IMSC-EIoTD: Identity Management and Secure Communication for Edge IoT Devices

The Internet of things (IoT) will accommodate several billions of devices to the Internet to enhance human society as well as to improve the quality of living. A huge number of sensors, actuators, gateways, servers, and related end-user applications will be connected to the Internet. All these entities require identities to communicate with each other. The communicating devices may have mobility and currently, the only main identity solution is IP based identity management which is not suitable for the authentication and authorization of the heterogeneous IoT devices. Sometimes devices and applications need to communicate in real-time to make decisions within very short times. Most of the recently proposed solutions for identity management are cloud-based. Those cloud-based identity management solutions are not feasible for heterogeneous IoT devices. In this paper, we have proposed an edge-fog based decentralized identity management and authentication solution for IoT devices (IoTD) and edge IoT gateways (EIoTG). We have also presented a secure communication protocol for communication between edge IoT devices and edge IoT gateways. The proposed security protocols are verified using Scyther formal verification tool, which is a popular tool for automated verification of security protocols. The proposed model is specified using the PROMELA language. SPIN model checker is used to confirm the specification of the proposed model. The results show different message flows without any error.

Download Full-text

HomeTec Software for Security Aspects of Smart Home Devices Based on IoT

10.54216/jcim.050101 ◽

2021 ◽

pp. 5-16

Author(s):

Parth Rustagi ◽

◽

...

Keyword(s):

Smart Home ◽

Denial Of Service ◽

Security Protocols ◽

The Internet ◽

Security Threats ◽

Deep Dive ◽

Cost Cutting ◽

Full Control ◽

Iot Devices ◽

Service Data

As useful as it gets to connect devices to the internet to make life easier and more comfortable, it also opens the gates to various cyber threats. The connection of Smart Home devices to the internet makes them vulnerable to malicious hackers that infiltrate the system. Hackers can penetrate these systems and have full control over devices. This can lead to denial of service, data leakage, invasion of privacy, etc. Thus security is a major aspect of Smart home devices. However, many companies manufacturing these Smart Home devices have little to no security protocols in their devices. In the process of making the IoT devices cheaper, various cost-cutting is done on the security protocols in IoT devices. In some way, many manufactures of the devices don’t even consider this as a factor to build upon. This leaves the devices vulnerable to attacks. Various authorities have worked upon to standardize the security aspects for the IoT and listed out guidelines for manufactures to follow, but many fail to abide by them. This paper introduces and talks about the various threats, various Security threats to Smart Home devices. It takes a deep dive into the solutions for the discussed threats. It also discusses their prevention. Lastly, it discusses various preventive measures and good practices to be incorporated to protect devices from any future attacks.

Download Full-text

A systematic Study of Security Challenges and Infrastructures for Internet of Things

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i4.36.24226 ◽

2018 ◽

Vol 7 (4.36) ◽

pp. 700

Author(s):

N. Koteswara Rao ◽

Gandharba Swain

Keyword(s):

Internet Of Things ◽

Secure Communication ◽

Smart Cities ◽

Security Requirements ◽

The Internet ◽

Security Challenges ◽

Authentication And Authorization ◽

New Applications ◽

Privacy And Anonymity ◽

The Internet Of Things

The proliferation of smart objects with capability of sensing, processing and communication has grown in recent years. In this scenario, the Internet of Things (IoT) connects these objects to the Internet and provides communication with users and devices. IoT enables a huge amount of new applications, with which academics and industries can benefit, such as smart cities, health care and automation. In this environment, compose of constrained devices, the widespread adoption of this paradigm depends of security requirements like secure communication between devices, privacy and anonymity of its users. This paper presents the main security challenges and solutions to provide authentication and authorization on the Internet of Things.

Download Full-text

Security Standards and Issues for Grid Computing

Grid and Cloud Computing ◽

10.4018/978-1-4666-0879-5.ch708 ◽

2012 ◽

pp. 1656-1671

Author(s):

Athanasios Moralis ◽

Vassiliki Pouli ◽

Mary Grammatikou ◽

Dimitrios Kalogeras ◽

Vasilis Maglaris

Keyword(s):

Web Service ◽

Secure Communication ◽

Identity Management ◽

Service Oriented Architecture ◽

Security Protocols ◽

Security Technologies ◽

Security Environment ◽

Grid Environments ◽

Service Oriented ◽

Security Standards

Security in grid environments that are built using Service Oriented Architecture (SOA) technologies is a great challenge. On one hand, the great diversity in security technologies, mechanisms and protocols that each organization follows and on the other hand, the different goals and policies that these organizations adopt, comprise a complex security environment. Authenticating and authorizing users and services, identity management in a multi-organizational scenario and secure communication define the main context of the problem. In this chapter, we provide an overview of the security protocols and technologies that can be applied on a Web Service (WS) based grid environment.

