Lightweight Authentication Research Articles

EN-LAKP: Lightweight Authentication and Key Agreement Protocol for Emerging Networks

Emerging network technologies that will be developed and implemented in the next generation to enhance computing facilities are Wireless Sensor Networks (WSNs) and Software Defined Networking (SDN). Since micro-electromechanical system (MEMS) technology progress, WSNs become more and more popular since they offer realistic and affordable real- time monitoring options. As a result, as network traffic and the variety of sensor nodes rise, the SDN paradigm is being integrated into WSN to avoid a performance bottleneck with traditional network design. Since the sensor nodes are dispersed throughout a hostile environment and they communicate over a public channel, the information shared between entities is vulnerable to attack. The proposed protocol illustrated why it made sense to provide network administration and control responsibilities to centralized SDN controller nodes. We thus offer the Lightweight Authentication and Key Agreement Protocol (LAKP) for SDN-enabled WSNs to protect entity communication. Furthermore, we demonstrate that the suggested solution avoids known security vulnerabilities by doing both formal and informal security examinations using the Scyther tool and Burrows-Abadi-Needham (BAN) logic.

SLAKA_CPS: Secured lightweight authentication and key agreement protocol for reliable communication among heterogenous devices in cyber-physical system framework

SLAKA_CPS: Secured lightweight authentication and key agreement protocol for reliable communication among heterogenous devices in cyber-physical system framework

Insider Attack Prevention: LAPUP—Lightweight Authentication Protocol Using PUF

Insider Attack Prevention: LAPUP—Lightweight Authentication Protocol Using PUF

Hybrid cryptography-based scheme with conditional privacy-preserving authentication and memory-based DOS resilience in V2X

To secure Vehicle-to-everything (V2X) communications, many Conditional Privacy-Preserving Authentication schemes (CPPA) use symmetric and asymmetric encryption during the authentication process. However, several existing schemes have some security limitations regarding VANET requirements. In many symmetric cryptography-based schemes, the participants are required to share the same keys which could compromise the security of the network in case the key of one participant is compromised, while many asymmetric cryptography-based schemes take much time during the authentication process, and don't address the denial-of-service attack. In this paper, we propose a certificateless scheme that does not require a certificate and prevents the escrow problem. Plus, it uses the elliptic curve cryptography and avoids bilinear pairing and Map-to-Hash functions. We call our scheme Hybrid Cryptography-Based Scheme with a Conditional Privacy-Preserving Authentication (HCBS-CPPA), as it uses both symmetric and asymmetric cryptography during the authentication process. Our scheme combines the strength of an asymmetric encryption that satisfies non-repudiation, and the strength of a symmetric encryption that allows to perform a lightweight authentication. In addition, we show that our scheme is resilient to memory-based Denial of Service (DOS) attack which occurs when an attacker floods the memory of a receiver with invalid messages. A security proof shows that HCBS-CPPA is secure in the random oracle. Regarding the simulation of our scheme, it turns out that HCBS-CPPA has the best performance when compared with several existing certificateless schemes. Additionally, it requires less execution time during the signing and verification process, as well as less communication overhead when compared to the existing schemes.

A lightweight group-based SDN-driven encryption protocol for smart home IoT devices

With the increasing adoption rate of Internet of Things (IoT) devices in smart home applications, it is vital to safeguard the privacy and security of information, communications among IoT devices and the underlying infrastructure. In open communication scenarios, an adversary can easily tamper with data transmitted by IoT communication devices. This paper proposes a softwarized lightweight authentication key agreement scheme for smart home applications in Software-Defined IoT (SDIoT) environment. The proposed scheme comprises registration, authentication, and key selection phases. Devices are registered in the registration phase after the successful completion of validation checks, while sessions’ keys are granted to the registered devices in the authentication phase. In the final phase, controllers classify IoT devices based on pre-defined parameters and impose class-specific access control based on classification. The security of the proposed scheme is validated using the widely accepted AVISPAs verification tool against a strong adversary. Simulation results demonstrate that our proposed scheme outperforms existing schemes in terms of running time, computation complexity, and energy consumption. It is found that the proposed scheme has significant cost-effectiveness.

