The yoking-proof-based authentication protocol for cloud-assisted wearable devices

Along with the development of IoT applications, wearable devices are becoming popular for monitoring user data to provide intelligent service support. The wearable devices confront severe security issues compared with traditional short-range communications. Due to the limitations of computation capabilities and communication resources, it brings more challenges to design security solutions for the resource-constrained wearable devices in IoT applications. In this work, a yoking-proof-based authentication protocol (YPAP) is proposed for cloud-assisted wearable devices. In the YPAP, a physical unclonable function and lightweight cryptographic operators are jointly applied to realize mutual authentication between a smart phone and two wearable devices, and yoking-proofs are established for the cloud server to perform simultaneous verification. Meanwhile, Rubin logic-based security formal analysis is performed to prove that the YPAP has theoretical design correctness. It indicates that the proposed YPAP is flexible for lightweight wearable devices in IoT applications.     

智能燃气系统中的通信加密方法

在信息技术快速发展的今天,物联网技术在各行各业中都得到了广泛的应用,其中对硬件设备信息的采集以及传输是其主要应用,但是数据传输过程中会出现严重的数据安全问题,因此本文提出了一种混合通信加密方法.本文首先从物联网设备角度出发,介绍物联网无线通信技术和CoAP传输协议以及加密方法,然后结合物联网设备资源受限制情况,采用NB-IoT技术,并在智能燃气系统中实现了上述加密方法,实验以及测试比较的结果表明,本方法具有可行性.     

A Multi-Stage Secure IoT Authentication Protocol

The Internet of Things (IoT) is a network of heterogeneous and smart devices that can make decisions without human intervention. It can connect millions of devices across the universe. Their ability to collect information, perform analysis, and even come to meaningful conclusions without human capital intervention matters. Such circumstances require stringent security measures and, in particular, the extent of authentication. Systems applied in the IoT paradigm point out high-interest levels since enormous damage will occur if a malicious, wrongly authenticated device finds its way into the IoT system. This research provides a clear and updated view of the trends in the IoT authentication area. Among the issues covered include a series of authentication protocols that have remained research gaps in various studies. This study applies a comparative evaluation of authentication protocols, including their strengths and weaknesses. Thus, it forms the foundation in the IoT authentication field of study. In that direction, a multi authentication architecture that involves secured means is proposed for protocol authentication. Informal analysis can affect the security of the protocols. Burrows-Abadi-Needham (BAN) logic provides proof of the attainment of mutual authentication. NS3 simulator tool is used to compare the performance of the proposed protocol to verify the formal security offered by the BAN logic.     

A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers

The Internet of Things (IoT) is now a buzzword for Internet connectivity which extends to embedded devices, sensors and other objects connected to the Internet. Rapid development of this technology has led to the usage of various embedded devices in our daily life. However, for resource sharing and communication among these devices, there is a requirement for connecting these embedded devices to a large pool of resources like a cloud. The promising applications of IoT in Government and commercial sectors are possible by integrating cloud servers with these embedded devices. But such an integration of technologies involves security issues like data privacy and authentication of devices whenever information is exchanged between them. Recently, Kalra and Sood proposed an authentication scheme based on elliptic curve cryptography (ECC) for IoT and cloud servers and claimed that their scheme satisfies all security requirements and is immune to various types of attacks. However, in this paper, we show that Kalra and Sood scheme is susceptible to offline password guessing and insider attacks and it does not achieve device anonymity, session key agreement, and mutual authentication. Keeping in view of the shortcomings of Kalra and Sood’s scheme, we have proposed an authentication scheme based on ECC for IoT and cloud servers. In the proposed scheme in this paper, we have formally analyzed the security properties of the designed scheme by the most widely accepted and used Automated Validation of Internet Security Protocols and Applications tool. Security and performance analysis show that when compared with other related schemes, the proposed scheme is more powerful, efficient, and secure with respect to various known attacks.     

