C RYPTO P HOTO

CryptoPhoto is a 2FA framework with two-channel mutual authentication. It works by showing a user a random photo retrieved from their token device (physical card, smartphone app, etc.). This authentication technique allows a client to select photos that are unique to their token, after which a one-time authentication code is sent to complete the process. By using the CryptoPhoto authentica-tion method, one can minimize the chance of fake or malicious data (phishing, social engineering, hijacking, MiTM, etc.) being presented to the user, and it also blocks against snooping attacks (keyloggers, viruses, Trojans, malware, etc.). While this is another human-centric authentication scheme, the current application is infeasible for IoT devices because of the resource requirements for performing image processing.

This technique does not work for an IoT environment because it would require an IoT device to process images, which is expensive. In addition, it needs special hardware to perform this task for the authentication process. Due to this limitation, the CryptoPhoto technique is an infeasible method for IoT authentication.

4.8.3 B

Blockchain is a passwordless authentication technique for M2M authentication purposes and the tracking of past operations through the use of a ledger (Herbert and Litchfield, 2015). A blockchain is a continuously growing list of ordered records (i.e., blocks) that each contain a time stamp and a link to a previous block in the chain. Each block can contain digital fingerprints, signatures, hashes of sensitive information, or a ledger for public transactions. Blockchains are traditionally imple-mented as a distributed database that is inherently resistant to the modification of its own data once it has been added to the blockchain. Blockchain authentication does not require third-party identity

Step 2

Insert security key and touch the golden button Step 1

Enter your username and password

Step 3

Done!

FIGURE 4.6

FIGURE 4.6 FIDO two-step authentication process.

87 87 Exploring Methods of Authentication for the Internet of Things

providers, because the blockchain is the directory of identities. An advantage of using blockchain-based authentication is that there are no human interactions involved since all calculations of the blockchain are independent from the user. Furthermore, it is incredibility difficult to alter previous or current transactions in a blockchain due to the heavy computational requirement for each block in the chain. Blockchain technology offers provenance in complex supply chains and authentication auditing; however, the resulting computational requirements alone are too high for even attempt-ing this solution in a purely IoT network. Blockchain authentication can be implemented within a network of mixed IoT and non-IoT devices, such as tablets and data servers. The non-IoT ele-ments must perform the blockchain computations because they have the resources to do so. Ideally, in order to establish M2M authentication, the IoT devices must also compute these blockchain calculations. However, since IoT systems are highly resource limited, they would not be able to perform this task. Therefore, the standard blockchain-based authentication is not feasible for IoT environment implementation because the requirements for maintaining a ledger, performing the verification computations, and using PKI are extremely resource-intensive. One attempt is to involve blockchain techniques with other known authentication practices (Guardtime, 2016). Research is currently being done to obtain this goal without intentionally weakening the blockchain ledger and verification process (Kolias et al., 2016). There has also been some work to prototype an IoT block-chain solution, but this work is inconclusive and has no results (Huh et al., 2017). In order to use blockchain techniques in IoT, one must alter the traditional blockchain method to require fewer resources for its operation.

4.9 CONCLUSIONS 4.9 CONCLUSIONS

This chapter reviewed several authentication approaches and their viability in an IoT environment.

It was shown that the main limitations of implementing an authentication scheme in an IoT frame-work center around communication complexity, power distribution and consumption, computational requirements, memory storage, overhead (cost and development), and the amount of operational resources required to function. It is worth mentioning that while this chapter reviews a broad spec-trum of authentication schemes, not all are feasible for IoT devices. The reason for this is that the aforementioned limitations greatly impact the implementation of these authentication frameworks.

Furthermore, the scenario in which these IoT devices are used also dictates the effectiveness of each method. Due to the inherent resource-constrained nature of these embedded systems, one should favor lightweight, low-cost, reliable, and secure authentication schemes for IoT-based networks and systems.

It is believed that the most capable and beneficial authentication technologies that can meet these needs are human property–based authentication (biometrics), silicon property–based authentica-tion (PUF), and next-generaauthentica-tion-based authenticaauthentica-tion (FIDO). These recommended authenticaauthentica-tion solutions have the advantages of being easy to use and effective at preventing malicious attacks, minimizing the impact of human error, and being unique based on the nature of their approach.

Some common-day scenarios that would benefit from this form of authentication include remote video cameras, car electronics, and home security systems. For remote video cameras, the client accessing the IoT device could be validated through the use of human property–based character-istic. This would ensure that only authorized individuals could obtain the sensitive video stream.

