Authentication Issues In Various Devices In Iot Systems

The advent of Internet of Things (IoT) has not only created a huge impact in the day to day lives of human beings, but also embarked in various applications such as smart cities, connected vehicles, healthcare equipment, smart grids and so on. Due to its ability to connect network devices by means of wireless infrastructure and share data through the Internet, it reduced the human intervention and control to a great extent. Even though IoT system provides greater convenience, greater efficiency and has drawn-out its abilities in numerous other fields and applications, security and privacy issues are to be addressed critically. In this paper, we focus mainly on authentication issues in various devices in IoT systems. The State-Of-Art segment includes the solutions for the issues so as to eliminate the risks on the user’s privacy and security necessities.

Introduction

The Internet of Things (IoT)has massively transformed the paradigm of global connectivity and created a New Industrial Revolution worldwide. The extra ordinary advancement in technology not only benefits Man to Man, but also raises the productivity of businesses and other industries to a great extent.With the advent of IoT, it helps to connect people from everywhere and inculcate global awareness of our world of what is happening and what’s not happening around. Since communication occur via Machine to Machine (M2M), it is deployed in various fields such as home, industries, hospitals, equipment and so.

Adopting IoT in industrial sectors was mainly to improve their existing systems. One of the major industries which utilize IoT is manufacturing industry. Sensors are attached to the devices to gather information from customers and this can be used to help the users for the maintenance of the resources. In case of medical industries, the use of IoT is dealt with the equipment or tools. Doctors can examine the patients more closely and provide medications based on the gathered information. IoT has stepped its foot on the transportation industry as well where it helps to control traffics, track accidents and also share the information with other city traffic systems to attain a smart way to manage the real time traffic. Other than the mentioned sectors IoT has made its mark in Oil & Gas industry, Hospitality, Finance sectors and it revamps the business industries by improving resource utilization, minimizing human intervention and improves productivity.

Due to the high level of diverseness and collaboration of data exchanges, the system is expected to have threats in the Internet, which is the main component responsible for the interaction between humans, industries and other sectors. One of the main challenges faced by the present IoT system is Security. As many IoT devices are being deployed, the security of the overall system is to be assured. One of the major challenge faced by IoT in the field of security includes, Secure communication; where the data transmitted over the network must be secured so as to avoid data loss and maintain confidentiality. Data Authentication is yet another challenge faced, where security is compromised if no proper authentication is done. Some of the other threats in the IoT security are Compatibility between the devices, trust issues, hardware testing issues such as device range, memory capacity and so on. Hence, it is high time that the security of IoT has to be addressed and measures are to be taken to provide solutions for the different issues so as to ensure proper networking of data and prevent cyber-attacks.

In this paper, the Section II deals how the overall IoT systems work for solving the authentication issues in IoT devices and the various components which contribute for the functioning of the system. In Section III, authentication problems are elaborated regarding the security issues in IoT with possible solutions and the designs adopted for the same. In Section III, the future researches in the field of Security in IoT are discussed, in order to solve the very critical security issues.

Security is an acute challenge faced by IoT in the present years. One of the major security issues which affect the overall security of the IoT systems is Authentication. Since these wireless devices possess confidential data, it must be secured from unauthorized access by all means. This section details the system models in which the protocols or schemes are implemented to ensure proper authentication for the various applications in IoT systems.

In paper a two party distributed authentication protocol based on identity signature scheme is proposed. This protocol is applicable in a smart home system where there are many devices connected to a central hub. The system consists of user and devices such as mobile phones or tablets. The user can control the IoT devices using the mobile phone applications or tablets.

Also a device authentication protocol is discussed which influences Frequency Response (FR) of acoustic hardware (Microphone/Speaker) fingerprint to authenticate the other device. So, the system consists of two wireless devices which are in need to authenticate each other. This scheme can be applied in numerous scenarios like connected vehicles communication, smart home systems, mobile social networking and so on.

A Multi server architecture model for mobile applications is proposed in some researches, where the main entities in the system are user, server and a Registration Centre (RC). The RC helps the user and the server to authenticate each other in an efficient manner. This scheme is applicable in driverless electric vehicles in vehicular adhoc networks (VANET).

State-of-the-art

Authentication techniques ensure the authenticity of each host in a particular network and it is responsible to restrain network attacks and other illegal intrusions. In this section, the various authentication techniques used in various IoT applications are discussed.

First Scheme

The main aim of the paper was to produce a two party distributed signing protocol which is secure and practical in a wireless network. In a home automation system, there exist a central controller and the user private key is stored in a mobile application to control the equipment. If the device is lost then others can access user’s private key. To eradicate this problem, the private key is distributed among two IoT devices so that even if one of the devices is lost or attacked my malicious software, the adversary cannot track the private key entirely. The protocol produces a valid signature, without the help of the private key.

An identity based scheme for proper authentication is proposed for Mobile IoT devices, using the IEEE P1363 standard. This IEEE standard issues standard specifications for public key cryptography by means of IEEE standard documents. To ensure utmost security, a secure two party distributed signing protocol based on identity signature scheme is proposed for the first time. The scheme works in two phases. In Distributed key generation phase, Key Generator Centre (KGC) algorithms are processed where it distributes a private key to both the communication devices. Both the devices store the keys and public parameters. In Distributed Signature Generation Phase, device encrypts using the public key possessed earlier, and after the encryption it computes the signature. Zero knowledge proof method is adopted in order to ensure that the two devices communicate in a correct manner. Various equations are stated to prove the correctness of the proposed method. This scheme was implemented in MIRACL software development kit on two personal computers and Android devices.

