ECC based inter-device authentication and authorization scheme using MQTT for IoT networks

Abstract Internet of Things (IoT) has emerged from the proliferation of smart and inter-connected devices ranging from tiny sensors to complex Fog and Cloud nodes, various networking technologies, and communication protocols. These IoT devices permeate in our lives through various applications including smart homes, healthcare, defence, transportation, and so forth. Although IoT provides a way of interaction among the physical world objects and the Internet, these connected devices have created a new dimension of security challenges associated with the vulnerabilities present in them. These challenges can be tackled to some extent by deploying a rigid authentication and access control model. In this paper, we propose a novel light-weight authentication and authorization framework suitable for distributed IoT environment using Elliptical Curve Cryptography (ECC) and Message Queuing Telemetry Transport (MQTT). Moreover, we implement the scheme, and analyse and compare its various security and performance aspects with other schemes.

[1]  Huang Xiuli,et al.  Access Control of Cloud Service Based on UCON , 2009, CLOUD-II 2009.

[2]  Luca Viganò,et al.  Automated Security Protocol Analysis With the AVISPA Tool , 2006, MFPS.

[3]  Ankur Lohachab,et al.  Critical Analysis of DDoS—An Emerging Security Threat over IoT Networks , 2018, Journal of Communications and Information Networks.

[4]  Dongho Won,et al.  Anonymous Authentication Scheme for Intercommunication in the Internet of Things Environments , 2015, Int. J. Distributed Sens. Networks.

[5]  R. Manjusha,et al.  Secure Authentication and Access System for Cloud Computing Auditing Services Using Associated Digital Certificate , 2015 .

[6]  Domenico Rotondi,et al.  A capability-based security approach to manage access control in the Internet of Things , 2013, Math. Comput. Model..

[7]  Brij B. Gupta,et al.  An identity based access control and mutual authentication framework for distributed cloud computing services in IoT environment using smart cards , 2018 .

[8]  Farouk Kamoun,et al.  A Kerberos-Based Authentication Architecture for Wireless LANs , 2004, NETWORKING.

[9]  Ramjee Prasad,et al.  Capability-Based Access Control with ECC Key Management for the M2M Local Cloud Platform , 2017, Wireless Personal Communications.

[10]  Hwajeong Seo,et al.  IoT-NUMS: Evaluating NUMS Elliptic Curve Cryptography for IoT Platforms , 2019, IEEE Transactions on Information Forensics and Security.

[11]  Ian Goldberg,et al.  Anonymity and one-way authentication in key exchange protocols , 2012, Designs, Codes and Cryptography.

[12]  Khanh V. Nguyen Simplifying Peer-to-Peer Device Authentication Using Identity-Based Cryptography , 2006, International conference on Networking and Services (ICNS'06).

[13]  Qun Li,et al.  A Survey of Fog Computing: Concepts, Applications and Issues , 2015, Mobidata@MobiHoc.

[14]  Ruhul Amin,et al.  A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usable in TMIS , 2015, Journal of Medical Systems.

[15]  Bruce Schneier One-way hash functions , 1991 .

[16]  WooSik Bae,et al.  Inter-device Mutual authentication and Formal Verification in M2M Environment , 2014 .

[17]  Ramjee Prasad,et al.  Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things , 2012, J. Cyber Secur. Mobil..

[18]  Hongfeng Zhu,et al.  A Provable One-way Authentication Key Agreement Scheme with User Anonymity for Multi-server Environment , 2015, KSII Trans. Internet Inf. Syst..

[19]  John W. Rittinghouse,et al.  Cloud Computing: Implementation, Management, and Security , 2009 .

[20]  Isaac Woungang,et al.  An Inter-device Authentication Scheme for Smart Homes Using One-Time-Password Over Infrared Channel , 2017, ISDDC.

[21]  Ken Sakamura,et al.  Fine-grained access control to medical records in digital healthcare enterprises , 2015, 2015 International Symposium on Networks, Computers and Communications (ISNCC).

[22]  Tao Xie,et al.  ACPT: A Tool for Modeling and Verifying Access Control Policies , 2010, 2010 IEEE International Symposium on Policies for Distributed Systems and Networks.

[23]  Hajar Mousannif,et al.  Access control in the Internet of Things: Big challenges and new opportunities , 2017, Comput. Networks.

[24]  Dongdai Lin,et al.  A Lightweight Anonymous Mutual Authentication with Key Agreement Protocol on ECC , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[25]  Mehdi Shajari,et al.  A Usage Control Based Architecture for Cloud Environments , 2012, 2012 IEEE 26th International Parallel and Distributed Processing Symposium Workshops & PhD Forum.

[26]  Anish Prasad Shrestha,et al.  Kerberos based authentication for inter-domain roaming in wireless heterogeneous network , 2010, Comput. Math. Appl..

[27]  Abdallah Shami,et al.  NFV: state of the art, challenges, and implementation in next generation mobile networks (vEPC) , 2014, IEEE Network.

[28]  Namje Park,et al.  Mutual Authentication Scheme in Secure Internet of Things Technology for Comfortable Lifestyle , 2015, Sensors.

[29]  Fan Wu,et al.  Cryptanalysis and Improvement of a User Authentication Scheme Preserving Uniqueness and Anonymity for Connected Health Care , 2015, Journal of Medical Systems.

[30]  P. Balamuralidhar,et al.  An identity based encryption using elliptic curve cryptography for secure M2M communication , 2012, SecurIT '12.

[31]  Hong Linh Truong,et al.  MQTT-S — A publish/subscribe protocol for Wireless Sensor Networks , 2008, 2008 3rd International Conference on Communication Systems Software and Middleware and Workshops (COMSWARE '08).