Internet of Things Authentication Protocols: Comparative Study

Nowadays, devices are connected across all areas, from intelligent buildings and smart cities to Industry 4.0 andsmart healthcare. With the exponential growth of Internet of Things usage in our world, IoT security is still thebiggest challenge for its deployment. The main goal of IoT security is to ensure the accessibility of services providedby an IoT environment, protect privacy, and confidentiality, and guarantee the safety of IoT users, infrastructures,data, and devices. Authentication, as the first line of defense against security threats, becomes the priority ofeveryone. It can either grant or deny users access to resources according to their legitimacy. As a result, studyingand researching authentication issues within IoT is extremely important. As a result, studying and researchingauthentication issues within IoT is extremely important. This article presents a comparative study of recent researchin IoT security;it provides an analysis of recent authentication protocols from2019 to 2023 that cover several areaswithin IoT (such as smart cities, healthcare, and industry). This survey sought to provide an IoT security researchsummary, the biggest susceptibilities, and attacks, the appropriate technologies, and the most used simulators. Itillustrates that the resistance of protocols against attacks, and their computational and communication cost arelinked directly to the cryptography technique used to build it. Furthermore, it discusses the gaps in recent schemesand provides some future research directions.

Anti-Spoofing:Integrated Information Authentication of BeiDou-ⅡCivil Navigation Message

The BeiDou-Ⅱcivil navigation message(BDⅡ-CNAV)is transmitted in an open environment and no information integrity protection measures are provided.Hence,the BDⅡ-CNAV faces the threat of spoofing attacks,which can lead to wrong location reports and time indication.In order to deal with this threat,we proposed a scheme of anti-spoofing for BDⅡ-CNAV based on integrated information authentication.This scheme generates two type authentication information,one is authentication code information(ACI),which is applied to confirm the authenticity and reliability of satellite time information,and the other is signature information,which is used to authenticate the integrity of satellite location information and other information.Both authentication information is designed to embed into the reserved bits in BDⅡ-CNAV without changing the frame structure.In order to avoid authentication failure caused by public key error or key error,the key or public key prompt information(KPKPI)are designed to remind the receiver to update both keys in time.Experimental results indicate that the scheme can successfully detect spoofing attacks,and the authentication delay is less than 1%of the transmission delay,which meets the requirements of BDⅡ-CNAV information authentication.

Lattice-Based Authentication Scheme to Prevent Quantum Attack in Public Cloud Environment

Public cloud computing provides a variety of services to consumersvia high-speed internet. The consumer can access these services anytimeand anywhere on a balanced service cost. Many traditional authenticationprotocols are proposed to secure public cloud computing. However, therapid development of high-speed internet and organizations’ race to developquantum computers is a nightmare for existing authentication schemes. Thesetraditional authentication protocols are based on factorization or discretelogarithm problems. As a result, traditional authentication protocols arevulnerable in the quantum computing era. Therefore, in this article, we haveproposed an authentication protocol based on the lattice technique for publiccloud computing to resist quantum attacks and prevent all known traditionalsecurity attacks. The proposed lattice-based authentication protocolis provably secure under the Real-Or-Random (ROR) model. At the sametime, the result obtained during the experiments proved that our protocol islightweight compared to the existing lattice-based authentication protocols,as listed in the performance analysis section. The comparative analysis showsthat the protocol is suitable for practical implementation in a quantum-basedenvironment.

ATTACKS AND IMPROVEMENTS ON THE RFID AUTHENTICATION PROTOCOLS BASED ON MATRIX

Most of the Radio Frequency IDentification (RFID) authentication protocols, proposed to preserve security and privacy, are analysed to show that they can not provide security against some passive or active attacks. In this paper, the security of two matrix-based protocols, proposed by Karthikeyan and Nesterenko (KN protocol) and Ramachandra et al. (RRS protocol) that conform to Electronic Product Code Class-1 Generation-2 (EPC Class-1 Gen-2) standard, are investigated. Using the linear relationship of multiplication of matrix and vector, we point out that both protocols can not provide scalability, and they are vulnerable to passive impersonation attack. In addition, both protocols are totally insecure if the adversary can compromise one tag to extract the secrets. A modified lightweight matrix-based authentication protocol is presented, which can resist mainly common attacks on an RFID authentication system including eavesdropping, relay attack, desynchronization attack, impersonation attack and tag tracking attack. The new protocol also has the desirable scalability property and can keep secure under compromising attack.

