Authentication Protocols for Internet of Things: A Comprehensive Survey

Ferrag, Mohamed Amine; Maglaras, Leandros; Janicke, Helge; Jiang, Jianmin; Shu, Lei

doi:10.1155/2017/6562953

Cited by 194 publications

(127 citation statements)

References 275 publications

(839 reference statements)

Supporting

Mentioning

126

Contrasting

Unclassified

Order By: Relevance

“…Low-level approaches are those that describe threats in detail. Such approaches may be based on the use of the list of attacks [15][16][17][18][19] or the list of attack scenarios [20]. Some approaches come down to analyzing the exploitation of vulnerabilities in the system [21][22][23].…”

Section: Related Workmentioning

confidence: 99%

Model of Threats to Computer Network Software

2019

View full text Add to dashboard Cite

This article highlights the issue of identifying information security threats to computer networks. The aim of the study is to increase the number of identified threats. Firstly, it was carried out the analysis of computer network models used to identify threats, as well as in approaches to building computer network threat models. The shortcomings that need to be corrected are highlighted. On the basis of the mathematical apparatus of attributive metagraphs, a computer network model is developed that allows to describe the software components of computer networks and all possible connections between them. On the basis of elementary operations on metagraphs, a model of threats to the security of computer network software is developed, which allows compiling lists of threats to the integrity and confidentiality of computer network software. These lists include more threats in comparison with the considered analogues.

show abstract

“…In this section, we construct a biometric authentication system by using the BB-KDF. A secure and efficient authentication is required to support a trusted communication in various environments such as mobile cloud computing [52], IoT [53], and wireless sensor networks [54]. The proposed authentication system is highly feasible in these environments since it is not only comparatively efficient, but also applicable to low-performance devices which do not provide secure storage (such as TPM) for cryptographic keys.…”

Section: Authentication Systemmentioning

confidence: 99%

Construction of a New Biometric-Based Key Derivation Function and Its Application

Seo

Park

Kim

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

Biometric data is user-identifiable and therefore methods to use biometrics for authentication have been widely researched. Biometric cryptosystems allow for a user to derive a cryptographic key from noisy biometric data and perform a cryptographic task for authentication or encryption. The fuzzy extractor is known as a prominent biometric cryptosystem. However, the fuzzy extractor has a drawback in that a user is required to store user-specific helper data or receive it online from the server with additional trusted channel, to derive a correct key. In this paper, we present a new biometric-based key derivation function (BB-KDF) to address the issues. In our BB-KDF, users are able to derive cryptographic keys solely from their own biometric data: users do not need any other user-specific helper information. We introduce a security model for the BB-KDF. We then construct the BB-KDF and prove its security in our security model. We then propose an authentication protocol based on the BB-KDF. Finally, we give experimental results to analyze the performance of the BB-KDF. We show that our proposed BB-KDF is computationally efficient and can be deployed on many different kinds of devices.

show abstract

“…Mobile devices are going to take a central role in the Internet of Things era [1]. Smart phones, assisted from the 5G technology that provides continuous and reliable connectivity [2], will soon be able to support applications across a wide variety of domains like homecare, healthcare, social networks, safety, environmental monitoring, e-commerce and transportation [3]. Storage capabilities of mobile phones increase rapidly, and phones can today generate and store large amounts of different types of data.…”

Section: Introductionmentioning

confidence: 99%

Authentication schemes for smart mobile devices: threat models, countermeasures, and open research issues