Scalable,password-based and threshold authentication for smart homes

Smart homes are a special use-case of the IoT paradigm, which is becoming more and more important in our lives. Although sensors, devices and applications make our daily lives easier, they often collect our sensitive data, which may lead to security problems (e.g., hacked devices, botnets, etc.). In several cases, the appropriate security mechanisms are missing within the devices. Therefore, security measures have become a central topic in the field of IoT. The most essential requirements are secure user–device authentication and confidentiality of transferred sensitive data. Passwords are the most widely used factors in various areas, such as user authentication, key establishment, and also secret sharing. Password-based protocols that are resistant to typical threats, such as offline dictionary, man-in-the-middle and phishing attacks, generate new session keys. The major aim of these solutions is to guarantee high-level security, even if a user applies a single low-entropy human memorable password for all their accounts. We introduce a threshold and password-based, distributed, mutual authenticated key agreement with key confirmation protocol for a smart home environment. The proposed protocol is a scalable and robust scheme, which forces the adversary to corrupt \(l-1\) smart home devices, where l is the threshold, in order to perform an offline dictionary attack. The protocol is designed to achieve password-only setting, and end-to-end security if the chosen IoT devices are also authenticated besides the user. We also provide a security analysis of the protocol in AVISPA. We apply the on-the-fly model checker and the constraint-logic-based attack searcher to perform protocol verification for bounded numbers of sessions. We show that the proposed protocol provides session key secrecy and mutual authentication of the user and the device manager. Since efficiency is a crucial aspect, we implemented our protocol to measure the computation and communication costs and demonstrate that our solution is appropriate and eligible for smart homes.

     

A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography

Internet of things (IoT) has become a new era of communication technology for performing information exchange. With the immense increment of usage of smart devices, IoT services become more accessible. To perform secure transmission of data between IoT network and remote user, mutual authentication, and session key negotiation play a key role. In this research, we have proposed an ECC-based three-factor remote user authentication scheme that runs in the smart device and preserves privacy, and data confidentiality of the communicating user. To support our claim, multiple cryptographic attacks are analyzed and found that the proposed scheme is not vulnerable to those attacks. Finally, the computation and communication overheads of the proposed scheme are compared with other existing protocols to confirm that the proposed scheme is lightweight. A formal security analysis using AVISPA simulation tool has been done that confirms the proposed scheme is robust against relevant security threats.

     

Lightweight and Secure Mutual Authentication Scheme for IoT Devices Using CoAP Protocol

Internet of things enables every real world objects to be seamlessly integrated with traditional internet. Heterogeneous objects of real world are enhanced with capability to communicate, computing capabilities and standards to interoperate with existing network and these entities are resource constrained and vulnerable to various security attacks. Huge number of research works are being carried out to analyze various possible attacks and to propose standards for securing communication between devices in internet of things (IoT). In this article, a robust and lightweight authentication scheme for mutual authentication between client and server using constrained application protocol is proposed. Internet of things enables devices with different characteristics and capabilities to be integrated with internet. These heterogeneous devices should interoperate with each other to accumulate, process and transmit data for facilitating smart services. The growth of IoT applications leads to the rapid growth of IoT devices incorporated to the global network and network traffic over the traditional network. This scheme greatly reduces the authentication overhead between the devices by reducing the packet size of messages, number of messages transmitted and processing overhead on communicating devices. Efficiency of this authentication scheme against attacks such as DoS (denial of service), replay attacks and attacks to exhaust the resources are also examined. Message transmission time reduced upto 50% of using proposed techniques.     

ECCbAS: An ECC based authentication scheme for healthcare IoT systems

Smart technology is a concept for efficiently managing smart things such as vehicles, buildings, home appliances, healthcare systems and others, through the use of networks and the Internet. Smart architecture makes use of technologies such as the Internet of Things (IoT), fog computing, and cloud computing. The Smart Medical System (SMS), which is focused on communication networking and sensor devices, is one of the applications used in this architecture. In a smart medical system, a doctor uses cloud-based applications such as mobile devices, wireless body area networks, and other cloud-based apps to provide online therapy to patients. Consequently, with the advancement and growth of IoT and 6G wireless technology, privacy and security have emerged as two of the world’s most important issues. Recently, Sureshkumar et al. proposed an authentication scheme for medical wireless sensor networks (MWSN) by using an Elliptic Curve Cryptography (ECC) based lightweight authentication protocol and claimed that it provides better security for smart healthcare systems. This paper will demonstrate that this protocol is susceptible to attacks such as traceability, integrity contradiction, and de-synchronization with the complexity of one run of the protocol and a success probability of one. Furthermore, we also propose an ECC based authentication scheme called ECCbAS to address the Sureshkumar et al. protocol’s vulnerabilities and demonstrate its security using a variety of non-formal and formal methods.     

