IoT Device-to-Cloud Continuous Authentication using Lightweight Key Establishment Mechanism
Main Article Content
Abstract
Cloud computing is an important component for the success of the Internet of Things (IoT). IoT devices generate massive amounts of data, and cloud computing provides the necessary infrastructure to store, process, and analyze this data. The IoT environment is heterogeneous and connects billions of devices, making it a high-value target for attackers. Impersonation attacks and denial-of-service attacks (DoS) are two common threats that can compromise the availability and security of IoT devices. Continuous authentication is a technique that can help mitigate the risk of session hijacking and unauthorized access to IoT devices. While many existing continuous authentication schemes focus on cloud-to-device authentication, it is also important to authenticate devices themselves, as a compromised device can put the entire system at risk. This research proposes a solution for a secure cloud-to-device continuous authentication protocol that relies on devices' features (such as token, battery). Continuous authentication has been introduced as a solution to the problems related to static authentication. The protocol considers the software and hardware limitations of smart IoT devices by using hash function lightweight cryptography.
Article Details
This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.
References
S. Yoon, B. Kim, Y. Kang and D. Choi, "PUF-based Authentication Scheme for IoT Devices," 2020 International Conference on Information and Communication Technology Convergence (ICTC), 2020, pp. 1792-1794, doi: 10.1109/ICTC49870.2020.9289260.
F. Wu, X. Li, L. Xu, A. K. Sangaiah and J. J. P. C. Rodrigues, "Authentication Protocol for Distributed Cloud Computing: An Explanation of the Security Situations for Internet-of-Things-Enabled Devices," in IEEE Consumer Electronics Magazine, vol. 7, no. 6, pp. 38-44, Nov. 2018, doi: 10.1109/MCE.2018.2851744.
T. Shah and S. Venkatesan, "Authentication of IoT Device and IoT Server Using Secure Vaults," 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2018, pp. 819-824, doi: 10.1109/TrustCom/BigDataSE.2018.00117.
A. Tewari and B. B. Gupta, "A Mutual Authentication Protocol for IoT Devices Using Elliptic Curve Cryptography," 2018 8th International Conference on Cloud Computing, Data Science & Engineering (Confluence), 2018, pp. 716-720, doi: 10.1109/CONFLUENCE.2018.8442962.
M. Shahzad and M. P. Singh, "Continuous Authentication and Authorization for the Internet of Things," in IEEE Internet Computing, vol. 21, no. 2, pp. 86-90, Mar.-Apr. 2017, doi: 10.1109/MIC.2017.33.
S. W. A. Shah, N. F. Syed, A. Shaghaghi, A. Anwar, Z. Baig and R. Doss, "Towards a Lightweight Continuous Authentication Protocol for Device-to-Device Communication," 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2020, pp. 1119-1126, doi: 10.1109/TrustCom50675.2020.00148.
R. H. Shah and D. P. Salapurkar, "A multifactor authentication system using secret splitting in the perspective of Cloud of Things," 2017 International Conference on Emerging Trends & Innovation in ICT (ICEI), 2017, pp. 1-4, doi: 10.1109/ETIICT.2017.7977000.
El-hajj, M.; Fadlallah, A.; Chamoun, M.; Serhrouchni, A. A Survey of Internet of Things (IoT) Authentication Schemes. Sensors 2019, 19, 1141. https://doi.org/10.3390/s19051141
K. S. Roy and H. K. Kalita, "A Survey on Authentication Schemes in IoT," 2017 International Conference on Information Technology (ICIT), 2017, pp. 202-207, doi: 10.1109/ICIT.2017.56.
S. Choi, J. Ko and J. Kwak, "A Study on IoT Device Authentication Protocol for High Speed and Lightweight," 2019 International Conference on Platform Technology and Service (PlatCon), 2019, pp. 1-5, doi: 10.1109/PlatCon.2019.8669418.
D. K. Sharma, N. Baghel and S. Agarwal, "Multiple Degree Authentication in Sensible Homes basedon IoT Device Vulnerability," 2020 International Conference on Power Electronics & IoT Applications in Renewable Energy and its Control (PARC), 2020, pp. 539-543, doi: 10.1109/PARC49193.2020.236671.
B. Kim, S. Yoon, Y. Kang and D. Choi, "Secure IoT Device Authentication Scheme using Key Hiding Technology," 2020 International Conference on Information and Communication Technology Convergence (ICTC), 2020, pp. 1808-1810, doi: 10.1109/ICTC49870.2020.9289309.
P. Gope and B. Sikdar, "Lightweight and Privacy-Preserving Two-Factor Authentication Scheme for IoT Devices," in IEEE Internet of Things Journal, vol. 6, no. 1, pp. 580-589, Feb. 2019, doi: 10.1109/JIOT.2018.2846299.
