An Authentication Scheme for an IoT Environment using Advanced Multiple Encryption System

,; Sundarrajan*, M.; Narayanan, A.E.; ,

doi:10.35940/ijitee.a4378.119119

Cited by 1 publication

(2 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This steady work has two minor flaws: first, it uses TLS for the initial authentication; second, it stores a list of topics and authorized clients on the broker. Sundarrajan et al [ 48 ] used advanced multiple encryption systems (AMES) based on the Hardy Wall encryption, requiring less bandwidth and minimal memory while utilizing the MQTT protocol. This is proposed to ensure the secure communication of messages without any packet loss.…”

Section: Related Workmentioning

confidence: 99%

“…As reflected in Table 9, no previous attempt could collectively provide all the security features that MARAS provides. [17]       antle et al [21]       h et al [28]       dhyay et al [29]       ntasukrat et al [30]       fir et al [31]       n et al [32]       arajan et al [33]       ammari [34]       y et al [35]       pa et al [36]       arno et al [37]       yasri et al [38]       l et al [39]       ib et al [40]       sikeas et al [41]       wiyuga et al [42]       hir et al [43]       dana et al [44]       bretta et al [45]       et al [47]       darrajan et al [48]       in et al [49]       juan et al [50]       oretti et al [51]       y et al [52] …”

Section: Authorizationmentioning

confidence: 99%

See 1 more Smart Citation

MARAS: Mutual Authentication and Role-Based Authorization Scheme for Lightweight Internet of Things Applications

Seker

Dalkılıç

Cabuk

2023

Sensors

View full text Add to dashboard Cite

The Internet of things (IoT) accommodates lightweight sensor/actuator devices with limited resources; hence, more efficient methods for known challenges are sought after. Message queue telemetry transport (MQTT) is a publish/subscribe-based protocol that allows resource-efficient communication among clients, so-called brokers, and servers. However, it lacks viable security features beyond username/password checks, yet transport-layer security (TLS/HTTPS) is not efficient for constrained devices. MQTT also lacks mutual authentication among clients and brokers. To address the issue, we developed a mutual authentication and role-based authorization scheme for lightweight Internet of things applications (MARAS). It brings mutual authentication and authorization to the network via dynamic access tokens, hash-based message authentication code (HMAC)-based one-time passwords (HOTP), advanced encryption standard (AES), hash chains, and a trusted server running OAuth2.0 along with MQTT. MARAS merely modifies “publish” and “connect” messages among 14 message types of MQTT. Its overhead to “publish” messages is 49 bytes, and to “connect” messages is 127 bytes. Our proof-of-concept showed that the overall data traffic with MARAS remains lower than double the traffic without it, because “publish” messages are the most common. Nevertheless, tests showed that round-trip times for a “connect” message (and its “ack”) are delayed less than a percentile of a millisecond; for a “publish” message, the delays depend on the size and frequency of published information, but we can safely say that the delay is upper bounded by 163% of the network defaults. So, the scheme’s overhead to the network is tolerable. Our comparison with similar works shows that while our communication overhead is similar, MARAS offers better computational performance as it offloads computationally intensive operations to the broker side.

show abstract

Section: Related Workmentioning

confidence: 99%