基于区块链的物联网认证机制综述

随着物联网(Internet of Things, IoT)技术的高速发展,各类智能设备数量激增,身份认证成为保障IoT安全的首要需求.区块链作为一种分布式账本技术,提供了去信任的协作环境和安全的数据管理平台,使用区块链技术驱动IoT认证成为学术界和工业界关注的热点.基于云计算和云边协同两种架构分析IoT身份认证机制设计的主要需求,总结区块链技术应用于IoT场景面临的挑战;梳理现有IoT身份认证机制的工作,并将其归结为基于密钥的认证、基于证书的认证和基于身份的认证;分析应用区块链技术的IoT认证工作,并根据认证对象和附加属性对相关文献进行归纳和总结.从形式化和非形式化两个方向总结基于区块链的IoT认证机制的安全性分析方法.最后展望了未来研究方向.     

物联网无线协议安全综述

近些年来,随着物联网的快速发展,其应用场景涵盖智慧家庭、智慧城市、智慧医疗、智慧工业以及智慧农业。相比于传统的以太网,物联网能够将各种传感设备与网络结合起来,实现人、电脑和物体的互联互通。形式多样的物联网协议是实现物联网设备互联互通的关键,物联网协议拥有不同的协议栈,这使得物联网协议往往能表现出不同的特性。目前应用较广的物联网协议有ZigBee、BLE、Wi-Fi、LoRa、RFID等,这些协议能根据自身特性的不同应用在不同领域,比如说LoRa被广泛应用于低功耗广域网、RFID被用于设备识别。然而,由于物联网端设备只拥有受限的计算和存储资源,无法在其上实施完备的安全算法,许多物联网协议会在功耗和安全性之间进行取舍,使得物联网协议的安全性得不到保障。物联网协议的安全性直接关系到物联网系统的安全性,所以有必要对物联网协议的安全性进行分析。本文阐述常见的几种物联网协议所具备的安全能力,包括物联网协议在保护机密性、完整性以及身份认证上所制定的规则。然后从常见的无线协议攻击出发,包括窃听攻击、重放攻击、电池耗尽以及射频干扰,分析了这几种协议在面对这些攻击时的表现。除此之外,我们比较了常见的几种物...     

An efficient steganographic approach for protecting communication in the Internet of Things (IoT) critical infrastructures

ABSTRACT

With the manifestation of the Internet of Things (IoT) and fog computing, the quantity of edge devices is escalating exponentially all over the world, providing better services to the end user with the help of existing and upcoming communication infrastructures. All of these devices are producing and communicating a huge amount of data and control information around this open IoT environment. A large amount of this information contains personal and important information for the user as well as for the organization. The number of attack vectors for malicious users is high due to the openness, distributed nature, and lack of control over the whole IoT environment. For building the IoT as an effective service platform, end users need to trust the system. For this reason, security and privacy of information in the IoT is a great concern in critical infrastructures such as the smart home, smart city, smart healthcare, smart industry, etc. In this article, we propose three information hiding techniques for protecting communication in critical IoT infrastructure with the help of steganography, where RGB images are used as carriers for the information. We hide the information in the deeper layer of the image channels with minimum distortion in the least significant bit (lsb) to be used as indication of data. We analyze our technique both mathematically and experimentally. Mathematically, we show that the adversary cannot predict the actual information by analysis. The proposed approach achieved better imperceptibility and capacity than the various existing techniques along with better resistance to steganalysis attacks such as histogram analysis and RS analysis, as proven experimentally.     

Mutual authentication scheme for smart devices in IoT-enabled smart home systems

The emergence of Internet of Things (IoT) technology has yielded a firm technical basis for the construction of a smart home. A smart home system offers occupants the convenience of remote control and automation of household systems. However, there are also potential security risks associated with smart home technologies. The security of users in a smart home environment is related to their life and possessions. A significant amount of research has been devoted to studying the security risks associated with IoT-enabled smart home systems. The increasing intelligence of devices has led to a trend of independent authentication between devices in smart homes. Therefore, mutual authentication for smart devices is essential in smart home systems. In this paper, a mutual authentication scheme is proposed for smart devices in IoT-enabled smart home systems. Signature updates are provided for each device. In addition, with the assistance of a home gateway, the proposed scheme can enable devices to verify the identity of each other. According to the analysis, the proposed scheme is secure against a forged SD or a semi-trusted HG. The computational cost of the proposed scheme in the simulation is acceptable for the application in smart home systems.     

