احراز هویت سبکوزن متقابل مداوم بر اساس اولویتبندی گرهها با استفاده از نرخ ترافیک در اینترنت اشیا
محورهای موضوعی : مهندسی برق و کامپیوتررضا سرابی میانجی 1 , سام جبه داری 2 * , ناصر مدیری 3
1 - دانشگاه آزاد اسلامی واحد تهران شمال،گروه مهندسی کامپیوتر
2 - دانشگاه آزاد اسلامی واحد تهران شمال،گروه مهندسی کامپیوتر
3 - دانشگاه آزاد اسلامی واحد زنجان،دانشکده مهندسی برق و کامپیوتر
کلید واژه: احراز هویت سبکوزن, احراز هویت مداوم, اینترنت اشیا, حریم خصوصی,
چکیده مقاله :
امروزه میلیاردها دستگاه از طریق اینترنت اشیا و در اغلب موارد از طریق ارتباطات ناامن به هم متصل شدهاند، بنابراین مسایل امنیتی و حریم خصوصی این دستگاهها به عنوان یک نگرانی عمده مطرح است. با توجه به محدودیت منابع دستگاههای اینترنت اشیا، راه حلهای امنیتی این محیط از نظر پردازش و حافظه باید امن و سبکوزن باشند. با این حال، بسیاری از راه حلهای امنیتی موجود به طور خاص در زمینه احراز هویت به دلیل محاسبات زیاد برای اینترنت اشیا مناسب نیستند و نیاز به یک پروتکل احراز هویت سبکوزن برای دستگاههای اینترنت اشیا احساس میشود. در این مقاله، یک پروتکل احراز هویت سبکوزن متقابل بین گرهها با منابع محدود و سرور در اینترنت اشیا معرفی شده است که از اولویتبندی گرهها بر اساس نرخ ترافیک استفاده میکند. این طرح به دلیل استفاده از عملیات XOR و Hash سبک میباشد. طرح پیشنهادی در برابر حملات سایبری مانند استراق سمع و حمله تلاش مجدد مقاوم است و همچنین با استفاده از ابزار AVISPA و در مدل تهدید Dolev-Yao امن میباشد. ریسکهای امنیتی این روش در مقایسه با روشهای سبکوزن دیگر کم است. در ضمن طرح پیشنهادی باعث کاهش هزینه محاسباتی، حفظ حریم خصوصی از طریق گمنامی گرهها و فراهمآوردن رازداری رو به جلو میشود. در روش ما، هزینه زمانی احراز هویت نسبت به روشهای بررسیشده 15% کاهش یافته است.
Today, billions of devices are connected via the Internet of Things, often through insecure communications. Therefore, security and privacy issues of these devices are a major concern. Since devices in IoT are typically resource-constrained devices, the security solutions of this environment in terms of processing and memory must be secure and lightweight. However, many existing security solutions are not particularly suitable for IoT due to high computation. So there is a need for a lightweight authentication protocol for IoT devices. In this paper, a mutual lightweight authentication protocol between nodes with limited resources and IoT servers is introduced that uses node prioritization based on traffic rates. This scheme is light due to the use of lightweight XOR and Hash operations. The proposed is resistant to cyber-attacks such as eavesdropping attack, and replay attack. The proposed is also secure using the AVISPA tool in the Dolev-Yao threat model. The security risks of this scheme are low compared to other lightweight methods. In addition, the proposal is compared with existing authentication schemes reduces the computational cost, protects privacy through anonymity of nodes, and provides forward secrecy. In our method, the execute time of authentication is reduced by 15% compared to the other methods.
[1] D. G. O. Rourke, Internet of Things (IoT) Cybersecurity Colloquium Internet of Things Cybersecurity Colloquium, 2017.
[2] M. Ammar, G. Russello, and B. Crispo, "Internet of Things: a survey on the security of IoT frameworks," J. Inf. Secur. Appl., vol. 38, no. 1, pp. 8-27, Feb. 2018.
[3] J. Li, Y. Qu, F. Chao, H. P. H. Shum, E. S. L. Ho, and L. Yang, "Machine learning algorithms for network intrusion detection," In L. F. Sikos (Ed.), AI in Cybersecurity, pp. 151-179, Vol. 151, Springer, 1989.
[4] R. Mahmoud, T. Yousuf, F. Aloul, and I. Zualkernan, "Internet of Things (IoT) security : current status, challenges and prospective Measures," in Proc. 10th In. Conf. for Internet Technology and Secured Transactions, ICITST’15, pp. 336-341, London, UK, 14-16 2015.
[5] M. F. Aziz, A. N. Khan, J. Shuja, I. A. Khan, F. G. Khan, and A. ur R. Khan, "A lightweight and compromise-resilient authentication scheme for IoTs," Trans. on Emerging Telecommunications Technologies, vol. 33, no. 3, pp. 1-17, Nov. 2019.
