+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)

IoT Security. Advances in Authentication. Edition No. 1

  • Book

  • 320 Pages
  • February 2020
  • John Wiley and Sons Ltd
  • ID: 5842290

An up-to-date guide to an overview of authentication in the Internet of Things (IoT)

The Internet of things (IoT) is the network of the countless physical devices that have the possibility to connect and exchange data. Among the various security requirements, authentication to the IoT is the first step to prevent the impact of attackers. IoT Security offers an important guide into the development of the many authentication mechanisms that provide IoT authentication at various levels such as user level, device level and network level. 

The book covers a wide range of topics including an overview of IoT and addresses in detail the security challenges at every layer by considering both the technologies and the architecture used. The authors - noted experts on the topic - provide solutions for remediation of compromised security, as well as methods for risk mitigation, and offer suggestions for prevention and improvement. In addition, IoT Security offers a variety of illustrative use cases. This important book:

  • Offers an authoritative reference designed for use by all IoT stakeholders
  • Includes information for securing devices at the user, device, and network levels
  • Contains a classification of existing vulnerabilities
  • Written by an international group of experts on the topic
  • Provides a guide to the most current information available on IoT security 

Written for network operators, cloud operators, IoT device manufacturers, IoT device users, wireless users, IoT standardization organizations, and security solution developers, IoT Security is an essential guide that contains information on security features, including underlying networks, architectures, and security requirements.

