Lightweight Authentication Research Articles

A Provably Secure Lightweight Key Agreement Protocol for Wireless Body Area Networks in Healthcare System

Wireless Body Area Network (WBAN) is a vital application of the Internet of Things (IoT) that plays a significant role in gathering a patient's healthcare information. This collected data helps special professionals like doctors or physicians analyze patients' health status to cure different diseases. However, collecting such information from an insecure channel can be threatening due to the potential security threats. Therefore, it is crucial to secure this sensitive information. This article proposes a secure and lightweight authentication protocol for WBAN. The devised protocol is scalable, secure, and lightweight compared to various relevant competing protocols. The informal security analysis shows that the designed protocol is lightweight, secure, and efficient in resisting various major attacks. The performance analysis demonstrates our protocol's supremacy over various competing protocols in terms of computation and communication costs, inducing efficiency of 20.3% and 12.3%, respectively. Moreover, the practical performance of the designed protocol from the network point of view is measured using the widely recognized NS3 simulation tool.

ECCPWS: An ECC-based protocol for WBAN systems

The development of Wireless Body Area Network (WBAN) and Wearable Health Monitoring Systems (WHMS) play a key role in healthcare monitoring. WBAN includes medical sensors that monitor vital signs of patients, collect data and usually transmit them to medical servers via wireless channels. Therefore, the patient’s sensitive information sent over the channel can be vulnerable to various attacks. Hence, designing lightweight authentication security protocols for these systems with the lowest computational and communication costs has become a major challenge. Recently, Sowjanya et al. (2020) presented a lightweight authentication scheme for WHMS based on Elliptic Curve Cryptography (ECC), which provides optimal security features and low storage, communication and computational costs. In this paper, the security of their scheme is evaluated and passive insider secret disclosure and replay attacks against their scheme are presented. It is obvious that other attacks such as desynchronization attack and impersonation attack can be applied to this protocol by obtaining the secret value of network manager. The complexity of our proposed attacks is just one run of the protocol and their success probability equals to one. Finally, by remedying the Sowjanya et al. (2020) ’s protocol, a lightweight ECC-based authentication scheme called ECCPWS is proposed. Moreover, the proposed protocol’s security proof is performed via informal methods and also formally through Real-Or-Random (ROR) model, BAN logic, Scyther and AVISPA tools. The security verification results of ECCPWS show that the ECCPWS has complete security against various security vulnerabilities and attacks.

Elliptic Curve-Based Query Authentication Protocol for IoT Devices Aided by Blockchain.

Digital transformation has increased its proportion in the last few years and the Internet-on-Things (IoT) domain is not an exception, with more and more devices or sensors being connected to the Internet and transmitting different types of data. Usually, being part of more complex IT systems, it must be ensured that the IoT devices transmitting the data are authenticated components of the system before sending the data to a storage server. However, usually, IoT devices have limited computing power, therefore all of the work that they are doing should not be too expensive in terms of computations. This is the case for the authentication mechanism, too. Having this context, in this paper, we propose an authentication mechanism for IoT devices based on elliptic curves, which are known as having a low computational cost compared to other techniques used in cryptography that provide the same level of security. The proposed system includes a blockchain network that will verify the identity of the device which tries to connect within the system to send the data to the storage server, a process that will be made together with the storage server. Once the identity is valid, the blockchain records the transaction and the storage server initiates the data transmission process. Besides including a lightweight authentication mechanism, the proposed method has several other important properties due to it using the blockchain network. Compared to the related work that we analyzed, we show that the proposed authentication mechanism is secure against common attacks designed for IoT devices. The performance analysis shows that the authentication query made by the IoT device takes place in less than a second on both a MSP430F1611 microcontroller and a MICAz sensor.