[6] M. Abomhara and G. M. Køien, "Security and privacy in the Internet of Things: current status and open issues," in Proc. Int. Conf. Priv. Secur. Mob. Syst., 8 pp., Aalborg, Denmark, 11-14 May 2014.
[7] I. Alqassem and D. Svetinovic, "A taxonomy of security and privacy requirements for the Internet of Things (IoT)," in Proc. IEEE Int. Conf. Ind. Eng. Eng. Manag., pp. 1244-1248, Bandar Sunway, Malaysia, 9-12 Dec. 2014.
[8] Y. H. Chuang, N. W. Lo, C. Y. Yang, and S. W. Tang, "A lightweight continuous authentication protocol for the Internet of Things," Sensors, vol. 18, no. 4, pp. 1-26, Apr. 2018.
[9] I. Traore, et al., "Dynamic sample size detection in learning command line sequence for continuous authentication," IEEE Trans. Syst. Man, Cybern. Part Bvol. 42, no. 5, pp. 1343-1356, Oct. 2012.
[10] S. Mondal and P. Bours, "Continuous authentication in a real world settings," in Proc. 8th Int. Conf. on Advances in Pattern Recognition, ICAPR’15, 6 pp., Kolkata, India, 4-7 Jan. 2015.
[11] A. B. Buduru and S. S. Yau, "An effective approach to continuous user authentication for touch screen smart devices," in Proc. IEEE Int. Conf. on Software Quality, Reliability and Security, QRS’15, pp. 219-226, Vancouver, Canada, 3-5Aug. 2015.
[12] S. Mondal and P. Bours, "Continuous authentication and identification for mobile devices: combining security and forensics," in Proc. IEEE Int.Workshop on Information Forensics and Security, WIFS’15, 6 pp., Rome, Italy, 16-19 Nov. 2015.
[13] M. L. Brocardo, I. Traore, and I. Woungang, "Toward a framework for continuous authentication using stylometry," in Proc. IEEE 28th Int. Conf. on Advanced Information Networking and Applications, pp. 106-115, Victoria, Canada, 13-16 May 2014.
[14] C. Shen, Z. Cai, and X. Guan, "Continuous authentication for mouse dynamics: a pattern-growth approach," in Proc. IEEE/IFIP Int. Conf. on Dependable Systems and Networks, DSN’12, 12 pp., Boston, MA, USA, 25-28 Jun. 2012.
[15] O. O. Bamasag and S. Arabia, "Towards continuous authentication in internet of things based on secret sharing scheme, " in Proc. of the Workshop on Embedded Systems Security, WESS’15, 8 pp., Amsterdam, The Netherlands, 4-9 Oct 2015.
[16] H. Sethi, M. Arkko, J. Keranen, and A. Back, Practical Considerations and Implementation Experiences in Securing Smart Object Networks. Draft-Ietf-Lwig-Crypto-Sensors-06, 2018.
[17] C. Bormann, M. Ersue, and A. Kernen, Terminology for Constrained-Node Networks, no. 7228. RFC Editor, May 2014.
[18] T. Kothmayr, C. Schmitt, W. Hu, M. Brünig, and G. Carle, "DTLS based security and two-way authentication for the Internet of Things," Ad Hoc Networks, vol. 11, no. 8, pp. 2710-2723, Nov. 2013.
[19] E. Rescorla and N. Modadugu, Datagram Transport Layer Security Version 1.2. RFC 6347, Internet Engineering Task Force (IETF). 2012.
[20] P. Gope and T. Hwang, "Untraceable sensor movement in distributed IoT infrastructure," IEEE Sens. J., vol. 15, no. 9, pp. 5340-5348, Sept. 2015.
[21] Y. Kawamoto, H. Nishiyama, N. Kato, Y. Shimizu, A. Takahara, and T. Jiang, "Effectively collecting data for the location-based authentication in Internet of Things," IEEE Syst. J., vol. 11, no. 3, pp. 1403-1411, Sept. 2017.
[22] M. Durairaj and K. Muthuramalingam, "A new authentication scheme with elliptical curve cryptography for Internet of Things (IoT) environments," Int. J. Eng. Technol., vol. 7, no. 2, pp. 119-124, 2018.
[23] M. T. Hammi, B. Hammi, P. Bellot, and A. Serhrouchni, "Bubbles of trust: a decentralized blockchain-based authentication system for IoT," Comput. Secur., vol. 78, no. 1, pp. 126-142, Jul. 2018.
[24] S. Banerjee, V. Odelu, A. K. Das, S. Chattopadhyay, and Y. Park, "An efficient, anonymous and robust authentication scheme for smart home environments," Sensors, vol. 20, no. 4, pp. 1-19, Feb. 2020.