MAG-PUFs: Authenticating IoT devices via electromagnetic physical unclonable functions and deep learning

The challenge of authenticating Internet of Things (IoT) devices, particularly in low-cost deployments with constrained nodes that struggle with dynamic re-keying solutions, renders these devices susceptible to various attacks. This paper introduces a robust alternative mitigation strategy based on Physical-Layer Authentication (PLA), which leverages the intrinsic physical layer characteristics of IoT devices. These unique imperfections, stemming from the manufacturing process of IoT electronic integrated circuits (ICs), are difficult to replicate or falsify and vary with each function executed by the IoT device. We propose a novel lightweight authentication scheme, MAG-PUFs, that uses the unintentional Electromagnetic (EM) emissions from IoT devices as Physical Unclonable Functions (PUFs). MAG-PUFs operate by collecting these unintentional EM emissions during the execution of pre-defined reference functions by the IoT devices. The authentication is achieved by matching these emissions with profiles recorded at the time of enrollment, using state-of-the-art Deep Learning (DL) approaches such as Neural Networks (NN) and Autoencoders. Notably, MAG-PUFs offer compelling advantages: (i) it preserves privacy, as it does not require direct access to the IoT devices; and, (ii) it provides unique flexibility, permitting the selection of numerous and varied reference functions. We rigorously evaluated MAG-PUFs using 25 Arduino devices and a diverse set of 325 reference function classes. Employing a DL framework, we achieved a minimum authentication F1-Score of 0.99. Furthermore, the scheme’s efficacy in detecting impostor EM emissions was also affirmed, achieving a minimum F1-Score of 0.99. We also compared our solution to other solutions in the literature, showing its remarkable performance. Finally, we discussed code obfuscation techniques and the impact of Radio Frequency (RF) interference on the IoT authentication process.

A lightweight authentication and authorization method in IoT-based medical care

A lightweight authentication and authorization method in IoT-based medical care

Lightweight Privacy Preserving Scheme for IoT based Smart Home

Background: The Internet of Things (IoT) is the interconnection of physical devices, controllers, sensors and actuators that monitor and share data to another end. In a smart home network, users can remotely access and control home appliances/devices via wireless channels. Due to the increasing demand for smart IoT devices, secure communication also becomes the biggest challenge. Hence, a lightweight authentication scheme is required to secure these devices and maintain user privacy. The protocol proposed is secure against different kinds of attacks and as well as is efficient. Methods: The proposed protocol offers mutual authentication using shared session key establishment. The shared session key is established between the smart device and the home gateway, ensuring that the communication between the smart devices, home gateway, and the user is secure and no third party can access the information shared. Results: Informal and formal analysis of the proposed scheme is done using the AVISPA tool. Finally, the results of the proposed scheme also compare with existing security schemes in terms of computation and communication performance cost. The results show that the proposed scheme is more efficient and robust against different types of attacks than the existing protocols. Conclusion: In the upcoming years, there will be a dedicated network system built inside the home so that the user can have access to the home from anywhere. The proposed scheme offers secure communication between the user, the smart home, and different smart devices. The proposed protocol makes sure that security and privacy are maintained since the smart devices lack computation power which makes them vulnerable to different attacks.

Efficient and reliable post-quantum authentication

In this paper we propose a new lightweight authentication protocol which is efficient, reliable and, properly instantiated, suitable for the post-quantum world. It is a two-level protocol, which supports unbounded message transmission. It can be useful in several settings, from the standard sender-receiver setting, to unreliable multicast and broadcast communication in networks with resource-constrained devices. The key ideas underlying our design are mainly three: the hash-chaining method, some techniques used in MAC-based authentication protocols for multicast communication, and the use of the Guy Fawkes signatures. To our knowledge, our protocol is the first one that solves the unbounded number of message transmission issue in unreliable settings. It does not lose efficiency and introduces only a constant-size overhead in message transmission, compared to solutions assuming a bounded number of message transmissions. We rigorously model the adversarial setting and show that our protocol satisfies the definition, leveraging on standard assumptions. Apart from the technical contribution, along the line, we also point out the relevance of ideas and techniques developed in the past in the area of efficient authentication, in order to provide new authentication schemes, ready for the post-quantum world.

