3S-IoT an Algorithm to make the Network Secure and Smart

: The growing and widespread presence of Internet of Things (IoT) has made the lives of all comfortable and handy, but poses various challenges, like efficiency, security, and high energy drain, threatening smart IoT-based applications. Small applications rely on Unicast communication. In a group-oriented communication, multicast is better as transmission takes place using fewer resources. Therefore, many IoT applications rely on multicast transmission. To handle sensitive applications, the multicast traffic requires an actuator control. Securing multicast traffic by itself is cumbersome, as it expects an efficient and flexible Group Key Establishment (GKE) protocol. The paper proposes a three-tier model that can control the IoT and control multicast communications. The first authentication is at network linking where we used a 256-bit keyless encryption technique. Machine learning-based chaotic map key generation authenticates the GKE. Finally, MD5 establishes the system key. 3S-IoT is smart to detect any tempering with the devices. It stores signatures of the connected devices. The algorithm reports any attempt to change or temper a device. 3S-IoT can thwart attacks such as Distributed Denial of Service (DDoS), Man-in-the-Middle (MiTM), phishing, and more. We calculated energy consumed, bandwidth, and the time taken to check the robustness of the proposed model. The results establish that 3S-IoT can efficiently deal with the attacks. The paper compares 3S-IoT with Benchmark algorithms.


Introduction
IoT is the technology which hackers look at with greedy eyes.Internet means a network of networks and a network could be open to vulnerability.DDoS is the most common of them.Connecting IoT devices in homes is simple these days.One can connect the devices, for example, ACs of a house using IoT switches like sonoff and control them through a mobile phone.An app configures an IoT switch, but the switch connects the device to the provider's cloud or a dedicated server.The server is on the internet that transmits the instructions to the device.One can understand how vulnerable it can be.It means that a user needs a secured server even for a smaller connection.Servers like AWS are secured but they are very costly.How can a switch like sonoff, available at 400 Rupees will be able to afford a server?Our CCTVs at home and offices are connected over the cloud too.Camera vendors either provide servers or, they outsource, which are not very secure.To check the vulnerability of the CCTVs a person can go to Google Dorks and easily find the open CCTVs.These CCTVs are easy to hack.Imagine IoT as a bug sitting in your home watching you all the time.2025 would see about 75 billion devices connected to IoT [1][2][3][4].
Malware is one of the favourite tools of hackers.Hacking IoT using malware came up in 2016.To find devices that were still using the factory default username and password, the hackers used Mirai IoT Botnet malware [5].These systems were hacked using this malware.Medical devices use IoT a lot.Cardiac devices from St. Jude were hacked [6].They hacked the devices by accessing their transmitter.Using the same vulnerability, hackers hacked Owlet WiFi baby [7], the heart monitoring smart device.Research [8] show that CCTV surveillance devices have vulnerable points.The study [8] shows that over 100,000 wireless Internet Protocol (IP) cameras provide little to no protection.TRENDnet webcam [9] transmitted user's login and password over the internet in simple text.Even, their mobile application kept the consumer details the same way.The cars we drive these days are vulnerable to such attacks.Using CAN bus hackers hacked Jeep SUV [10,11].The firmware update vulnerability was exploited.The hackers hijacked the vehicle over the Sprint cellular network.They could speed up the vehicle or even slow down.The consequences were disastrous.A habit to purchase a cheap and unsecured device, lethargy to change the factory-set username password helps the hackers to attack.100 Million home gadgets are vulnerable to attack [12].One can even hack the transmission if information is vulnerable.More users, a broader network, would invite the hackers to test their skills.Increased use of IoT requires a secured transmission.
In most of the encrypted transmissions, a key [13][14][15] is passed to be deciphered at the receiver's end.If one breaks the key one can hack the network easily.A keyless encryption technique is the solution which would make it almost impossible to decipher or hack the system.IoT devices have specific functions and very little room for robust security mechanism as the aim is to extend it to the smallest device.The transmission is heterogeneous which makes it difficult to adopt a standard protection method.The end-users are not aware of the vulnerability of these devices and don't even change their default username and password.
Keeping these in mind and looking at the demand of a secured IoT, we propose a unique 3-layer protection model.At the transmission level, group key establishment and device key establishment.

