ECC based inter-device authentication and authorization scheme using MQTT for IoT networks
Introduction
Digital world has witnessed the wired Internet emerging, with each personal computer getting linked virtually with the advent of the wireless technologies [1]. However, this development is being pre-dominated by the foreseen possibilities of Internet of Things (IoT) devices. IoT is a novel technological paradigm in the telecommunication field which is a collaboration of physical objects, such as smart devices, that are embedded with highly efficient sensors and actuators, finding their applications in smart homes, smart cities, healthcare, and so on. With its great capabilities, IoT is transforming the world of conventional Internet into a smart inter-connected world where each device is proficient to share its information in an intelligent manner [2]. Impact of IoT can be seen from various aspects of potential end users, whether they are private or commercial users.
Undoubtedly, exponential growth of these devices has made a significant change in the economic and social growth of the society. However, major development in the field is facing potential security threats associated with each layer of its framework. These threats are swiftly invading the Internet-enabled devices by transforming into large size attacks. Attack methodologies like botnets have come into pictures that are able to generate powerful Distributed Denial of Service (DDoS) attacks. One of the most prominent example of these attacks is Mirai, which is capable of creating several Gbps of traffic with the help of IoT devices [3]. Surprisingly, this is not the only malware which can target IoT devices. There are several others as well that can compromise these devices easily due to lack of security software installed in these devices, unlike personal computers. Among many reasons, one of the most common reasons is weak passwords. Sometimes the devices have hard-coded credentials or users never change the default credentials stored on the devices.
In order to provide efficient security solutions in terms of privacy, confidentiality, authentication, and integrity, researchers have done significant work in the field of cryptographic techniques. Because of heterogeneity and different constraints, traditional cryptographic techniques cannot be implemented over IoT devices. However, light-weight cryptographic primitives have the potential to provide equivalent or better security than any other traditional technique by utilizing limited resources to perform only a few computations [4].
While dealing with secure IoT infrastructure, authentication and authorization play an imperative role. One-way authentication is unable to provide security for both the communicating parties. Alternative solution to this problem is mutual authentication in which both the parties get authenticated before the actual transmission. Elliptic Curve Cryptography (ECC), which is an asymmetric key cryptographic technique, is appropriate for situations where resources are limited [5]. Different authentication techniques based on ECC have been developed, but some failed to provide mutual authentication [6], [7], some do not support Device-to-Device (D2D) level authentication [8], [9], and some do not support authentication at protocol level [10]. In this regard, we propose a novel inter-device authentication and authorization scheme, based on ECC and Message Queuing Telemetry Transport (MQTT) suitable for resource-constrained IoT networks.
The major contributions of the proposed work are summarized as follows:
- •
We illustrate the efficiency of using MQTT with ECC over MQTT with no encryption methodology.
- •
We implement our proposed scheme on Automated Validation of Internet Security Protocols and Applications (AVISPA) and Access Control Policy Testing (ACPT) tools to ensure its correctness.
- •
We present detailed formal and informal security and performance analysis to show how our scheme is better than some of the other related schemes proposed in the past.
Rest of the paper is structured as follows. Section 2 highlights some of the related work done in the field. Section 3 includes a discussion on the preliminary concepts involved in the development of our scheme including ECC, MQTT, hash functions and underlying policy models. In Section 4, we discuss the working of our proposed scheme in detail along with the underlying entities involved. Section 5 presents the implementation results of the proposed scheme on AVISPA and ACPT tools. Sections 6 and 7 discuss the security and performance aspects, respectively, of the proposed scheme and present a comparison with other related schemes from the past. Finally, Section 8 concludes the paper with future work.
Section snippets
Related work
A number of inter-device authentication mechanisms have been proposed so far based on Kerberos [11], [1], pre-shared keys [12], [13], and public-key certificates [14]. All these schemes have their own advantages and drawbacks with respect to different operational scenarios. For instance, Kerberos based schemes require presence of a central server in the absence of which users cannot log in, thus, is susceptible to DoS attacks. Pre-shared keys based authentication mechanisms are susceptible to
Preliminaries
In this section, we discuss the basic concepts involved in the formulation of our scheme including ECC, MQTT and secure one-way collision-resistant hash function. We also discuss in detail the underlying technologies including Cloud Computing, Fog Computing and Network Function Virtualization (NFV) along with the access control policy determination models UCON and CapBAC.
