A lightweight secure CoAP for IoT-cloud paradigm using Elliptic-curve cryptography (original) (raw)
Related papers
Lightweight security scheme for IoT applications using CoAP
International Journal of Pervasive Computing and Communications, 2014
If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service information about how to choose which publication to write for and submission guidelines are available for all. Please visit www.emeraldinsight.com/authors for more information.
Secure and Efficient CoAP Based Authentication and Access Control for Internet of Things (IoT
—Internet of Things (IoT) is growing as an attractive system paradigm. There is a lot of hype around the internet of things (IoT) and it continues to evolve as we move beyond humans talking to machines. IoT has interconnections through the physical, cyber and social spaces. Things used in IoT are sensors and actuators, mechanical devices and networking includes gateways, wireless infrastructure. Most of devices among them are resource constrained. During the interaction betweendevices,IoTgetssufferedfromseveresecuritychallenges. Complicated network produces potential vulnerabilities referred to heterogeneous devices, sensors and backend systems. So to realize the dream of internet of things secured device to device communication is expected. Security of resource constrained networks becomes prime important. Many existing mechanisms gives security and protection to networks and systems but they are unable to give fine grain access control. In this work, we focused on CoAP based framework to give service level access control on resource constrained devices. It gives fine grain access control on a per service basis. ECDSA is used to improve privacy of the system. Performance of CoAP based framework is compared and analyzed with existing security solutions. Test results are presented which shows that communication overhead and authentication delay are less than the existing system. Hence security performance of system gets improved. The goal is to present comprehensive security framework for low power networks consist of resource constrained devices.
Elliptic Curve Cryptography based Security Framework for Internet of Things and Cloud Computing
2015
Internet of Things (IoT) and Cloud Computing paradigm is a next wave in the era of computing and it has been identified as one of the emerging technologies in the field of Computer Science and Information Technology. It has been understood from the review reports that integration of IoT and Cloud Computing is in its infantile phase and it has not been extended to all application domains due to its inadequate security architecture. Hence, in this paper a novel Elliptic Curve Cryptography based security framework for Internet of Things and Cloud Computing is proposed. This is a secured and adoptable one for the public to access diversified smart applications and services distributed in the cloud, anywhere, anytime, any device and any network irrespective of the underlying technologies in a smart environment. The cloud services are integrated and connected through a novel IP/MPLS (Internet Protocol/ Multiprotocol Label Switching) core. Elliptic Curve Cryptography (ECC) is used to ensur...
International Journal of Communication Systems, 2020
SummaryInternet of Things (IoT) is a newly emerged paradigm where multiple embedded devices, known as things, are connected via the Internet to collect, share, and analyze data from the environment. In order to overcome the limited storage and processing capacity constraint of IoT devices, it is now possible to integrate them with cloud servers as large resource pools. Such integration, though bringing applicability of IoT in many domains, raises concerns regarding the authentication of these devices while establishing secure communications to cloud servers. Recently, Kumari et al proposed an authentication scheme based on elliptic curve cryptography (ECC) for IoT and cloud servers and claimed that it satisfies all security requirements and is secure against various attacks. In this paper, we first prove that the scheme of Kumari et al is susceptible to various attacks, including the replay attack and stolen‐verifier attack. We then propose a lightweight authentication protocol for ...
An Overview on Security Schemes Based on Elliptic Curve for Cloud-Iot
JOURNAL OF ADVANCES IN NATURAL SCIENCES, 2018
The Internet of things appears as a solution in order to connect people around the world. With this concept of interconnection, sharing and dissemination of information between different physical objects. Many objects and services in different fields will be created, such as smart homes, e-health, transport and logistics that will make our everyday needs easier. The main characteristic of a connected object is that it must be identifiable, using technologies such as RFID (Radio-Frequency Identification), must interact with the environment by adding sensory techniques, and finally a connected object must be able to communicate with others. The evolution of Internet of things, increase the number of connected objects. Devices with sensors, generate a huge number of data. With this evolution, the big questions come! how can we control this big data? Cloud Computing a notion that is not newer than the IoT concept, but it's a revolution has steadily been gaining ground. It's a te...