et al. 2019

Self Cite

View full text Add to dashboard Cite

This paper presents a comprehensive investigation of authentication schemes for smart mobile devices. We start by providing an overview of existing survey articles published in the recent years that deal with security for mobile devices. Then, we give a classification of threat models in smart mobile devices in five categories, including, identity-based attacks, eavesdropping-based attacks, combined eavesdropping and identity-based attacks, manipulation-based attacks, and service-based attacks. This is followed by a description of multiple existing threat models. We also provide a classification of countermeasures into four types of categories, including, cryptographic functions, personal identification, classification algorithms, and channel characteristics. Therefore, according to the countermeasure characteristic used and the authentication model, we categorize the authentication schemes for smart mobile devices in four categories, namely, 1) biometric-based authentication schemes, 2) channelbased authentication schemes, 3) factors-based authentication schemes, and 4) ID-based authentication schemes. In addition, we provide a taxonomy and comparison of authentication schemes for smart mobile devices in form of tables. Finally, we identify open challenges and future research directions.To conduct the literature review, we followed the same process used in our previous work [14].Specifically, the identification of literature for analysis in this paper was based on a keyword search, namely, "authentication scheme", "authentication protocol", "authentication system", and "authentication framework". By searching these keywords in academic databases such as SCO-PUS, Web of Science, IEEE Xplore Digital Library, and ACM Digital Library, an initial set of relevant sources were located. Firstly, only proposed authentication schemes for smart mobile devices were collected. Secondly, each collected source was evaluated against the following criteria: 1) reputation, 2) relevance, 3) originality, 4) date of publication (between 2007 and 2018), and 5) most influential papers in the field. The final pool of papers consists of the most important papers in the field of mobile devices that focus on the authentication as their objective.Our search started on 01/11/2017 and continued until the submission date of this paper. The main contributions of this paper are:• We discuss the existing surveys on security for smart mobile devices.• We classify the threat models, which are considered by the authentication schemes in smart mobile devices, into five main categories, namely, identity-based attacks, eavesdropping-based attacks, combined eavesdropping and identity-based attacks, manipulationbased attacks, and service-based attacks.• We review existing research on countermeasures and security analysis techniques in smart mobile devices.• We provide a taxonomy and a side-by-side comparison, in a tabular form, of the stateof-the-art on the recent advancements towards secure and authentication schemes in smart mobile devices with respec...

show abstract

“…As the basis of the threat model, the authors most often use the list of attacks [11][12][13][14][15], the list of attack scenarios [16], the description of exploitation of vulnerabilities [17,18], and the description of attackers [19]. This approach does not allow to determine the list of threats.…”

Section: Introductionmentioning

confidence: 99%

Information Security Methods—Modern Research Directions

et al. 2019

View full text Add to dashboard Cite

In Tomsk University of Control Systems and Radioelectronics (TUSUR) one of the main areas of research is information security. The work is carried out by a scientific group under the guidance of Professor Shelupanov. One of the directions is the development of a comprehensive approach to assessing the security of the information systems. This direction includes the construction of an information security threats model and a protection system model, which allow to compile a complete list of threats and methods of protection against them. The main directions of information security tools development are dynamic methods of biometrics, methods for generating prime numbers for data encryption, steganography, methods and means of data protection in Internet of Things (IoT) systems. The article presents the main results of research in the listed areas of information security. The resultant properties in symmetric cryptography are based on the properties of the power of the generating functions. The authors have obtained symmetric principles for the development of primality testing algorithms, as discussed in the Appendix.Symmetry 2018, 10, x FOR PEER REVIEW 3 of 33 Ported to AMR system devices, IPsec ensures mutual authentication of network devices using the IKEv2 protocol. Optionally, the network can be configured based on the EAP-PSK protocol. During configuration, the devices receive network addresses and authentication keys, at which point the execution of EAP-PSK is stopped and data is transferred via IPsec. Another option is to use pre-installed certificates on the devices. In this case, the initial configuration is done manually, but the network does not require EAP-PSK to be used.Data integrity control and encryption during transmission are provided by ESP, which is the protocol used in IPsec at the transport level. This protocol ensures the security of both the data transmitted and packet headers at the network level.This approach makes it possible to ensure reliable authentication of the AMR system devices and the security of the data to be transmitted and opens a wide range of options for the configuration of network operation; however, it cannot be used in networks with heterogeneous communication channels. The EAP-PSK-based approach offers less flexibility but is suitable for networks with heterogeneous communication channels. For an AMR system, a list of threats was proposed based on the developed methodology. Threats to the confidentiality of the system are threats related to the collection of information about the system. This can be a list of devices, software versions, authentication data, access control policies, network addresses, interaction protocols, etc. Threats to the integrity of the automated system for commercial accounting are: substitution of an object, substitution of a communication channel, deletion of an object, destruction of a communication channel, addition of an unauthorized object, creation of an unauthorized communication channel; change of communication channel or object settings...

