Authentication Of Internet Of Things Devices Research Articles

Physical unclonable functions and QKD-based authentication scheme for IoT devices using blockchain

As the number of Internet of Things (IoT) devices is increasing exponentially, strong security measures are needed to guard against different types of cyberattacks. This research offers a novel IoT device authentication technique to mitigate these challenges by integrating three cutting-edge technologies namely blockchain technology, Quantum Key Distribution (QKD), and Physically Unclonable Functions (PUFs). By utilizing the distinctive qualities of PUFs for device identification and the unrivaled security of QKD for key exchange, the proposed approach seeks to address the significant security issues present in IoT environments. Adopting blockchain technology ensures transparency and verifiability of the authentication process across distributed IoT networks by adding an unchangeable, decentralized layer of trust. An examination of the computing and communication costs reveals that the proposed protocol is effective, necessitating low computational resources that are critical for IoT devices with limited resources. The protocol’s resistance against a variety of attacks is demonstrated by formal proofs based on the Real-Or-Random (ROR) model and security evaluations using the Scyther tool, ensuring the integrity and secrecy of communications. Various threats are analyzed, and the protocol is proven to be secure and efficient from all forms of attacks.

Temporal ECDSA: A timestamp and signature mask enabled ECDSA algorithm for IoT client node authentication

Internet of Things (IoT) networks are vulnerable to various security threats, especially in client authentication. The current authentication methods require significant resources and are vulnerable to specific attacks. The Non-Interactive Zero Knowledge Proof (NIZKP) concept suits IoT device authentication. Elliptic Curve Digital Signature (ECDSA) is a popular algorithm for IoT device authentication based on elliptic curve cryptography (ECC) and NIZKP. However, an intelligent attacker who captures the ECDSA signatures generated by the same random number can recover the private key. This paper proposes a timestamp based approach to prevent signature reuse and fake signature generation in the ECDSA algorithm. The signature proof is generated differently at each occurrence to prevent the generation of valid signatures from leaked private keys. The proposed approach eliminates the expensive modular inversion operations in signature generation and verification phases, enhancing execution efficiency. The analysis results indicate that the proposed Temporal ECDSA algorithm effectively prevents most attacks on client authentication in IoT networks. Various metrics, including computational complexity and security measures, were used to evaluate the effectiveness of the proposed approach, demonstrating that it outperforms most ECDSA variants.

Privacy-preserving fuzzy commitment schemes for secure IoT device authentication

Privacy-Preserving Fuzzy Commitment Schemes (PPFCS) have emerged as a promising solution for secure Internet of Things (IoT) device authentication, addressing the critical need for privacy and security in the rapidly growing IoT ecosystem. This paper presents a novel PPFCS-based authentication mechanism that protects sensitive user data and ensures secure communication between IoT devices. The proposed scheme leverages error-correcting codes (ECC) and cryptographic hash functions to achieve reliable and efficient authentication. The PPFCS framework allows IoT devices to authenticate themselves without revealing their true identity, preventing unauthorized access and preserving users’ privacy. Furthermore, our PPFCS-based authentication mechanism is resilient against various attacks, such as replay, man-in-the-middle, and brute-force attacks, by incorporating secure random nonce generation and timely key updates. We provide extensive experimental results and comparative analysis, demonstrating that the proposed PPFCS significantly outperforms existing authentication schemes in terms of security, privacy, and computational efficiency. As a result, the PPFCS offers a viable and effective solution for ensuring secure and privacy-preserving IoT device authentication, mitigating the risks associated with unauthorized access and potential data breaches in the IoT ecosystem.

