A payload-based mutual authentication scheme for Internet of Things

Jan, MA; Khan, F; Alam, M; Usman, M

A payload-based mutual authentication scheme for Internet of Things

Jan, MA

Khan, F Alam, M Usman, M

Permalink

Publisher:: Elsevier BV
Publication Type:: Journal Article
Citation:: Future Generation Computer Systems, 2019, 92 pp. 1028 - 1039
Issue Date:: 2019-03

Open Access

Copyright Clearance Process

Recently Added
In Progress
Open Access

This item is open access.

Adobe PDF

Download Accepted Manuscript VersionAdobe PDF (2.61 MB)

View on publisher's site

View statistics

Full metadata record

Field	Value	Language
dc.contributor.author	Jan, MA https://orcid.org/0000-0002-5298-1328	en_US
dc.contributor.author	Khan, F	en_US
dc.contributor.author	Alam, M	en_US
dc.contributor.author	Usman, M https://orcid.org/0000-0003-2165-4575	en_US
dc.date.available	2020-05-25T19:14:19Z
dc.date.issued	2019-03	en_US
dc.identifier.citation	Future Generation Computer Systems, 2019, 92 pp. 1028 - 1039	en_US
dc.identifier.issn	0167-739X	en_US
dc.identifier.uri	http://hdl.handle.net/10453/117906
dc.description.abstract	The Internet of Things (IoT) is a vision that broadens the scope of the Internet by incorporating physical objects to identify themselves to the participating entities. This innovative concept enables a physical object to represent itself in the digital world. There have been a lot of speculations and future forecasts about these physical objects connected with the Internet, however, most of them lack secure features and are vulnerable to a wide range of attacks. Miniature sensor nodes, embedded in these physical objects, limit the support for computationally complex and resource-consuming secured algorithms. In this paper, we propose a lightweight mutual authentication scheme for the real-world physical objects of an IoT environment. It is a payload-based encryption scheme which uses a simple four-way handshake mechanism to verify the identities of the participating objects. The real-world objects communicate with each other using the client–server interaction model. Our proposed scheme uses the lightweight features of Constrained Application Protocol (CoAP) to enable the clients to observe resources residing on the server, in an energy-efficient manner. We use Advanced Encryption Standard (AES), with a key length of bits, to establish a secured session for resource observation. We evaluate our scheme for a real-world scenario using NetDuino Plus 2 boards. Our scheme is computationally efficient, incurs less connection overhead and at the same time, provides a robust defence against various attacks such as, resource exhaustion, Denial-of-Service, replay and physical tampering.	en_US
dc.language	en	en_US
dc.publisher	Elsevier BV	en_US
dc.relation.ispartof	Future Generation Computer Systems	en_US
dc.relation.isbasedon	10.1016/j.future.2017.08.035	en_US
dc.rights	Elsevier required licence: © 2019 . This manuscript version is made available under the CC-BY-NC-ND 4.0 license http://creativecommons.org/licenses/by-nc-nd/4.0/. The definitive publisher version is available online at https://doi.org/10.1016/j.future.2017.08.035	en_US
dc.subject.classification	Distributed Computing	en_US
dc.title	A payload-based mutual authentication scheme for Internet of Things	en_US
dc.type	Journal Article
utslib.citation.volume	92	en_US
utslib.for	0803 Computer Software	en_US
utslib.for	0805 Distributed Computing	en_US
utslib.for	0806 Information Systems	en_US
pubs.embargo.period	Not known	en_US
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
utslib.copyright.status	open_access
pubs.consider-herdc	true	en_US
pubs.publication-status	Published	en_US
pubs.volume	92	en_US

Abstract:

The Internet of Things (IoT) is a vision that broadens the scope of the Internet by incorporating physical objects to identify themselves to the participating entities. This innovative concept enables a physical object to represent itself in the digital world. There have been a lot of speculations and future forecasts about these physical objects connected with the Internet, however, most of them lack secure features and are vulnerable to a wide range of attacks. Miniature sensor nodes, embedded in these physical objects, limit the support for computationally complex and resource-consuming secured algorithms. In this paper, we propose a lightweight mutual authentication scheme for the real-world physical objects of an IoT environment. It is a payload-based encryption scheme which uses a simple four-way handshake mechanism to verify the identities of the participating objects. The real-world objects communicate with each other using the client–server interaction model. Our proposed scheme uses the lightweight features of Constrained Application Protocol (CoAP) to enable the clients to observe resources residing on the server, in an energy-efficient manner. We use Advanced Encryption Standard (AES), with a key length of bits, to establish a secured session for resource observation. We evaluate our scheme for a real-world scenario using NetDuino Plus 2 boards. Our scheme is computationally efficient, incurs less connection overhead and at the same time, provides a robust defence against various attacks such as, resource exhaustion, Denial-of-Service, replay and physical tampering.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/117906