Secure and scalable access control protocol for IoT environment

Abstract

Smart applications based on IoT has gained huge momentum in recent times. Typically, these applications involve the deployment of smart devices within the perception layer of three-tier IoT architecture. The smart devices may be required to be re-deployed due to adversary attacks, or outage of power. Deployment of new smart devices within the perception layer of IoT based applications is a significant security concern. The deployed smart device can be a malicious node that can disrupt the complete network operations. An access control protocol regulates the deployment of smart devices within the perception layer. Besides obliging the resource constraint nature of smart devices, an access control protocol must also fulfill specific security and functional requirements for its practical consideration. In this paper, an access control protocol based on Elliptical Curve Cryptography (ECC) has been presented. Besides sufficing to all other major security and functional requirements, the proposed protocol is also scalable and independent of clock synchronization issues. The correctness and the soundness of the proposed protocol has been validated using BAN logic. The proposed protocol has also been formally validated using automated validation of internet security protocols and applications (AVISPA) and Scyther tools. The proposed protocol has been compared with relevant existing schemes on various security and functional requirements. The comparison suggests that the proposed protocol has a better trade-off as compared to relevant existing schemes.