Related Work
Li et al in [18] focus on the protection of privacy in Smart Grid buildings.The paper presumes that the key server and the trust centre are always available.But it does not talk about security.Navneet in [19] presented Smart Meter's Secure Key Distribution Protocol which mainly concentrated on preventing manin-the-middle attack.The paper presents only a security review with no assessment of the results.Luca in [20] proposed Vehicle-to-vehicle communications in ad hoc networks.The paper proposes to carry out batch leave operations based on a predetermined leave period specified by members as they join.The paper assumes that every member is aware of the exact time to leave the party, which is not always the case.
Beside specific applications, different authentication schemes have also been proposed by various researchers.Jang in [21] proposed a scheme "Marker Hash-Tree".It proposed device authentication without involving the central authority.Sharaf in [22] proposed a fingerprinting authentication protocol for IoT devices.It has a transfer learning method which could mitigate emulation attack effectively.Sciancalepore in [23] proposed a key management scheme along with device authentication.The proposed model could handle fast re-keying, replay attack, and robust key negotiation.Li in [24] proposed heterogeneous signcryption scheme.Their design is based on the model Identity-based Access Control (IBAC).Furthermore, their scheme makes use of bilinear pairing operations.Owing to the use of IBC and bilinear matching operations their scheme is expensive in terms of overhead computation.Braeken in [25] proposed an efficient and distributed authentication protocol for smart homes.The model has a low computation cost, but the communication cost is high.Luo in [26] suggested an IoT cross-domain efficient access control protocol for WSNs.The model enables an Internet user to connect with a smart computer in a CLC environment, with specific network parameters.Owing to the use of CLC and bilinear matching operations their scheme is therefore expensive in terms of overhead computation.
Xu in [29] suggests a two-factor mutual authentication and a key agreement scheme to minimize computational costs based on elliptic curve cryptography (ECC), which would allow the use of dynamic identity to provide anonymity.Yan in [30] suggested a device verification system based on biometrics.But his scheme is vulnerable to the replay attack, and word guessing attack.Mishra [31] proposed an enhanced scheme for biometric authentication using random numbers.Tan in [32] expanded the security specifications of two-factor authentication schemes to three-factor authentication systems, which are mutual identification, password and biometric anonymous repositories, and three-factor encryption systems.Guo [33] initially suggested a messy map-based password authentication scheme for the e-healthcare information network, which avoids linear exponential computation or scalar elliptic curve multiplication found in conventional authentication schemes.The scheme does not maintain user privacy and doublesecret keys inefficiency.Hao in [34] proposed an improved scheme that could solve Guo's vulnerability. Lee [35] and Jiang [36] improvised [34] the scheme.Chun [36] noticed that both Lee's [35] and Jiang's [36] systems are vulnerable to the assault on service misuse and proposed a stable authentication scheme to fix the security vulnerability.Lu [39] found out that there are still some vulnerabilities in Chun's enhanced system, such as a vulnerability to the user impersonation attack, it lacked local authentication and a violation of session key protection.Lu in [39] proposed a three-factor authentication scheme.Moon [37] explained that the scheme of [36] is not safe from replay attack, impersonation attack, an intruder attack.They suggest a changed authentication system to correct such security vulnerabilities.Roy in [38] claimed that the currently associated scheme suffered from server attack denial and did not have a revocation function.Roy suggested a remote authentication with three lightweight factors which can withstand different information attacks.
Most of the research work carried out is tied to a certain type of application such as smart grids, internet of vehicles, etc, none of it is generic.Besides, those researches work on just one or two aspects of IoT assuming that the conditions of the application scenario are static which is not the case.IoT application scenarios are dynamic and have a varying nature regarding the network access technology, type of application, state of members and key servers and the load on them.The research till now have either focused mostly on rekeying protocol or very specific to an application [41][42][43][44][45].Many schemes [24][25][26] have a session key security flaw under the new de facto (Cipher Key) CK-adversary model [27,28].[46] introduced light weight key management system (KMS).KMS updates the keys which can easily hackers can easily break, the research is more theoretical.
A thorough study motivated the authors to introduce a 3S-IoT model.The model adapts to the dynamic nature of IoT scenarios and provides 3-level security.Each level of security can also be used independently for securing any communication and encrypting the images.

Methodology
This section of the paper briefly describes the Experimental Setup and the protocol considered followed by Objective Function and its explanation.Then steps to establish connection with sender and receiver are discussed.The paper aims at providing a three-tier safety to IoT.The main objective function mathematical represents the objectives of 3S-IoT.

