authentication assurance, particularly for device-to-device authentication scenarios, we recently proposed the M2I (Multi-Factor Multi-Level and Interaction based Authentication) framework to facilitate multi-factor authentication of devices in device-to-device and device-to-multiDevice interactions. In this paper, we extend the framework to address group authentication. Two Many-to-One (M2O) protocols are proposed, the Hybrid Group Authentication and Key Acquisition (HGAKA) protocol and the Hybrid Group Access (HGA) protocol. The protocols use a combination of symmetric and asymmetric cryptographic primitives to facilitate multifactor group authentication. The informal analysis and formal security verification show that the protocols satisfy the desirable security requirements and are secure against authentication attacks

A secure lightweight authentication mechanism for IoT devices in generic domain

The Internet of Things prompt deployment enhances the security concerns of these systems in recent years. The enormous exchange of sensory information between devices raises the necessity for a secure authentication scheme for Internet of Things devices. Despite many proposed schemes, providing authenticated and secure communication for Internet of Things devices is still an open issue. This research addresses challenges pertaining to the Internet of Things authentication, verification, and communication, and proposes a new secure lightweight mechanism for Internet of Things devices in the generic domain. The proposed authentication method utilizes environmental variables obtained by sensors to allow the system to identify genuine devices and reject anomalous connections

A Blockchain-Based Multi-Factor Authentication Model for a Cloud-Enabled Internet of Vehicles.

Continuous and emerging advances in Information and Communication Technology (ICT) have enabled Internet-of-Things (IoT)-to-Cloud applications to be induced by data pipelines and Edge Intelligence-based architectures. Advanced vehicular networks greatly benefit from these architectures due to the implicit functionalities that are focused on realizing the Internet of Vehicle (IoV) vision. However, IoV is susceptible to attacks, where adversaries can easily exploit existing vulnerabilities. Several attacks may succeed due to inadequate or ineffective authentication techniques. Hence, there is a timely need for hardening the authentication process through cutting-edge access control mechanisms. This paper proposes a Blockchain-based Multi-Factor authentication model that uses an embedded Digital Signature (MFBC_eDS) for vehicular clouds and Cloud-enabled IoV. Our proposed MFBC_eDS model consists of a scheme that integrates the Security Assertion Mark-up Language (SAML) to the Single Sign-On (SSO) capabilities for a connected edge to cloud ecosystem. MFBC_eDS draws an essential comparison with the baseline authentication scheme suggested by Karla and Sood. Based on the foundations of Karla and Sood's scheme, an embedded Probabilistic Polynomial-Time Algorithm (ePPTA) and an additional Hash function for the Pi generated during Karla and Sood's authentication were proposed and discussed. The preliminary analysis of the proposition shows that the approach is more suitable to counter major adversarial attacks in an IoV-centered environment based on the Dolev-Yao adversarial model while satisfying aspects of the Confidentiality, Integrity, and Availability (CIA) triad

Securing fog computing with a decentralised user authentication approach based on blockchain

The use of low-cost sensors in IoT over high-cost devices has been considered less expensive. However, these low-cost sensors have their own limitations such as the accuracy, quality, and reliability of the data collected. Fog computing offers solutions to those limitations; nevertheless, owning to its intrinsic distributed architecture, it faces challenges in the form of security of fog devices, secure authentication and privacy. Blockchain technology has been utilised to offer solutions for the authentication and security challenges in fog systems. This paper proposes an authentication system that utilises the characteristics and advantages of blockchain and smart contracts to authenticate users securely. The implemented system uses the email address, username, Ethereum address, password and data from a biometric reader to register and authenticate users. Experiments showed that the proposed method is secure and achieved performance improvement when compared to existing methods. The comparison of results with state-of-the-art showed that the proposed authentication system consumed up to 30% fewer resources in transaction and execution cost; however, there was an increase of up to 30% in miner fees

Biometrics for internet‐of‐things security: A review

The large number of Internet‐of‐Things (IoT) devices that need interaction between smart devices and consumers makes security critical to an IoT environment. Biometrics offers an interesting window of opportunity to improve the usability and security of IoT and can play a significant role in securing a wide range of emerging IoT devices to address security challenges. The purpose of this review is to provide a comprehensive survey on the current biometrics research in IoT security, especially focusing on two important aspects, authentication and encryption. Regarding authentication, contemporary biometric‐based authentication systems for IoT are discussed and classified based on different biometric traits and the number of biometric traits employed in the system. As for encryption, biometric‐cryptographic systems, which integrate biometrics with cryptography and take advantage of both to provide enhanced security for IoT, are thoroughly reviewed and discussed. Moreover, challenges arising from applying biometrics to IoT and potential solutions are identified and analyzed. With an insight into the state‐of‐the‐art research in biometrics for IoT security, this review paper helps advance the study in the field and assists researchers in gaining a good understanding of forward‐looking issues and future research directions

Lightweight mutual authentication and privacy preservation schemes for IOT systems.