The results indicate that the implemented protocol shows good performance in the wireless environment.

Second Scheme

One of the major device authentication methods is to check the identity of the IoT devices. Identity based attacks such as data modification; MAC address spoofing and so on causes the authentication issues in IoT system. Cryptographic systems are one of the conventional solutions to eradicate this issue but it has major shortcomings as well. Thus, this paper put forwards a wireless device authentication protocol leveraging acoustic hardware such as speaker/microphone fingerprints. Here, authentication protocol uses the frequency response of the human speech between the speaker/microphone as their identification fingerprint. The proposed scheme provides secure communication and minimum requirement of hardware

.In this paper a light weight device authentication protocol named Speaker to Microphone (S2M) is proposed for wireless IoT devices. The systems works by matching the fingerprints formulated in the learning process with that of the verification process. The two processes included in the working of the system are:

A. Learning process: this process gathers the various fingerprint samples from legitimate sources such as wireless communication and stores them. This process consists of three stages such as:

  1. Audio Handshake phase: this occurs by audio data transmission to achieve identity interaction between the users.
  2. Mixed signals generation Phase: The user sends few audio signals using mixed frequency technology, which propagates multiple audio signals comprising many frequency components to ensure high resolution fingerprint.
  3. Feature Extraction and Storage Phase: By means of the mixed audio signals the user converts the signals from time domain to frequency domain by Fourier Transform and extracts the fingerprints and sends to the other user.

Verification Process: This process is also consists of three stages which are

  1. Audio Handshake phase
  2. Mixed signals generation Phase which follows the same procedures in learning processes.
  3. Feature Extraction and Matching Algorithm Phase the fingerprints achieved in the learning process and the verification process are checked and if it matches, then authentication is successful.
  4. B. Fingerprints Matching: Two Matching algorithms (MA) are proposed for low energy consumption in wireless devices which are correlation coefficient MA (C-MA) and D-MA. In the first method, the algorithm is not able to distinguish the fingerprint of the legitimate sender and attacker. In D-MA, the two fingerprints calculated are taken compared with deviation threshold. The absolute values must be less than the deviation threshold.

The protocol was implemented in actual mobile phones ZTE N880 and HTC T328d in various scenarios as it was found that the scheme achieves lower false acceptance rate and higher security.

Third Scheme

To solve the privacy and security problem in mobile IoT, various authentication protocols were considered. Even though the protocols were implemented, the identity of the user could be tracked and adversary could attack with service requests for malicious attacks on the users’. Hence, anonymous authentication protocols (AUA) were designed to overcome this issue. Many AUA protocols were implemented on IoT systems, but it had drawbacks such as high communication costs, low password protection, denial of service attacks and so on. So, to eradicate the mentioned drawbacks in the AUA protocols, an Efficient Anonymous User Authentication (E-AUA) protocol is proposed in this paper for Mobile IoT applications.

The main aim of the proposed method is to provide IoT security and improve the users’ privacy. Here, only two rounds of exchange of messages are taken place and also the Registration Centre (RC) need not be online every time. The protocol system works in 6 stages.

  1. Parameters generation: The RC will generate two system private keys and thirteen system public parameters.
  2. User registration: To communicate the user will have to register in RC to inform its identity and in turn receives a private key through the secure communication channel which avoids overhearing by other devices.
  3. Server Registration: In this stage the Server also registers its identity to RC and in turn receives a private key through the channel to avoid overhearing.
  4. Offline pre-calculation: The user does few calculations offline, just in case if the server identity is not known and prepares for the online login and Authentication stage. The calculated results are intermediate values and are stored in smart gateway to limit the computational costs.
  5. Online Login and Authentication: In this stage the user and server communicate in a mutual manner by logging into the server. The user checks its id and password entered are true with the help of smart gateway, whereas the server also checks the user’s identity once it is received within a certain time period. Then the server reverts to user with a message and shared session key. The user checks the message and computes the shared session key. If the values do not satisfy in the user’s equation, the session is ended.
  6. Password Change: In this stage, the password of the user used is replaced with a new password. The mentioned stages ensure high security while communication in Mobile devices. The correctness of the proposed E-AUA protocol is ensures by means of two equations.

The protocol can be implemented in driverless electric vehicles in VANETs since it can solve the slow authentication problems and also it reduces network congestion cause by many VANETs service requests. The computation and communication costs of the E-AUA and other AUA protocols were compared and it was evident that the E-AUA protocol costs are lower. Also the protocol resists security attacks and denial of service attacks as well.

03 December 2019
close
Your Email

By clicking “Send”, you agree to our Terms of service and  Privacy statement. We will occasionally send you account related emails.

close thanks-icon
Thanks!

Your essay sample has been sent.

Order now
exit-popup-close
exit-popup-image
Still can’t find what you need?

Order custom paper and save your time
for priority classes!

Order paper now