[25] M. Shuai, N. Yu, H. Wang, and L. Xiong, "Anonymous authentication scheme for smart home environment with provable security," Comput. Secur., vol. 86, no. 3, pp. 132-146, Sept. 2019.
[26] T. Shimshon, R. Moskovitch, L. Rokach, and Y. Elovici, "Continuous verification using keystroke dynamics," in Proc. Int. Conf. on Computational Intelligence and Securitypp. 411-415, Nanning, China, 11-14 Dec.2010.
[27] P. Porambage, C. Schmitt, P. Kumar, A. Gurtov, and M. Ylianttila, "Two-phase authentication protocol for wireless sensor networks in distributed IoT applications," in Proc. IEEE Wireless Communications and Networking Conf., WCNC’14, pp. 2728-2733, Istanbul, Turkey, 6-9 Apr. 2014.
[28] K. O. Bailey, J. S. Okolica, and G. L. Peterson, "User identification and authentication using multi-modal behavioral biometrics," Comput. Secur., vol. 43pp. 77-89, Mar. 2014.
[29] G. Peng, G. Zhou, D. T. Nguyen, X. Qi, Q. Yang, and S. Wang, "Continuous authentication with touch behavioral biometrics and voice on wearable glasses," IEEE Trans. Human-Machine Syst., vol. 47, no. 3, pp. 404-416, Jun. 2017.
[30] K. Niinuma, U. Park, and A. K. Jain, "Soft biometric traits for continuous user authentication," IEEE Trans. Inf. Forensics Secur., vol. 5, no. 4, pp. 771-780, Dec. 2010.
[31] K. Mock, J. Weaver, and M. Milton, "Real-time continuous iris recognition for authentication using an eye tracker," in Proc. of the 2012 ACM Conf. on Computer and Communications Security, CCS’12, pp. 1007-1009, Raleigh, NC, USA, 16-18 Oct. 2012.
[32] L. Zhou, C. Su, W. Chiu, and K. Yeh, "You think, therefore you are: transparent authentication system with brainwave-oriented bio-features for IoT networks," IEEE Trans. Emerg. Top. Comput., vol. 8, no. 2, pp. 303-312, Apr. 2020.
[33] P. N. Mahalle, N. R. Prasad, and R. Prasad, "Threshold cryptography-based group authentication (TCGA) scheme for the Internet of Things (IoT)," in Proc. 4th Inte. Conf. on Wireless Communications, Vehicular Technology, Information Theory and Aerospace & Electronic Systems, VITAE’14, 5 pp., Aalborg, Denmark, 11-14 May 2014.
[34] S. Seitz, L. Gerdes, S. Selander, G. Mani, and M. Kumar, Use Cases for Authentication and Authorization in Constrained Environments, RFC 7744, Internet Engineering Task Force (IETF). 2016.
[35] H. Khemissa and D. Tandjaoui, "A lightweight authentication scheme for E-health applications in the context of Internet of Things," in Proc. 9th Int. Conf. Next Gener. Mob. Appl. Serv. Technol., pp. 90-95, Cambridge, UK, 9-11 Sept. 2015.
[36] H. Khemissa and D. Tandjaoui, "A novel lightweight authentication scheme for heterogeneous wireless sensor networks in the context of Internet of Things," in Proc. Wirel. Telecommun. Symp., 6 pp., London, UK, 18-20 Apr. 2016.
[37] M. Hamada, S. Kumari, and A. Kumar, "Secure anonymous mutual authentication for star two-tier wireless body area networks," Comput. Methods Programs Biomed., vol. 135, pp. 37-50, Jul. 2016.
[38] C. Chen, B. Xiang, T. Wu, and K. Wang, "An anonymous mutual authenticated key agreement scheme for wearable sensors in wireless body area networks," Appl. Sci. (Basel), vol. 8, no. 7, pp. 1-15, Jul. 2018.
[39] Z. Xu, C. Xu, W. Liang, J. Xu, and H. Chen, "A lightweight mutual authentication and key agreement scheme for medical Internet of Things," IEEE Access, vol. 7, pp. 53922-53931, 2019.
[40] S. Swain, Priority Based Rate Control in Wireless Sensor Networks, 2013.
[41] A. Armando, D. Basin, Y. Boichut, Y. Chevalier, and L. Compagna, "The AVISPA Tool for the Automated Validation," in Proc. Int. Conf. on Computer Aided Verification, CAV’05, pp. 281-285, Edinburgh, Scotland, UK, 6-10 Jul. 2005.
[42] D. Dolev and A. Yao, "On the security of public key protocols," IEEE Trans. Inf. Theory, vol. 29, no. 2, pp. 198-208, Mar. 1983.
[43] R. Amin and G. P. Biswas, "A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks," Ad Hoc Networks, vol. 36no. 1, pp. 58-80, Jun. 2016.