Security Analysis and Improvements of Authentication and Access Control in the Internet of Things

Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18–21 June 2012, pp. 588–592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost.

[1]  Meng Wu,et al.  Research on security management for Internet of Things , 2010, 2010 International Conference on Computer Application and System Modeling (ICCASM 2010).

[2]  Jing Liu,et al.  Authentication and Access Control in the Internet of Things , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[3]  Mohsen Guizani,et al.  Transactions papers a routing-driven Elliptic Curve Cryptography based key management scheme for Heterogeneous Sensor Networks , 2009, IEEE Transactions on Wireless Communications.

[4]  Antonio F. Skarmeta,et al.  A decentralized approach for security and privacy challenges in the Internet of Things , 2014, 2014 IEEE World Forum on Internet of Things (WF-IoT).

[5]  Amardeo Sarma,et al.  Identities in the Future Internet of Things , 2009, Wirel. Pers. Commun..

[6]  Eyal de Lara,et al.  Proximity-based authentication of mobile devices , 2009, Int. J. Secur. Networks.

[7]  Hui Shi,et al.  A Communication Protocol of RFID Systems in Internet of Things , 2012 .

[8]  Martin Gagné A study of the random oracle model , 2008 .

[9]  Wang Huan,et al.  Studying on internet of things based on fingerprint identification , 2010, 2010 International Conference on Computer Application and System Modeling (ICCASM 2010).

[10]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[11]  Zinaida Benenson,et al.  An algorithmic framework for robust access control in wireless sensor networks , 2005, Proceeedings of the Second European Workshop on Wireless Sensor Networks, 2005..

[12]  Liang Zhou,et al.  Multimedia traffic security architecture for the internet of things , 2011, IEEE Network.

[13]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[14]  R. K. Pateriya,et al.  An Ultralightweight Mutual Authentication Protocol for Low Cost RFID Tags , 2011 .

[15]  Kee-Young Yoo,et al.  Efficient and Secure Password Authentication Schemes for Low-Power Devices , 2005, MSN.

[16]  Victor C. M. Leung,et al.  Software Agent-based Intelligence for Code-centric RFID Systems , 2010 .

[17]  Felix Wortmann,et al.  Internet of Things , 2015, Business & Information Systems Engineering.

[18]  K.J.R. Liu,et al.  Behavior modeling and forensics for multimedia social networks , 2009, IEEE Signal Processing Magazine.

[19]  Qian Zhang,et al.  Code-Centric RFID System Based on Software Agent Intelligence , 2010, IEEE Intelligent Systems.

[20]  Ahmet M. Eskicioglu,et al.  Multimedia security in group communications: recent progress in key management, authentication, and watermarking , 2003, Multimedia Systems.

[21]  Krishna M. Sivalingam,et al.  An efficient One-Time Password authentication scheme using a smart card , 2009, Int. J. Secur. Networks.

[22]  Ramjee Prasad,et al.  Object Classification based Context Management for Identity Management in Internet of Things , 2013 .

[23]  Naixue Xiong,et al.  Context-Aware Middleware for Multimedia Services in Heterogeneous Networks , 2010, IEEE Intelligent Systems.

[24]  Artemis Moroni,et al.  Vision and Challenges for Realising the Internet of Things , 2010 .

[25]  Kevin Ashton,et al.  That ‘Internet of Things’ Thing , 1999 .

[26]  Xiong Li,et al.  Research on the Architecture of Trusted Security System Based on the Internet of Things , 2011, 2011 Fourth International Conference on Intelligent Computation Technology and Automation.

[27]  Yang Xiao,et al.  Differentiated Virtual Passwords, Secret Little Functions, and Codebooks for Protecting Users From Password Theft , 2014, IEEE Systems Journal.

[28]  Wuu Yang,et al.  An Improved Dynamic User Authentication Scheme for Wireless Sensor Networks , 2007, IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference.

