scispace - formally typeset

Book ChapterDOI

Mutual Authentication Scheme for the Management of End Devices in IoT Applications

08 Sep 2020-Vol. 672, pp 221-231

TL;DR: Message Queuing Telemetry Transport Protocol (MQTT) is one of the most widely used lightweight communication protocol for the Internet of Things (IoT) services and this work provides three-factor authentication mechanism including perpetual and one-way hashing.
Abstract: IoT has started to penetrate in all walks of life starting from home to industrial applications. The number of internet connected devices is increasing every day. Data breaches against a huge amount of data evolving in it also in rise which makes security imperative. Message Queuing Telemetry Transport Protocol (MQTT) is one of the most widely used lightweight communication protocol for the Internet of Things (IoT) services. In this work, two-way communication using socket was adopted between node and gateway, and publish/subscribe-based communication was used between node and user. In order to ensure overall authorized access of the data from the devices, the proposed work provides three-factor authentication mechanism including perpetual and one-way hashing. Further, computational and storage analysis was performed, which proves that this scheme is suitable for resource-constrained devices and used to minimize the computational complexity, space, and bandwidth.
Topics: MQTT (59%), Mutual authentication (58%), Node (networking) (57%), The Internet (54%), Communications protocol (54%)
Citations
More filters

Book
01 Jan 2010
Abstract: Keynote Talks.- The UNESCO Chair in Data Privacy Research in Vehicular Networks.- Privacy Management for Global Organizations.- Data Privacy Management.- Obligation Language and Framework to Enable Privacy-Aware SOA.- Distributed Privacy-Preserving Methods for Statistical Disclosure Control.- Towards a Privacy-Preserving National Identity Card.- Using SAT-Solvers to Compute Inference-Proof Database Instances.- A Quantitative Analysis of Indistinguishability for a Continuous Domain Biometric Cryptosystem.- A Spatial Cloaking Framework Based on Range Search for Nearest Neighbor Search.- Visualizing Privacy Implications of Access Control Policies in Social Network Systems.- Contextual Privacy Management in Extended Role Based Access Control Model.- Autonomous and Spontaneous Security.- Dynamic Security Rules for Geo Data.- Medical Image Integrity Control Combining Digital Signature and Lossless Watermarking.- ASRBAC: A Security Administration Model for Mobile Autonomic Networks (MAutoNets).- Untraceable Tags Based on Mild Assumptions.- Security Threat Mitigation Trends in Low-Cost RFID Systems.- An Effective TCP/IP Fingerprinting Technique Based on Strange Attractors Classification.- DDoS Defense Mechanisms: A New Taxonomy.- RDyMASS: Reliable and Dynamic Enforcement of Security Policies for Mobile Agent Systems.- Achieving Life-Cycle Compliance of Service-Oriented Architectures: Open Issues and Challenges.

61 citations


References
More filters

Proceedings ArticleDOI
01 Jan 2015
TL;DR: This paper presents and compares existing IoT application layer protocols as well as protocols that are utilized to connect the “things” but also end-user applications to the Internet, and argues their suitability for the IoT by considering reliability, security, and energy consumption aspects.
Abstract: It has been more than fifteen years since the term Internet of Things (IoT) was introduced. However, despite the efforts of research groups and innovative corporations, still today it is not possible to say that the IoT is upon us. This is mainly due to the fact that a unified IoT architecture has not yet been clearly defined and there is no common agreement in defining communication protocols and standards for all the IoT parts. The framework that current IoT platforms use consists mostly in technologies that partially fulfill the IoT requirements. While developers employ existing technologies to build the IoT, research groups are working on adapting protocols to the IoT in order to optimize communications. In this paper, we present and compare existing IoT application layer protocols as well as protocols that are utilized to connect the “things” but also end-user applications to the Internet. We highlight IETF’s CoAP, IBM’s MQTT, HTML 5’s Websocket among others, and we argue their suitability for the IoT by considering reliability, security, and energy consumption aspects. Finally, we provide our conclusions for the IoT application layer communications based on the study that we have conducted.

338 citations


01 Apr 2010
TL;DR: OAuth provides a method for clients to access server resources on behalf of a resource owner (such as a different client or an end- user) and a process for end-users to authorize third- party access to their server resources without sharing their credentials, using user- agent redirections.
Abstract: OAuth provides a method for clients to access server resources on behalf of a resource owner (such as a different client or an end- user). It also provides a process for end-users to authorize third- party access to their server resources without sharing their credentials (typically, a username and password pair), using user- agent redirections. This document is not an Internet Standards Track specification; it is published for informational purposes.

277 citations


Journal ArticleDOI
TL;DR: This paper presents an analysis of recent research in IoT security from 2016 to 2018, its trends and open issues, and the relevant tools, modellers and simulators.
Abstract: The results of IoT failures can be severe, therefore, the study and research in security issues in the IoT is of extreme significance. The main objective of IoT security is to preserve privacy, confidentiality, ensure the security of the users, infrastructures, data, and devices of the IoT, and guarantee the availability of the services offered by an IoT ecosystem. Thus, research in IoT security has recently been gaining much momentum with the help of the available simulation tools, modellers, and computational and analysis platforms. This paper presents an analysis of recent research in IoT security from 2016 to 2018, its trends and open issues. The main contribution of this paper is to provide an overview of the current state of IoT security research, the relevant tools,IoT modellers and simulators.

238 citations


Journal ArticleDOI
J.K. Lee, S.R. Ryu1, K.Y. Yoo2Institutions (2)
TL;DR: An authentication system, which does not require a password table to authenticate its users, is proposed, and introducing smart card and fingerprint verification so that the scheme can withstand message replaying attack and impersonation.
Abstract: An authentication system, which does not require a password table to authenticate its users, is proposed. By removing a password table, and introducing smart card and fingerprint verification, the scheme can be more secure and reliable. In addition, the scheme can withstand message replaying attack and impersonation.

218 citations


Journal ArticleDOI
TL;DR: This work presents a lightweight and secure user authentication protocol based on the Rabin cryptosystem, which has the characteristic of computational asymmetry and presents a comprehensive heuristic security analysis to show that the protocol is secure against all the possible attacks and provides the desired security features.
Abstract: Wireless sensor networks (WSNs) will be integrated into the future Internet as one of the components of the Internet of Things, and will become globally addressable by any entity connected to the Internet. Despite the great potential of this integration, it also brings new threats, such as the exposure of sensor nodes to attacks originating from the Internet. In this context, lightweight authentication and key agreement protocols must be in place to enable end-to-end secure communication. Recently, Amin et al. proposed a three-factor mutual authentication protocol for WSNs. However, we identified several flaws in their protocol. We found that their protocol suffers from smart card loss attack where the user identity and password can be guessed using offline brute force techniques. Moreover, the protocol suffers from known session-specific temporary information attack, which leads to the disclosure of session keys in other sessions. Furthermore, the protocol is vulnerable to tracking attack and fails to fulfill user untraceability. To address these deficiencies, we present a lightweight and secure user authentication protocol based on the Rabin cryptosystem, which has the characteristic of computational asymmetry. We conduct a formal verification of our proposed protocol using ProVerif in order to demonstrate that our scheme fulfills the required security properties. We also present a comprehensive heuristic security analysis to show that our protocol is secure against all the possible attacks and provides the desired security features. The results we obtained show that our new protocol is a secure and lightweight solution for authentication and key agreement for Internet-integrated WSNs.

188 citations


Performance
Metrics
No. of citations received by the Paper in previous years
YearCitations
20101