Download Full-text

Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things

Journal of Cyber Security and Mobility ◽

10.13052/jcsm2245-1439.142 ◽

2013 ◽

Author(s):

Parikshit N. Mahalle ◽

Bayu Anggorojati ◽

Neeli R. Prasad ◽

Ramjee Prasad

Keyword(s):

Internet Of Things ◽

Access Control ◽

Secure Communication ◽

Identity Authentication ◽

Security Protocol ◽

The Internet ◽

Dos Attacks ◽

Security Vulnerabilities ◽

Iot Devices ◽

The Internet Of Things

In the last few years the Internet of Things (IoT) has seen widespreadapplication and can be found in each field. Authentication and accesscontrol are important and critical functionalities in the context of IoTto enable secure communication between devices. Mobility, dynamicnetwork topology and weak physical security of low power devices in IoTnetworks are possible sources for security vulnerabilities. It ispromising to make an authentication and access control attack resistant andlightweight in a resource constrained and distributed IoT environment.This paper presents the Identity Authentication and Capability basedAccess Control (IACAC) model with protocol evaluation and performanceanalysis. To protect IoT from man-in-the-middle, replay and denial ofservice (Dos) attacks, the concept of capability for access control isintroduced. The novelty of this model is that, it presents an integratedapproach of authentication and access control for IoT devices. Theresults of other related study have also been analyzed to validate andsupport our findings. Finally, the proposed protocol is evaluated byusing security protocol verification tool and verification results showsthat IACAC is secure against aforementioned attacks. This paper alsodiscusses performance analysis of the protocol in terms of computationaltime compared to other existing solutions. Furthermore, this paper addresseschallenges in IoT and security attacks are modelled with the use casesto give an actual view of IoT networks.

Download Full-text

Secure Communications for Resource-Constrained IoT Devices

Sensors ◽

10.3390/s20133637 ◽

2020 ◽

Vol 20 (13) ◽

pp. 3637

Author(s):

Abd-Elhamid M. Taha ◽

Abdulmonem M. Rashwan ◽

Hossam S. Hassanein

Keyword(s):

Internet Of Things ◽

Secure Communication ◽

The Internet ◽

Secure Communications ◽

Message Authentication ◽

Authentication Codes ◽

Resource Constrained ◽

Iot Devices ◽

The Internet Of Things ◽

Constrained Devices

The importance of securing communications on the Internet of Things (IoT) cannot be overstated. This is especially the case in light of the increasing proliferation of IoT devices and instances, as well as the growing dependence on their usage. Meanwhile, there have recently been mounting concerns over a wide array of vulnerabilities in IoT communications. The objective of this work is to address constraints in IoT devices that are “resource-constrained”, which are devices that are limited in terms of computing, energy, communication, or range capabilities, whether in terms of nominal or temporal limitations. Specifically, we propose a framework for resource-aiding constrained devices to facilitate secure communication. Without loss of generalization, the framework’s viability is illustrated by focusing on a group of security functions that utilize message authentication codes, which is a strongly representative example of resource-intensive security functions. Aspects of the framework are further demonstrated in processing cores commonly used in commercial IoT devices.

Download Full-text

A Cross-Chain Solution to Integrating Multiple Blockchains for IoT Data Management

Sensors ◽

10.3390/s19092042 ◽

2019 ◽

Vol 19 (9) ◽

pp. 2042 ◽

Cited By ~ 12

Author(s):

Yiming Jiang ◽

Chenxu Wang ◽

Yawei Wang ◽

Lang Gao

Keyword(s):

Data Management ◽

Rapid Development ◽

The Internet ◽

Privacy And Security ◽

Security Issues ◽

High Resource ◽

Proposed Model ◽

Effectiveness And Efficiency ◽

Iot Devices ◽

The Internet Of Things

With the rapid development of the internet of things (IoT), traditional industries are setting off a massive wave of digitization. In the era of the Internet of Everything, millions of devices and links in IoT pose more significant challenges to data management. Most existing solutions employ centralized systems to control IoT devices, which brings about the privacy and security issues in IoT data management. Recently, blockchain has attracted much attention in the field of IoT due to its decentralization, traceability, and non-tamperability. However, it is non-trivial to apply the current blockchain techniques to IoT due to the lack of scalability and high resource costs. Different blockchain platforms have their particular advantages in the scenario of IoT data management. In this paper, we propose a cross-chain framework to integrate multiple blockchains for efficient and secure IoT data management. Our solution builds an interactive decentralized access model which employs a consortium blockchain as the control station. Other blockchain platforms customized for specific IoT scenarios run as the backbone of all IoT devices. It is equivalent to opening the off-chain channels on the consortium blockchain. Our model merges transactions in these channels for confirmation based on the notary mechanism. Finally, we implement a prototype of the proposed model based on hyperledge Fabric and IOTA Tangle. We evaluate the performance of our method through extensive experiments. The results demonstrate the effectiveness and efficiency of our framework.