[29]  Ali Movaghar-Rahimabadi,et al.  Anonymous authentication protocol for GSM networks , 2008, Int. J. Secur. Networks.

[30]  D. Sharma,et al.  A Security Architecture for e-Health Services , 2008, 2008 10th International Conference on Advanced Communication Technology.

[31]  Weiming Wu,et al.  Mutual authentication protocol based on tag ID number updating for low-cost RFID , 2009, 2009 IEEE International Conference on Network Infrastructure and Digital Content.

[32]  Chin-Ming Hsu,et al.  A data-hiding technique with authentication, integration, and confidentiality for electronic patient records , 2002, IEEE Transactions on Information Technology in Biomedicine.

[33]  Rajasekhar Mungara,et al.  A Routing-Driven Elliptic Curve Cryptography based Key Management Scheme for Heterogeneous Sensor Networks , 2014 .

[34]  Ma Jian-feng,et al.  An Access Control Scheme in Wireless Sensor Networks , 2007, 2007 IFIP International Conference on Network and Parallel Computing Workshops (NPC 2007).

[35]  Nahid Shahmehri,et al.  2-clickAuth Optical Challenge-Response Authentication , 2010, 2010 International Conference on Availability, Reliability and Security.

[36]  Sven Laur,et al.  User-aided data authentication , 2009, Int. J. Secur. Networks.

[37]  Fabio Bellifemine,et al.  Development of Body Sensor Network applications using SPINE , 2008, 2008 IEEE International Conference on Systems, Man and Cybernetics.

[38]  Jiannong Cao,et al.  A dynamic user authentication scheme for wireless sensor networks , 2006, IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC'06).

[39]  Heru Susanto,et al.  Multimedia Information Security Architecture Framework , 2010, 2010 5th International Conference on Future Information Technology.

[40]  Antonio F. Gómez-Skarmeta,et al.  A decentralized approach for security and privacy challenges in the Internet of Things , 2014, WF-IoT.

[41]  Liangmin Wang,et al.  Rapid Identification Authentication Protocol for Mobile Nodes in Internet of Things with Privacy Protection , 2012, J. Networks.

[42]  Mohsen Guizani,et al.  An effective key management scheme for heterogeneous sensor networks , 2007, Ad Hoc Networks.

[43]  Heejo Lee,et al.  An energy-efficient access control scheme for wireless sensor networks based on elliptic curve cryptography , 2009, Journal of Communications and Networks.

[44]  Pin-Han Ho,et al.  A novel localised authentication scheme in IEEE 802.11 based Wireless Mesh Networks , 2008, Int. J. Secur. Networks.

[45]  Rolf H. Weber,et al.  Internet of Things - New security and privacy challenges , 2010, Comput. Law Secur. Rev..

[46]  Hsin-Wen Wei,et al.  A Secured Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2011, Sensors.

[47]  Maurizio Tomasella,et al.  Vision and Challenges for Realising the Internet of Things , 2010 .

[48]  Ru-chuan Wang,et al.  An efficient authentication and access control scheme for perception layer of Internet of Things , 2014 .

[49]  Tassos Dimitriou,et al.  Scatter - secure code authentication for efficient reprogramming in wireless sensor networks , 2011, Int. J. Sens. Networks.

[50]  Carlo Maria Medaglia,et al.  An Overview of Privacy and Security Issues in the Internet of Things , 2010 .

[51]  Basel Alomair,et al.  Scalable RFID Systems: A Privacy-Preserving Protocol with Constant-Time Identification , 2010, IEEE Transactions on Parallel and Distributed Systems.

[52]  U. N. Okorafor,et al.  Security and Privacy for Distributed Multimedia Sensor Networks , 2008, Proceedings of the IEEE.

[53]  Wei Tu,et al.  Distributed scheduling scheme for video streaming over multi-channel multi-radio multi-hop wireless networks , 2010, IEEE Journal on Selected Areas in Communications.