Configurable Anonymous Authentication Schemes For The Internet of Things (IoT)

The Internet of Things (IoT) has revolutionized the way of how pervasive computing devices communicate and disseminate information over the global network. A plethora of user data is collected and logged daily into cloud-based servers. Such data can be analyzed by the IoT infrastructure to capture users’ behaviors (e.g. users’ location, tagging of smart home occupancy). This brings a new set of security challenges, specifically user anonymity. Existing access control and authentication technologies failed to support user anonymity. They relied on the surrendering of the device/user authentication parameters to the trusted server, which hence could be utilized by the IoT infrastructure to track users’ behavioral patterns. This paper, presents two novel configurable privacy-preserving authentication schemes. User anonymity capabilities were incorporated into our proposed authentication schemes through the implementation of two crypto-based approaches (i) Zero Knowledge Proof (ZKP) and (ii) Verifiable Common Secret Encoding (VCSE). We consider a user-oriented approach when determining user anonymity. The proposed authentication schemes are dynamically capable of supporting various levels of user privacy based on the user preferences. To validate the two schemes, they were fully implemented and deployed on an IoT testbed. We have tested the performance of each proposed schemes in terms of power consumption and computation time. Based on our performance evaluation results, the proposed ZKP-based approach provides better performance compared to the VCSE-based approach.

[1]  Sugata Sanyal,et al.  Survey of Security and Privacy Issues of Internet of Things , 2015, ArXiv.

[2]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[3]  Mohammad Masdari,et al.  A survey and taxonomy of the authentication schemes in Telecare Medicine Information Systems , 2017, J. Netw. Comput. Appl..

[4]  Faheem Zafari,et al.  Microlocation for Internet-of-Things-Equipped Smart Buildings , 2015, IEEE Internet of Things Journal.

[5]  Heekuck Oh,et al.  Conditional privacy preserving security protocol for NFC applications , 2012, 2012 IEEE International Conference on Consumer Electronics (ICCE).

[6]  Anil K. Jain,et al.  An Introduction to Biometric Authentication Systems , 2005 .

[7]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[8]  P. Jonathon Phillips,et al.  An Introduction to Evaluating Biometric Systems , 2000, Computer.

[9]  L. Biel,et al.  ECG analysis: a new approach in human identification , 1999, IMTC/99. Proceedings of the 16th IEEE Instrumentation and Measurement Technology Conference (Cat. No.99CH36309).

[10]  Ahmad-Reza Sadeghi,et al.  Security and privacy challenges in industrial Internet of Things , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[11]  D. Hatzinakos,et al.  ECG Biometric Recognition Without Fiducial Detection , 2006, 2006 Biometrics Symposium: Special Session on Research at the Biometric Consortium Conference.

[12]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[13]  Brenda K. Wiederhold,et al.  ECG to identify individuals , 2005, Pattern Recognit..

[14]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[15]  Attila A. Yavuz,et al.  HAA: Hardware-Accelerated Authentication for internet of things in mission critical vehicular networks , 2015, MILCOM 2015 - 2015 IEEE Military Communications Conference.

[16]  Maurizio A. Spirito,et al.  Denial-of-Service detection in 6LoWPAN based Internet of Things , 2013, 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[17]  Anders Fongen,et al.  Identity Management and Integrity Protection in the Internet of Things , 2012, 2012 Third International Conference on Emerging Security Technologies.