research-article

HessianAuth: An ECC-based Distributed and Efficient Authentication Mechanism for 6LoWPAN Networked IoT Devices

Authors:

Nirnay GhoshAuthors Info & Claims

ICDCN '23: Proceedings of the 24th International Conference on Distributed Computing and Networking

Pages 227 - 236

https://doi.org/10.1145/3571306.3571407

Published: 04 January 2023 Publication History

Abstract

Internet of Things (IoT) constitutes an ecosystem of networked resource-constrained devices that mandates light-weighted security solutions. In most IoT applications, co-located and proximal devices are connected in 6LoWPAN networks and use the IEEE 802.15 standard for local interactions via device-to-device (D2D) communication. The resource-limited 6LoWPAN networked devices need an efficient authentication mechanism to validate requesters’ identities such that less resources and time are required. In this paper, we propose a novel Elliptic Curve Cryptography (ECC)-based distributed authentication scheme called HessianAuth to achieve efficiencies in resource usage and latency as well as security. We simulated a 6LoWPAN network to support a D2D communication scenario and implemented the proposed authentication mechanism using the Cooja network simulator. We have considered AES-CBC and standard Weierstrass curve-based ECC as the benchmarks and carried out performance analysis with respect to CPU cycles and delay. Further, we carry out a security analysis of HessianAuth using a state-of-the-art tool called AVISPA and demonstrate that the former is secure against man-in-the-middle and replay attacks.

References

[1]

Mishall Al-Zubaidie, Zhongwei Zhang, and Ji Zhang. 2019. Efficient and secure ECDSA algorithm and its applications: a survey. arXiv preprint arXiv:1902.10313(2019).

[2]

A. Armando, D. Basin, Y. Boichut, Y. Chevalier, L. Compagna, J. Cuellar, P. Hankes Drielsma, P. C. Heám, O. Kouchnarenko, J. Mantovani, S. Mödersheim, D. von Oheimb, M. Rusinowitch, J. Santiago, M. Turuani, L. Viganò, and L. Vigneron. 2005. The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications. In Computer Aided Verification, Kousha Etessami and Sriram K. Rajamani (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 281–285.

[3]

Sobhanbabu Badugu. 2017. Role of COOJA Simulator in IoT. International Journal of Emerging Trends & Technology in Computer Science 6 (04 2017), 139.

[4]

Johannes Bauer, Ralf C Staudemeyer, Henrich C Pöhls, and Alexandros Fragkiadakis. 2016. ECDSA on things: IoT integrity protection in practise. In International conference on information and communications security. Springer, 3–17.

Digital Library

[5]

Jorge Bernal Bernabe, Jose L Hernandez-Ramos, and Antonio F Skarmeta Gomez. 2017. Holistic Privacy-Preserving Identity Management System for the Internet of Things.Mobile Information Systems(2017).

[6]

Jorge Bernal Bernabe, Jose Luis Hernandez Ramos, and Antonio F Skarmeta Gomez. 2016. TACIoT: multidimensional trust-aware access control system for the Internet of Things. Soft Computing 20, 5 (2016), 1763–1779.

Digital Library

[7]

Bawna Bhat, Abdul Wahid Ali, and Apurva Gupta. 2015. DES and AES performance evaluation. In International Conference on Computing, Communication & Automation. IEEE, 887–890.

[8]

Hemin Nilesh Dalal, Nisarg V Soni, and Abdul Razaque. 2016. Header encryption of IEEE802.15.4. In 2016 IEEE Long Island Systems, Applications and Technology Conference (LISAT). 1–6. https://doi.org/10.1109/LISAT.2016.7494140

[9]

D Eastlake 3rd and Paul Jones. 2001. Rfc3174: Us secure hash algorithm 1 (sha1).

[10]

Panu Hamalainen, Timo Alho, Marko Hannikainen, and Timo D Hamalainen. 2006. Design and implementation of low-area and low-power AES encryption hardware core. In 9th EUROMICRO conference on digital system design (DSD’06). IEEE, 577–583.