The silicon property–based authentication technique would be ideal for overcoming authentication problems within a car’s electronic systems. PUFs can be used to authenticate between hardware components minimizing malicious actions and harmful behavior. In the case of home security sys-tems, because there are a large variety of IoT components working together, a 2FA or MFA method is preferred. Since FIDO is a merging of different authentication techniques, it would be uniquely suitable for tackling the integration of multiple IoT devices (e.g., cameras, webcams, and motion sensors) working in unison. As IoT technology grows and evolves, new approaches of implementing better authentication will continue to emerge.

88

88 Internet of Things

REFERENCES REFERENCES

Aboba, B., L. Blunk, J. Vollbrecht, J. Carlson, and H. Levkowetz. 2004. Extensible authentication protocol (EAP) (No. RFC 3748). https://www.rfc-editor.org/rfc/rfc3748.txt.

Anagnostopoulos, N. A., A. Schaller, Y. Fan, W. Xiong, F. Tehranipoor, T. Arul, .. and S. Katzenbeisser. 2017.

Insights into the Potential Usage of the Initial Values of DRAM Arrays of Commercial Off-the-Shelf Devices for Security Applications. 26 th Crypto-D.

Alcaide, A., E. Palomar, J. Montero-Castillo, and A. Ribagorda. 2013. Anonymous authentication for privacy-preserving IoT ta rget-driven applications.Computers and Security 37: 111– 123.

Altolini, D., V. Lakkundi, N. Bui, C. Tapparello, and M. Rossi. 2013. Low power link layer security for IoT:

Implementation and performance analysis. In 20139th International Wireless Communications and Mobile Computing Conference (IWCMC) , Sardinia, Italy, July, 919– 925.

Barreto, L., A. Celesti, M. Villari, M. Fazio, and A. Puliafito. 2015. An authentication model for IoT clouds.

InProceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2015 , New York, August, 1032– 1035.

Bonetto, R., N. Bui, V. Lakkundi, A. Olivereau, A. Serbanati, and M. Rossi. 2012. Secure communication for smart IoT objects: Protocol stacks, use cases and practical examples. In2012 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM) , San Francisco, CA, June, 1– 7.

Chan, Y. L., M. D. Essenmacher, D. B. Lection, E. L. Masselle, and M. A. Scott. 2016. User authentication security system. U.S. Patent No. 20,160,019,382, January 21.

Cherkaoui, A., L. Bossuet, L. Seitz, G. Selander, and R. Borgaonkar. 2014. New paradigms for access control in constrained environments. In2014 9th International Symposium on Reconfigurable and Communication-Centric Systems-on-Chip (ReCoSoC) , Montpellier, France, May, 1– 4.

Chze, P. L. R. and K. S. Leong. 2014. A secure multi-hop routing for IoT communication.Presented at 2014 IEEE World Forum on Internet of Things (WF-IoT) , Seoul, South Korea.

Crossman, M. A. and H. Liu. 2015. Study of authentication with IoT testbed. In2015 IEEE International Symposium on Technologies for Homeland Security (HST) , Waltham, MA, April, 1– 7.

Devi, G. U., E. V. Balan, M. K. Priyan, and C. Gokulnath. 2015. Mutual authentication scheme for IoT applica-tion. Indian Journal of Science and Technology , 8 (26).

Eckert, C., F. Tehranipoor, and J. Chandy. 2017. DRNG: DRAM-based Random Number Generation using its Startup Value Behavior,60th IEEE International Midwest Symposium on Circuits and Systems , Boston, MA, August 2017.

Evans, D. 2011. The Internet of things: How the next evolution of Internet is changing everything. Cisco White Paper.

Gassend, B., D. Clarke, M. Van Dijk, and S. Devadas. 2002. Silicon physical random functions. InProceedings of the 9th ACM Conference on Computer and Communications Security , Washington, DC, November, 148– 160.

Gope, P. and T. Hwang. 2015. Untraceable sensor movement in distributed IoT infrastructure. IEEE Sensors Journal 15 (9): 5340– 5348.

Guardtime. 2016. Internet of Things authentication: A blockchain solution using SRAM physical unclonable function. Irvine, CA: Guardtime.

Herbert, J. and A. Litchfield. 2015. A novel method for decentralised peer-to-peer software license valida-tion using cryptocurrency blockchain technology. InProceedings of the 38th Australasian Computer Science Conference (ACSC 2015) , January, vol. 27, 30.

Huh, S., S. Cho, and S. Kim. 2017. Managing IoT devices using blockchain platform. In2017 19th International Conference on Advanced Communication Technology (ICACT) , Bongpyeong, South Korea, February, 464– 467.

Jan, M. A., P. Nanda, X. He, Z. Tan, and R. P. Liu. 2014. A robust authentication scheme for observing resources in the Internet of things environment. In2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) , Beijing, China, September, 205– 211.