Experimental Setup
A smart IoT home network is setup using CCTV cameras, smart ACs, and Lights.The three groups are integrated over the cloud and connected to a Wi-Fi router with an ISP.To access the network over the cloud, Redmi Note 9 pro max is used.The required application is installed on the smartphone.The attacks are carried on using Kali Linux run on Ubuntu.Another Redmi note 7 is loaded with Wi-fi hacking applications to crack the wi-fi.

Objective function
There are three main objectives of the proposed model, establish a secured network connection, access group key and then access device securely.These objectives are mathematically represented by following Objective Function:

Explanation of Objective Function
i. First, take a 32X32 image and convert it into a 256-bit binary scalar matrix and then store it on target network as it's ID.Io is the original image, Function B256 converts it into 256 bit Encrypted image, and L convert the encrypted image into scalar.Working is explained in algorithms section.The algorithm uses the generated ID for network authentication.ii.Second, using linear regression generate a 9-digit ID.Tinput are the input values and Toutput are the output values.The input and output values are explained in the algorithm given below.iii.Third, generate a sequence of 100 numbers using Lorenz map.We took 9-digit ID generated in above step as one of the input parameters.We use the generated key to authenticate the groups.iv.Finally, we took MD5 of the image to establish the connection with the device.

Steps to Establish Connection with Sender & Receiver
Step1: Initiator and responder are created and assigned cloud ID Step2: The initiator creates a multicast group MG = G1, G2….Gn-1 and generate separated Gk IDs Step3: An image is assigned to the initiator.Images are 32X32.Same is stored at the responder Step4: This image is encrypted using 64-bit encryption, (first objective function).It is called Nk (network key) Step5: Once we encrypt the image, we delete the original image at the initiator Step6: Convert the image to scalar Step7: To establish connection initiator passes Nk to the responder Step8: Responder first reshapes the scalar matrix then, decrypts Nk and matches with the stored image.A connection is established using eq (

Network key establishment using 128-bit image encryption
We propose a unique authentication scheme based on images.We assign each image to the network.Smart home, hospital and traffic system all the three networks are assigned a unique network key.For the experimental purpose, we take 32X32 greyscale images.3S-IoT can work on any size of the image.We recommend taking small images, as IoTs do not have much storage space.

Setup (Encryption at the initiator)
Collect greyscale images Initialize required variables

Start
Step

Setup Initialize the required variables
Step 1: For images in the folder do I read image(i) Opt.method  'MD5' V(i)  DataHash (I, Opt) #DataHash is an inbuilt method End For Step 2: For i 1 to length of V do Device V(i) End for

Mathematical Analysis
To check robustness of the proposed algorithm, we have calculated energy consumed, bandwidth consumed, and time utilized.There is one to one access only.For example, we store CCTV's DVR's Mac address in the cloud server.When a user accesses a camera through mobile phone, we encrypt phone's details like number, IP, MAC and authentication and store them on a cloud server.To establish a connection on another mobile, user will have to logout of the cloud server first.b.

Energy Calculation
OTP Authentication required for setup on a mobile c.
Factory set ID and passwords automatically reset during the first setup of devices.The user has to choose a username.A password generator pops up to generate a password, user cannot set the password of choice.Group key establishment as defined above is used to suggest a password to the user.After the firsttime setup, there is no way a password can be changed unless the device is manually reset.
Once the user has the access to the device.Network key, Group Key, and Device keys are established.

Mitigation
The proposed scheme resets the authentication key every s seconds.Once the connection is established the reset is again initiated.For a new session, new authentication would be required.A delayed or replay attack won't work as the key would have changed by the time the user would try to break-in.To add to the complexity images have been used to establish a connection and that too in encrypted form.Moreover, the images are transmitted in a linear form.
A Trojan can break the code, but we took care of that also.Even when the entire system breaches, the attacker will still not be able to access the proposed program as the code produces a unique signature for the target computer when the application is installed on the network, and stores it in the code itself which is then recompiled into an executable file.Via Trojan, an attacker could be able to monitor the network but would not be able to access the machines because they would be searching for a local signature and even though the attacker could steal the code it would not work on his network because the new machine's signatures would not match.What the attacker would get will be just encrypted signal that could not be decrypted as the attacker will have neither the signature nor the algorithm to decode the message.
The Redmi Note 7 can crack a 6/9/12/16-character (alphanumeric) wi-fi password given by the user.But when the key generated by the proposed model is used as the password, the application returned a password which did not match with the original.Various attacks (given in table 1) using 'Kali' could not crack the keys and the passwords.