Single-board device individual authentication based on hardware performance and autoencoder transformer models

The proliferation of the Internet of Things (IoT) has led to the emergence of crowdsensing applications, where a multitude of interconnected devices collaboratively collect and analyze data. Ensuring the authenticity and integrity of the data collected by these devices is crucial for reliable decision-making and maintaining trust in the system. Traditional authentication methods are often vulnerable to attacks or can be easily duplicated, posing challenges to securing crowdsensing applications. Besides, current solutions leveraging device behavior are mostly focused on device identification, which is a simpler task than authentication. To address these issues, an individual IoT device authentication framework based on hardware behavior fingerprinting and Transformer autoencoders is proposed in this work. To support the design, a threat model details the security problems faced when performing hardware-based authentication in IoT. This solution leverages the inherent imperfections and variations in IoT device hardware to differentiate between devices with identical specifications. By monitoring and analyzing the behavior of key hardware components, such as the CPU, GPU, RAM, and Storage on devices, unique fingerprints for each device are created. The performance samples are considered as time series data and used to train outlier detection transformer models, one per device and aiming to model its normal data distribution. Then, the framework is validated within a spectrum crowdsensing system leveraging Raspberry Pi devices. After a pool of experiments, the model from each device is able to individually authenticate it between the 45 devices employed for validation. An average True Positive Rate (TPR) of 0.74±0.13 and an average maximum False Positive Rate (FPR) of 0.06±0.09 demonstrate the effectiveness of this approach in enhancing authentication, security, and trust in crowdsensing applications.

IoT Device Authentication Using Self-Organizing Feature Map Data Sets

Sensors and actuators connected via the Internet of Things (IoT) have now become embedded within our critical infrastructure offering improved observation and control as well as reduced costs. Given that software defined radios (SDRs) can be readily programmed to imitate IoT devices, there is now a greater risk that assets can be spoofed or compromised. This necessitates an urgent need for IoT device authentication, avoiding the need to upgrade the many thousands of individual devices. However, the lack of publicly available data sets severely hampers the development of effective authentication algorithms and mechanisms. In this regard, this article introduces a technique for facilitating IoT device authentication when the radio frequency (RF) characteristics are highly correlated using self-organizing feature maps (SOFMs), thus aiming to promote state-of-the-art research in this field. The associated techniques demonstrated in this article exploit a novel data set of RF fingerprints and are, in particular, suitable for low-cost and long-range wireless application scenarios of the IoT, e.g., LoRa. Here, a well trained convolutional neural network (CNN) based on the SOFM data set can rapidly profile apparently correlated RF fingerprint patterns and thereby ascertain the nature of a specific device (friend or foe). In this way, a reliable and efficient IoT device authentication strategy for LoRa devices can be established. The experimental results presented in this article substantiate the effectiveness and efficiency of the SOFM based approach, and the data sets are introduced in detail and shared with the research community.

A Blockchain-Based Product Traceability System with Off-Chain EPCIS and IoT Device Authentication.

Blockchain-based traceability systems are a promising approach because they are decentralized, transparent, and tamper proof; however, if all traceability data are uploaded to a blockchain platform, it may affect the efficiency or even lead to data explosion. Additionally, it is difficult to guarantee the reliability of the original data source of massive Internet of Things (IoT) devices. Furthermore, when different enterprise nodes adopt different data storage structures, the costs that are associated with data sharing will increase. In this paper, we have proposed a trustworthy product traceability system that is based on hyperledger fabric and Electronic Product Code Information Service (EPCIS), which is not only capable of making products traceable, but it can also authenticate and authorize the IoT devices that are used for data collection. First, we adopted the on-chain and off-chain collaborative management mechanism in order to alleviate data explosion on the chain. Second, we proposed a scheme to authenticate and authorize devices based on blockchain. Third, we complied with EPCIS and Core Business Vocabulary (CBV) standards and provided the EPCIS location discovery service in order to improve the interactivity. Finally, we implemented and tested the proposed traceability system and compared it with the existing research. The proposed solution provides product information traceability, data tamper proofing, data confidentiality, and data source reliability.

