PUF based Secure and Lightweight Authentication and Key-Sharing Scheme for Wireless Sensor Network

The deployment of wireless sensor networks (WSN) in an untended environment and the openness of the wireless channel bring various security threats to WSN. The resource limitations of the sensor nodes make the conventional security systems less attractive for WSN. Moreover, conventional cryptography alone cannot ensure the desired security against the physical attacks on sensor nodes. Physically unclonable function (PUF) is an emerging hardware security primitive that provides low-cost hardware security exploiting the unique inherent randomness of a device. In this article, we have proposed an authentication and key sharing scheme for the WSN integrating Pedersen’s verifiable secret sharing (Pedersen’s VSS) and Shamir’s secret sharing (Shamir’s SS) scheme with PUF which ensure the desired security with low overhead. The security analysis depicts the resilience of the proposed scheme against different active, passive and physical attacks. Also, the performance analysis shows that the proposed scheme possesses low computation, communication and storage overhead. The scheme only needs to store a polynomial number of PUF challenge-response pairs to the user node. The sink or senor nodes do not require storing any secret key. Finally, the comparison with the previous protocols establishes the dominance of the proposed scheme to use in WSN.

A Lightweight Authentication Scheme Based on Consortium Blockchain for Cross-Domain IoT

Internet of Things (IoT) has been ubiquitous in both industrial and living areas, but also known for its weak security. Being as the first defense line against various cyberattacks, authentication is even more critical to IoT applications. Moreover, there has been a growing demand for cross-domain collaboration, leading to an increasing need for cross-domain authentication. Recently, certificate-based authentication schemes have been extensively studied. However, many of these schemes are not efficient in computation, storage, and communication, which are highly required in IoT. In this paper, we propose a lightweight authentication scheme based on consortium blockchain and design a cryptocurrency-like digital token to build trust. Furthermore, trust lifecycle management is performed by manipulating the amount of tokens. The comprehensive analysis and evaluation demonstrate that the proposed scheme is resistant to various common attacks and more efficient than competitor schemes in terms of storage, communication, and authentication cost.

A Rabin Cryptosystem-Based Lightweight Authentication Protocol and Session Key-Generation Scheme for IoT Deployment

Handling unpredictable attack vulnerabilities in self-proclaiming secure algorithms in WSNs is an issue. Vulnerabilities provide loop holes for adversary to barge in the privacy of the network. Attacks performed by the attacker can be active or passive. Adversary may listen to the sensitive information and exploit its confidentiality which is passive, or adversary may modify sensitive information being transferred over a WSN in case of active attacks. As Internet of things has basically three layers, middle-ware layer, Application layer, perceptron layer, most of the attacks are observed to happen at the perceptron layer in case of both wireless sensor network and RFID Tag implication Layer. Both are a major part of the perceptron layer that consist a small part of the IoT. Some of the major attack vulnerabilities are exploited by executing the attacks through certain flaws in the protocol that are difficult to identify and almost complex to identify in complicated bigger protocols. As most of the sensors are resource constrained in terms of memory, battery power, processing power, bandwidth and due to which implementation of complex cryptosystem to keep the data being transferred secure is a challenging phase. The three main objectives studied in this scenario are setting up the system, registering user and the sensors via multiple gateways. Generating a common key which can be used for a particular interaction session among user, gateway and the sensor network. In this paper, we address one or more of these objectives for some of the fundamental problems in authentication and mutual authentication phase of the WSN in IoT deployment. We prevent the leakage of sensitive information using the rabin cryptosystem to avoid attacks like Man-in-the-middle attack, sensor session key leakage, all session hi-jacking attack and sniffing attacks in which data is analyzed maliciously by the adversary. We also compare and prove the security of our protocol using proverif protocol verifier tool.

TC-PSLAP: Temporal Credential-Based Provably Secure and Lightweight Authentication Protocol for IoT-Enabled Drone Environments

In smart cities, common infrastructures are merged and integrated with various components of information communication and technology (ICT) to be coordinated and controlled. Drones (unmanned aerial vehicles) are amongst those components, and when coordinated with each other and with the environment, the drones form an Internet of Drones (IoD). The IoD provides real-time data to the users in smart cities by utilizing traditional cellular networks. However, the delicate data gathered by drones are subject to many security threats and give rise to numerous privacy and security issues. A robust and secure authentication scheme is required to allow drones and users to authenticate and establish a session key. In this article, we proposed a provably secure symmetric-key and temporal credential-based lightweight authentication protocol (TC-PSLAP) to secure the drone communication. We prove that the proposed scheme is provably secure formally through the automated verification tool AVISPA and Burrows–Abadi–Needham logic (BAN logic). Informal security analysis is also performed to depict that the proposed TC-PSLAP can resist known attacks.

BCmECC: A Lightweight Blockchain-Based Authentication and Key Agreement Protocol for Internet of Things

In this paper, targeting efficient authentication and key agreement in an IoT environment, we propose an Elliptic Curve Cryptography- (ECC) based lightweight authentication protocol called BCmECC which relies on a public blockchain to validate the users’ public key to provide desired security. We evaluate the security of the proposed protocol heuristically and validate it formally, which demonstratse the high level of the security. For the formal verification we used the widely accepted formal methods, i.e., BAN logic and the Scyther tool. In this paper we also analyse the security of recently proposed blockchain-based authentication protocols and show that this protocol does not provide the desired security against known session-specific temporary information attacks in which the adversary has access to the session’s ephemeral values and aims to retrieve the shared session key. In addition, the protocol lacks forward secrecy, in which an adversary with access to the server’s long-term secret key can retrieve the previous session keys, assuming that the adversary has already eavesdropped the transferred messages over a public channel in the target session. The proposed attacks are very efficient and their success probability is `1’, while the time complexity of each attack could be negligible. Besides, we show that BCmECC is secure against such attacks.

A lightweight and secure online/offline cross-domain authentication scheme for VANET systems in Industrial IoT

In heterogeneous wireless networks, the industrial Internet of Things (IIoT) is an essential contributor to increasing productivity and effectiveness. However, in various domains, such as industrial wireless scenarios, small cell domains, and vehicular ad hoc networks, an efficient and stable authentication algorithm is required (VANET). Specifically, IoT vehicles deal with vast amounts of data transmitted between VANET entities in different domains in such a large-scale environment. Also, crossing from one territory to another may have the connectivity services down for a while, leading to service interruption because it is pervasive in remote areas and places with multipath obstructions. Hence, it is vulnerable to specific attacks (e.g., replay attacks, modification attacks, man-in-the-middle attacks, and insider attacks), making the system inefficient. Also, high processing data increases the computation and communication cost, leading to an increased workload in the system. Thus, to solve the above issues, we propose an online/offline lightweight authentication scheme for the VANET cross-domain system in IIoT to improve the security and efficiency of the VANET. The proposed scheme utilizes an efficient AES-RSA algorithm to achieve integrity and confidentiality of the message. The offline joining is added to avoid remote network intrusions and the risk of network service interruptions. The proposed work includes two different significant goals to achieve first, then secure message on which the data is transmitted and efficiency in a cryptographic manner. The Burrows Abdi Needham (BAN logic) logic is used to prove that this scheme is mutually authenticated. The system’s security has been tested using the well-known AVISPA tool to evaluate and verify its security formally. The results show that the proposed scheme outperforms the ID-CPPA, AAAS, and HCDA schemes by 53%, 55%, and 47% respectively in terms of computation cost, and 65%, 83%, and 40% respectively in terms of communication cost.