show abstract

“…On one hand, most devices are constrained in terms of energy supply and computational capacities preventing them from running complex security protocols like EPS-AKA [7,8,9]. On the other hand, the tremendous number of attachment requests from these devices may induce signaling congestion by increasing the connectivity provider's CN load [10,11]. According to [12], the "Attach" procedure, that includes AAC, is indeed one of the most expensive procedures in terms of load on the CN.…”

mentioning

confidence: 99%

A new scalable authentication and access control mechanism for 5G-based IoT

Behrad

Bertin

Tuffin

et al. 2020

Future Generation Computer Systems

View full text Add to dashboard Cite

The fifth generation of mobile networks, 5G, is expected to support a set of many requirements and use cases such as handling connectivity for a massive number of IoT (Internet of Things) devices. Authenticating IoT devices and controlling their access to the network plays a vital role in the security of these devices and of the whole cellular system. In current cellular networks, as well as in 3GPP specifications release 16 on 5G, the AAC (Authentication and Access Control) of IoT devices is done in the same manner as the AAC of MBB (Mobile Broadband) UE (User Equipment). Considering the expected growth of IoT devices, this will likely induce a very high load on the connectivity provider's CN (Core Network) and cause network failures.To manage the AAC of this massive number of devices, we propose an SSAAC (Slice Specific Authentication and Access Control) mechanism that makes use of the flexibility provided by virtualization technologies. This mechanism allows the authentication and access control of IoT devices to be delegated to the 3rd parties providing these devices, thereby decreasing the load of the connectivity provider's CN, while increasing the flexibility and modularity of the whole 5G network. We evaluate the feasibility of our proposal with the OAI (Open Air Interface) open-source platform. Next, we provide a security analysis of the proposal and highlight the security requirements to use with this proposal. We also evaluate the impact of this delegation approach on the network load considering the anticipated number of AAC signaling messages compared to the existing AAC mechanisms in cellular networks. According to these evaluations, our approach is feasible and it would provide cellular networks the opportunity to overcome the security shortcomings in their AAC mechanisms. It also considerably reduces the AAC signaling load on the connectivity provider's CN. IntroductionAlong with mobility, security is one of the most important aspects of cellular systems. AAC (Authentication and access control) plays a vital role in ensuring the expected security level. In 3G and 4G, authentication and access control of subscribers are done through AKA (authentication and key agreement) protocols. These protocols (UMTS-AKA protocol in 3G and EPS-AKA in 4G) are based on the unique identities of subscribers and symmetric cryptographic algorithms [1,2] The system subscribers' identities and the secret keys (that are used in symmetric cryptographic algorithms) are provisioned in secured elements (e.g., SIM cards or embedded SIM) and stored in cellular system's database as well. Executing these AKA protocols to establish a secure connection with the cellular system is mandatory for each UE (composed of a mobile device and a secured element) to obtain its cellular connectivity [1,2]. However, these well-established principles may prevent cellular systems from supporting the connectivity of a massive number of devices [3], in particular when considering the context of the IoT-where a high growth rate of connected devices...

show abstract

Authentication Protocols for Internet of Things: A Comprehensive Survey

Cited by 194 publications

References 275 publications

Model of Threats to Computer Network Software

Construction of a New Biometric-Based Key Derivation Function and Its Application

Authentication schemes for smart mobile devices: threat models, countermeasures, and open research issues

Information Security Methods—Modern Research Directions

A new scalable authentication and access control mechanism for 5G-based IoT

Contact Info

Product

Resources

About