Digital Text Document Watermarking Based Tampering Attack Detection via Internet

Owing to the rapid increase in the interchange of text information through internet networks,the reliability and security of digital content are becoming a major research problem.Tampering detection,Content authentication,and integrity verification of digital content interchanged through the Internet were utilized to solve a major concern in information and communication technologies.The authors’difficulties were tampering detection,authentication,and integrity verification of the digital contents.This study develops an Automated Data Mining based Digital Text Document Watermarking for Tampering Attack Detection(ADMDTW-TAD)via the Internet.The DM concept is exploited in the presented ADMDTW-TAD technique to identify the document’s appropriate characteristics to embed larger watermark information.The presented secure watermarking scheme intends to transmit digital text documents over the Internet securely.Once the watermark is embedded with no damage to the original document,it is then shared with the destination.The watermark extraction process is performed to get the original document securely.The experimental validation of the ADMDTW-TAD technique is carried out under varying levels of attack volumes,and the outcomes were inspected in terms of different measures.The simulation values indicated that the ADMDTW-TAD technique improved performance over other models.

FMHADP:Design of an Efficient Pre-Forensic Layer for Mitigating Hybrid Attacks via Deep Learning Pattern Analysis

Network attack detection and mitigation require packet collection,pre-processing,feature analysis,classification,and post-processing.Models for these tasks sometimes become complex or inefficient when applied to real-time data samples.To mitigate hybrid assaults,this study designs an efficient forensic layer employing deep learning pattern analysis and multidomain feature extraction.In this paper,we provide a novel multidomain feature extraction method using Fourier,Z,Laplace,Discrete Cosine Transform(DCT),1D Haar Wavelet,Gabor,and Convolutional Operations.Evolutionary method dragon fly optimisation reduces feature dimensionality and improves feature selection accuracy.The selected features are fed into VGGNet and GoogLeNet models using binary cascaded neural networks to analyse network traffic patterns,detect anomalies,and warn network administrators.The suggested model tackles the inadequacies of existing approaches to hybrid threats,which are growing more common and challenge conventional security measures.Our model integrates multidomain feature extraction,deep learning pattern analysis,and the forensic layer to improve intrusion detection and prevention systems.In diverse attack scenarios,our technique has 3.5% higher accuracy,4.3% higher precision,8.5% higher recall,and 2.9% lower delay than previous models.

Intelligent Multilevel Node Authentication in Mobile Computing Using Clone Node

Nodes in a mobile computing system are vulnerable to clone attacks due to their mobility.In such attacks,an adversary accesses a few network nodes,generates replication,then inserts this replication into the network,potentially resulting in numerous internal network attacks.Most existing techniques use a central base station,which introduces several difficulties into the system due to the network’s reliance on a single point,while other ways generate more overhead while jeopardising network lifetime.In this research,an intelligent double hashing-based clone node identification scheme was used,which reduces communication and memory costs while performing the clone detection procedure.The approach works in two stages:in the first,the network is deployed using an intelligent double hashing procedure to avoid any network collisions and then in the second,the clone node identification procedure searches for any clone node in the network.This first phase verifies the node prior to network deployment,and then,whenever a node wants to interact,it executes the second level of authentication.End-to-end delay,which is bound to increase owing to the injection of clone nodes,and packet loss,which is reduced by the double hashing technique,were used to evaluate the performance of the aforementioned approach.

Authentication of Vehicles and Road Side Units in Intelligent Transportation System

Security threats to smart and autonomous vehicles cause potential consequences such as traffic accidents,economically damaging traffic jams,hijacking,motivating to wrong routes,and financial losses for businesses and governments.Smart and autonomous vehicles are connected wirelessly,which are more attracted for attackers due to the open nature of wireless communication.One of the problems is the rogue attack,in which the attacker pretends to be a legitimate user or access point by utilizing fake identity.To figure out the problem of a rogue attack,we propose a reinforcement learning algorithm to identify rogue nodes by exploiting the channel state information of the communication link.We consider the communication link between vehicle-to-vehicle,and vehicle-to-infrastructure.We evaluate the performance of our proposed technique by measuring the rogue attack probability,false alarm rate(FAR),mis-detection rate(MDR),and utility function of a receiver based on the test threshold values of reinforcement learning algorithm.The results show that the FAR and MDR are decreased significantly by selecting an appropriate threshold value in order to improve the receiver’s utility.

Security Analysis of an Attractive Online Authentication Standard：FIDO UAF Protocol

FIDO(Fast IDentity Online) Alliance proposed a set of standard in 2014 for change the nature of online authentication. By now, it has drawn attention from many companies, including Google, VISA, Intel etc. In this paper, we analyze the FIDO UAF(Universal Authentication Framework) Protocol, one of the two sets of specifications in the standard. We first present protocols' cryptographic abstractions for the registration and authentication protocols of the FIDO UAF. According to the abstractions, we discuss on selected security goals presented in the standard to study UAF security properties. We also propose three attacks, which the first two are based on an assumption that an attacker can corrupt the software installed on the user device, and the third is based on two users sharing a FIDO roaming authenticator. The results of the attacks are to impersonate the legitimate user to pass the online authentication.

An enhanced scheme for mutual authentication for healthcare services

With the advent of state-of-art technologies,the Telecare Medicine Information System(TMIS)now offers fast and convenient healthcare services to patients at their doorsteps.However,this architecture engenders new risks and challenges to patients'and the server's confidentiality,integrity and security.In order to avoid any resource abuse and malicious attack,employing an authentication scheme is widely considered as the most effective approach for the TMIS to verify the legitimacy of patients and the server.Therefore,several authentication protocols have been proposed to this end.Very recently,Chaudhry et al.identified that there are vulnerabilities of impersonation attacks in Islam et al.'s scheme.Therefore,they introduced an improved protocol to mitigate those security flaws.Later,Qiu et al.proved that these schemes are vulnerable to the man-in-the-middle,impersonation and offline password guessing attacks.Thus,they introduced an improved scheme based on the fuzzy verifier techniques,which overcome all the security flaws of Chaudhry et al.'s scheme.However,there are still some security flaws in Qiu et al.'s protocol.In this article,we prove that Qiu et al.'s protocol has an incorrect notion of perfect user anonymity and is vulnerable to user impersonation attacks.Therefore,we introduce an improved protocol for authentication,which reduces all the security flaws of Qiu et al.'s protocol.We also make a comparison of our protocol with related protocols,which shows that our introduced protocol is more secure and efficient than previous protocols.

Secure Multifactor Remote Access User Authentication Framework for IoT Networks

The term IoT refers to the interconnection and exchange of data among devices/sensors.IoT devices are often small,low cost,and have limited resources.The IoT issues and challenges are growing increasingly.Security and privacy issues are among the most important concerns in IoT applications,such as smart buildings.Remote cybersecurity attacks are the attacks which do not require physical access to the IoT networks,where the attacker can remotely access and communicate with the IoT devices through a wireless communication channel.Thus,remote cybersecurity attacks are a significant threat.Emerging applications in smart environments such as smart buildings require remote access for both users and resources.Since the user/building communication channel is insecure,a lightweight and secure authentication protocol is required.In this paper,we propose a new secure remote user mutual authentication protocol based on transitory identities and multi-factor authentication for IoT smart building environment.The protocol ensures that only legitimate users can authenticate with smart building controllers in an anonymous,unlinkable,and untraceable manner.The protocol also avoids clock synchronization problem and can resist quantum computing attacks.The security of the protocol is evaluated using two different methods:(1)informal analysis;(2)model check using the automated validation of internet security protocols and applications(AVISPA)toolkit.The communication overhead and computational cost of the proposed are analyzed.The security and performance analysis show that our protocol is secure and efficient.