Internet of Things (IoT) presents a holistic and transformative approach for providing services in different domains. IoT creates an atmosphere of interaction between humans and the surrounding physical world through various technologies such as sensors, actuators, and the cloud. Theoretically, when everything is connected, everything is at risk. The rapid growth of IoT with the heterogeneous devices that are connected to the Internet generates new challenges in protecting and preserving user’s privacy and ensuring the security of our lives. IoT systems face considerable challenges in deploying robust authentication protocols because some of the IoT devices are resource-constrained with limited computation and storage capabilities to implement the currently available authentication mechanism that employs computationally expensive functions. The limited capabilities of IoT devices raise significant security and privacy concerns, such as ensuring personal information confidentiality and integrity and establishing end-to-end authentication and secret key generation between the communicating device to guarantee secure communication among the communicating devices. The ubiquity nature of the IoT device provides adversaries more attack surfaces which can lead to tragic consequences that can negatively impact our everyday connected lives. According to [1], authentication and privacy protection are essential security requirements. Therefore, there is a critical need to address these rising security and privacy concerns to ensure IoT systems\u27 safety. This dissertation identifies gaps in the literature and presents new mutual authentication and privacy preservation schemes that fit the needs of resource-constrained devices to improve IoT security and privacy against common attacks. This research enhances IoT security and privacy by introducing lightweight mutual authentication and privacy preservation schemes for IoT based on hardware biometrics using PUF, Chained hash PUF, dynamic identities, and user’s static and continuous biometrics. The communicating parties can anonymously communicate and mutually authenticate each other and locally establish a session key using dynamic identities to ensure the user’s unlinkability and untraceability. Furthermore, virtual domain segregation is implemented to apply security policies between nodes. The chained-hash PUF mechanism technique is implemented as a way to verify the sender’s identity. At first, this dissertation presents a framework called “A Lightweight Mutual Authentication and Privacy-Preservation framework for IoT Systems” and this framework is considered the foundation of all presented schemes. The proposed framework integrates software and hardware-based security approaches that satisfy the NIST IoT security requirements for data protection and device identification. Also, this dissertation presents an architecture called “PUF Hierarchal Distributed Architecture” (PHDA), which is used to perform the device name resolution. Based on the proposed framework and PUF architecture, three lightweight privacy-preserving and mutual authentication schemes are presented. The Three different schemes are introduced to accommodate both stationary and mobile IoT devices as well as local and distributed nodes. The first scheme is designed for the smart homes domain, where the IoT devices are stationary, and the controller node is local. In this scheme, there is direct communication between the IoT nodes and the controller node. Establishing mutual authentication does not require the cloud service\u27s involvement to reduce the system latency and offload the cloud traffic. The second scheme is designed for the industrial IoT domain and used smart poultry farms as a use case of the Industrial IoT (IIoT) domain. In the second scheme, the IoT devices are stationary, and the controller nodes are hierarchical and distributed, supported by machine-to-machine (M2M) communication. The third scheme is designed for smart cities and used IoV fleet vehicles as a use case of the smart cities domain. During the roaming service, the mutual authentication process between a vehicle and the distributed controller nodes represented by the Roadside Units (RSUs) is completed through the cloud service that stores all vehicle\u27s security credentials. After that, when a vehicle moves to the proximity of a new RSU under the same administrative authority of the most recently visited RSU, the two RSUs can cooperate to verify the vehicle\u27s legitimacy. Also, the third scheme supports driver static and continuous authentication as a driver monitoring system for the sake of both road and driver safety. The security of the proposed schemes is evaluated and simulated using two different methods: security analysis and performance analysis. The security analysis is implemented through formal security analysis and informal security analysis. The formal analysis uses the Burrows–Abadi–Needham logic (BAN) and model-checking using the automated validation of Internet security protocols and applications (AVISPA) toolkit. The informal security analysis is completed by: (1) investigating the robustness of the proposed schemes against the well-known security attacks and analyze its satisfaction with the main security properties; and (2) comparing the proposed schemes with the other existing authentication schemes considering their resistance to the well-known attacks and their satisfaction with the main security requirements. Both the formal and informal security analyses complement each other. The performance evaluation is conducted by analyzing and comparing the overhead and efficiency of the proposed schemes with other related schemes from the literature. The results showed that the proposed schemes achieve all security goals and, simultaneously, efficiently and satisfy the needs of the resource-constrained IoT devices