A Study on Secured Authentication and Authorization in Internet of Things: Potential of Blockchain Technology

With the proliferation of Internet of Things (IoT) and its influence in various use case scenarios, it can be expected that IoT services will create a global reach. Smart cities, smart grids, smart industries, smart wearables etc. are some examples of IoT services today. Besides all the benefits that IoT provide, security issues of these services and data generated by IoT are of major concern. Traditional security practices of authentication and authorization have been initially designed for security needs of centralized client/server models which are good to deal with human-machine interaction over the Internet. In centralized systems, normally devices and users are trusted for being in the same application domain. Moreover, such systems can become a bottleneck for a number of queries at the same time; or may become a single point of failure causing unavailability of connected devices that are totally relying on a single trusted party. This paper explores the IoT security issues and concerns. Moreover, it provides a review of centralized and decentralized IoT security solutions in terms of authentication and authorization. Additionally, it discusses how Blockchain technology can be leveraged to provide IoT security.

[1]  Wan Haslina Hassan,et al.  Current research on Internet of Things (IoT) security: A survey , 2019, Comput. Networks.

[2]  Munam Ali Shah,et al.  ScreenStealer: Addressing Screenshot attacks on Android devices , 2016, 2016 22nd International Conference on Automation and Computing (ICAC).

[3]  Khaled Salah,et al.  Using Blockchain for IOT Access Control and Authentication Management , 2018, ICIOT.

[4]  Antônio A. de A. Rocha,et al.  A Survey of How to Use Blockchain to Secure Internet of Things and the Stalker Attack , 2018, Secur. Commun. Networks.

[5]  Tomás Cerný,et al.  Survey of Authentication and Authorization for the Internet of Things , 2018, Secur. Commun. Networks.

[6]  Michael Devetsikiotis,et al.  Blockchains and Smart Contracts for the Internet of Things , 2016, IEEE Access.

[7]  Vangelis Metsis,et al.  IoT Middleware: A Survey on Issues and Enabling Technologies , 2017, IEEE Internet of Things Journal.

[8]  Saru Kumari,et al.  An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment , 2016, Ad Hoc Networks.

[9]  Praveen Gauravaram,et al.  Blockchain for IoT security and privacy: The case study of a smart home , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[10]  Yongxin Li,et al.  Controllable synthesis of P-chiral 1,2- and 1,3-diphosphines via asymmetric Diels-Alder reactions involving functionalized allylic phosphines as dienophiles. , 2009, Dalton transactions.

[11]  Hajar Mousannif,et al.  Access control in the Internet of Things: Big challenges and new opportunities , 2017, Comput. Networks.

[12]  Fagen Li,et al.  Efficient certificateless access control for industrial Internet of Things , 2017, Future Gener. Comput. Syst..

[13]  Ahmed Serhrouchni,et al.  Bubbles of Trust: A decentralized blockchain-based authentication system for IoT , 2018, Comput. Secur..

[14]  Antonio Puliafito,et al.  Blockchain and IoT Integration: A Systematic Survey , 2018, Sensors.

[15]  Giuseppe Piro,et al.  A policy enforcement framework for Internet of Things applications in the smart health , 2017 .

[16]  Tzonelih Hwang,et al.  BSN-Care: A Secure IoT-Based Modern Healthcare System Using Body Sensor Network , 2016, IEEE Sensors Journal.

[17]  Hokeun Kim,et al.  Authentication and Authorization for the Internet of Things , 2017, IT Professional.

[18]  Chu-Sing Yang,et al.  TBAS: Token-based authorization service architecture in Internet of things scenarios , 2017, Int. J. Distributed Sens. Networks.

[19]  Xiaohong Jiang,et al.  Smart Contract-Based Access Control for the Internet of Things , 2018, IEEE Internet of Things Journal.

[20]  José María de Fuentes,et al.  Effect of attacker characterization in ECG-based continuous authentication mechanisms for Internet of Things , 2018, Future Gener. Comput. Syst..

[21]  Victor I. Chang,et al.  Computationally efficient privacy preserving anonymous mutual and batch authentication schemes for vehicular ad hoc networks , 2018, Future Gener. Comput. Syst..

[22]  Zhuzhong Qian,et al.  AccessAuth: Capacity-aware security access authentication in federated-IoT-enabled V2G networks , 2017, J. Parallel Distributed Comput..

[23]  Oscar Novo,et al.  Blockchain Meets IoT: An Architecture for Scalable Access Management in IoT , 2018, IEEE Internet of Things Journal.

[24]  Shehzad Khalid,et al.  Counter Measuring Conceivable Security Threats on Smart Healthcare Devices , 2018, IEEE Access.

[25]  Tommaso Melodia,et al.  Securing the Internet of Things in the Age of Machine Learning and Software-Defined Networking , 2018, IEEE Internet of Things Journal.

[26]  Ahmed Serhrouchni,et al.  BCTrust: A decentralized authentication blockchain-based mechanism , 2018, 2018 IEEE Wireless Communications and Networking Conference (WCNC).

[27]  Laurence T. Yang,et al.  Data Exfiltration From Internet of Things Devices: iOS Devices as Case Studies , 2017, IEEE Internet of Things Journal.

[28]  Laura Ricci,et al.  Blockchain Based Access Control Services , 2018, 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[29]  Tiago M. Fernández-Caramés,et al.  A Review on the Use of Blockchain for the Internet of Things , 2018, IEEE Access.

[30]  Hongji Yang,et al.  Conceivable security risks and authentication techniques for smart devices: A comparative evaluation of security practices , 2016, Int. J. Autom. Comput..

[31]  Abdellah Ait Ouahman,et al.  Towards a Novel Privacy-Preserving Access Control Model Based on Blockchain Technology in IoT , 2017 .

[32]  Murat Kantarcioglu,et al.  Using Blockchain and smart contracts for secure data provenance management , 2017, ArXiv.

[33]  Richard K. Lomotey,et al.  Enhancing Privacy in Wearable IoT through a Provenance Architecture , 2018 .

[34]  Benjamin Aziz,et al.  Enhancing IoT Security and Privacy with Distributed Ledgers - A Position Paper - , 2017, IoTBDS.

[35]  Divneet Singh Kapoor,et al.  Create Your Own Internet of Things: A survey of IoT platforms. , 2017, IEEE Consumer Electronics Magazine.