Digital Library

[11]

Jose L Hernandez-Ramos, Marcin Piotr Pawlowski, Antonio J Jara, Antonio F Skarmeta, and Latif Ladid. 2015. Toward a lightweight authentication and authorization framework for smart objects. IEEE Journal on Selected Areas in Communications 33, 4(2015), 690–702.

Digital Library

[12]

Hassen Redwan Hussen, Gebere Akele Tizazu, Miao Ting, Taekkyeun Lee, Youngjun Choi, and Ki-Hyung Kim. 2013. SAKES: Secure authentication and key establishment scheme for M2M communication in the IP-based wireless sensor network (6L0WPAN). In 2013 Fifth international conference on ubiquitous and future networks (ICUFN). IEEE, 246–251.

[13]

T Kivinen and P Kinney. 2017. IEEE 802.15. 4 Information Element for the IETF. Technical Report.

[14]

Neal Koblitz. 1987. Elliptic curve cryptosystems. Mathematics of computation 48, 177 (1987), 203–209.

[15]

Ritika Raj Krishna, Aanchal Priyadarshini, Amitkumar V Jha, Bhargav Appasani, Avireni Srinivasulu, and Nicu Bizon. 2021. State-of-the-art review on IoT threats and attacks: Taxonomy, challenges and solutions. Sustainability 13, 16 (2021), 9463.

[16]

Nallapaneni Manoj Kumar and Pradeep Kumar Mallick. 2018. The Internet of Things: Insights into the building blocks, component interactions, and architecture layers. Procedia computer science 132 (2018), 109–117.

[17]

Fatma Mallouli, Aya Hellal, Nahla Sharief Saeed, and Fatimah Abdulraheem Alzahrani. 2019. A survey on cryptography: comparative study between RSA vs ECC Algorithms, and RSA vs El-Gamal algorithms. In 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). IEEE, 173–176.

[18]

Jayashree Mohanty, Sushree Mishra, Sibani Patra, Bibudhendu Pati, and Chhabi Rani Panigrahi. 2021. IoT security, challenges, and solutions: a review. Progress in Advanced Computing and Intelligent Engineering (2021), 493–504.

[19]

Manorama Mohapatro and Itu Snigdh. 2021. An Experimental Study of Distributed Denial of Service and Sink Hole Attacks on IoT based Healthcare Applications. Wireless Personal Communications 121, 1 (2021), 707–724.

Digital Library

[20]

Fahad Bin Muhaya, Qasem Abu Al-Haija, and Lo’ai A Tawalbeh. 2010. Applying hessian curves in parallel to improve elliptic curve scalar multiplication hardware. (2010).

[21]

Geoff Mulligan. 2007. The 6LoWPAN architecture. In Proceedings of the 4th workshop on Embedded networked sensors. 78–82.

Digital Library

[22]

Renzo E Navas, Hélène Le Bouder, Nora Cuppens, Frédéric Cuppens, and Georgios Z Papadopoulos. 2018. Do not trust your neighbors! A small IoT platform illustrating a man-in-the-middle attack. In International conference on ad-hoc networks and wireless. Springer, 120–125.

[23]

Yue Qiu and Maode Ma. 2016. A mutual authentication and key establishment scheme for M2M communication in 6LoWPAN networks. IEEE transactions on industrial informatics 12, 6 (2016), 2074–2085.

[24]

Phillip Rogaway and David Wagner. 2003. A critique of CCM. Cryptology ePrint Archive(2003).

[25]

Zach Shelby, Klaus Hartke, and Carsten Bormann. 2014. The Constrained Application Protocol (CoAP). RFC 7252. https://doi.org/10.17487/RFC7252

Digital Library

[26]

Nigel P Smart. 2001. The Hessian form of an elliptic curve. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 118–125.

[27]

Tom St Denis and Greg Rose. 2006. Chapter 9 - Number Theoretic Algorithms. In BigNum Math, Tom St Denis and Greg Rose (Eds.). Syngress, Burlington, 255–288. https://doi.org/10.1016/B978-159749112-9/50010-1

[28]

Abbas Shah Syed, Daniel Sierra-Sosa, Anup Kumar, and Adel Elmaghraby. 2021. IoT in smart cities: a survey of technologies, practices and challenges. Smart Cities 4, 2 (2021), 429–475.