安全增强的智能电网轻量级匿名认证方案

现有的智能电网身份认证方案大多存在计算成本高和认证流程复杂的问题,不适用于智能电网中资源受限的智能设备。而一些轻量级的方案却存在各种安全漏洞,这些方案都无法在效率和安全性之间实现所需的权衡。针对上述问题,基于椭圆曲线加密算法设计了一个增强的可证明安全的智能电网轻量级匿名认证方案。引入辅助验证器,摆脱在认证阶段对于电力供应商的依赖,在保护智能电表真实身份的条件下实现网关和智能电表之间的相互认证。同时,可以通过伪身份对恶意智能电表进行身份的溯源和撤销。通过在随机预言模型下的安全性分析和仿真工具ProVerif证明了方案具备较高的安全属性。性能分析表明,所提方案能够满足智能电网环境下对于安全性和高效性的要求。     

面向物联网的基于智能合约的认证和授权方案

由于存在单点失效、规模受限等问题,传统中心化的解决方案很难满足物联网的安全需求。针对这种情况,提出一个面向IoT的基于智能合约的访问控制方案。通过引用IoT智能网关作为IoT设备的中心管理节点和公有区块链的全能节点,采用中心化与去中心化相结合、私有区块链和公有区块相结合、本地局部存储和外部公共存储相结合的方法加以实现。该方案实现IoT设备和IoT智能网关的相互认证,并实现用户对IoT设备中资源及存储在数据库中的数据的授权访问,具有去中心化、分布式优点,满足了规模性和安全性要求。     

Fog computing for next-generation Internet of Things: Fundamental,state-of-the-art and research challenges

In recent times, the Internet of Things (IoT) applications, including smart transportation, smart healthcare, smart grid, smart city, etc. generate a large volume of real-time data for decision making. In the past decades, real-time sensory data have been offloaded to centralized cloud servers for data analysis through a reliable communication channel. However, due to the long communication distance between end-users and centralized cloud servers, the chances of increasing network congestion, data loss, latency, and energy consumption are getting significantly higher. To address the challenges mentioned above, fog computing emerges in a distributed environment that extends the computation and storage facilities at the edge of the network. Compared to centralized cloud infrastructure, a distributed fog framework can support delay-sensitive IoT applications with minimum latency and energy consumption while analyzing the data using a set of resource-constraint fog/edge devices. Thus our survey covers the layered IoT architecture, evaluation metrics, and applications aspects of fog computing and its progress in the last four years. Furthermore, the layered architecture of the standard fog framework and different state-of-the-art techniques for utilizing computing resources of fog networks have been covered in this study. Moreover, we included an IoT use case scenario to demonstrate the fog data offloading and resource provisioning example in heterogeneous vehicular fog networks. Finally, we examine various challenges and potential solutions to establish interoperable communication and computation for next-generation IoT applications in fog networks.     

An anonymous authentication and secure data transmission scheme for the Internet of Things based on blockchain

With the widespread use of network infrastructures such as 5G and low-power wide-area networks, a large number of the Internet of Things (IoT) device nodes are connected to the network, generating massive amounts of data. Therefore, it is a great challenge to achieve anonymous authentication of IoT nodes and secure data transmission. At present, blockchain technology is widely used in authentication and s data storage due to its decentralization and immutability. Recently, Fan et al. proposed a secure and efficient blockchain-based IoT authentication and data sharing scheme. We studied it as one of the state-of-the-art protocols and found that this scheme does not consider the resistance to ephemeral secret compromise attacks and the anonymity of IoT nodes. To overcome these security flaws, this paper proposes an enhanced authentication and data transmission scheme, which is verified by formal security proofs and informal security analysis. Furthermore, Scyther is applied to prove the security of the proposed scheme. Moreover, it is demonstrated that the proposed scheme achieves better performance in terms of communication and computational cost compared to other related schemes.     

