A Lightweight Authentication Mechanism for M2M Communications in Industrial IoT Environment

Esfahani, Alireza; Μαντάς, Γεώργιος; Matischek, Rainer; Saghezchi, Firooz B.; Rodrı́guez, Jonathan; Bicaku, Ani; Maksuti, Silia; Tauber, Markus; Schmittner, Christoph; Bastos, Joaquim

doi:10.1109/jiot.2017.2737630

Cited by 235 publications

(191 citation statements)

References 31 publications

Supporting

Mentioning

187

Contrasting

Unclassified

Order By: Relevance

“…The execution-cost of LAKD protocol is presented in Table 5, together with that of protocols [22,[60][61][62][63], which were also designed for M2M communication. Concerning the Case 1 measurement, the proposal has less execution-time than the other protocols, except for the schemes of Esfahani et al [22] and Joshitta et al [63]. The cost difference between LAKD and Esfahani et al is of just one more hash execution in the sensor node in LAKD, and for Joshitta et al the difference is of 48.07% less cost in the medical device compared to the sensor node of LAKD, and 23.07% less in the authentication server compared with the gateway of LAKD.…”

Section: Execution-time Analysismentioning

confidence: 99%

“…Consequently, attacks in the digital world will have an effect on the physical world and they can affect any part of our daily life. Furthermore, toward ubiquity, many IIoT devices are manufactured as tiny resource-constrained devices, the lifespan of machines on the production floor is of several decades, and it is not always economically possible to replace all legacy machinery with the latest technology [22]. Therefore, security services must also be considered for legacy resource-constrained devices, to prevent adversaries exploit them as the weakest link of the IIoT system.…”

Section: Introductionmentioning

confidence: 99%

“…The computing requirements and security of LAKD were compared with lightweight schemes, resulting in the proposal having a good execution-time and communication-cost for IIoT, and higher security. The protocol was inspired by the work in [22], wherein an authentication protocol for M2M communication in IIoT was proposed. That only uses the operations xor and hash function; thus, it is very lightweight.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Lightweight Authentication Protocol for M2M Communications of Resource-Constrained Devices in Industrial Internet of Things

Lara

Aguilar

Sánchez

et al. 2020

Sensors

View full text Add to dashboard Cite

The Industrial Internet of Things (IIoT) consists of sensors, networks, and services to connect and control production systems. Its benefits include supply chain monitoring and machine failure detection. However, it has many vulnerabilities, such as industrial espionage and sabotage. Furthermore, many IIoT devices are resource-constrained, which impedes the use of traditional security services for them. Authentication allows devices to be confident of each other’s identity, preventing some security attacks. Many authentication protocols have been proposed for IIoT; however, they have high computing requirements not viable to resource-constrained devices, or they have been found insecure. In this paper, an authentication protocol for resource-constrained IIoT devices is proposed. It is based on the lightweight operations xor, addition, and subtraction, and a hash function. Also, only four messages are exchanged between the principals to authenticate. It has a low execution-time and communication-cost. Its security was successfully assessed with the formal methods Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and Burrows–Abadi–Needham (BAN) logic, together with an informal analysis of its resistance to known attacks. Its performance and security were compared with state-of-the-art protocols, resulting in a good performance for resource-constrained IIoT devices, and higher security similar to computational expensive schemes.

show abstract

Section: Execution-time Analysismentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Lightweight Authentication Protocol for M2M Communications of Resource-Constrained Devices in Industrial Internet of Things

Lara

Aguilar

Sánchez

et al. 2020

Sensors

View full text Add to dashboard Cite

show abstract

“…The scholar mainly discussed the security of devices as the main part of that area and considered the layer as secure which is similar to the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol that consists of security systems and techniques for the IoT networks [15]. Another scholar has proposed a solution for confidentiality as the main feature [16] which deals with devices have less processing power should use asymmetric cryptographic algorithms for the authentication process. And this process requires less processing power for this new method of authentication which is based on the function of hashing or OR operations.…”

