Hierarchical architecture and protocol for mobile object authentication in the context of IoT smart cities

Abstract

The deployment of smart technologies such as smart meters, smart phones, and smart chips has facilitated the development of smart cities. Smart cities include different smart systems such as smart homes, smart grids, etc. These smart systems should be connected together along with huge number of smart objects in the world largest network known as the Internet of Things (IoT). Trusted communication between an IoT object, which could be any device, and smart systems is an essential objective for the security over the IoT. This can be supported by authentication enforcers which, with the large number of connected objects in the IoT, should impose efficient and scalable mobile object authentication solutions. In this paper, a four-layer architecture for mobile object authentication in the context of IoT smart cities is proposed. This architecture is designed to address different IoT challenges such as scalability, mobility, and heterogeneity. Moreover, the architecture is supported by the applicability of a proposed hierarchical elliptic curve identity based signature authentication protocol. The proposed architecture and the proposed authentication protocol have been compared with other related works proposed in the literature. Various design goals of IoT in smart cities have been considered in the comparison along with the computation cost on both the sender and the receiver entities. Results show that the proposed architecture supports more design goals of IoT in smart city than its rival architectures and the proposed authentication protocol has lower computation cost than the other related protocols.

Introduction

Recently, the deployment and development of smart cities have influenced human lifestyle to be moved toward smartness and intelligence (Almobaideen et al., 2017). Smart cities are built by the integration of several smart systems and technologies, such as smart sensor networks, smart meters, smart grids, smart homes, and smart vehicular networks. The connectivity between different smart cities' components is facilitated by the recent deployment of the Internet of Things (IoT) that is considered to be the largest network connecting billions of heterogeneous objects, smart systems, and heterogeneous networks (Cardone et al., 2013; Khan et al., 2012; M. Saadeh et al., 2016; Aloi et al., 2017).

Several studies have been conducted in order to assess the impact of smart cities and technologies on future societies (Almobaideen et al., 2016; Almobaideen et al., 2015). This broad connectivity facilitates data sharing and resource accessing among IoT connected objects. IoT smart mobile objects, such as humans with smartphone, move freely from one smart system to another inside a smart city with the need to gain access to different resources. However, this increases the difficulty of managing IoT objects and introduces the challenge of illegitimate access which makes IoT objects vulnerable to physical threats (Liu et al., 2017). In order to manage trusted communication between IoT smart systems and objects, efficient authentication schemes should be used (M. Saadeh et al., 2016; Liu et al., 2017; Singh et al., 2015). Designing efficient authentication schemes faces many challenges such as scalability, mobility, heterogeneity, and limited capabilities of many IoT objects. These challenges are risen because of the diverse and heterogeneous nature of numerous IoT objects (Hussain, 2017).

Scalability is affected by the overhead of managing huge number of IoT objects. This could negatively influence the performance of authentication schemes, unless scalable solutions are developed (Hussain, 2017). Moreover, mobility of IoT objects is another factor to be considered due to the dynamic nature of some IoT mobile objects. Such objects are free to move from one smart system or location inside a smart city to another while being able to access various resources. Smart systems that are connected to IoT are autonomous regarding their local policies and procedures and heterogeneous regarding their devices, networks, and domains. Consequently, heterogeneity should be considered while designing authentication solutions (Alaa et al., 2017). Another important factor to be considered is the limited capabilities of many IoT objects, referred to as IoT constrained devices, such as sensors, actuators, embedded chips, etc. These devices should be supported by the design of lightweight and efficient authentication solutions that does not require complex computations and large memory space (Hussain, 2017; Granjal et al., 2015).

In this paper a new architecture for mobile object authentication in the context of IoT smart cities is proposed. The proposed architecture presents an extension to IoT three-layer architecture (Zhang et al., 2012; Zheng et al., 2012; Ma et al., 2013). It adds a fourth layer between the network and the application layers in order to manage the storage, protocols mapping, and object mobility services. The design goals for the proposed four-layer architecture are related to the following challenges of object authentication:

• Scalability of IoT with large number of objects which are all connected together.

• Heterogeneity of the various objects, networks, and domains that already exist or expected to exist in the future.

• Mobility of some objects that creates dynamic network topologies by allowing these objects to move between different networks while they still need to be authenticated in order to access resources that exist in these networks. This feature is of special importance since it could be the most difficult to satisfy and intensifies the difficulty of dealing with the other features.

• Limited capabilities, such as storage and processing capabilities, of IoT constrained devices (Alaa et al., 2017). Accordingly, the proposed architecture must allow for authentication solutions that are lightweight, efficient, and require less computation cost and space than traditional solutions do.

The proposed architecture has been compared with other related architectures that exist in the literature according to the above mentioned design goals. Moreover, the applicability of the proposed architecture has been supported by a mobile object authentication protocol which is a modified version of the authentication protocol that has been proposed in (M. Saadeh et al., 2018). The authentication protocol is based on elliptic curve Identity Based Signature (IBS).

IBS is an asymmetric key based approach in which object's identity is used to generate signing and verification keys (Shamir, 1984). The main advantage of IBS over traditional public key cryptography digital signature is that certificate management process is eliminated which reduces the overhead on IoT constrained devices (Girish and Phaneendra, 2014). The main entity in IBS based schemes is the Private Key Generator (PKG) which is responsible for generating objects' private keys based on their identities (Yan et al., 2009). The applicability of the authentication protocol over the proposed architecture is verified formally using Burrows, Abadi, and Needham (BAN) logic (Burrows et al., 1990) and the computation cost of the authentication process is evaluated.

The rest of this paper is organized as follows. Section 2 discusses and summarizes the state-of-the art IoT architectures proposed in the literature. In section 3, the main layers and components of the proposed architecture are discussed. Section 4 discusses the modified object authentication protocol and how it is applied over the proposed architecture. A comparison between the proposed architecture with other related authentication architectures is presented and discussed in Section 5. Finally, Section 6 concludes this paper.