A steganographic method based on optimized audio embedding technique for secure data communication in the internet of things

The rapid growth of the internet and the internet of things (IoT) refers to the next phase of information revolution whose context involves billions of smart devices and sensors interconnected to facilitate speedy information and data exchange under soft real-time constraints. Digital information revolution has caused significant changes in the data communication. This data communication may require private, secure, and sometimes malicious communication. Competent secrecy can be accomplished by applying novel and inventive audio steganography. This article focuses on the secret message followed by shuffled embedded bit substitution in original audio stream by adopting optimized audio embedding technique (OAET) from the technological observation. To hide the information in the deeper layer of the audio stream, this method uses a new elevated bit range least significant bit (LSB) audio steganography technique that decreases distortion and improves the robustness of the embedded audio stream. The proposed technique proves that the perceptual quality of audio steganography is better than the previous standard LSB technique. Experiment results proved that the cladding of the OAET provides high-level security to the universal cyber data. The interpretation of results shows that embedding data in audio enhances the level of security when used as IoT smart speakers, where the attackers could not distinguish between the original audio and the embedded audio streams.     

Cyber Secure Framework for Smart Containers Based on Novel Hybrid DTLS Protocol

The Internet of Things (IoTs) is apace growing, billions of IoT devices are connected to the Internet which communicate and exchange data among each other. Applications of IoT can be found in many fields of engineering and sciences such as healthcare, traffic, agriculture, oil and gas industries, and logistics. In logistics, the products which are to be transported may be sensitive and perishable, and require controlled environment. Most of the commercially available logistic containers are not integrated with IoT devices to provide controlled environment parameters inside the container and to transmit data to a remote server. This necessitates the need for designing and fabricating IoT based smart containers. Due to constrained nature of IoT devices, these are prone to different cyber security attacks such as Denial of Service (DoS), Man in Middle (MITM) and Replay. Therefore, designing efficient cyber security framework are required for smart container. The Datagram Transport Layer Security (DTLS) Protocol has emerged as the de facto standard for securing communication in IoT devices. However, it is unable to minimize cyber security attacks such as Denial of Service and Distributed Denial of Service (DDoS) during the handshake process. The main contribution of this paper is to design a cyber secure framework by implementing novel hybrid DTLS protocol in smart container which can efficiently minimize the effects of cyber attacks during handshake process. The performance of our proposed framework is evaluated in terms of energy efficiency, handshake time, throughput and packet delivery ratio. Moreover, the proposed framework is tested in IoT based smart containers. The proposed framework decreases handshake time more than 9% and saves 11% of energy efficiency for transmission in compare of the standard DTLS, while increases packet delivery ratio and throughput by 83% and 87% respectively.     

SINGLETON: A lightweight and secure end-to-end encryption protocol for the sensor networks in the Internet of Things based on cryptographic ratchets

For many systems, safe connectivity is an important requirement, even if the transmitting machines are resource-constrained. The advent of the Internet of Things (IoT) has also increased the demand for low-power devices capable of connecting with each other or sending data to a central processing site. The IoT allows many applications in a smart environment, such as outdoor activity control, smart energy, infrastructure management, environmental sensing, or cyber-security issues. Security in such situations remains an open challenge because of the resource-constrained design of sensors and objects, or the multi-purpose adversaries may target the process during the life cycle of a smart sensor. This paper discusses widely used protocols that provide safe communications for various applications in IoT and also different attacks are defined. In this paper, to protect the IoT objects and sensors, we propose a comprehensive and lightweight security protocol based on Cryptographic Ratchets. That is, an encrypted messaging protocol using the Double Ratchet Algorithm is defined which we call Singleton, and the implementation of protocol is tested and compared to the implementation of the IoT standard protocols and a post-quantum version of the protocol. Various cryptographic primitives are also evaluated, and their suitability for use in the protocol is tested. The results show that the protocol as the building stone not only enables efficient resource-wise protocols and architectures but also provides advanced and scalable IoT sensors. Our design and analysis demonstrate that Singleton security architecture can be easily integrated into existing network protocols such as IEEE 802.15.4 or OMA LWM2M, which offers several benefits that existing approaches cannot offer both performance and important security services. For chat applications such as WhatsApp, Skype, Facebook Private Messenger, Google Allo, and Signal, a cryptographic ratchet-based protocol provides end-to-end encryption, forward secrecy, backward secrecy, authentication, and deniability.

     

边缘计算环境下基于区块链的跨域认证与密钥协商协议

身份认证与密钥协商是接入物联网首先要考虑的安全问题.传统的物联网身份认证是基于"云中心-终端设备"的认证架构.而随着边缘计算技术的引入,认证架构转变为"边缘设备-终端设备"的架构,传统的认证方式不再适用.此外,物联网中存在多个通信域,不同域中的设备之间需要进行跨域间认证与密钥协商.针对以上问题,本文设计了边缘计算环境下...