ECCbAS: An ECC based authentication scheme for healthcare IoT systems

Smart technology is a concept for efficiently managing smart things such as vehicles, buildings, home appliances, healthcare systems and others, through the use of networks and the Internet. Smart architecture makes use of technologies such as the Internet of Things (IoT), fog computing, and cloud computing. The Smart Medical System (SMS), which is focused on communication networking and sensor devices, is one of the applications used in this architecture. In a smart medical system, a doctor uses cloud-based applications such as mobile devices, wireless body area networks, and other cloud-based apps to provide online therapy to patients. Consequently, with the advancement and growth of IoT and 6G wireless technology, privacy and security have emerged as two of the world’s most important issues. Recently, Sureshkumar et al. proposed an authentication scheme for medical wireless sensor networks (MWSN) by using an Elliptic Curve Cryptography (ECC) based lightweight authentication protocol and claimed that it provides better security for smart healthcare systems. This paper will demonstrate that this protocol is susceptible to attacks such as traceability, integrity contradiction, and de-synchronization with the complexity of one run of the protocol and a success probability of one. Furthermore, we also propose an ECC based authentication scheme called ECCbAS to address the Sureshkumar et al. protocol’s vulnerabilities and demonstrate its security using a variety of non-formal and formal methods.

Blockchain-based DDoS attack mitigation protocol for device-to-device interaction in smart home

Smart home devices are vulnerable to a variety of attacks. The matter gets more complicated when a number of devices collaborate to launch a colluding attack (e.g., Distributed-Denial-of-Service (DDoS)) in a network (e.g., Smart home). To handle these attacks, most studies have hitherto proposed authentication protocols that cannot necessarily be implemented in devices, especially during Device-to-Device (D2D) interactions. Tapping into the potential of Ethereum blockchain and smart contracts, this work proposes a lightweight authentication mechanism that enables safe D2D interactions in a smart home. The Ethereum blockchain enables the implementation of a decentralized prototype as well as a peer-to-peer distributed ledger system. The work also uses a single server queuing system model and the authentication mechanism to curtail DDoS attacks by controlling the number of service requests in the system. The simulation was conducted twenty times, each with varying number of devices chosen at random (ranging from 1 to 30). Each requester device sends an arbitrary request with a unique resource requirement at a time. This is done to measure the system's consistency across a variety of device capabilities. The experimental results show that the proposed protocol not only prevents colluding attacks, but also outperforms the benchmark protocols in terms of computational cost, message processing, and response times.

Provably secured lightweight authenticated key agreement protocol for modern health industry

Internet of Medical Things (IoMT) has facilitated the healthcare industry by providing ease of communication among doctors and patients living in remote areas for accomplishing diagnosis, real-time monitoring, and treatment procedure efficiently. The patient’s health-related data must be secured from various attacks of adversary since the data is sensitive and highly prone to attacks. This paper proposes an architecture that suits both localized and emergency scenarios. This architecture utilizes cloud server and edge computing technology. Provably secured lightweight authenticated key agreement protocol for modern health industry (PSLA2P) provides a lightweight authentication and key agreement protocol that can be deployed in the proposed network architecture. It protects the privacy of the patient’s health-related data by providing anonymity and untraceability. Real-Or-Random (ROR) model is used for the formal analysis of PSLA2P. We have verified the security weaknesses of PSLA2P using the Scyther simulator. Moreover, the informal analysis ensures high-level mitigation against known possible attacks. PSLA2P achieves better performance in terms of computation and communication overhead.

Blockchain-Based Authentication Scheme for Collaborative Traffic Light Systems Using Fog Computing

In the era of the Fourth Industrial Revolution, cybercriminals are targeting critical infrastructures such as traffic light systems and smart grids. A major concern is the security of such systems, which can be broken down into a number of categories, such as the authentication of data collection devices, secure data transmission, and use of the data by authorized and authenticated parties. The majority of research studies in the literature have largely focused on data integrity and user authentication. So far, no published work has addressed the security of a traffic light system from data collection to data access. Furthermore, it is evident that the conventional cloud computing architecture is incapable of analyzing and managing the massive amount of generated data. As a result, the fog computing paradigm combined with blockchain technology may be the best way to ensure data privacy in a decentralized manner while reducing overheads, latency, and maintaining security. This paper presents a blockchain-based authentication scheme named VDAS using the fog computing paradigm. The formal and informal verifications of the proposed solution are presented. The evaluation of the proposed scheme VDAS showed that it has low communication and computation costs compared to existing lightweight authentication techniques.