A Novel Secure Authentication Protocol for IoT and Cloud Servers
Wireless Communications and Mobile Computing, 2022
e integration of IoT with the cloud infrastructure is essential for designing smart applications. However, such integration may lead to security issues. Authentication and session key establishment is an essential security requirement for secure communication between IoTdevices and cloud servers. For evaluating authentication key agreement schemes, the extended Canetti-Krawczyk (eCK) adversary model is regarded to be a more strict and relevant adversary model. Many schemes for authenticated key exchange between IoT devices and cloud servers have been proposed in the literature but have been assessed under Dolev and Yoa (DY) adversary model. Recently, Rostampour et al. introduced an ECC-based approach for enabling authentication between IoT devices and cloud servers that is secure and robust to various attacks under the Dolev and Yoa adversary model. In this paper, a detailed review and the automated security verification of the Rostampour et al. scheme are carried out under the eCK adversary model using Scyther-Compromise. e validation indicates that the scheme is not secure and is susceptible to various attacks under the eCK adversary model. To overcome the limitation of the Rostampour et al. scheme, a design of an ECC-based scheme for authentication between IoT devices and cloud servers under the eCK adversary model is proposed. e Scyther verification indicates that the scheme is safe under the eCK adversary model. e soundness of the correctness of the proposed scheme has been analyzed using BAN logic. Comparative analysis indicates that the scheme is resilient under the eCK adversary model with an energy overhead of 278.16 mJ for a resource constraint IoT device and a communication overhead of 1,408 bits.
Internet of Things (IoT) has a huge attention recently due to its new emergence, benefits, and contribution to improving the quality of human lives. Securing IoT poses an open area of research, as it is the base of allowing people to use the technology and embrace this development in their daily activities. Authentication is one of the influencing security element of Information Assurance (IA), which includes confidentiality, integrity, and availability, non repudiation, and authentication. Therefore, there is a need to enhance security in the current authentication mechanisms. In this report, some of the authentication mechanisms proposed in recent years have been presented and reviewed. Specifically, the study focuses on enhancement of security in CoAP protocol due to its relevance to the characteristics of IoT devices and its need to enhance its security by using the symmetric key with biometric features in the authentication. This study will help in providing secure authentication technology for IoT data, device, and users.
Indonesian Journal of Electrical Engineering and Computer Science, 2021
The internet of things (IoT) and cloud computing are evolving technologies in the information technology field. Merging the pervasive IoT technology with cloud computing is an innovative solution for better analytics and decision-making. Deployed IoT devices offload different types of data to the cloud, while cloud computing converges the infrastructure, links up the servers, analyzes information obtained from the IoT devices, reinforces processing power, and offers huge storage capacity. However, this merging is prone to various cyber threats that affect the IoT-Cloud environment. Mutual authentication is considered as the forefront mechanism for cyber-attacks as the IoT-Cloud participants have to ensure the authenticity of each other and generate a session key for securing the exchanged traffic. While designing these mechanisms, the constrained nature of the IoT devices must be taken into consideration. We proposed a novel lightweight protocol (Light-AHAKA) for authenticating IoT-...
Provably Secure ECC-Based Device Access Control and Key Agreement Protocol for IoT Environment
IEEE Access, 2019
For secure communication between any two neighboring sensing devices on the Internet of Things (IoT) environment, it is essential to design a secure device access control and key agreement protocol, in which the two phases, namely, ''node authentication'' and ''key agreement'' are involved. While the node authentication allows two sensing devices to authenticate each other using their own pre-loaded secret credentials in memory, the key agreement phase permits to establish a secret key between them if the mutual authentication is successful. In this paper, we propose a new certificate-based ''lightweight access control and key agreement protocol in the IoT environment, called LACKA-IoT,'' that utilizes the elliptic curve cryptography (ECC) along with the ''collision-resistant one-way cryptographic hash function.'' Through a detailed security analysis using the formal security under the ''Real-Or-Random (ROR) model,'' informal (non-mathematical) security analysis, and formal security verification using the broadly used ''Automated Validation of Internet Security Protocols and Applications (AVISPA)'' tool, we show that the LACKA-IoT can protect various known attacks that are needed for a secure device access control mechanism in the IoT. Furthermore, through a comparative study of the LACKA-IoT and other relevant schemes, we show that there is a better tradeoff among the security and functionality features and communication and computational costs of the LACKA-IoT as compared to other schemes. Finally, the ''practical demonstration using the NS2 simulation'' has been carried out on the LACKA-IoT to measure various network parameters. INDEX TERMS Internet of Things (IoT), smart devices, device access control, key agreement, security, AVISPA.