[Jian, MS., Wu, J.MT. Hybrid Internet of Things (IoT) data transmission security corresponding to device verification. J Ambient Intell Human Comput (2021). https://doi.org/10.1007/s12652-021-03122-y
A. L. Maia Neto, Y. L. Pereira, A. L. F. Souza, I. Cunha and L. B. Oliveira, "Demo Abstract: Attributed-Based Authentication and Access Control for IoT Home Devices," 2018 17th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN), 2018, pp. 112-113, doi: 10.1109/IPSN.2018.00019.
C. Guntuku and S. K. Pasupuleti, "Secure Authentication Scheme for Internet of Things in Cloud," 2018 3rd International Conference On Internet of Things: Smart Innovation and Usages (IoT-SIU), 2018, pp. 1-7, doi: 10.1109/IoT-SIU.2018.8519890.
P. Hao, X. Wang and W. Shen, "A Collaborative PHY-Aided Technique for End-to-End IoT Device Authentication," in IEEE Access, vol. 6, pp. 42279-42293, 2018, doi: 10.1109/ACCESS.2018.2859781.
A. Badhib, S. Alshehri and A. Cherif, "A Robust Device-to-Device Continuous Authentication Protocol for the Internet of Things," in IEEE Access, vol. 9, pp. 124768-124792, 2021, doi: 10.1109/ACCESS.2021.3110707.
R. Boussada, M. E. Elhdhili and L. A. Saidane, "Privacy Preserving Solution for Internet of Things with Application to eHealth," 2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA), 2017, pp. 384-391, doi: 10.1109/AICCSA.2017.75.
[20] S. Khan and R. K. Aggarwal, "Efficient Mutual Authentication mechanism to Secure Internet of Things (IoT)," 2019 International Conference on Machine Learning, Big Data, Cloud and Parallel Computing (COMITCon), 2019, pp. 409-412, doi: 10.1109/COMITCon.2019.8862196.
P Rajesh, Mansoor Alam, Mansour Tahernezhadi, T Ravi Kumar and Vikram Phaneendra Rajesh, “Secure Communication across the Internet by Encrypting the Data using Cryptography and Image Steganography” International Journal of Advanced Computer Science and Applications (IJACSA), 11(10), 2020. http://dx.doi.org/10.14569/IJACSA.2020.0111057
https://www.sinch.com/blog/one-time-password/
K.-H. Yeh, C. Su, W. Chiu, and L. Zhou, ‘‘I walk, therefore i am: Continuous user authentication with plantar biometrics,’’ IEEE Commun. Mag., vol. 56, no. 2, pp. 150–157, Feb. 2018.
O. O. Bamasag and K. Youcef-Toumi, ‘‘Towards continuous authentication in Internet of Things based on secret sharing scheme,’’ in Proc. Workshop Embedded Syst. Secur. (WESS). New York, NY, USA: ACM, Oct. 2015, pp. 1:1–1:8, doi: 10.1145/2818362.2818363.
P. Peris-Lopez, L. González-Manzano, C. Camara, and J. M. de Fuentes, ‘‘Effect of attacker characterization in ECG-based continuous authentication mechanisms for Internet of Things,’’ Future Gener. Comput. Syst., vol. 81, pp. 67–77, Apr. 2018. [Online]. Available: http://www. sciencedirect.com/science/article/pii/S0167739X17300407
Y. Ashibani, D. Kauling, and Q. H. Mahmoud, ‘‘Design and implementation of a contextual-based continuous authentication framework for smart homes,’’ Appl. Syst. Innov., vol. 2, no. 1, pp. 1–20, 2019. [Online]. Available: http://www.mdpi.com/2571-5577/2/1/4
P. Gope and T. Hwang, ‘‘Untraceable sensor movement in distributed IoT infrastructure,’’ IEEE Sensors J., vol. 15, no. 9, pp. 5340–5348, Sep. 2015.
R. Amin, N. Kumar, G. Biswas, R. Iqbal, and V. Chang, ‘‘A light weight authentication protocol for IoT-enabled devices in distributed Cloud Computing environment,’’ Future Gener. Comput. Syst., vol. 78, pp. 1005–1019, Jan. 2018. [Online]. Available: http://www. sciencedirect.com/science/article/pii/S0167739X1630824X
L. Zhou, X. Li, K.-H. Yeh, C. Su, and W. Chiu, ‘‘Lightweight IoTbased authentication scheme in cloud computing circumstance,’’ Future Gener. Comput. Syst., vol. 91, pp. 244–251, Feb. 2019. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S0167739X18307878
H. Kim and E. A. Lee, ‘‘Authentication and authorization for the Internet of Things,’’ IT Prof., vol. 19, no. 5, pp. 27–33, 2017.
