Abstract
Robust authentication of Internet of Things (IoT) is a difficult problem due to the fact that quite often IoT nodes are resource-constrained and lack the storage and compute capability required by conventional security mechanisms. We propose, in the current paper, a new lightweight multi-factor authentication scheme for IoT nodes that combines temporary identities and challenge/response based on transactions history. The approach allows IoT nodes to anonymously and mutually authenticate in an unlinkable manner. We evaluate the efficiency of the proposed scheme, and establish the security of our protocol through informal security analysis and formally by using the automated validation of Internet security protocols and applications (AVISPA) toolkit.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alshahrani, M., Traore, I.: Secure mutual authentication and automated access control for IoT smart home using cumulative keyed-hash chain. J. Inf. Secur. Appl. 45, 156–175 (2019). https://doi.org/10.1016/j.jisa.2019.02.003
Armando, A., et al.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005). https://doi.org/10.1007/11513988_27
Ashibani, Y., Kauling, D., Mahmoud, Q.H.: A context-aware authentication service for smart homes. In: 14th IEEE Annual Consumer Communications & Networking Conference (CCNC), pp. 588–589. IEEE, January 2017
Barbareschi, M., Bagnasco, P., Mazzeo, A.: Authenticating IOT devices with physically unclonable functions models. In: 10th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), pp. 563–567. IEEE, November 2015
Bonomi, F., Milito, R., Zhu, J., Addepalli, S.: Fog computing and its role in the Internet of Things. In: Proceedings of the First Edition of the MCC Workshop on Mobile Cloud Computing, pp. 13–16. ACM, August 2012
Chu, F., Zhang, R., Ni, R., Dai, W.: An improved identity authentication scheme for Internet of Things in heterogeneous networking environments. In: 16th International Conference on Network-Based Information Systems (NBiS), pp. 589–593. IEEE, September 2013
Desai, D., Upadhyay, H.: Security and privacy consideration for Internet of Things in smart home environments. Int. J. Eng. Res. Dev. 10(11), 73–83 (2014)
Dorri, A., Kanhere, S.S., Jurdak, R., Gauravaram, P.: Blockchain for IoT security and privacy: the case study of a smart home. In: 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 618–623. IEEE, March 2017
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)
Hayashi, E., Das, S., Amini, S., Hong, J., Oakley, I.: CASA: context-aware scalable authentication. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, p. 3. ACM, July 2013
Kalamandeen, A., Scannell, A., de Lara, E., Sheth, A., LaMarca, A.: Ensemble: cooperative proximity-based authentication. In: Proceedings of the 8th International Conference on Mobile Systems, Applications, and Services, pp. 331–344. ACM, June 2010
Moosavi, S.R., et al.: SEA: a secure and efficient authentication and authorization architecture for IoT-based healthcare using smart gateways. Procedia Comput. Sci. 52, 452–459 (2015)
Park, G., Kim, B., Jun, M.: A design of secure authentication method using zero knowledge proof in smart-home environment. In: Park, J.J.J.H., Pan, Y., Yi, G., Loia, V. (eds.) CSA/CUTE/UCAWSN-2016. LNEE, vol. 421, pp. 215–220. Springer, Singapore (2017). https://doi.org/10.1007/978-981-10-3023-9_35
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Alshahrani, M., Traore, I., Saad, S. (2020). Lightweight IoT Mutual Authentication Scheme Based on Transient Identities and Transactions History. In: Benzekri, A., Barbeau, M., Gong, G., Laborde, R., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2019. Lecture Notes in Computer Science(), vol 12056. Springer, Cham. https://doi.org/10.1007/978-3-030-45371-8_27
Download citation
DOI: https://doi.org/10.1007/978-3-030-45371-8_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-45370-1
Online ISBN: 978-3-030-45371-8
eBook Packages: Computer ScienceComputer Science (R0)