V2G-Auth: Lightweight Authentication and Key Agreement Protocol for V2G Environment Leveraging Physically Unclonable Functions

<i>V2G-Auth</i>: Lightweight Authentication and Key Agreement Protocol for V2G Environment Leveraging Physically Unclonable Functions

L-ECQV: Lightweight ECQV Implicit Certificates for Authentication in the Internet of Things

The vast expansion of the Internet of Things (IoT) devices and related applications has bridged the gap between the physical and digital world. Unfortunately, security remains a major challenge and the lack of secure links have fueled the increased attacks on IoT devices and networks. Due to its inherent scalability, Public Key Infrastructure (PKI) is the well-known and classic approach to bring public-key certificate based security to IoT. Even though the standard X.509 explicit certificates can be viable solution, they are inefficient and too large for resource constrained IoT networks and therefore, smaller, faster and more efficient Elliptic Curve Qu Vanstone (ECQV) implicit certificates can be employed for establishing authenticated connections in IoT. Moreover, the existing certificate-based authentication proposals in standardized IoT networks have either been deployed at the transport or physical layers. Thus, these proposals fail to provide true end-to-end security to messages at the application layer in the presence of intermediate CoAP proxies. This challenging aspect is addressed in this proposal by focusing on the certificate-based authentication at the application layer to ensure true end-to-end security of messages. Additionally, IoT application layer security protocols like EDHOC lacks mechanism for authenticated distribution of public keys and thus, there is a need for lightweight authentication based cryptographic primitive for establishing secure key agreement in IoT. This paper introduces a design and implementation of a lightweight ECQV implicit certificate and use them for authenticated key exchange in EDHOC at the application layer. We also design a lightweight profile with a novel encoding mechanism for ECQV implicit certificate, called L-ECQV. To prove its viability, L-ECQV has been implemented and evaluated on Contiki operating system. Our evaluation results show that the proposed L-ECQV certificate approach reduces energy consumption by 27%, message overhead of EDHOC handshake by 52%, and shows improvements in certificate validation time. The security analysis demonstrates that proposed L-ECQV certificates for EDHOC protocol is secure against a number of attack vectors present in the IoT network. This novel combination of ECQV certificates with EDHOC key exchange leads to a secure and lightweight authenticated key agreement in IoT networks.

EN-LAKP: Lightweight Authentication and Key Agreement Protocol for Emerging Networks

In the next generation, emerging network technologies like Software Defined Networking (SDN) and Wireless Sensor Networks (WSNs) will be developed and deployed to improve computing facilities. Micro-electromechanical system technologies advance, and WSNs gain in popularity because they provide real-time monitoring solutions that are both economically and practically viable. The SDN paradigm is consequently being incorporated into WSN to prevent a performance bottleneck with traditional network architecture as network traffic and diverse sensor nodes increase. Because they interact through a public channel and the sensor nodes are spread throughout a hostile environment, the information transmitted among entities is subject to assault. The proposed protocol showed how centralized SDN controller nodes logically assumed the role of network management and control. Therefore, we present a lightweight authentication and key agreement mechanism for SDN-enabled wireless sensor networks to protect entity communication. Additionally, we demonstrate that the suggested system prevents known security flaws by conducting both informal and formal security studies using the Scyther tool and BAN logic. Further, the performance study demonstrates that the suggested scheme performs better in computing and communication burdens than related protocols with 1.6% to 5.4% and 1.3% to 5.8%, respectively.

A Lightweight Authentication Framework for Fault-Tolerant Distributed WSN

A Lightweight Authentication Framework for Fault-Tolerant Distributed WSN

A Secure and Privacy-Preserving Lightweight Authentication and Key Exchange Algorithm for Smart Agriculture Monitoring System

A Secure and Privacy-Preserving Lightweight Authentication and Key Exchange Algorithm for Smart Agriculture Monitoring System

Lightweight Authentication Scheme for IoT Based E-Healthcare Service Communication.