Results
The work in the paper is simulated using Matlab.The parameters considered for the robustness are -Energy consumed, bandwidth consumed, and time required.Equations 3 to 5 have been used for the calculations.We have compared Throughput and time delay with [47].The proposed work focuses on energy consumed as well.It is going to play a decisive role when the network would grow.Higher energy consumption may result in network failure.
The proposed work considers devices in a group.For the sake of testing, we divided the comparison into three groups having 5,11, and 17 devices in group 1,2, and 3 respectively [47]. Figure 4. compares 3s-IoT and [47] on time-delay parameter.As the devices increase in a group the delay increases as well.But, unlike [47] it is not a steep incline in case of 3s-IoT.Also, the delay is less.

Groups
Time Delay [44] 3S-IoT Fig. 5 Energy consumed compared with [48] It is likely that with an increase in the number of devices, the energy consumption increases.The Energy consumed by 3S-IoT tends to remain constant with an increase in the number of devices.3S-IoT saves 21% more energy than [48] as shown in Figure 5.
Fig. 6 Throughput compared with [47] Throughput another very important factor in estimating the cost of a model has been compared with [47] in Figure 6.The throughput (in bps) increases with an increase in the number of packets exchanged.This is a reflection of how many packets have been heard.3S-IoT has a high throughput indicating that it has lesser packet loss when compared with [47].

Conclusion
Our secure IoT architecture provides privacy (through Black Networks), identity manage-ment and authentication (through Unified Registry), protected routing (through Trusted SDN) and protected key management framework.These four fundamental components of architectural security can be applied across any IoT framework.The model has three-level security.GK security is based on image encryption.Instead of images random numbers can be used but hackers are smart to understand and crack it.The model takes only 76 KB space, including the image.This makes it ideal to use with low power consumption devices and standalone devices.The iterations are kept at minimum without compromising the complexity.A higher complexity is achieved with lower time and space consumption resulting in a fast connection and transmission.The proposed model can secure any type of network.The GK algorithm used in the model can securely transmit images over any network.Due to its design and low space requirement the model performs relatively well on the three parameters: time, energy, and bandwidth.The simulated attacks prove that the proposed work protects the network from known or unknown attacks of all kinds.Since hackers invent almost every day, there is 99% protection against Phishing or Malware.The proposed model protects against Trojan attacks as well.The system keeps a device signature so even if a hacker can install a Trojan, it will only be able to watch but won't be able to manage any device remotely.The attacker can see what is happening, for example, it can remotely watch the CCTVs but would not be able to control them.The model is not 100% protected against Trojan.The authors are working on it to make the protection 100%.Also, we are considering of making the sensors temper proof.The proposed work has hardware security of 80%.The authors are working on cognitive learning to achieve 100 per cent defense against all kinds of tampering and attacks.

Highlight
i.The model has three-level security ii.GK security is based on image encryption.Random numbers could have been used but they can be regenerated.Hackers are smart to understand that random numbers are used.iii.The model takes only 76 KB space, including the image.This makes it ideal to use with low power consumption devices.iv.The model can establish the connection very fast.v.The packet loss is less.vi.The proposed model can secure any type of network.vii.The GK algorithm can securely transmit image over any network.

Acknowledgement
We want to give thanks to the research facilities provided by College of Engineering Roorkee in college premises.It greatly helped us to carry out our research work.Specially, the Do It Yourself (DIY) lab gave us a clear view of how IoT network works and thus helping us in getting better results.

Figure 1 .
Figure 1.shows different services which can be considered for IoT.The attacks like MiTM, DDoS have been shown.The figure sums up different networks (Smart home, Cellular and healthcare network) and the places where hackers exploit to carry out the attacks.

Fig. 2 Figure 2 .
Fig. 2 Comparison of Internet Protocols and Smart object protocols [17] Figure 2. shows comparison of protocols used in the Internet and Smart devices.In 'Smart Objects Protocol', the network layer shows a Low Power Wireless Personal Area Networks (6LoWPAN) protocol.The principle of IPv6 over 6LoWPAN derives from the belief that "the Internet Protocol can and should be extended to even the smallest devices and low-power machines with minimal computing resources should be able to engage in the IoT".

Fig. 3
Fig. 3 Lorenz map The key generated after 4.2 is shown in Fig 3.The Lorenz map serves as the Group key.
is a keyless model.It is purely based on the algorithm designed.This section describes some of the attacks and how 3S-IoT mitigates them.The key security features area.

Table 1
Comparison with previous related work

Table 2
Functionality Comparison

Table 2
shows a comparison of functionality.The proposed model is flexible.It can be used for any type of IoT, small or big.