A Privacy-Aware Dynamic Authentication Scheme for IoT Enabled Business Services

Full Text (PDF, 543KB), PP.29-37

Views: 0 Downloads: 0

Author(s)

Nitin Singh Chauhan 1,* Ashutosh Saxena 2 JVR Murthy 1

1. Jawahar Lal Nehru Technological University Kakinada, 533003, India

2. C.R.Rao Advanced Institute of Mathematics, Statistics and Computer Science (AIMSCS), Hyderabad, 500046, India

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2019.06.04

Received: 23 Mar. 2019 / Revised: 14 Apr. 2019 / Accepted: 24 Apr. 2019 / Published: 8 Jun. 2019

Index Terms

IoT, Security, Authentication, Privacy, Smart Meter

Abstract

Tech-savvy users are striving to bring automation and digitization in their lifestyle to make life more comfortable and efficient; Internet of Things (IoT) is an enabler in this direction. Technology advancements and new business opportunities are rapidly changing the IoT adoption landscape, and thereby security and privacy concerns have also started raising and realizing. The increasing number of IP enabled electronic devices, enormous data generation, and communication traffic have enhanced the attack surface for security and privacy violators. Many security attack scenarios are the result of poor identification and authentication mechanisms of communicating entities. In this paper, we present a secure scheme to perform a business transaction initiated by a smart device in the IoT environment. Scheme performs dynamic authentication of a business transaction while ensuring the privacy of the associated user(s). This scheme relies on Message Authentication Code (MAC) and dynamic key generation method to achieve a secure workflow. In this paper, we present a pluggable Roaming Smart Meters (RSM) concept to demonstrate the applicability of the proposed authentication scheme.

Cite This Paper

Nitin Singh Chauhan, Ashutosh Saxena, JVR Murthy, "A Privacy-Aware Dynamic Authentication Scheme for IoT Enabled Business Services", International Journal of Computer Network and Information Security(IJCNIS), Vol.11, No.6, pp.29-37, 2019.DOI:10.5815/ijcnis.2019.06.04

Reference

[1]L. Columbus, “2017 Roundup Of Internet Of Things Forecasts,” Forbes, 11-Dec-2017. [Online]. Available: https://www.forbes.com/sites/louiscolumbus/2017/12/10/2017-roundup-of-internet-of-things-forecasts/. [Accessed: 22-Mar-2019].
[2]A. Radovici, C. Rusu, and R. Serban, “A Survey of IoT Security Threats and Solutions,” 2018 17th RoEduNet Conference: Networking in Education and Research (RoEduNet), 2018.
[3]M. Frustaci, P. Pace, G. Aloi, and G. Fortino, “Evaluating Critical Security Issues of the IoT World: Present and Future Challenges,” IEEE Internet of Things Journal, vol. 5, no. 4, pp. 2483–2495, 2018.
[4]M. T. Banday, “Security in Context of the Internet of Things,” Cryptographic Security Solutions for the Internet of Things Advances in Information Security, Privacy, and Ethics, pp. 1–40, 2019.
[5]A. Greenberg, “Hackers Remotely Kill a Jeep on the Highway-With Me in It,” Wired, 20-Nov-2018. [Online]. Available: http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/. [Accessed: 22-Mar-2019].
[6]P. Leskin, “The 21 biggest data breaches of 2018,” Business Insider, 11-Dec-2018. [Online]. Available: https://www.businessinsider.in/The-21-biggest-data-breaches-of-2018/articleshow/67045497.cms. [Accessed: 22-Mar-2019].
[7]R. Nukala, A. Shields, U. McCarthy, S. Ward, "An IoT based approach towards Global Food Safety and Security", IT&T, pp. 10, 2015.
[8]L. Lamport, “Password authentication with insecure communication,” Communications of the ACM, vol.24, no.11, pp.770-772, 1981.
[9]Tsai, Chwei-Shyong, Cheng-Chi Lee, and Min-Shiang Hwang, "Password Authentication Schemes: Current Status and Key Issues," IJ Network Security, vol.3, no. 2 (2006): 101-115.
[10]M.L. Das, A. Saxena, and V.P. Gulati, "A Dynamic ID-based Remote User Authentication Scheme", IEEE Transactions on Consumer Electronics, vol. 50, No. 2, 2004.
[11]K. Awasthi, and S. Lal, “A remote user authentication scheme using smart cards with Forward Secrecy,” IEEE Transactions on Consumer Electronics, vol.49, no.4, pp.1246-1248, Nov. 2003.
[12]M. S. Hwang, C. C. Chang, and K. F. Hwang, “An E1Gamal-like cryptosystem for enciphering large messages,” IEEE Trans. on Knowledge and Data Engineering, vol.14, no.2, pp.445-446, 2002.
[13]C. C. Lee, L. H. Li, and M. S. Hwang, “A remote user authentication scheme using hash functions,” ACM Operating Systems Review, vol.36, no.4, pp.23-29, 2002.
[14]H. Wang, B. Sheng, C. C. Tan, and Q. Li, “Comparing Symmetric-key and Public-key Based Security Schemes in Sensor Networks: A Case Study of User Access Control,” 2008 The 28th International Conference on Distributed Computing Systems, 2008.
[15]C. Adams, M. Just, PKI: Ten Years Later. PKI R&D Workshop, 2004.
[16]M. Braun, E. Hess, B. Meyer, "Using Elliptic Curves on RFID Tags", IJCSNS International Journal of Computer Science and Network Security, vol. 8, no. 2, Feb 2008.
[17]T. Suen and A. Yasinsac, “Ad hoc network security: peer identification and authentication using signal properties,” Proceedings from the Sixth Annual IEEE Systems, Man and Cybernetics (SMC) Information Assurance Workshop, 2005.
[18]A. M. El-Nagar, A. A. A. El-Hafez, and A. Elhnawy, “A novel EAP-moderate weight Extensible Authentication Protocol,” 2011 seventh International Computer Engineering Conference (ICENCO2011), 2011.
[19]J. Liu, Y. Xiao, and C. P. Chen, “Authentication and Access Control in the Internet of Things,” 2012 32nd International Conference on Distributed Computing Systems Workshops, 2012.
[20]G. Zhao, X. Si, J. Wang, X. Long, and T. Hu, “A novel mutual authentication scheme for Internet of Things,” Proceedings of 2011 International Conference on Modelling, Identification and Control, 2011.
[21]A. Alcaide, E. Palomar, J. Montero-Castillo, and A. Ribagorda, “Anonymous authentication for privacy-preserving IoT target-driven applications,” Computers & Security, vol. 37, pp. 111–123, 2013.
[22]P. N. Mahalle, B. Anggorojati, N. R. Prasad, R. Prasad, "Identity authentication and capability based access control (iacac) for the internet of things", Journal of Cyber Security and Mobility, vol. 1, no. 4, pp. 309-348, 2013.
[23]H. Nicanfar, S. Hosseininezhad, P. Talebifard, and V. C. M. Leung, “Robust privacy-preserving authentication scheme for communication between Electric Vehicle as Power Energy Storage and power stations,” 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), 2013. pp. 55-60.
[24]I. B. Damgård, “A Design Principle for Hash Functions,” Advances in Cryptology — CRYPTO’ 89 Proceedings Lecture Notes in Computer Science, pp. 416–427.
[25]B. Preneel, “Analysis and design of cryptographic hash functions,” thesis.