Section: Related Workmentioning

confidence: 99%

WoT Communication Protocol Security and Privacy Issues

Murawat¹,

Tahir²,

Anjum³

et al. 2020

IJACSA

View full text Add to dashboard Cite

In this paper, we have proposed a novel approach for the prevention of the Internet of Things (IoT) from fake devices and highlighted privacy issues by using third party Application Program Interface (RestAPI) in Web of Things (WoT). For the ease of life, the usage of IoT devices, sensors, and Radio-Frequency Identifications (RFIDs) increased rapidly. Such as in transport for monitoring vehicles, taxi services, healthcare for patient's health condition monitoring, smart cars, smart grids, and smart homes, etc. Due to this for financial gain attackers are targeting these networks or protocol and adversaries are trying to damage the reputation of the organization or to steal intellectual property. From the last two decades or more, the injection vulnerabilities are more threatening security risks for the web application still exists. The new security challenges occur for the security professional or security researchers in the form of IoT or WoT (Web of Things) communication protocols implementation. These protocol Message Queuing Telemetry Transport (MQTT), Constrained Application Protocol (CoAP), WebSockets, and RestAPI have a different type of security issues. Respectively insertion of fake devices, authentication is not implemented in WebSocket connections, and user's privacy can be leaked with the use of RestAPI without its validation. We have developed a program in Personal Home Pages (PHP) for the detection of new devices in the IoT network. With this, the user's privacy and data will be protected along with some critical security issues of WoT underlying protocols.

show abstract

“…In these cases, the authors focus on the security of this type of device as part of a broader spectrum, treating the layers of protection that can wrap around the TCP/IP protocol and the security architectures and models that best fit IoT networks [17]. In addition to confidentiality, other security features have been addressed; [18] deals with the problem that smart devices have when they do not have enough processing capacity to use asymmetric encryption algorithms to perform authentication tasks, and it proposes a new authentication approach based on operations that consume few resources, such as hash functions or OR operations. Some other interesting approaches focus on how to force compliance with the optional security features that the MQTT protocol can implement.…”

Section: Related Workmentioning

confidence: 99%

MQTT Security: A Novel Fuzzing Approach

Ramos

Villalba

Lacuesta

2018

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

The Internet of Things is a concept that is increasingly present in our lives. The emergence of intelligent devices has led to a paradigm shift in the way technology interacts with the environment, leading society to a smarter planet. Consequently, new advanced telemetry approaches appear to connect all kinds of devices with each other, with companies, or with other networks, such as the Internet. On the road to an increasingly interconnected world, where critical devices rely on communication networks to provide an essential service, there arises the need to ensure the security and reliability of these protocols and applications. In this paper, we discuss a security-based approach for MQTT (Message Queue Telemetry Transport), which stands out as a very lightweight and widely used messaging and information exchange protocol for IoT (Internet of Things) devices throughout the world. To that end, we propose the creation of a framework that allows for performing a novel, template-based fuzzing technique on the MQTT protocol. The first experimental results showed that performance of the fuzzing technique presented here makes it a good candidate for use in network architectures with low processing power sensors, such as Smart Cities. In addition, the use of this fuzzer in widely used applications that implement MQTT has led to the discovery of several new security flaws not hitherto reported, demonstrating its usefulness as a tool for finding security vulnerabilities.

show abstract

A Lightweight Authentication Mechanism for M2M Communications in Industrial IoT Environment

Cited by 235 publications

References 31 publications

Lightweight Authentication Protocol for M2M Communications of Resource-Constrained Devices in Industrial Internet of Things

Lightweight Authentication Protocol for M2M Communications of Resource-Constrained Devices in Industrial Internet of Things

WoT Communication Protocol Security and Privacy Issues

MQTT Security: A Novel Fuzzing Approach

Contact Info

Product

Resources

About