Remote Registration and Group Authentication of IoT Devices in 5G Cellular Network

The Fifth Generation (5G) of cellular mobile network, due its speed and flexibility, will be a preferred communication technology for future deployment of the Internet of Things (IoT). However, with the rapid growth in the number of connected devices, registration and authentication of the devices in 5G cellular network are set to become challenging tasks. Currently, the basis for registration and authentication of the devices in 5G mobile network is the Universal Subscriber Identity Module (USIM) that is provided to every device. But, with large scale deployments in IoT, providing a USIM and authenticating every device individually is going to be arduous. Recently, several group based authentication protocols have been proposed by researchers. Even so, none of these proposals can be easily adopted, since they are not based on the challenge response mechanism used in the 5G Authentication and Key Agreement Protocol (5G-AKA). In this paper, an efficient scheme for remote registration and group authentication of the IoT devices in 5G cellular network is proposed. The scheme is designed to work along with 5G-AKA protocol as its extension. It uses elliptic curve cryptography that is lightweight in nature and is suitable for resource constrained IoT environment. Security analysis and performance analysis shows that the proposed scheme is secured and efficient in comparison to similar recent proposals in the literature.

Blockchain-based trust management and authentication of devices in smart grid

The digitalization of the power grid and advancement in intelligent technologies have enabled the service provider to convert the existing electrical grid into a smart grid. The transformation of the grid will help in integrating cleaner energy technologies with energy management to improve power network efficiency. Internet of things (IoT) and various network components need to be deployed to harness the full potential of the smart grid. Also, integrating intermittent renewable energy sources, energy storage, intelligent control of selected power-intensive loads, etc will improve energy efficiency. But deployment of this information and communication technologies will make the grid more vulnerable to cyber attacks from hackers. In this work, blockchain-based self-sovereign identification and authentication technique is presented to avert identity theft and masquerading. The proposed approach can minimize the chances of identity-based security breaches in the smart grid. This paper provides an overview of the model of identification and authentication of IoT devices in Smart Grid based on Blockchain technology. The Blockchain based implementation of identification and authentication of devices is proposed to validate the model in the distributed electrical energy network. The model is able to authenticate the device using Blockchain in a trusted model. The system works according to plan validating the authenticity of transaction in a node in log(n) time, which justifies presented result.

A Novel Framework for Open-Set Authentication of Internet of Things Using Limited Devices.

The Internet of Things (IoT) is promising to transform a wide range of fields. However, the open nature of IoT makes it exposed to cybersecurity threats, among which identity spoofing is a typical example. Physical layer authentication, which identifies IoT devices based on the physical layer characteristics of signals, serves as an effective way to counteract identity spoofing. In this paper, we propose a deep learning-based framework for the open-set authentication of IoT devices. Specifically, additive angular margin softmax (AAMSoftmax) was utilized to enhance the discriminability of learned features and a modified OpenMAX classifier was employed to adaptively identify authorized devices and distinguish unauthorized ones. The experimental results for both simulated data and real ADS–B (Automatic Dependent Surveillance–Broadcast) data indicate that our framework achieved superior performance compared to current approaches, especially when the number of devices used for training is limited.

Hash-Based Signature for Flexibility Authentication of IoT Devices

5G provides a unified authentication architecture and access management for IoT (Internet of Things) devices. But existing authentication services cannot cover massive IoT devices with various computing capabilities. In addition, with the development of quantum computing, authentication schemes based on traditional digital signature technology may not be as secure as we expected. This paper studies the authentication mechanism from the user equipment to the external data network in 5G and proposed an authentication protocol prototype that conforms to the Third Generation Partnership Program (3GPP) standard. This prototype can accommodate various Hash-based signature technologies, applying their advantages in resource consumption to meet the authentication requirements of multiple types of IoT devices. The operation of the proposed authentication scheme is mainly based on the Hash function, which is more efficient than the traditional authentication scheme. It provides flexible and high-quality authentication services for IoT devices cluster in the 5G environment combining the advantages of Hash-based signature technology and 5G architecture.