P. Gope, R. Amin, S. K. H. Islam, N. Kumar, and V. K. Bhalla, ‘‘Lightweight and privacy-preserving RFID authentication scheme for distributed IoT infrastructure with secure localization services for smart city environment,’’ Future Gener. Comput. Syst., vol. 83, pp. 629–637, Jun. 2018. [Online]. Available: http://www.sciencedirect. com/science/article/pii/S0167739X17313043
Mona, J. ., Abdulzhraa Al-Sagheer, R. H. ., & Alghazali, S. . (2023). Software Quality Assurance Models and Application to Defect Prediction Techniques. International Journal of Intelligent Systems and Applications in Engineering, 11(1), 169 –. Retrieved from https://ijisae.org/index.php/IJISAE/article/view/2455
M. Safkhani and A. Vasilakos, ‘‘A new secure authentication protocol for telecare medicine information system and smart campus,’’ IEEE Access, vol. 7, pp. 23514–23526, 2019.
P. Nespoli, M. Zago, A. H. Celdran, M. G. Perez, F. G. Marmol, and F. J. G. Clernente, ‘‘A dynamic continuous authentication framework in IoT-enabled environments,’’ in Proc. 5th Int. Conf. Internet Things, Syst., Manage. Secur., Oct. 2018, pp. 131–138
D. Ekiz, Y. S. Can, Y. C. Dardagan, and C. Ersoy, ‘‘Can a smartband be used for continuous implicit authentication in real life,’’ IEEE Access, vol. 8, pp. 59402–59411, 2020.
J. Wang, M. Ni, F. Wu, S. Liu, J. Qin, and R. Zhu, ‘‘Electromagnetic radiation based continuous authentication in edge computing enabled Internet of Things,’’ J. Syst. Archit., vol. 96, pp. 53–61, Jun. 2019. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S1383762118304491
Y.-H. Chuang, N.-W. Lo, C.-Y. Yang, and S.-W. Tang, ‘‘A lightweight continuous authentication protocol for the Internet of Things,’’ Sensors, vol. 18, no. 4, pp. 1–26, 2018. [Online]. Available: http://www.mdpi.com/1424-8220/18/4/1104
M. Naeem, S. Chaudhry, K. Mahmood, M. Karuppiah, and S. Kumari, ‘‘A scalable and secure rfid mutual authentication protocol using ecc for Internet of Things,’’ Int. J. Commun. Syst., vol. 33, p. 13, Jan. 2019.
Muhammad Ahmad Baballe, Mustapha Aliyu Yusif, Abuhuraira Ado Musa, Nafi’u Shehu Mohammed, Mukhtar Ibrahim Bello, Abdulhamid Shariff Mahmoud, Rukayya Jafar Suleiman, & Usman Bukar Usman. (2023). Advantages and Challenges of Remanufactured Products’. Acta Energetica, (01), 01–07. Retrieved from https://www.actaenergetica.org/index.php/journal/article/view/480
S. Izza, M. Benssalah, and K. Drouiche, ‘‘An enhanced scalable and secure RFID authentication protocol for WBAN within an IoT environment,’’ J. Inf. Secur. Appl., vol. 58, May 2021, Art. no. 102705. [Online]. Available: https://www.sciencedirect.com/science/article/pii/ S2214212620308516
A. Badhib, S. Alshehri and A. Cherif, "A Robust Device-to-Device Continuous Authentication Protocol for the Internet of Things," in IEEE Access, vol. 9, pp. 124768-124792, 2021, doi: 10.1109/ACCESS.2021.3110707.
Proposal and Evaluation of a Dynamic Path Finding Method Using Potential Values Considering Time Series in Automatic Driving. (2022). Advances in the Theory of Nonlinear Analysis and Its Application, 6(4), 460-475. https://atnaea.org/index.php/journal/article/view/169
Y. Li, “Design of a key establishment protocol for smart home energy management system,” in Proc. 5th Int. Conf. Comput. Intell., Commun. Syst. Netw. (CICSyN), Jun. 2013, pp. 88–93
B. Vaidya, D. Makrakis, and H. T. Mouftah, “Device authentication mechanism for smart energy home area networks,” in Proc. IEEE Int. Conf. Consum. Electron. (ICCE), Jan. 2011, pp. 787–788.
K. Han, J. Kim, T. Shon, and D. Ko, “A novel secure key paring protocol for RF4CE ubiquitous smart home systems,” Pers. Ubiquitous Comput., vol. 17, no. 5, pp. 945–949, Jun. 2013
Jebri, S., Ben Amor, A., Abid, M. et al. Enhanced Lightweight Algorithm to Secure Data Transmission in IoT Systems. Wireless Pers Commun 116, 2321–2344 (2021). https://doi.org/10.1007/s11277-020-07792-3