Remote Patient Monitoring (RPM) using Electronic Healthcare (E-health) is a growing phenomenon enabling doctors predict patient health such as possible cardiac arrests from identified abnormal arrythmia. Remote Patient Monitoring enables healthcare staff to notify patients with preventive measures to avoid a medical emergency reducing patient stress. However weak authentication security protocols in IoT wearables such as pacemakers, enable cyberattacks to transmit corrupt data, preventing patients from receiving medical care. In this paper we focus on the security of wearable devices for reliable healthcare services and propose a Lightweight Key Agreement (LKA) based authentication scheme for securing Device-to-Device (D2D) communication. A Network Key Manager on the edge builds keys for each device for device validation. Device authentication requests are verified using certificates, reducing network communication costs. E-health empowered mobile devices are store authentication certificates for future seamless device validation. The LKA scheme is evaluated and compared with existing studies and exhibits reduced operation time for key generation operation costs and lower communication costs incurred during the execution of the device authentication protocol compared with other studies. The LKA scheme further exhibits reduced latency when compared with the three existing schemes due to reduced communication costs.

Design of Secure and Lightweight Authentication Scheme for UAV-Enabled Intelligent Transportation Systems Using Blockchain and PUF

Unmanned-aerial-vehicle (UAV)-enabled intelligent transportation system (ITS) is an advanced technology that can provide various services including autonomous driving, real-time creation of high-definition maps, and car sharing. In particular, a UAV-enabled ITS can be realized through the combination of traditional vehicular ad hoc networks (VANETs) and UAVs that can act as flying roadside units (RSUs) at the outskirts and monitor road conditions from predefined locations to spot car accidents and any law violations. Notably, to realize these services, real-time communication between UAVs and RSUs must be guaranteed. However, UAVs have limited computing powers, and if extensive computation is required during communication, the provision of real-time ITS services may be hindered. Furthermore, UAVs and RSUs communicate via public channels that are prone to various attacks, such as replay, impersonation, trace, and session key disclosure attacks. Thus, in this article, a secure and lightweight authentication scheme is proposed for UAVs and RSUs using the blockchain technology. The proposed scheme is analyzed using informal and formal methods including Burrows–Abadi–Nikoogadam (BAN) logic, automated validation of internet security protocols and applications (AVISPA) simulation tool, and real–or–random (RoR) model, and its performance is compared with that of related schemes. The results reveal that the proposed scheme is more efficient and secure as compared to the other competing schemes.

Application of Physical Unclonable Function for Lightweight Authentication in Internet of Things

IoT devices rely on authentication mechanisms to render secure message exchange. During data transmission, scalability, data integrity, and processing time have been considered challenging aspects for a system constituted by IoT devices. The application of physical unclonable functions (PUFs) ensures secure data transmission among the internet of things (IoT) devices in a simplified network with an efficient time-stamped agreement. This paper proposes a secure, lightweight, cost-efficient reinforcement machine learning framework (SLCR-MLF) to achieve decentralization and security, thus enabling scalability, data integrity, and optimized processing time in IoT devices. PUF has been integrated into SLCR-MLF to improve the security of the cluster head node in the IoT platform during transmission by providing the authentication service for device-to-device communication. An IoT network gathers information of interest from multiple cluster members selected by the proposed framework. In addition, the software-defined secured (SDS) technique is integrated with SLCR-MLF to improve data integrity and optimize processing time in the IoT platform. Simulation analysis shows that the proposed framework outperforms conventional methods regarding the network’s lifetime, energy, secured data retrieval rate, and performance ratio. By enabling the proposed framework, number of residual nodes is reduced to 16%, energy consumption is reduced by up to 50%, almost 30% improvement in data retrieval rate, and network lifetime is improved by up to 1000 msec.

Lightweight authentication scheme based on modified EAP security for CoAP protocol-based IoMT applications

The medical data generated from the patients that are communicated and stored on servers are highly sensitive, and also the IoMT network creates open spaces for an adversary. The proposed work designs a lightweight authentication scheme to support the extensible authentication protocol (EAP) called lightweight EAP (L-EAP). The proposed L-EAP modifies the EAP model and dynamically changes the security service as per healthcare application requirements. The L-EAP selectively applies the data encryption and integrity without frequent re-handshaking with the server using one-bit epoch field in the EAP message header. The L-EAP performs such a key generation process as a part of the authentication phase and enlarges the lifetime of the IoMT network. The advanced encryption standard (AES) is improved for providing data confidentiality in L-EAP. The L-EAP improves the confusion property of cipher text in AES and applies shift row and XOR operations to all the words.

