Skip to main content
SpringerLink
Log in

Resource-Constrained IoT Authentication Protocol: An ECC-Based Hybrid Scheme for Device-to-Server and Device-to-Device Communications

  • Conference paper
  • First Online:
Book cover Future Data and Security Engineering (FDSE 2019)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 11814))

Included in the following conference series:

Abstract

Recently, the Internet of Things (IoT) has emerged as one of the building blocks of future digital industrial technologies. Along with its huge open opportunities, it is also coming with different challenges, in which security issues are especially getting more and more attention. The resource constraints of IoT devices makes them even more difficult for us to develop secure authentication protocols that can be actually applied in practice. In this paper, we propose an extended authentication scheme which not only provides a centralized management from powerful servers to lower the burden on the device ends, but also allows direct connections between devices in the same networks. Computations in the proposed protocol are designed to use Elliptic Curve Cryptography (ECC) and only low-cost operations such as exclusive-or, concatenation, and hash function to provide efficient resource consumption. This study includes our security analysis which proves the proposed scheme is resilient to common attacks to IoT systems. The performance analysis is also given to show that it is applicable for practical applications as the process only consumes at most 38.2 mJ on each device in addition to the amount required by the original protocol.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ashton, K.: That “Internet of Things” thing. RFID J. 2(5), 97–114 (2009)

    Google Scholar 

  2. IHS. n.d. Number of Internet of Things (IoT) devices connected worldwide in 2017 and 2018, by selected type (in millions), Statista. https://www.statista.com/statistics/789615/worldwide-connected-iot-devices-by-type/. Accessed 22 Nov 2018

  3. IHS. n.d. Internet of Things (IoT) Connected Devices Installed Base Worldwide from 2015 to 2025 (in billions), Statista. https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/. Accessed 22 Nov 2018

  4. LeHong, H., Velosa, A.: Hype cycle for the internet of things. Gartner Group, 21 (2014)

    Google Scholar 

  5. Zhou, Q, Zhang, J.: Research prospect of Internet of Things geography. In: 19th International Conference on Geoinformatics 2011, pp. 1–5. IEEE (2011)

    Google Scholar 

  6. Yu, Y., Wang, J., Zhou, G.: The exploration in the education of professionals in applied Internet of Things engineering. In: 4th International Conference on Distance Learning and Education, pp. 74–77. IEEE (2010)

    Google Scholar 

  7. Desai, P., Sheth, A., Anantharam, P.: Semantic gateway as a service architecture for IoT interoperability. In: International Conference on Mobile Services, pp. 313–319. IEEE (2015)

    Google Scholar 

  8. Oren, Y., Keromytis, A.D.: From the aether to the ethernet-attacking the internet using broadcast digital television. In: 23rd USENIX Security Symposium (USENIX Security 14), pp. 353–368 (2014)

    Google Scholar 

  9. Cesare, S.: Breaking the security of physical devices. Talk at Blackhat, 14 (2014)

    Google Scholar 

  10. Liang, L., Zheng, K., Sheng, Q., Huang, X.: A denial of service attack method for an IoT system. In: 8th International Conference on Information Technology in Medicine and Education, pp. 360–364. IEEE (2016)

    Google Scholar 

  11. Vasilomanolakis, E., Daubert, J., Luthra, M., Gazis, V., Wiesmaier, A., Kikiras, P.: On the security and privacy of internet of things architectures and systems. In: 2015 International Workshop on Secure Internet of Things, pp. 49–57. IEEE (2015)

    Google Scholar 

  12. Alkurd, R., Shubair, R.M., Abualhaol, I.: Survey on device-to-device communications: challenges and design issues. In: 12th International New Circuits and Systems Conference (NEWCAS), pp. 361–364. IEEE (2014)

    Google Scholar 

  13. Nguyen, K.T., Laurent, M., Oualha, N.: Survey on secure communication protocols for the Internet of Things. Ad Hoc Netw. 32, 17–31 (2015)

    Article  Google Scholar 

  14. Nguyen, T.A.T., Dang, T.K.: Enhanced security in internet voting protocol using blind signature and dynamic ballots. Electron. Commer. Res. 13(3), 257–272 (2013)

    Article  Google Scholar 

  15. Tran, K.K., Pham, M.K., Dang, T.K.: A light-weight tightening authentication scheme for the objects’ encounters in the meetings. In: Dang, T.K., Küng, J., Wagner, R., Thoai, N., Takizawa, M. (eds.) FDSE 2018. LNCS, vol. 11251, pp. 83–102. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03192-3_8

    Chapter  Google Scholar 

  16. Nechvatal, J.: Public key cryptography. In: Simmons, G. (ed.) Contemporary Cryptology: The Science of Information Integrity. IEEE (1992)

    Google Scholar 

  17. Dierks, T., Allen, C.: The TLS protocol version 1.0 (1999)

    Google Scholar 

  18. Rescorla, E., Modadugu, N.: Datagram transport layer security (2006)

    Google Scholar 

  19. Kothmayr, T., Schmitt, C., Hu, W., Brünig, M., Carle, G.: A DTLS based end-to-end security architecture for the Internet of Things with two-way authentication. In: 37th Annual IEEE Conference on Local Computer Networks-Workshops, pp. 956–963. IEEE (2012)