Table of Contents

About the Editors xiii

List of Contributors xvii

Preface xxiii

Acknowledgments xxix

Part I IoT Overview 1

1 Introduction to IoT 3
Anshuman Kalla, Pawani Prombage, and Madhusanka Liyanage

1.1 Introduction 4

1.1.1 Evolution of IoT 4

1.2 IoT Architecture and Taxonomy 5

1.3 Standardization Efforts 7

1.4 IoT Applications 10

1.4.1 Smart Home 11

1.4.2 Smart City 13

1.4.3 Smart Energy 14

1.4.4 Healthcare 15

1.4.5 IoT Automotive 16

1.4.6 Gaming, AR and VR 16

1.4.7 Retail 17

1.4.8 Wearable 18

1.4.9 Smart Agriculture 18

1.4.10 Industrial Internet 19

1.4.11 Tactile Internet 19

1.4.12 Conclusion 20

Acknowledgement 20

References 20

2 Introduction to IoT Security 27
Anca D. Jurcut, Pasika Ranaweera, and Lina Xu

2.1 Introduction 27

2.2 Attacks and Countermeasures 29

2.2.1 Perception Layer 30

2.2.2 Network Layer 33

2.2.3 Application Layer 34

2.3 Authentication and Authorization 41

2.3.1 Authentication 42

2.3.2 Authorization 42

2.3.3 Authentication at IoT Layers 43

2.4 Other Security Features and Related Issues 48

2.4.1 The Simplified Layer Structure 48

2.4.2 The Idea of Middleware 49

2.4.3 Cross-Layer Security Problem 50

2.4.4 Privacy 50

2.4.5 Risk Mitigation 51

2.5 Discussion 52

2.6 Future Research Directions 54

2.6.1 Blockchain 54

2.6.2 5G 55

2.6.3 Fog and Edge Computing 56

2.6.4 Quantum Security, AI, and Predictive Data Analytics 57

2.6.5 Network Slicing 57

2.7 Conclusions 58

References 59

Part II IoT Network and Communication Authentication 65

3 Symmetric Key-Based Authentication with an Application to Wireless Sensor Networks 67
An Braeken

3.1 Introduction 67

3.2 Related Work 69

3.3 System Model and Assumptions 70

3.3.1 Design Goals 70

3.3.2 Setting 70

3.3.3 Notations 71

3.3.4 Attack Model 71

3.4 Scheme in Normal Mode 72

3.4.1 Installation Phase 72

3.4.2 Group Node Key 73

3.4.3 Individual Cluster Key 73

3.4.4 Pairwise Key Derivation 74

3.4.5 Multicast Key 76

3.4.6 Group Cluster Key 76

3.5 Authentication 77

3.5.1 Authentication by CN 77

3.5.2 Authenticated Broadcast by the CH 77

3.5.3 Authenticated Broadcast by the BS 78

3.6 Scheme in Change Mode 78

3.6.1 Capture of CN 78

3.6.2 Capture of CH 79

3.6.3 Changes for Honest Nodes 79

3.7 Security Analysis 80

3.7.1 Resistance Against Impersonation Attack 80

3.7.2 Resistance Against Node Capture 81

3.7.3 Resistance Against Replay Attacks 81

3.8 Efficiency 81

3.8.1 Number of Communication Phases 81

3.8.2 Storage Requirements 82

3.8.3 Packet Fragmentation 82

3.9 Conclusions 83

Acknowledgement 83

References 83

4 Public Key Based Protocols - EC Crypto 85
Pawani Porambage, An Braeken, and Corinna Schmitt

4.1 Introduction to ECC 85

4.1.1 Notations 86

4.1.2 ECC for Authentication and Key Management 87

4.2 ECC Based Implicit Certificates 88

4.2.1 Authentication and Key Management Using ECC Implicit Certificates 88

4.3 ECC-Based Signcryption 91

4.3.1 Security Features 93

4.3.2 Scheme 93

4.4 ECC-Based Group Communication 95

4.4.1 Background and Assumptions 95

4.4.2 Scheme 96

4.5 Implementation Aspects 97

4.6 Discussion 98

References 98

5 Lattice-Based Cryptography and Internet of Things 101
Veronika Kuchta and Gaurav Sharma

5.1 Introduction 101

5.1.1 Organization 102

5.2 Lattice-Based Cryptography 102

5.2.1 Notations 102

5.2.2 Preliminaries 103

5.2.3 Computational Problems 104

5.2.4 State-of-the-Art 105

5.3 Lattice-Based Primitives 106

5.3.1 One-Way and Collision-Resistant Hash Functions 106

5.3.2 Passively Secure Encryption 106

5.3.3 Actively Secure Encryption 107

5.3.4 Trapdoor Functions 107

5.3.5 Gadget Trapdoor 108

5.3.6 Digital Signatures without Trapdoors 108

5.3.7 Pseudorandom Functions (PRF) 109

5.3.8 Homomorphic Encryption 110

5.3.9 Identity-Based Encryption (IBE) 111

5.3.10 Attribute-Based Encryption 112

5.4 Lattice-Based Cryptography for IoT 113

5.5 Conclusion 115

References 115

Part III IoT User Level Authentication 119

6 Efficient and Anonymous Mutual Authentication Protocol in Multi-Access Edge Computing (MEC) Environments 121
Pardeep Kumar and Madhusanka Liyanage

6.1 Introduction 121

6.2 Related Work 123

6.3 Network Model and Adversary Model 124

6.3.1 Network Model 124

6.3.2 Adversary Model 125

6.4 Proposed Scheme 125

6.4.1 System Setup for the Edge Nodes Registration at the Registration Center 125

6.4.2 User Registration Phase 126

6.4.3 Login and User Authentication Phase 126

6.4.4 Password Update Phase 127

6.5 Security and Performance Evaluation 127

6.5.1 Informal Security Analysis 127

6.5.2 Performance Analysis 129

6.6 Conclusion 130

References 130

7 Biometric-Based Robust Access Control Model for Industrial Internet of Things Applications 133
Pardeep Kumar and Gurjot Singh Gaba

7.1 Introduction 133

7.2 Related Work 134

7.3 Network Model, Threat Model and Security Requirements 136

7.3.1 Network Model 136

7.3.2 Threat Model 136

7.3.3 Security Goals 136

7.4 Proposed Access Control Model in IIoT 136

7.4.1 System Setup 137

7.4.2 Authentication and Key Establishment 138

7.5 Security and Performance Evaluations 139

7.5.1 Informal Security Analysis 139

7.5.2 Performance Analysis 140

7.6 Conclusions 141

References 142

8 Gadget Free Authentication 143
Madhusanka Liyanage, An Braeken, and Mika Ylianttila

8.1 Introduction to Gadget-Free World 143

8.2 Introduction to Biometrics 146

8.3 Gadget-Free Authentication 148

8.4 Preliminary Aspects 149

8.4.1 Security Requirements 149

8.4.2 Setting 149

8.4.3 Notations 150

8.5 The System 150

8.5.1 Registration Phase 151

8.5.2 Installation Phase 151

8.5.3 Request Phase 151

8.5.4 Answer Phase 152

8.5.5 Update Phase 153

8.6 Security Analysis 153

8.6.1 Accountability 153

8.6.2 Replay Attacks 153

8.6.3 Insider Attacks 153

8.6.4 HW/SW Attacks 154

8.6.5 Identity Privacy 154

8.7 Performance Analysis 154

8.7.1 Timing for Cryptographic/Computational Operation 155

8.7.2 Communication Cost 155

8.8 Conclusions 156

Acknowledgement 156

References 156

9 WebMaDa 2.1 - A Web-Based Framework for Handling User Requests Automatically and Addressing Data Control in Parallel 159
Corinna Schmitt, Dominik Bünzli, and Burkhard Stiller

9.1 Introduction 159

9.2 IoT-Related Concerns 160

9.3 Design Decisions 162

9.4 WebMaDa’s History 163

9.5 WebMaDa 2.1 166

9.5.1 Email Notifications 166

9.5.2 Data Control Support 171

9.6 Implementation 173

9.6.1 Mailing Functionality 173

9.6.2 Logging Functionality 175

9.6.3 Filtering Functionality 176

9.7 Proof of Operability 176

9.7.1 Automated Request Handling 177

9.7.2 Filtering Functionality Using Logging Solution 182

9.8 Summary and Conclusions 182

References 183

Part IV IoT Device Level Authentication 185

10 PUF-Based Authentication and Key Exchange for Internet of Things 187
An Braeken

10.1 Introduction 187

10.2 Related Work 189

10.2.1 Key Agreement from IoT Device to Server 189

10.2.2 Key Agreement between Two IoT Devices 190

10.3 Preliminaries 191

10.3.1 System Architecture 191

10.3.2 Assumptions 192

10.3.3 Attack Model 192

10.3.4 Cryptographic Operations 193

10.4 Proposed System 194

10.4.1 Registration Phase 195

10.4.2 Security Association Phase 195

10.4.3 Authentication and Key Agreement Phase 195

10.5 Security Evaluation 197

10.6 Performance 199

10.6.1 Computational Cost 199

10.6.2 Communication Cost 200

10.7 Conclusions 201

References 202

11 Hardware-Based Encryption via Generalized Synchronization of Complex Networks 205
Lars Keuninckx and Guy Van der Sande

11.1 Introduction 205

11.2 System Scheme: Synchronization without Correlation 208

11.2.1 The Delay-Filter-Permute Block 211

11.2.2 Steady-State Dynamics of the DFP 214

11.2.3 DFP-Bitstream Generation 214

11.2.4 Sensitivity to Changes in the Permutation Table 215

11.3 The Chaotic Followers 217

11.3.1 The Permute-Filter Block 217

11.3.2 Brute Force Attack 219

11.3.3 PF-Bitstream Generation 219

11.4 The Complete System 220

11.4.1 Image Encryption Example 220

11.4.2 Usage for Authentication 221

11.5 Conclusions and Outlook 222

Acknowledgements 223

Author Contributions Statement 223

Additional Information 223

References 223

Part V IoT Use Cases and Implementations 225

12 IoT Use Cases and Implementations: Healthcare 227
Mehrnoosh Monshizadeh, Vikramajeet Khatri, Oskari Koskimies, and Mauri Honkanen

12.1 Introduction 227

12.2 Remote Patient Monitoring Architecture 228

12.3 Security Related to eHealth 229

12.3.1 IoT Authentication 231

12.4 Remote Patient Monitoring Security 234

12.4.1 Mobile Application Security 234

12.4.2 Communication Security 235

12.4.3 Data Integrity 235

12.4.4 Cloud Security 235

12.4.5 Audit Logs 236

12.4.6 Intrusion Detection Module 236

12.4.7 Authentication Architecture 240

12.4.8 Attacks on Remote Patient Monitoring Platform 242

12.5 Conclusion 242

References 244

13 Secure and Efficient Privacy-preserving Scheme in Connected Smart Grid Networks 247
An Braeken and Pardeep Kumar

13.1 Introduction 247

13.1.1 Related Work 249

13.1.2 Our Contributions 250

13.1.3 Structure of Chapter 251

13.2 Preliminaries 251

13.2.1 System Model 251

13.2.2 Security Requirements 251

13.2.3 Cryptographic Operations and Notations 252

13.3 Proposed Scheme 253

13.3.1 Initialisation Phase 253

13.3.2 Smart Meter Registration Phase 253

13.3.3 Secure Communication Between Smart Meter and Aggregator 254

13.4 Security Analysis 255

13.4.1 Formal Proof 255

13.4.2 Informal Discussion 258

13.5 Performance Analysis 260

13.5.1 Computation Costs 260

13.5.2 Communication Costs 261

13.6 Conclusions 262

References 262

14 Blockchain-Based Cyber Physical Trust Systems 265
Arnold Beckmann, Alex Milne, Jean-Jose Razafindrakoto, Pardeep Kumar, Michael Breach, and Norbert Preining

14.1 Introduction 265

14.2 Related Work 268

14.3 Overview of Use-Cases and Security Goals 269

14.3.1 Use-Cases 269

14.3.2 Security Goals 270

14.4 Proposed Approach 270

14.5 Evaluation Results 272

14.5.1 Security Features 272

14.5.2 Testbed Results 273

14.6 Conclusion 276

References 276

Index 279

Authors

Madhusanka Liyanage An Braeken Pardeep Kumar Mika Ylianttila