IoT Devices, User Authentication, and Data Management in a Secure, Validated Manner through the Blockchain System

Advancement in technology has led to innovation in equipment, and the number of devices is increasing every day. Industries are introducing new devices every day and predicting 50 billion connected devices by 2022. These devices are deployed through the Internet, called the Internet of Things (IoT). Applications of IoT devices are weather prediction, monitoring surgery in hospitals, identification of animals using biochips, providing tracking connectivity in automobiles, smart home appliances, etc. IoT devices have limitations related to security at both the software and hardware ends. Secure user interfaces can overcome software-level limitations like front-end-user interfaces are accessed easily through public and private networks. The front-end interfaces are connected to the localized storage to contain data produced by the IoT devices. Localized storage deployed in a closed environment connected to IoT devices is more efficient than online servers from a security perspective. Blockchain has emerged as a technology or technique with capabilities to achieve secure administrational authentication and accessibility to IoT devices and their computationally produced data in a decentralized way with high reliability, interrogation, and resilience. In this paper, we propose device, end-user, and transactional authentication techniques using blockchain-embedded algorithms. The localized server interacts with the user interface to authenticate IoT devices, end-users, and their access to IoT devices. The localized server provides efficiency by reducing the load on the IoT devices by carrying out end-user heavy computational data, including end-user, IoT device authentication, and communicational transactions. Authentication data are placed on the public ledger in block form, distributed over the system nodes through blockchain algorithms.

Consistent Round Hash optimized SRP-6a-based end-to-end mutual authentication for secure data transfer in industry 4.0

When the Internet of Things (IoT) is used in a typical manufacturing system, the industrial plant can be controlled remotely through the Internet. This enables manufacturing and execution systems to obtain real-time work orders directly from the Enterprise Resource Planning (ERP) system. Therefore, workflows for development, production, and manufacturing can be integrated with sales, market, and finance business processes. The possibility of implementing this integration, however, is dependent on the trust, security, and authentication of IoT devices. Many IoT devices face significant security risks such as device hijacking and data leaks due to limited resources and inadequate self-protection capabilities. Despite the fact that several studies have been conducted using the physical unclonable function to protect communication between IoT devices from the aforementioned security threats, current solutions rely on the participation of the server to distribute the key parameters, which requires high message overhead and has a significant impact on efficiency. To fill this gap, this article proposes a Consistent Round Hash optimized SRP-6a-based end-to-end mutual authentication for secure data transfer technique with single-share trusted device collaboration can detect an unauthenticated device. In addition, our proposed technique ensures the overall system's integrity and stability during a scaling-out phenomenon, which is becoming increasingly common in complex industrial environments. Furthermore, we present a formal and informal security analysis of the proposed protocol. According to the results of the performance analysis, our proposed technique has the lowest communication overhead, computational cost, and round-trip time when compared to other state-of-the-art schemes.

An Ontological Security Framework to Secure the SDN based IoT Networks

The IoT (Internet of Things) is now a trendy technology with its numerous apps in multiple areas. It includes a heterogeneous amount of Internet and mutually linked devices. Since the IoT network is characterized by tiny assets that produce less energy and are more flexible, this number of machines is difficult to monitor. SDN (Software Defined Network) is a new network model that facilitates the creation and introduction of fresh networking abstractions, simplifies the management of network and facilitates network development. In this paper, by leveraging the fundamental characteristics represented by Software Defined Networks (SDN), we present an ontological security architecture for IoT networks. Our security architecture restricts access to independently verified IoT devices via the network. To secure the flows in the IoT network infrastructure, we introduced an extra layer and provide a lightweight protocol to authenticate IoT systems. Such an advanced strategy to protection containing IoT device authentication and allowing approved flows can assist secure IoT networks against malicious IoT devices and threats.