Download Full-text

Survey of Authentication and Authorization for the Internet of Things

Security and Communication Networks ◽

10.1155/2018/4351603 ◽

2018 ◽

Vol 2018 ◽

pp. 1-17 ◽

Cited By ~ 9

Author(s):

Michal Trnka ◽

Tomas Cerny ◽

Nathaniel Stickney

Keyword(s):

Internet Of Things ◽

Identity Management ◽

Limiting Factors ◽

The Internet ◽

Application Layer ◽

Research Areas ◽

Current Trends ◽

Internet Of Things Environment ◽

Authentication And Authorization ◽

The Internet Of Things

The Internet of Things is currently getting significant interest from the scientific community. Academia and industry are both focused on moving ahead in attempts to enhance usability, maintainability, and security through standardization and development of best practices. We focus on security because of its impact as one of the most limiting factors to wider Internet of Things adoption. Numerous research areas exist in the security domain, ranging from cryptography to network security to identity management. This paper provides a survey of existing research applicable to the Internet of Things environment at the application layer in the areas of identity management, authentication, and authorization. We survey and analyze more than 200 articles, categorize them, and present current trends in the Internet of Things security domain.

Download Full-text

The embedded framework for securing the Internet of Things

Journal of Engineering Research ◽

10.36909/jer.v9i2.9823 ◽

2021 ◽

Vol 9 (2) ◽

Author(s):

Feroz Khan A.B ◽

◽

Anandharaj G ◽

Keyword(s):

Cloud Computing ◽

Internet Of Things ◽

Security Protocols ◽

Smart Devices ◽

The Internet ◽

Home Automation ◽

Iot Applications ◽

Iot Devices ◽

The Internet Of Things ◽

Entire Network

The smart devices connected on the internet turn to be the internet of things, which connect other objects or devices through unique identifiers with the capability of transferring and receiving the information over the internet. There are numerous applications in different areas such as healthcare, home automation, transportation, military, agriculture, and still so many sectors that incorporate cutting-edge technologies of communication, networking, cloud computing, sensing, and actuation. With this huge increase in the number of connected devices, a strong security mechanism is required to protect the IoT devices. Hence, it is required to focus on the challenges and issues of IoT enabled applications to safeguard the entire network from the outside invasion. This paper discusses some of the challenges in building IoT applications, a detailed study of the existing security protocols, and its issues, and the potential of the IoT.

Download Full-text

Implementing a Symmetric Lightweight Cryptosystem in Highly Constrained IoT Devices by Using a Chaotic S-Box

Symmetry ◽

10.3390/sym13010129 ◽

2021 ◽

Vol 13 (1) ◽

pp. 129

Author(s):

Badr M. Alshammari ◽

Ramzi Guesmi ◽

Tawfik Guesmi ◽

Haitham Alsaif ◽

Ahmed Alzamil

Keyword(s):

Secure Communication ◽

Ieee 802.15.4 ◽

Security Analysis ◽

Advanced Encryption Standard ◽

The Internet ◽

Iot Devices ◽

The One ◽

Nist Tests ◽

The Internet Of Things ◽

Constrained Devices

In the Internet of Things (IoT), a lot of constrained devices are interconnected. The data collected from those devices can be the target of cyberattacks. In this paper, a lightweight cryptosystem that can be efficiently implemented in highly constrained IOT devices is proposed. The algorithm is mainly based on Advanced Encryption Standard (AES) and a new chaotic S-box. Since its adoption by the IEEE 802.15.4 protocol, AES in embedded platforms have been increasingly used. The main cryptographic properties of the generated S-box have been validated. The randomness of the generated S-box has been confirmed by the NIST tests. Experimental results and security analysis demonstrated that the cryptosystem can, on the one hand, reach good encryption results and respects the limitation of the sensor’s resources, on the other hand. So the proposed solution could be reliably applied in image encryption and secure communication between networked smart objects.

Download Full-text

VaultPoint: A Blockchain-Based SSI Model that Complies with OAuth 2.0

Electronics ◽

10.3390/electronics9081231 ◽

2020 ◽

Vol 9 (8) ◽

pp. 1231

Author(s):

Seongho Hong ◽

Heeyoul Kim

Keyword(s):

User Experience ◽

Identity Management ◽

Service Providers ◽

Security Analysis ◽

Network Environment ◽

Blockchain Technology ◽

Proposed Model ◽

Authentication And Authorization ◽

And Control

An identity management including authentication and authorization in a network environment is a critical security factor. Various models for identity management have been developed continually, from the silo model to the federated model and to the recently introduced self-sovereign identity (SSI) model. In particular, SSI makes users manage their own information by themselves independently of any organizations. SSI utilizes the newly emerged blockchain technology and many studies of it are in progress. However, SSI has not had wide public use because of its low compatibility and inconvenience. This is because it involves an unfamiliar user experience and an immature process. To solve this problem, this paper proposes a new blockchain-based SSI model that complies with the popular and mature standard of OAuth 2.0. Using blockchain, the proposed model secures users’ data sovereignty where users can use and control their own information in a decentralized manner, instead of depending on a specific monopolistic service-providers. Users and clients who are familiar with the existing OAuth can easily accept the proposed model and apply it, which makes both usability and scalability of the model excellent. This paper confirmed the feasibility of the proposed model by implementing it and a security analysis was performed. The proposed model is expected to contribute to the expansion of both blockchain technology and SSI.

Download Full-text