A Light-weight Authentication Scheme in the Internet of Things using the Enhanced Bloom Filter

Authenticated key exchange mechanisms are critical for security-sensitive Internet of Things (IoT) and Wireless Sensor Networks (WSNs). In this area, the Bloom Filter (BF) plays a crucial role directly and indirectly, which has a significant advantage in space and time. Light-weight input authentication is one of the most challenging tasks in IoT. Weak or inefficient defense algorithms can allow fake information to enter the system, share information, send unnecessary messages, and reduce network efficiency. The utilization of an augmented Bloom filter for creating an authentication prominent called En-route Authentication Bitmap (EAB) has a substantial advantage over traditional methods that involve direct usage of Message Authentication Codes (MAC). This effective method of EAB picks the fake information almost accurately, thereby reducing the feeding attacks within not more than two steps taken by the attacker. EAB necessarily needs only a few bytes of bandwidth for efficient defense against at least ten forward steps of the adversary. Without hesitation, the Augmented Bloom filter and its components are becoming more common in network defense mechanisms.

A Secure and Efficient Access Control Scheme for Shared IoT Devices over Blockchain

The concept of shared IoT devices has attracted much attention from the industry sector, academia, and financial institutions, providing various benefits, such as saving resources, reducing personal expenses, and providing convenience. Although shared IoT devices facilitate people’s lives and work, the information exchange is over wireless networks that may suffer from some security attacks such as unauthorized access to a shared device or some private information of legitimate users being leaked. It makes the secure access control to the shared IoT devices become an intractable issue. In order to guarantee the access right of the legitimate users, to prevent the problems of privacy leakage and unnecessary economic disputes, a secure decentralized access control scheme for shared IoT devices is proposed leveraging the technologies of blockchain and a proposed authentication protocol in this paper. The new lightweight authentication protocol is proposed to perform mutual authentication between the user and the IoT device. To protect the privacy of the user, the instruction data are encrypted by a temporary session key negotiated between the user and the IoT device with the help of blockchain which enables nontamperable transactions and prevents central corruption and single point of failure. In our scheme, blockchain is maintained by the gateway nodes an acts as a distributed database and a smart contract for shared service is deployed on it. The smart contract has three functions in our scheme: (1) achieving the prepayment of users and settlement for the service contributor, (2) participating in a verification step during the key negotiation to prevent some malicious behaviour from users or devices, (3) recording the workload of the gateway. Finally, a comprehensive analysis on the safety and reliability of the entire scheme is carried out; extensive simulation experiments are conducted to reveal the authentication protocol is efficient and the scheme is feasible.

A critical review of internet of things communication environment: Privacy and security constraints

The recent past has experienced a steady increase in the adoption of Internet of Things (IoT) in a number of areas such as smart cities, smart homes, smart transportation and smart health. Due to the message exchanges among IoT devices over the public internet, the transmitted data is vulnerable to many security and privacy attacks. Therefore, many schemes have been presented over the recent past to address these challenges. However, many security holes still exist in most of the current techniques. It was also noted that the resource limited nature of most IoT devices renders traditional authentication schemes for main-powered systems with high processing power and large memory infeasible and inapplicable. To address this performance issue, numerous lightweight authentication schemes have been put forward. However, this paper discovered numerous security and privacy gaps in these schemes. Based on these shortcomings, recommendations are given towards the end of this paper which are very critical for security enhancements in this pervasive computing environment.

Proposal for Dynamic and Secure Authentication in IoT Architectures Based on SDN

The connectivity of private resources on public infrastructure, user mobility, and the advent of new technologies have added new client and server-side security requirements. Security is the major element of the Internet of Things (IoT) that will certainly reinforce an even greater acceptance of IoT by citizens and companies. Security is critical in this context given the underlying stakes. This paper aims to advance the thinking on authentication of connected objects by proposing an authentication mechanism that meets the needs of IoT systems in terms of security and performance. It is based on SDN (Software-Defined Networking), which refers to a set of advanced technologies that allow for centralized control of network resources. OTP (One-Time Password) is a type of authentication that could be useful in connected object environments and smart cities. This research work extends the principle of OTP and proposes a lightweight authentication method using a new approach to OTP generation that relies on two parameters (Two-Factor Authentication, 2FA) to ensure the security of underlying systems. Subsequently, we leverage the combination of SDN and the 2FA algorithm to propose an adaptive authentication and authorization solution in the IoT network.