Secure Network Access Authentication for IoT Devices: EAP Framework vs. Individual Protocols

Secure bootstrapping of Internet of Things (IoT) devices is often a multi-step process that begins with enabling Internet access through a local wireless network. The process of enabling Internet access on IoT devices includes network discovery and selection, access authentication, and configuration of necessary credentials and parameters. On one hand, there are many standard protocols available for network access authentication of IoT devices. On the other hand, Extensible Authentication Protocol (EAP) is a standard framework with support for many authentication methods, and it is primarily used for network access authentication in enterprise networks. This article discusses whether the EAP framework is beneficial for network access authentication of IoT devices.

A network-independent tool-based usable authentication system for Internet of Things devices

In this paper, we introduce a hardware-based system with a protocol realization to authenticate Internet of Things (IoT) devices. DigitalSeal is a novel standalone network-independent authentication tool implemented using an Arduino UNO and various components. DigitalSeal ’s I/O elements read a barcode and display a barcode data and its corresponding HMAC, which are used for authentication. DigitalSeal can manage cryptographic keys securely and provide a data integrity in order to defend against Man-in-the-Middle (MitM) and Man-in-the-Browser (MitB) attacks. Moreover, DigitalSeal can be used in various applications, such as an authentication system or protocol, an online/offline transaction, a login session, and an IoT device authentication. Using DigitalSeal, we propose a new protocol for IoT device authentication, providing various security benefits and reducing the burden of key maintenance for a large number of IoT devices. Our authentication protocol realization with DigitalSeal provides a convenient method for securely managing password for multiple IoT devices, prevents unauthorized IoT devices from connecting to the user’s gateway (an IoT home/enterprise network), and secures the communication between the IoT device and the gateway. Our system and associated protocol are both cost-effective and usable. According to our experiments, most users are able to obtain the authentication credential (the HMAC) within 3 seconds with more than 93% accuracy using DigitalSeal.

SCAB - IoTA: Secure communication and authentication for IoT applications using blockchain

The Internet of Things (IoT) becomes a leading field of computer science, which simplifies the life of human beings. The IoT, devices can interconnect and communicate with each other, in a fully autonomous mode. This autonomy has made the IoT network vulnerable to various security threats. However, due to this autonomy, there is a strong need for reliable security and storage mechanism for authentication to exchange data between IoT devices. To solve this problem, we propose an efficient method known as SCAB-IoTA, which ensures identification and authentication of IoT devices and also provides secure communication in the open environment. Along with authentication and secure communication, the scheme also ensures data integrity. SCAB-IoTA used the blockchain and hybrid cryptosystem (the combination of Advanced Encryption Standard (AES) and Elliptic Curve Digital Signature Algorithm (ECDSA) cryptographic techniques) to enhance the security of IoT applications to prevent various attacks along with less computational, and storage overhead. Furthermore, we have a secure cluster of IoT devices based on angular distance (AD), so that devices can securely communicate without any interruption. A secure and robust trust mechanism has employed to build these clusters, where each IoT device has to authenticate itself before joining the cluster. The obtained results satisfy the IoT security requirements with 60% reduced computation, storage and communication cost compared with state-of-the-art methods. The security analysis illustrates that SCAB-IoTA withstands against various cyberattacks such as impersonation, message replay, man-in-the-middle, and botnet attacks.