Karimian, N., Z. Guo, M. Tehranipoor, and D. Forte. 2017a. Highly reliable key generation from electrocar-diogram (ECG). IEEE Transactions on Biomedical Engineering 64 (6): 1400– 1411.

Karimian, N., F. Tehranipoor, Z. Guo, M. Tehranipoor, and D. Forte. 2017b. Noise assessment framework for optimizing ECG key generation. In2017 IEEE International Symposium on Technologies for Homeland Security (HST) , Waltham, MA, April 1– 6.

Karimian, N., P. A. Wortman, and F. Tehranipoor. 2016. Evolving authentication design considerations for the Internet of biometric things (IoBT). In2016 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ ISSS) , Pittsburgh, PA. 1– 10.

89 89 Exploring Methods of Authentication for the Internet of Things

Khemissa, H. and D. Tandjaoui. 2015. A lightweight authentication scheme for e-health applications in the context of Internet of things. In2015 9th International Conference on Next Generation Mobile Applications, Services and Technologies , Cambridge, UK, September, 90– 95.

Kolias, K., A. Stavrou, I. Bojanova, J. Voas, and T. Grance. 2016. Leveraging Blockchain-Based Protocols in IoT Systems . Gaithersburg, MD: National Institute of Standards and Technology.

Kothmayr, T., C. Schmitt, W. Hu, M. Brnig, and G. Carle. 2013. DTLS based security and two-way authentica-tion for the Internet of Things. Ad Hoc Networks 11 (8): 2710– 2723.

Lee, B. M. 2015. Authorization protocol using a NFC P2P mode between IoT device and mobile phone.

Advanced Science and Technology Letter 94: 85– 88.

Lee, S. H. and Y. S. Jeong. 2016. Information authentication selection scheme of IoT devices using conditional probability. Indian Journal of Science and Technology 9 (24): 1– 7.

Liao, Y.-P. and C.-M. Hsiao. 2014. A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol. Ad Hoc Networks 18:133– 146.

Liu, J., Y. Xiao, and C. P. Chen. 2012. Authentication and access control in the Internet of things. In2012 32nd International Conference on Distributed Computing Systems Workshops (ICDCSW) , Macau, China,

June, 588– 592.

M’ Raihi, D., J. Rydell, S. Bajaj, S. Machani, and D. Naccache. 2011. OCRA: OATH challenge-response algo-rithm (No. RFC 6287). https://www.rfc-editor.org/rfc/rfc6287.txt.

Maes, R., P. Tuyls, and I. Verbauwhede. 2009. Low-overhead implementation of a soft decision helper data algorithm for SRAM PUFs. InCryptographic Hardware and Embedded Systems— CHES 2009 , edited by. Clavier, C. and K. Gaj, 332– 347. Berlin, Lausanne, Switzerland: Springer.

Mahalle, P. N., B. Anggorojati, N. R. Prasad, and R. Prasad. 2012. Identity establishment and capability based access control (IECAC) scheme for Internet of things. In2012 15th International Symposium on Wireless Personal Multimedia Communications (WPMC) , September, Taipei, Taiwan, 187– 191.

Mahalle, P. N., B. Anggorojati, N. R. Prasad, and R. Prasad. 2013. Identity authentication and capability based access control (IACAC) for the Internet of things. Journal of Cyber Security and Mobility , 1 (4), 309– 348.

Mahmoud, R., T. Yousuf, F. Aloul, and I. Zualkernan. 2015. Internet of things (IoT) security: Current status, challenges and prospective measures. In2015 10th International Conference for Internet Technology and Secured Transactions (ICITST) , London, UK, December, 336– 341.

Markmann, T., T. C. Schmidt, and M. Wä hlisch. 2015. Federated end-to-end authentication for the con-strained Internet of things using IBC and ECC. ACM SIGCOMM Computer Communication Review 45 (4): 603– 604.

MeiHong, L. and L. JiQiang. 2009. USB key-based approach for software protection. In ICIMA 2009:

International Conference on Industrial Mechatronics and Automation 2009 , Chengdu, China, May, 151– 153.

Mercredi, D., J. Robinson, and J. Vance. 2007. Token authentication system. U.S. Patent Application No.

11/252,040.

Pawlowski, M. P., A. J. Jara, and M. J. Ogorzalek. 2014. Extending extensible authentication protocol over IEEE 802.15. 4 networks. In2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS) , Birmingham, UK, July, 340– 345.

Pawlowski, M. P., A. J. Jara, and M. J. Ogorzalek. 2015. EAP for IoT: More efficient transport of authentication data— TEPANOM case study. In2015 IEEE 29th International Conference on Advanced Information Networking and Applications Workshops (WAINA) ,, Gwangiu, South Korea, March, 694– 699.