Blockchain-Based Lightweight Authentication Protocol for Next-Generation Trustworthy Internet of Vehicles Communication

Blockchain-Based Lightweight Authentication Protocol for Next-Generation Trustworthy Internet of Vehicles Communication

On the Security of a Blockchain and PUF-Based Lightweight Authentication Protocol for Wireless Medical Sensor Networks

On the Security of a Blockchain and PUF-Based Lightweight Authentication Protocol for Wireless Medical Sensor Networks

“A lightweight authentication scheme for 6LoWPAN-based Internet-of -things”

ABSTRACT IPv6-based IoT networks, i.e. 6LoWPAN network, require authentication for security. The existing authentication schemes on symmetric-key based approaches for 6LoWPAN consume huge computational and processing overhead in the literature. In a large network, pre-deployment of the key leads to huge memory consumption due to storing many keys. Furthermore, in asymmetric key cryptography, operations with the public key are computationally expensive, which is unsuitable for resource-constrained devices. We proposed a lightweight key exchange and authentication scheme for 6LoWPAN to mutually authenticate the sensor nodes, the gateway, and the server with less computational overhead and without compromising any security credentials. The authentication scheme helps to generate a session key without storing any secrets in the 6LoWPAN devices. We utilized a one-way hash function and XOR operation to reduce overhead in multi-hop communication. The AVISPA verification tool and the formal verification show that the proposed method is resistant to well-known attacks. The proposed scheme outperforms relevant methods in computational overhead, communication cost, and computation time.

Blockchain-Enhanced Sensor-as-a-Service (SEaaS) in IoT: Leveraging Blockchain for Efficient and Secure Sensing Data Transactions

As the Internet of Things (IoT) continues to revolutionize value-added services, its conventional architecture exhibits persistent scalability and security vulnerabilities, jeopardizing the trustworthiness of IoT-based services. These architectural limitations hinder the IoT’s Sensor-as-a-Service (SEaaS) model, which enables the commercial transmission of sensed data through cloud platforms. This study proposes an innovative computational framework that integrates decentralized blockchain technology into the IoT architectural design, specifically enhancing SEaaS efficiency. This research contributes to an optimized IoT architecture with decentralized blockchain operations and simplified public key encryption. Furthermore, this study introduces an advanced SEaaS model featuring innovative trading operations for sensed data among diverse stakeholders. At its core, this model presents a unique blockchain-based data-sharing mechanism that manages multiple aspects, from enrollment to validation. Evaluations conducted in a standard Python environment indicate that the proposed SEaaS model outperforms existing blockchain-based data-sharing models, demonstrating approximately 40% less energy consumption, 18% increased throughput, 16% reduced latency, and a 25% reduction in algorithm processing time. Ultimately, integrating a lightweight authentication mechanism using simplified public key cryptography within the blockchain establishes the model’s potential for efficient and secure data-sharing in IoT.

IoMT-BADT: A blockchain-envisioned secure architecture with a lightweight authentication scheme for the Digital Twin environment in the Internet of Medical Things

IoMT-BADT: A blockchain-envisioned secure architecture with a lightweight authentication scheme for the Digital Twin environment in the Internet of Medical Things

An Effective Mechanism to Mitigate Packet Dropping Attack from MANETs using Chaotic Map based Authentication Technique