Lightweight Internet of Things Device Authentication, Encryption, and Key Distribution Using End-to-End Neural Cryptosystems

Device authentication, encryption, and key distribution are of vital importance to any Internet of Things (IoT) systems, such as the new smart city infrastructures. This is due to the concern that attackers could easily exploit the lack of strong security in IoT devices to gain unauthorized access to the system or to hijack IoT devices to perform denial-of-service attacks on other networks. With the rise of fog and edge computing in IoT systems, increasing numbers of IoT devices have been equipped with computing capabilities to perform data analysis with deep learning technologies. Deep learning on edge devices can be deployed in numerous applications, such as local cardiac arrhythmia detection on a smart sensing patch, but it is rarely applied to device authentication and wireless communication encryption. In this article, we propose a novel lightweight IoT device authentication, encryption, and key distribution approach using neural cryptosystems and binary latent space. The neural cryptosystems adopt three types of end-to-end encryption schemes: 1) symmetric; 2) public-key; and 3) without keys. A series of experiments was conducted to test the performance and security strength of the proposed neural cryptosystems. The experimental results demonstrate the potential of this novel approach as a promising security and privacy solution for the next-generation of IoT systems.

SDN-Enabled Secure IoT Architecture

The Internet of Things (IoT) is increasingly being used in applications ranging from precision agriculture to critical national infrastructure by deploying a large number of resource-constrained devices in hostile environments. These devices are being exploited to launch attacks in cyber systems. As a result, security has become a significant concern in the design of IoT-based applications. In this article, we present a security architecture for IoT networks by leveraging the underlying features supported by software-defined networks (SDNs). Our security architecture not only restricts network access to authenticated IoT devices but also enforces fine granular policies to secure the flows in the IoT network infrastructure. The authentication is achieved using a lightweight protocol to authenticate IoT devices. Authorization is achieved using a dynamic policy driven approach. Such an integrated security approach involving authentication of IoT devices and enables authorized flows to protect IoT networks from malicious IoT devices and attacks. We have implemented and validated our architecture using ONOS SDN Controller and Raspbian Virtual Machines, and demonstrated how the proposed security mechanisms can counteract malware packet injection, DDoS attacks using Mirai, spoofing/masquerading, and man-in-the-middle attacks. An analysis of the security and performance of the proposed security mechanisms and their applications is presented in this article.

Applications, Attacks and Authentication Schemes for Future IoT

The internet has gently penetrated and completely mushroomed in to our entire life activities. Still we give the impression to be extremely unimaginable about real fact for the reason that we are overflowing with the need for internet. This evolution has ended up in the necessity of extensive technological advancement. One among them is the concept of Internet of Things (IoT). IoT is a framework of computing appliances that are interrelated with the purpose of exchanging data over the network. Internet of Things is a structure in which day by day gadgets have turned up shrewder which in turn makes it possible for the each day operations to be smart and communications to be instructive. Any significant influence in the progress of the Internet of Things is essentially the consequence of the deeds that work together for a superior outcome conducted in various domains like social science, electronics, informatics and telecommunications. Consequently, this broad range of applications of IoT causes enormous volume of data sharing which in turn distributes the confidential data pertaining to the users. Hence the need for authentication of IoT devices is of significance to defend against the security attacks. In this paper, a detailed survey of Internet of Things which offers a comprehensive focus on the theory, architecture, applications and related research is presented.

Location-Aware Wi-Fi Authentication Scheme Using Smart Contract.

Advanced wireless technology in Internet of Things (IoT) devices is increasing and facing various security threats. The authentication of IoT devices is the first line of defense for the wireless network. Especially in a Wi-Fi network, the existing authentication methods mainly use a password or digital certificate, these methods are inconvenient to manage due to certificate issuance or prone to be attacked because passwords are easily cracked. In this paper, we propose a location-aware authentication scheme using smart contracts to ensure that IoT devices can securely perform Wi-Fi network authentication. The scheme adopts the concept of secondary authentication and consists of two phases: the registration phase, which is mainly designed to complete the generation of the public and private keys, and to link the device information with its related device information; the authentication phase, which is mainly designed to determine whether the requesting device is within a legal location range. We use the smart contract to ensure the credibility and irreparability of the authentication process. Analysis of the attack model and the attacks at different stages proves that this certification scheme is assured, and the simulation results show that the overhead introduced by this scheme is acceptable, this scheme can provide greater security for the Wi-Fi authentication of IoT devices.