Peeters, R. and J. Hermans. 2013. Attack on LIAO and HSIAO’ s secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol. IACR Cryptology ePrint Archive 2013: 399.

Porambage, P., C. Schmitt, P. Kumar, A. Gurtov, and M. Ylianttila. 2014. Pauthkey: A pervasive authentica-tion protocol and key establishment scheme for wireless sensor networks in distributed IoI applicaauthentica-tions.

International Journal of Distributed Sensor Networks 2014: 357430.

Prabhu, P. S., A. Akel, L. M. Grupp, S. Y. Wing-Kei, G. E. Suh, E. Kan, and S. Swanson. 2011. Extracting device fingerprints from flash memory by exploiting physical variations. In International Conference on Trust and Trustworthy Computing , Nara, Japan, June, 188– 201.

Shafagh, H. and A. Hithnawi. 2014. Poster: Come closer: Proximity-based authentication for the Internet of things. InProceedings of the 20th Annual International Conference on Mobile Computing and Networking , Maui, HI, September, 421– 424.

Sharaf-Dabbagh, Y. and W. Saad. 2016. On the authentication of devices in the Internet of Things. In2016 IEEE 17th International Symposium on a World of Wireless, Mobile and Multimedia Networks

(WoWMoM) , Coimbra, Portugal, June, 1– 3.

90

90 Internet of Things

Shivraj, V. L., M. A. Rajan, M. Singh, and P. Balamuralidhar. 2015. One time password authentication scheme based on elliptic curves for Internet of things (IoT). In2015 5th National Symposium on Information Technology: Towards New Smart World (NSITNSW) , Riyadh, Saudi Arabia, February, 1– 6.

Shone, N., C. Dobbins, W. Hurst, and Q. Shi. 2015. Digital memories based mobile user authentication for IoT. In2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM) , Liverpool, UK, October, 1796– 1802.

Tehranipoor, F., N. Karimian, K. Xiao, and J. Chandy. 2015. DRAM based intrinsic physical unclonable func-tions for system level security. InProceedings of the 25th Edition on Great Lakes Symposium on VLSI , May, Pittsburgh, PA, 15– 20.

Tehranipoor, F., N. Karimian, W. Yan, and J. A. Chandy. 2017a. A study of power supply variation as a source of random noise. In2017 30th International Conference on VLSI Design and 2017 16th International Conference on Embedded Systems (VLSID) ,, Hyderabad, India, January, 155– 160.

Tehranipoor, F., N. Karimian, W. Yan, and J. A. Chandy. 2017b. DRAM-based intrinsic physically unclon-able functions for system-level security and authentication. In IEEE Transactions on Very Large Scale Integration (VLSI) Systems 25 (3): 1085– 1097.

Tehranipoor, F., W. Yan, and J. A. Chandy. 2016. Robust hardware true random number generators using dram remanence effects.Presented at 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) , McLean, VA.

Turkanović , M., B. Brumen, and M. Hö lbl. 2014. A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of things notion. Ad Hoc Networks 20: 96– 112.

Wen, Q., X. Dong, and R. Zhang. 2012. Application of dynamic variable cipher security certificate in Internet of things. In IEEE 2nd International Conference on Cloud Computing and Intelligence Systems , Hangzhou, China, vol. 3.

Wortman, P. A., F. Tehranipoor, N. Karimian, and J. A. Chandy. 2017. Proposing a modeling framework for minimizing security vulnerabilities in IoT systems in the healthcare domain. In2017 IEEE EMBS International Conference on Biomedical and Health Informatics (BHI) , Miami, FL, February, 185– 188.

Yan, W., F. Tehranipoor, and J. A. Chandy. 2015. A novel way to authenticate untrusted integrated circuits.Presented at Proceedings of the IEEE/ACM International Conference on Computer-Aided Design , Austin, TX.

Yan, W., F. Tehranipoor, and J. A. Chandy. 2017. PUF-based fuzzy authentication without error correct-ing codes. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 36 (9):

1445– 1457.

Yang, L., P. Yu, W. Bailing, Q. Yun, and Y. Xinling. 2013. A bi-direction authentication protocol for RFID based on the variable update in IOT. InProceedings of the 2nd International Conference on Computer and Applications ASTL , vol. 17, 23– 26.

Yang, L., P. Yu, W. Bailing, Q. Yun, B. Xuefeng, Y. Xinling, and Y. Zelong. 2013. Hash-based RFID mutual authentication protocol. International Journal of Security and its Applications 73: 183– 194.

Zhao, G., X. Si, J. Wang, X. Long, and T. Hu. 2011. A novel mutual authentication scheme for Internet of Things. InProceedings of 2011 International Conference on Modelling, Identification and Control (ICMIC) , Shanghai, China, June, 563– 566.

91 91

5 Energy-Efficient Routing