A Secure and Efficient Cluster-Based Authentication Scheme for Internet of Things(IoTs)

IPv6 over Low PowerWireless Personal Area Network(6LoWPAN)provides IP connectivity to the highly constrained nodes in the Internet of Things(IoTs).6LoWPANallows nodeswith limited battery power and storage capacity to carry IPv6 datagrams over the lossy and error-prone radio links offered by the IEEE 802.15.4 standard,thus acting as an adoption layer between the IPv6 protocol and IEEE 802.15.4 network.The data link layer of IEEE 802.15.4 in 6LoWPAN is based on AES(Advanced Encryption Standard),but the 6LoWPANstandard lacks and has omitted the security and privacy requirements at higher layers.The sensor nodes in 6LoWPANcan join the network without requiring the authentication procedure.Therefore,from security perspectives,6LoWPAN is vulnerable to many attacks such as replay attack,Man-in-the-Middle attack,Impersonation attack,and Modification attack.This paper proposes a secure and efficient cluster-based authentication scheme(CBAS)for highly constrained sensor nodes in 6LoWPAN.In this approach,sensor nodes are organized into a cluster and communicate with the central network through a dedicated sensor node.The main objective of CBAS is to provide efficient and authentic communication among the 6LoWPAN nodes.To ensure the low signaling overhead during the registration,authentication,and handover procedures,we also introduce lightweight and efficient registration,de-registration,initial authentication,and handover procedures,when a sensor node or group of sensor nodes join or leave a cluster.Our security analysis shows that the proposed CBAS approach protects against various security attacks,including Identity Confidentiality attack,Modification attack,Replay attack,Man-in-the-middle attack,and Impersonation attack.Our simulation experiments show that CBAS has reduced the registration delay by 11%,handoff authentication delay by 32%,and signaling cost by 37%compared to the SGMS(Secure GroupMobility Scheme)and LAMS(Light-Wight Authentication&Mobility Scheme).

Security Analysis and Improvement of Authentication Scheme Based on a One-way Hash Function and Diffie-Hellman Key Exchange Using Smart Card

A new authentication scheme based on a one-way hash function and Diffie-Hellman key exchange using smart card was propused by Yoon et al. in 2005. They claimed that the proposed protocol is against password guessing attack. In this paper, the author demonstrate that Yoon＇s scheme is vulnerable to the off-line password guessing attack by using a stolen smart card and the DoS attack by computational load at the re, note system. An improvement of Yoon＇s scheme to resist the above attacks is also proposed.

Efficient Authentication Algorithm for Secure Remote Access in Wireless Sensor Networks

Wireless sensor networks convey mission critical data that calls for adequate privacy and security protection.To accomplish this objective,numerous intrusion detection schemes based on machine learning approaches have been developed.In addition,authentication and key agreements techniques have been developed using techniques such as elliptic curve cryptography,bilinear pairing operations,biometrics,fuzzy verifier and Rabin cryptosystems.However,these schemes have either high false positive rates,high communication,computation,storage or energy requirements,all of which are not ideal for battery powered sensor nodes.Moreover,majority of these algorithms still have some security and privacy challenges that render them susceptible to various threats.In this paper,a WSN authentication algorithm is presented that is shown to be robust against legacy WSN privacy and security attacks such as side-channel,traceability,offline guessing,replay and impersonations.From a performance perspective,the proposed algorithm requires the least computation overheads and average computation costs among its peers.

Improvements in a Puzzle Authentication Method

This article discusses improvements in a puzzle authentication method that adopts the interface of the Puzzle and Dragons game [1] and is tolerant against video-recording attacks. A problem that the conventional puzzle authentication methods face is that they are time consuming and have low success rate in authentication. We evaluated improvements of the interface to verify the usability of the improved system. The results suggested that the usability in terms of operation time and authentication success rate attained a level that was comparable with other leading methods in the field.

An Intelligent Hybrid Mutual Authentication Scheme for Industrial Internet of Thing Networks

Internet of Things(IoT)network used for industrial management is vulnerable to different security threats due to its unstructured deployment,and dynamic communication behavior.In literature various mechanisms addressed the security issue of Industrial IoT networks,but proper maintenance of the performance reliability is among the common challenges.In this paper,we proposed an intelligent mutual authentication scheme leveraging authentication aware node(AAN)and base station(BS)to identify routing attacks in Industrial IoT networks.The AAN and BS uses the communication parameter such as a route request(RREQ),node-ID,received signal strength(RSS),and round-trip time(RTT)information to identify malicious devices and routes in the deployed network.The feasibility of the proposed model is validated in the simulation environment,where OMNeT++was used as a simulation tool.We compare the results of the proposed model with existing field-proven schemes in terms of routing attacks detection,communication cost,latency,computational cost,and throughput.The results show that our proposed scheme surpasses the previous schemes regarding these performance parameters with the attack detection rate of 97.7%.