Background: MANET is a self-organized wireless network with no infrastructure. Especially data transfer from one system to another system needs to be done in a secure way. In order to provide data integrity, authentication plays an important role in data communication. RSA and ECC are widely used algorithms in the real world, but authentication using these algorithms is time-consuming. Towards this, various algorithms came into existence with different security primitives. However, it is important to design an effective key agreement process with reduced computational cost among these security mechanisms. We have designed an effective mechanism to mitigate packet dropping attacks to secure end-to-end communication in MANET. Objective: The proposed light weight authentication method is based on chaotic maps that uses Chebyshev polynomials as primitive operation. Methods: The methodology includes semi group property of Chebyshev polynomials and also the discrete logarithmic problem based chaotic maps that takes less time than these existing algorithms and evaluates with respect to attack Resilience, packet deliverya fraction, delay, throughput, and overhead. Results: Simulation produces the result of the proposed mechanism and give better performance in terms of packet delivery ratio, overhead and computational cost. Conclusion: Authentication based on developed mechanism consumes less time as shown in statistical analysis and mitigates packet dropping attacks effectively than that of traditional methods like RSA and ECC with respect to key generation mechanism.

SPCL: A Smart Access Control System That Supports Blockchain

The access control system is a critical element in intelligent buildings. In this paper, we present SPCL, an innovative access control system designed to facilitate building entry through the use of mobile phones. Our system aims to provide a secure and convenient solution for building access, capitalizing on the widespread availability and capabilities of mobile devices. Additionally, we propose a lightweight authentication protocol to enhance security. The performance of the protocol is measured for different curves at different frequencies, proving that the protocol is more suitable for door lock systems than the benchmark protocol. In addition, we investigated the security and usability of SPCL. Finally, a comparison of the security of human-lock interfaces for smart locks and blockchain-based payment methods are discussed.

Enhancing Industrial Wireless Communication Security Using Deep Learning Architecture-Based Channel Frequency Response

Wireless communication plays a crucial role in the automation process in the industrial environment. However, the open nature of wireless communication renders industrial wireless sensor networks susceptible to malicious attacks that impersonate authorized nodes. The heterogeneity of the wireless transmission channel, coupled with hardware and software limitations, further complicates the issue of secure authentication. This form of communication urgently requires a lightweight authentication technique characterized by low complexity and high security, as inadequately secure communication could jeopardize the evolution of industrial devices. These requirements are met through the introduction of physical layer authentication. This article proposes novel deep learning (DL) models designed to enhance physical layer authentication by autonomously learning from the frequency domain without relying on expert features. Experimental results demonstrate the effectiveness of the proposed models, showcasing a significant enhancement in authentication accuracy. Furthermore, the study explores the efficacy of various DL architecture settings and traditional machine learning approaches through a comprehensive comparative analysis.

A Provably Secure Lightweight Authentication Based on Elliptic Curve Signcryption for Vehicle-to-Vehicle Communication in VANETs

A Provably Secure Lightweight Authentication Based on Elliptic Curve Signcryption for Vehicle-to-Vehicle Communication in VANETs

A Secure Authentication Protocol Supporting Efficient Handover for UAV

Unmanned Aerial Vehicles (UAVs) are increasingly pivotal in operations such as flood rescue, wildfire surveillance, and covert military endeavors, with their integration into the Internet of Things (IoT) networks broadening the scope of services they provide. Amidst this expansion, security concerns for UAVs have come to the forefront, particularly in open communication environments where they face authentication challenges and risks of sensitive data, including location information, being exposed to unauthorized parties. To address these issues, we propose a secure and lightweight authentication scheme that combines the use of anonymity mechanisms and Physical Unclonable Functions (PUFs). Specifically, we employ pseudo- and temporary identities to maintain the anonymity of UAVs, while also utilizing PUF technology to strengthen the security of Ground Station Servers (GSSs) against physical threats. Rigorous validation through ProVerif and the Random Oracle (ROR) Model indicates our scheme’s superior performance over existing protocols in terms of both efficiency and security.

A Lightweight Authentication Protocol for a Blockchain-Based Off-Chain Medical Data Access in Multi-server Environment

A Lightweight Authentication Protocol for a Blockchain-Based Off-Chain Medical Data Access in Multi-server Environment