Memory and machine attributes-based profiling and elliptic curve cryptography-based multi-level authentication for the security of Internet of Things

Purpose Due to the connectivity of the multiple devices and the systems on the same network, rapid development has become possible in Internet of Things (IoTs) for the last decade. But, IoT is mostly affected with severe security challenges due to the potential vulnerabilities happened through the multiple connectivity of sensors, devices and system. In order to handle the security challenges, literature presents a handful of security protocols for IoT. The purpose of this paper is to present a threat profiling and elliptic curve cryptography (ECC)-based mutual and multi-level authentication for the security of IoTs. This work contains two security attributes like memory and machine-related attributes for maintaining the profile table. Also, the profile table stores the value after encrypting the value with ECC to avoid storage resilience using the proposed protocol. Furthermore, three entities like, IoT device, server and authorization centre (AC) performs the verification based on seven levels mutually to provide the resilience against most of the widely accepted attacks. Finally, DPWSim is utilized for simulation of IoT and verification of proposed protocol to show that the protocol is secure against passive and active attacks. Design/methodology/approach In this work, the authors have presented a threat profiling and ECC-based mutual and multi-level authentication for the security of IoTs. This work contains two security attributes like memory and machine-related attributes for maintaining the profile table. Also, the profile table stores the value after encrypting the value with ECC to avoid storage resilience using the proposed protocol. Furthermore, three entities like, IoT device, server and AC performs the verification based on seven levels mutually to provide the resilience against most of the widely accepted attacks. Findings DPWSim is utilized for simulation of IoT and verification of the proposed protocol to show that this protocol is secure against passive and active attacks. Also, attack analysis is carried out to prove the robustness of the proposed protocol against the password guessing attack, impersonation attack, server spoofing attack, stolen verifier attack and reply attack. Originality/value This paper presents a threat profiling and ECC-based mutual and multi-level authentication for the security of IoTs.

[1]  Nik Bessis,et al.  An Autonomic Agent Trust Model for IoT systems , 2013, EUSPN/ICTH.

[2]  Antonio F. Gómez-Skarmeta,et al.  Towards a Lightweight Authentication and Authorization Framework for Smart Objects , 2014 .

[3]  Hannes Tschofenig,et al.  Securing the Internet of Things: A Standardization Perspective , 2014, IEEE Internet of Things Journal.

[4]  Laurence T. Yang,et al.  Aggregated-Proof Based Hierarchical Authentication Scheme for the Internet of Things , 2015, IEEE Transactions on Parallel and Distributed Systems.

[5]  Elias Z. Tragos,et al.  RERUM: Building a reliable IoT upon privacy- and security- enabled smart objects , 2014, 2014 IEEE Wireless Communications and Networking Conference Workshops (WCNCW).

[6]  Chen Liang,et al.  LRMAPC: A Lightweight RFID Mutual Authentication Protocol with Cache in the Reader for IoT , 2014, 2014 IEEE International Conference on Computer and Information Technology.

[7]  Alexis Olivereau,et al.  Trustworthy Infrastructure Services for a Secure and Privacy-Respecting Internet of Things , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[8]  Victor C. M. Leung,et al.  Fast and Secure Reauthentications for 3GPP Subscribers during WiMAX-WLAN Handovers , 2011, IEEE Transactions on Dependable and Secure Computing.

[9]  Jingcheng Wang,et al.  An improved mutual authentication and key update scheme for Multi-Hop Relay in internet of things , 2012, 2012 7th IEEE Conference on Industrial Electronics and Applications (ICIEA).

[10]  Zhi Chen,et al.  A lightweight attribute-based encryption scheme for the Internet of Things , 2015, Future Gener. Comput. Syst..

[11]  Liang Zhou,et al.  Multimedia traffic security architecture for the internet of things , 2011, IEEE Network.

[12]  Debiao He,et al.  Robust Biometrics-Based Authentication Scheme for Multiserver Environment , 2015, IEEE Systems Journal.

[13]  Noël Crespi,et al.  DPWSim: A Devices Profile for Web Services (DPWS) Simulator , 2015, IEEE Internet of Things Journal.

[14]  Mukul Panwar,et al.  Security for IoT: An effective DTLS with public certificates , 2015, 2015 International Conference on Advances in Computer Engineering and Applications.

[15]  Jingcheng Wang,et al.  A novel mutual authentication scheme for Internet of Things , 2011, Proceedings of 2011 International Conference on Modelling, Identification and Control.

[16]  Xingming Sun,et al.  An Anonymity and Authentication Mechanism for Internet of Things , 2011 .

[17]  Alessandro Neri,et al.  A federated architecture approach for Internet of Things security , 2014, 2014 Euro Med Telco Conference (EMTC).

[18]  Jianbo Liu,et al.  HB-MAP Protocol: A New Secure Bidirectional Light-Wight Authentication Protocol of HB , 2012, ICEBE.

[19]  Jiming Chen,et al.  Smart community: an internet of things application , 2011, IEEE Communications Magazine.

[20]  Xiangjian He,et al.  A Robust Authentication Scheme for Observing Resources in the Internet of Things Environment , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[21]  Vanga Odelu,et al.  A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards , 2015, IEEE Transactions on Information Forensics and Security.

[22]  David Lake,et al.  Internet of Things: Architectural Framework for eHealth Security , 2014, J. ICT Stand..