PROBABILISTIC CLONE-RESEND ATTACK STRATEGY IN QUANTUM KEY DISTRIBUTION

A kind of attack strategy based on a probabilistic cloning machine is proposed in this letter. The security of BB84 and the six-state quantum key distribution protocols under this attack is studied by theoretic analyses and corroborated by simulations. It is concluded that the quantum key distribution protocols still have an asymptotic perfect security even if the eavesdropper adopts the proposed attack strategy.

Dual Authentication Hashing for Security Enhancement in MANET

Mobile Ad hoc Network (MANET) is a collection of mobile hosts with wireless interfaces that form a temporary network without the aid of any fixed infrastructure or centralized administration. A MANET is a type of ad hoc network that can change locations and configure itself on the fly. The dynamic and cooperative behaviour of ad hoc networking without any centralized or unified controlling authority for authentication and monitoring is sensitive to attacks that damage or exploit the cooperative behaviour of ad hoc routing. Routing attacks lead to the most disastrous damage in MANET. The main objective of this paper is to enhance the security against routing attacks in MANETs. Intrusion detection based on DAHT (Dual Authentication Hash Technique) entirely depends on the end to end communication between the source and destination is employed here. The proposed technique identifies the misbehaving nature of current node and the previous node where it receives the information. DAHT is simulated with various parameters in NS2. The results obtained are compared with existing mechanism. The results show that malicious detection, overhead reduction and delay are better when compared to the existing system that is employed in protecting the routing information.

Assessing Secure OpenID-Based EAAA Protocol to Prevent MITM and Phishing Attacks in Web Apps

To secure web applications from Man-In-The-Middle(MITM)and phishing attacks is a challenging task nowadays.For this purpose,authen-tication protocol plays a vital role in web communication which securely transfers data from one party to another.This authentication works via OpenID,Kerberos,password authentication protocols,etc.However,there are still some limitations present in the reported security protocols.In this paper,the presented anticipated strategy secures both Web-based attacks by leveraging encoded emails and a novel password form pattern method.The proposed OpenID-based encrypted Email’s Authentication,Authorization,and Accounting(EAAA)protocol ensure security by relying on the email authenticity and a Special Secret Encrypted Alphanumeric String(SSEAS).This string is deployed on both the relying party and the email server,which is unique and trustworthy.The first authentication,OpenID Uniform Resource Locator(URL)identity,is performed on the identity provider side.A second authentication is carried out by the hidden Email’s server side and receives a third authentication link.This Email’s third SSEAS authentication link manages on the relying party(RP).Compared to existing cryptographic single sign-on protocols,the EAAA protocol ensures that an OpenID URL’s identity is secured from MITM and phishing attacks.This study manages two attacks such as MITM and phishing attacks and gives 339 ms response time which is higher than the already reported methods,such as Single Sign-On(SSO)and OpenID.The experimental sites were examined by 72 information technology(IT)specialists,who found that 88.89%of respondents successfully validated the user authorization provided to them via Email.The proposed EAAA protocol minimizes the higher-level risk of MITM and phishing attacks in an OpenID-based atmosphere.

Blockchain-based DDoS attack mitigation protocol for device-to-device interaction in smart home

Smart home devices are vulnerable to a variety of attacks.The matter gets more complicated when a number of devices collaborate to launch a colluding attack(e.g.,Distributed-Denial-of-Service(DDoS))in a network(e.g.,Smart home).To handle these attacks,most studies have hitherto proposed authentication protocols that cannot necessarily be implemented in devices,especially during Device-to-Device(D2D)interactions.Tapping into the potential of Ethereum blockchain and smart contracts,this work proposes a lightweight authentication mechanism that enables safe D2D interactions in a smart home.The Ethereum blockchain enables the implementation of a decentralized prototype as well as a peer-to-peer distributed ledger system.The work also uses a single server queuing system model and the authentication mechanism to curtail DDoS attacks by controlling the number of service requests in the system.The simulation was conducted twenty times,each with varying number of devices chosen at random(ranging from 1 to 30).Each requester device sends an arbitrary request with a unique resource requirement at a time.This is done to measure the system's consistency across a variety of device capabilities.The experimental results show that the proposed protocol not only prevents colluding attacks,but also outperforms the benchmark protocols in terms of computational cost,message processing,and response times.