The proposed scheme
In this section, we discuss our proposed scheme in detail including the system entities involved, system model and mathematical formulation of the scheme.
Implementation and results
In this section, we discuss the preliminary concepts about the tools used for the implementation of our proposed scheme along with the results obtained on them.
Security analysis
In this section, we present the informal and formal security analysis of our proposed scheme including how this scheme deals with different security attacks. In addition, we compare the results of our scheme with other related schemes.
Performance analysis
In this section, we present the performance analysis of the proposed scheme by computing the total cost incurred by the mathematical operations involved in the scheme, the number of terms involved during the communication or messages in transit, along with its comparison with the performance of other related schemes [17], [19], [20], [21]. Table 7 shows the comparison of the computational cost of our scheme with other related schemes.
From Table 7, it can be seen that the number of hash
Conclusion and future scope
IoT provides a platform where physical world objects meet the Internet in order to serve users through various applications. However, these connected devices bring a new dimension of security challenges due to the vulnerabilities associated with them or at different levels of IoT architecture. Authentication and authorization model is one of the solution among the available ones to protect the networking environment. However, the model should be designed by considering the heterogeneity and
References (40)
- et al.
Kerberos based authentication for inter-domain roaming in wireless heterogeneous network
Comput Math Appl
(2010) Automated security protocol analysis with the AVISPA tool
Electron Notes Theor Comput Sci
(2006)- et al.
A capability-based security approach to manage access control in the internet of things
Math Comput Modell
(2013) - et al.
An identity based access control and mutual authentication framework for distributed cloud computing services in IoT environment using smart cards
Procedia Comput Sci
(2018) - et al.
Access control in the Internet of things: big challenges and new opportunities
Comput Netw
(2017) - Gupta BB, & Quamara M. An overview of internet of things (IoT): architectural aspects, challenges, and protocols....
- et al.
Critical analysis of ddos—an emerging security threat over IoT networks
J Commun Inform Netw
(2018) - et al.
IoT-NUMS: evaluating NUMS elliptic curve cryptography for IoT platforms
IEEE Trans Inf Forensics Secur
(2019) - et al.
Anonymity and one-way authentication in key exchange protocols
Des Codes Cryptogr
(2013) A provable one-way authentication key agreement scheme with user anonymity for multi-server environment
KSII Trans Internet Inform Syst
(2015)
A novel user authentication and key agreement protocol for accessing multi-medical server usable in tmis
J Med Syst
Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care
J Med Syst
An identity based encryption using elliptic curve cryptography for secure m2m communication
A Kerberos-based authentication architecture for wireless lans
Simplifying peer-to-peer device authentication using identity-based cryptography
Inter-device mutual authentication and formal verification in M2M environment
J Digit Converg
Mutual authentication scheme in secure internet of things technology for comfortable lifestyle
Sensors
Cited by (70)
Temporal ECDSA: A timestamp and signature mask enabled ECDSA algorithm for IoT client node authentication
2024, Computer CommunicationsInternet of things challenges and future scope for enhanced living environments
2024, Advances in ComputersMQTT and blockchain sharding: An approach to user-controlled data access with improved security and efficiency
2023, Blockchain: Research and ApplicationsEBAKE-SE: A novel ECC-based authenticated key exchange between industrial IoT devices using secure element
2023, Digital Communications and NetworksLDA-2IoT: A level dependent authentication using two factor for IoT paradigm
2023, Computer NetworksA secure three-factor authentication scheme for IoT environments
2022, Journal of Parallel and Distributed ComputingCitation Excerpt :Traditional cryptography methods cannot be used, due to their different limitations, on IoT devices. However, it is possible to utilize lightweight cryptography regarding the limited number of resources existing in IoT [24]. So far, numerous authentication schemes and key agreements have been presented to meet these needs.