[29]

Jonathan Tournier, François Lesueur, Frédéric Le Mouël, Laurent Guyon, and Hicham Ben-Hassine. 2021. A survey of IoT protocols and their security issues through the lens of a generic IoT stack. Internet of Things 16(2021), 100264.

[30]

M Vaidehi and B Justus Rabi. 2014. Design and analysis of AES-CBC mode for high security applications. In Second International Conference on Current Trends In Engineering and Technology-ICCTET 2014. IEEE, 499–502.

[31]

David Von Oheimb. 2005. The high-level protocol specification language HLPSL developed in the EU project AVISPA. In Proceedings of APPSEM 2005 workshop. APPSEM’05, Tallinn, Estonia, 1–17.

[32]

Mališa Vucinic, Göran Selander, and John Preuß Mattsson. 2021. Lightweight Authenticated Key Exchange with EDHOC: Design Overview. Technical Report hal-03434293.

Cited By

Khan AKumar VPrasad RIdrisi M(2024)SGAK: A Robust ECC-Based Authenticated Key Exchange Protocol for Smart Grid NetworksIEEE Access10.1109/ACCESS.2024.343453212(195745-195759)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3434532
Gautam DKanwar SPrajapat SKumar PChen C(2024)A robust ECC based authentication protocol for satellite-to-satellite communication networkTelecommunication Systems10.1007/s11235-024-01199-287:3(541-559)Online publication date: 15-Jul-2024
https://doi.org/10.1007/s11235-024-01199-2
Shahidinejad AAbawajy J(2023)Decentralized Lattice-Based Device-to-Device Authentication for the Edge-Enabled IoTIEEE Systems Journal10.1109/JSYST.2023.3319280(1-11)Online publication date: 2023
https://doi.org/10.1109/JSYST.2023.3319280

Index terms have been assigned to the content through auto-classification.

Recommendations

Assessment of Routing Attacks and Mitigation Techniques with RPL Control Messages: A Survey
Routing Protocol for Low-Power and Lossy Networks (RPL) is a standard routing protocol for the Low Power and Lossy Networks (LLNs). It is a part of the IPv6 over Low-Power Wireless Personal Area Network (6LoWPAN) protocol stack. Features such as energy-...
Lightweight Multi-party Authentication and Key Agreement Protocol in IoT-based E-Healthcare Service
Internet of Things (IoT) is playing a promising role in e-healthcare applications in the recent decades; nevertheless, security is one of the crucial challenges in the current field of study. Many healthcare devices (for instance, a sensor-augmented ...
A Survey of Blockchain Consensus Protocols
Blockchain consensus protocols have been a focus of attention since the advent of Bitcoin. Although classic distributed consensus algorithms made significant contributions to the development of blockchain consensus protocols, there are still many issues ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICDCN '23: Proceedings of the 24th International Conference on Distributed Computing and Networking

January 2023

461 pages

ISBN:9781450397964

DOI:10.1145/3571306

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 January 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

DST-SERB, Govt. of India

Conference

ICDCN 2023

ICDCN 2023: 24th International Conference on Distributed Computing and Networking

January 4 - 7, 2023

Kharagpur, India

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
98
Total Downloads

Downloads (Last 12 months)23
Downloads (Last 6 weeks)3

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Khan AKumar VPrasad RIdrisi M(2024)SGAK: A Robust ECC-Based Authenticated Key Exchange Protocol for Smart Grid NetworksIEEE Access10.1109/ACCESS.2024.343453212(195745-195759)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3434532
Gautam DKanwar SPrajapat SKumar PChen C(2024)A robust ECC based authentication protocol for satellite-to-satellite communication networkTelecommunication Systems10.1007/s11235-024-01199-287:3(541-559)Online publication date: 15-Jul-2024
https://doi.org/10.1007/s11235-024-01199-2
Shahidinejad AAbawajy J(2023)Decentralized Lattice-Based Device-to-Device Authentication for the Edge-Enabled IoTIEEE Systems Journal10.1109/JSYST.2023.3319280(1-11)Online publication date: 2023
https://doi.org/10.1109/JSYST.2023.3319280

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Table of Conten