Secure and low-power authentication for resource-constrained devices

The Internet of Things (IoT) refers to an interconnected world where physical devices seamlessly integrate into a global network and become active participants of business, information, and social processes. These physical devices are referred to as smart objects since they understand and react to the environment they reside in. However, deploying such Internet-connected smart objects is challenging, since they need to be correctly configured with appropriate network and security credentials. This is exacerbated by the fact that they have minimal input capabilities and may be in inaccessible locations. In this article, we describe how to employ the 3rd Generation Partnership Project (3GPP) Generic Bootstrapping Architecture (GBA) to ensure secure authentication and communication among a variety of devices and services. Although GBA relies on the infrastructure of mobile network operators, it requires no mobile network access but only IP connectivity to perform authentication. We show the feasibility of our approach with a prototype implementation that incurs in a minimal memory overhead. Experimental results also show that our solution is energy-efficient.

[1]  Angela Orebaugh,et al.  Wireshark & Ethereal Network Protocol Analyzer Toolkit (Jay Beale's Open Source Security) , 2006 .

[2]  Sachin Agarwal,et al.  Operator-based over-the-air M2M wireless sensor network security , 2010, 2010 14th International Conference on Intelligence in Next Generation Networks.

[3]  Transcoding Functions,et al.  Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); LTE; , 2009 .

[4]  Valtteri Niemi,et al.  Cellular Authentication for Mobile and Internet Services , 2008 .

[5]  Jouni Korhonen Applying Generic Bootstrapping Architecture for use with Constrained Devices , 2012 .

[6]  Valtteri Niemi,et al.  Generic Authentication Architecture , 2008 .

[7]  William Stallings,et al.  THE ADVANCED ENCRYPTION STANDARD , 2002, Cryptologia.

[8]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[9]  Muxiang Zhang,et al.  Security analysis and enhancements of 3GPP authentication and key agreement protocol , 2005, IEEE Transactions on Wireless Communications.

[10]  Mohit Sethi,et al.  Security in Smart Object Networks , 2012 .

[11]  Mario Di Francesco,et al.  Secure bootstrapping of cloud-managed ubiquitous displays , 2014, UbiComp.

[12]  Christian Steger,et al.  A Flexible and Lightweight ECC-Based Authentication Solution for Resource Constrained Systems , 2014, 2014 17th Euromicro Conference on Digital System Design.

[13]  Saurabh Bagchi,et al.  Optimizing AES for embedded devices and wireless sensor networks , 2008, TRIDENTCOM.

[14]  Kwangjo Kim,et al.  Efficient sensor node authentication via 3GPP mobile communication networks , 2010, CCS '10.

[15]  王家志 Technical Specification Group Services and System Aspects ; 3 G Security ; Specification of the MILENAGE Algorithm Set : An example algorithm set for the 3 GPP authentication and key generation functions , 2001 .

[16]  Thiemo Voigt,et al.  Lithe: Lightweight Secure CoAP for the Internet of Things , 2013, IEEE Sensors Journal.

[17]  Hannes Tschofenig,et al.  Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) , 2005, RFC.

[18]  Pascal Thubert,et al.  Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based Networks , 2011, RFC.

[19]  Mario Di Francesco,et al.  Flexible Management of Cloud-Connected Digital Signage , 2015, 2015 IEEE 12th Intl Conf on Ubiquitous Intelligence and Computing and 2015 IEEE 12th Intl Conf on Autonomic and Trusted Computing and 2015 IEEE 15th Intl Conf on Scalable Computing and Communications and Its Associated Workshops (UIC-ATC-ScalCom).

[20]  Klaus Wehrle,et al.  Delegation-based authentication and authorization for the IP-based Internet of Things , 2014, 2014 Eleventh Annual IEEE International Conference on Sensing, Communication, and Networking (SECON).

[21]  Sajal K. Das,et al.  A Storage Infrastructure for Heterogeneous and Multimedia Data in the Internet of Things , 2012, 2012 IEEE International Conference on Green Computing and Communications.

[22]  Mihir Bellare,et al.  The EAX Mode of Operation , 2004, FSE.

[23]  Klaus Wehrle,et al.  Towards viable certificate-based authentication for the internet of things , 2013, HotWiSec '13.

[24]  Angela Orebaugh,et al.  Wireshark & Ethereal Network Protocol Analyzer Toolkit , 2007 .

[25]  Berk Sunar,et al.  Energy Comparison of AES and SHA-1 for Ubiquitous Computing , 2006, EUC Workshops.

[26]  Jari Arkko,et al.  End-to-end security for sleepy smart object networks , 2012, 37th Annual IEEE Conference on Local Computer Networks - Workshops.

[27]  Mario Di Francesco,et al.  Performance evaluation of remote display access for mobile cloud computing , 2015, Comput. Commun..