Multifactor Authentication and Key Management Protocol for WSN-assisted IoT Communication

In this paper a novel multi-factor authentication protocol for IoT applications, relying on enhanced Rabinassisted elliptic curve cryptography, biometric features and time stamping methods, is developed. Furthermore, a fuzzy verification algorithm has been developed to perform receiverlevel user verification, making computation efficient in terms of computational overhead as well as latency. An NS2 simulation-based performance assessment has revealed that the multifactor authentication and key management models we have proposed are capable of not only avoiding security breaches, such as smart card loss (SCLA) and impersonation attacks, but can also ensure the provision of maximum possible QoS levels by offering higher packet delivery and minimum latency rates. Keywords—multifactor authentication, IoT security, ECC, timestamp, one-way bio-hashing, fuzzy verifier, WSN.

[1]  Naveen K. Chilamkurti,et al.  A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks , 2015, Inf. Sci..

[2]  Ruhul Amin,et al.  A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks , 2016, Ad Hoc Networks.

[3]  Muhammad Khurram Khan,et al.  Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks , 2016, Comput. Networks.

[4]  Andrei V. Gurtov,et al.  Two-phase authentication protocol for wireless sensor networks in distributed IoT applications , 2014, 2014 IEEE Wireless Communications and Networking Conference (WCNC).

[5]  Shusen Yang,et al.  A survey on the ietf protocol suite for the internet of things: standards, challenges, and opportunities , 2013, IEEE Wireless Communications.

[6]  Nadeem Javaid,et al.  Fog Computing Over IoT: A Secure Deployment and Formal Verification , 2017, IEEE Access.

[7]  Rodrigo Roman,et al.  Integrating wireless sensor networks and the internet: a security analysis , 2009, Internet Res..

[8]  Cristina Alcaraz,et al.  Key management systems for sensor networks in the context of the Internet of Things , 2011, Comput. Electr. Eng..

[9]  Yong Xiang,et al.  Protection of Privacy in Biometric Data , 2016, IEEE Access.

[10]  Eun-Jun Yoon,et al.  Secure Signature-Based Authenticated Key Establishment Scheme for Future IoT Applications , 2017, IEEE Access.

[11]  AHMAD JAKALAN Network Security Situational Awareness , 2013 .

[12]  Huan Zhang,et al.  Performance Analysis of Physical Layer Security Over Generalized-$K$ Fading Channels Using a Mixture Gamma Distribution , 2016, IEEE Communications Letters.

[13]  Mingwu Zhang,et al.  Provably Leakage-Resilient Password-Based Authenticated Key Exchange in the Standard Model , 2017, IEEE Access.

[14]  Nerea Toledo,et al.  Enhancing secure access to sensor data with user privacy support , 2014, Comput. Networks.

[15]  Daisy Premila Bai,et al.  Elliptic Curve Cryptography based Security Framework for Internet of Things and Cloud Computing , 2015 .

[16]  Naveen K. Chilamkurti,et al.  Lightweight Cybersecurity Schemes Using Elliptic Curve Cryptography in Publish-Subscribe fog Computing , 2017, Mobile Networks and Applications.

[17]  Satyajayant Misra,et al.  LASeR: Lightweight Authentication and Secured Routing for NDN IoT in Smart Cities , 2017, IEEE Internet of Things Journal.

[18]  Peilin Hong,et al.  A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks , 2013, J. Netw. Comput. Appl..

[19]  Jianyong Chen,et al.  Modified Ciphertext-Policy Attribute-Based Encryption Scheme with Efficient Revocation for PHR System , 2017 .

[20]  Thaier Hayajneh,et al.  Lightweight Block Ciphers for IoT: Energy Optimization and Survivability Techniques , 2018, IEEE Access.

[21]  G. Ravi,et al.  Attribute Based Encryption With Verifiable Outsourced Decryption , 2014 .

[22]  Mauro Conti,et al.  Design of Secure User Authenticated Key Management Protocol for Generic IoT Networks , 2018, IEEE Internet of Things Journal.

[23]  Naveen K. Chilamkurti,et al.  Lightweight ECC Based RFID Authentication Integrated with an ID Verifier Transfer Protocol , 2014, Journal of Medical Systems.

[24]  Ahmed Farouk,et al.  Secure Medical Data Transmission Model for IoT-Based Healthcare Systems , 2018, IEEE Access.

[25]  Xingming Sun,et al.  Enabling Semantic Search Based on Conceptual Graphs over Encrypted Outsourced Data , 2019, IEEE Transactions on Services Computing.

[26]  Prosanta Gope,et al.  A Realistic Lightweight Anonymous Authentication Protocol for Securing Real-Time Application Data Access in Wireless Sensor Networks , 2016, IEEE Transactions on Industrial Electronics.

[27]  Xingming Sun,et al.  Achieving Efficient Cloud Search Services: Multi-Keyword Ranked Search over Encrypted Cloud Data Supporting Parallel Computing , 2015, IEICE Trans. Commun..

[28]  Daeyoung Kim,et al.  SNAIL: an IP-based wireless sensor network approach to the internet of things , 2010, IEEE Wireless Communications.

[29]  Jianfeng Ma,et al.  An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks , 2015, Peer-to-Peer Netw. Appl..

[30]  Muhammad Khurram Khan,et al.  User authentication schemes for wireless sensor networks: A review , 2015, Ad Hoc Networks.

[31]  Yaling Zhang,et al.  Searchable attribute-based encryption scheme with attribute revocation in cloud storage , 2017, PloS one.

[32]  Hongwei Li,et al.  Engineering searchable encryption of mobile cloud networks: when QoE meets QoP , 2015, IEEE Wireless Communications.

[33]  Taekyoung Kwon,et al.  Two-Factor Authenticated Key Agreement Supporting Unlinkability in 5G-Integrated Wireless Sensor Networks , 2018, IEEE Access.

[34]  Xiaoyong Li,et al.  A Reliable and Lightweight Trust Computing Mechanism for IoT Edge Devices Based on Multi-Source Feedback Information Fusion , 2018, IEEE Access.

[35]  Utz Roedig,et al.  Securing communication in 6LoWPAN with compressed IPsec , 2011, 2011 International Conference on Distributed Computing in Sensor Systems and Workshops (DCOSS).

[36]  Chandra Sekhar Vorugunti,et al.  A Secure Biometric-Based User Authentication Scheme for Heterogeneous WSN , 2014, 2014 Fourth International Conference of Emerging Applications of Information Technology.

[37]  Hsin-Wen Wei,et al.  A Secured Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2011, Sensors.

[38]  Yanfei Sun,et al.  A Hybrid Security and Compressive Sensing-Based Sensor Data Gathering Scheme , 2015, IEEE Access.

[39]  G. P. Biswas,et al.  Establishment of ECC-based Initial Secrecy Usable for IKE Implementation , .

[40]  Jorge Sá Silva,et al.  Security in the integration of low-power Wireless Sensor Networks with the Internet: A survey , 2015, Ad Hoc Networks.

[41]  Utz Roedig,et al.  Demo abstract: Securing communication in 6LoWPAN with compressed IPsec , 2011, 2011 International Conference on Distributed Computing in Sensor Systems and Workshops (DCOSS).

[42]  Ali A. Ghorbani,et al.  A Lightweight Privacy-Preserving Data Aggregation Scheme for Fog Computing-Enhanced IoT , 2017, IEEE Access.

[43]  Zahid Mahmood,et al.  Lightweight Two-Level Session Key Management for End User Authentication in Internet of Things , 2016, 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).