    Google Scholar 

  20. Rabin, M.O.: Digitalized signatures and public-key functions as intractable as factorization (No. MIT/LCS/TR-212), Massachusetts Institiute of Technology Cambridge Laboratory for Computer Science (1979)

    Google Scholar 

  21. He, D., Zeadally, S.: An analysis of RFID authentication schemes for Internet of Things in healthcare environment using elliptic curve cryptography. IEEE IoT J. 2(1), 72–83 (2014)

    Google Scholar 

  22. Chaudhry, S.A., Farash, M.S., Naqvi, H., Sher, M.: A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography. Electron. Commer. Res. 16(1), 113–139 (2016)

    Article  Google Scholar 

  23. Gura, N., Patel, A., Wander, A., Eberle, H., Shantz, S.C.: Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 119–132. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_9

    Chapter  MATH  Google Scholar 

  24. Chang, S.M., Shieh, S., Lin, W.W., Hsieh, C.M.: An efficient broadcast authentication scheme in wireless sensor networks. In: Proceedings of the ACM Symposium on Information, Computer and Communications Security, pp. 311–320. ACM (2006)

    Google Scholar 

  25. Khemissa, H., Tandjaoui, D., Bouzefrane, S.: An ultra-lightweight authentication scheme for heterogeneous wireless sensor networks in the context of Internet of Things. In: Bouzefrane, S., Banerjee, S., Sailhan, F., Boumerdassi, S., Renault, E. (eds.) MSPN 2017. LNCS, vol. 10566, pp. 49–62. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-67807-8_4

    Chapter  Google Scholar 

  26. Wang, K.H., Chen, C.M., Fang, W., Wu, T.Y.: A secure authentication scheme for Internet of Things. Pervasive Mobile Comput. 42, 15–26 (2017)

    Article  Google Scholar 

  27. Kalra, S., Sood, S.K.: Secure authentication scheme for IoT and cloud servers. Pervasive Mobile Comput. 24, 210–223 (2015)

    Article  Google Scholar 

  28. Chang, C.C., Wu, H.L., Sun, C.Y.: Notes on “Secure authentication scheme for IoT and cloud servers”. Pervasive Mobile Comput. 38, 275–278 (2017)

    Article  Google Scholar 

  29. De Meulenaer, G., Gosset, F., Standaert, F.X., Pereira, O.: On the energy cost of communication and cryptography in wireless sensor networks. In: IEEE International Conference on Wireless and Mobile Computing, Networking and Communications, pp. 580–585. IEEE (2008)

    Google Scholar 

  30. Kausar, F., Hussain, S., Park, J.H., Masood, A.: Secure group communication with self-healing and rekeying in wireless sensor networks. In: Zhang, H., Olariu, S., Cao, J., Johnson, D.B. (eds.) MSN 2007. LNCS, vol. 4864, pp. 737–748. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77024-4_67

    Chapter  Google Scholar 

  31. Thi, Q.N.T., Si, T.T., Dang, T.K.: Fine grained attribute based access control model for privacy protection. In: Dang, T.K., Wagner, R., Küng, J., Thoai, N., Takizawa, M., Neuhold, E. (eds.) FDSE 2016. LNCS, vol. 10018, pp. 305–316. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-48057-2_21

    Chapter  Google Scholar 

  32. Nguyen, T.A.T., Dang, T.K.: Privacy preserving biometric-based remote authentication with secure processing unit on untrusted server. IET Biometrics 8(1), 79–91 (2018)

    Article  Google Scholar 

  33. Dang, T.K., Tran, K.T.: The meeting of acquaintances: a cost-efficient authentication scheme for light-weight objects with transient trust level and plurality approach. Secur. Commun. Netw. 2019, 18 (2019)

    Article  Google Scholar 

Download references

Acknowledgement

This research is funded by Vietnam National University Ho Chi Minh City (VNU-HCM) under grant number B2018-20-08. We also thank other members of the project, specially PhD candidates: Tran Tri Dang, Ai Thao Nguyen Thi, and Que-Nguyet Tran Thi, for their meaningful help and comments during this paper preparation.

Author information

Authors and Affiliations

  1. Ho Chi Minh City University of Technology, VNU-HCM, Ho Chi Minh City, Vietnam

    Chau D. M. Pham, Thao L. P. Nguyen & Tran Khanh Dang

Authors
  1. Chau D. M. Pham
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thao L. P. Nguyen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tran Khanh Dang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tran Khanh Dang .

Editor information

Editors and Affiliations

  1. Ho Chi Minh City University of Technology, Ho Chi Minh City, Vietnam

    Tran Khanh Dang

  2. Johannes Kepler Universität Linz, Linz, Austria

    Josef Küng

  3. Hosei University, Tokyo, Japan

    Makoto Takizawa

  4. Telecommunications University, Nha Trang City, Vietnam

    Son Ha Bui

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Pham, C.D.M., Nguyen, T.L.P., Dang, T.K. (2019). Resource-Constrained IoT Authentication Protocol: An ECC-Based Hybrid Scheme for Device-to-Server and Device-to-Device Communications. In: Dang, T., Küng, J., Takizawa, M., Bui, S. (eds) Future Data and Security Engineering. FDSE 2019. Lecture Notes in Computer Science(), vol 11814. Springer, Cham. https://doi.org/10.1007/978-3-030-35653-8_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-35653-8_30

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-35652-1

  • Online ISBN: 978-3-030-35653-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation