Abstract
The Internet of Things (IoT) connects billions of devicesĀ all over the world that are currently connected to the internet. IoT is essentially a combination of constrained devices that share sensitive data with each other without human involvement. Various security and privacy concerns exist with such a large number of connected devices, as they have low inbuilt resources. Hence, it is imperative to provide security solutions for such devices to secure them. This implies that the authentication factor protects the security and privacy of these devices and data by playing a vital role in data integrity. We have been analyzed in this paper the various lightweight solutions with the authentication requirements in IoT applications. This study has indicated that the top security issue is to provide less computation and be resistant to attacks, such as replay attacks, man-in-the-middle, forgery and chosen-ciphertext attacks, and denial of service (DoS) attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Jing, Q., Vasilakos, A.V., Wan, J., Lu, J., Qiu, D.: Security of the Internet of Things: perspectives and challenges. Wireless Netw. 20(8), 2481ā2501 (2014). https://doi.org/10.1007/s11276-014-0761-7
Da Xu, L., He, W., Li, S.: Internet of Things in industries: a survey. IEEE Trans. Ind. Inf. 10(4), 2233ā2243 (2014)
Vermesan, O., Friess, P.: Internet of Things-From Research and Innovation to Market Deployment, vol. 29. River Publishers, Aalborg (2014)
Zeinab, K.A.M., Elmustafa, S.A.A.: Internet of Things applications, challenges and related future technologies. World Sci. News 2(67), 126ā148 (2017)
Abomhara, M, Kien, G.M.: Security and Privacy in the Internet Of-Things: Current Status and Open Issues, pp 1ā8 (2014)
Abomhara, M., Kien, G.: Cyber security and the Internet-of- Things: vulnerabilities, threats, intruders and attacks. J. Cyber. Secur. 4, 65ā88 (2015)
Hafsa Tahir, A.K., Junaid, M.: Internet-of-Things (IoT): an overview of applications and security issues regarding implementation. Int. J. Multidiscip. Sci. Eng. 7(1), 14ā22 (2016)
Stallings, W.: Cryptography and network security: principles and practices. Pearson Education India, New York (2006)
McAndrew, A.: Introduction to Cryptography with Open-Source Software (2016a)
Roy, A., Karforma, S.: A survey on digital signatures and its applications. J. Comput. Inf. Technol. 3(1), 45ā69 (2012)
Zheng, Y.: Digital signcryption or how to achieve cost (signature and encryption) cost (signature) plus cost (encryption). In: Springer Annual International Cryptology Conference, pp. 165ā179. Springer, Cham (1997). https://doi.org/10.1007/BFb0052234
Lenstra, A.K., Verheul, E.R.: Selecting cryptographic key sizes. J. Cryptol. 14(4), 255ā293 (2001)
Lauter, K.: The advantages of elliptic curve cryptography for wireless security. IEEE Wirel. Commun. 11(1), 62ā67 (2004)
ECRYPT I Yearly report on algorithms and keysizes. ECRYPT II Network of Excellence (NoE), funded within the Information Societies Technology (IST) Programme of the European Commissions Seventh Framework Programme (FP7) (2012)
Jansma, N., Arrendondo, B.: Performance Comparison of Elliptic Curve and RSA Digital Signatures. nicj net/files (2004)
Li, F., Xiong, P.: Practical secure communication for integrating wireless sensor networks into the Internet-of-Things. IEEE Sens. J. 13(10), 3677ā3684 (2013)
Li, D., Aung, Z., Williams, J., Sanchez, A.: P3: privacy preservation protocol for automatic appliance control application in smart grid. IEEE Internet Things J. 1(5), 414ā429 (2014)
Babar, S., Stango, A., Prasad, N., Sen, J., Prasad, R.: Proposed embedded security framework for Internet-of-Things. In: Wireless Communication, Vehicular Technology, Information Theory and Aerospace and Electronic Systems Technology (Wireless VITAE), 2011 2nd International Conference, pp. 1ā5. IEEE (2011)
He, D., Zeadally, S.: An analysis of RFID authentication schemes for Internet-of-Things in healthcare environment using elliptic curve cryptography. IEEE Internet Things J. 2(1), 72ā83 (2015)
Zhang, Z., Qi, Q.: An efcient RFID authentication protocol to enhance patient medication safety using elliptic curve cryptography. J. Med. Syst. 38(5), 47 (2014)
Zhao, Z.: A secure RFID authentication protocol for healthcare environments using elliptic curve cryptosystem. J. Med. Syst. 38(5), 46 (2014)
Farash Sabzinejad, M.: Cryptanalysis and improvement of an efficient mutual authentication RFID scheme based on elliptic curve cryptography. J. Supercomput. 70(2), 987ā1001 (2014)
Meier, A.V.: The Elgamal cryptosystem. http://wwwmayr.in.tum.de/konferenzen/Jass05/courses/1/papers/meier/paper.pdf (2005)
Mahmoud, M.M., MiÅ”iÄ, J., Akkaya, K., Shen, X.: Investigating public-key certifcate revocation in smart grid. IEEE Internet Things J. 2(6), 490ā503 (2015)
Tan, H., Ma, M., Labiod, H., Boudguiga, A., Zhang, J., Chong, P.H.J.: A secure and authenticated key management protocol (SAKMP) for vehicular networks. IEEE Trans. Veh. Technol. 65(12), 9570ā9584 (2016)
Ćamtepe, S., Yener, B.: Combinatorial design of key distribution mechanisms for wireless sensor networks. In: Samarati, P., Ryan, P., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 293ā308. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30108-0_18
Le, X.H., et al.: An energy-efcient access control scheme for wireless sensor networks based on elliptic curve cryptography. J. Commun. Netw. 11(6), 599ā606 (2009)
Chung, Y., Choi, S., Lee, Y., Park, N., Won, D.: An enhanced lightweight anonymous authentication scheme for a scalable localization roaming service in wireless sensor networks. Multidiscip. Digit. Publ. Inst. Sens. 16(10), 1653 (2016)
McGrath, M.J., Scanaill, C.N.: Sensor Technologies: Healthcare, Wellness, and Environmental Applications. Apress, Berkeley, CA (2013). https://doi.org/10.1007/978-1-4302-6014-1
Alaba, F.A., Othman, M., Hashem, I.A.T., Alotaibi, F.: Internet of Things security: a survey. J. Netw. Comput. Appl. 88, 10ā28 (2017). https://doi.org/10.1016/j.jnca.2017.04.002
Glissa, G., Rachedi, A., Meddeb, A.: A secure routing protocol based on RPL for Internet of Things. In: Global Communications Conference (GLOBECOM), pp. 1ā7. IEEE (2016)
Zolanvari, M., Jain, R.: IoT Security: A Survey (2015)
Atamli, A.W., Martin, A. Threat-based security analysis for the internet of things. Secure Internet of Things (SIoT). In: International Workshop on, IEEE, pp 35ā43 (2014)
Conti, M., Dragoni, N., Lesyk, V.: A survey of Man in The Middle attacks. IEEE Commun. Surv. Tutor. 18(3), 2027ā2051 (2016)
Nawir, M., Amir, A., Yaakob, N., Lynn, O.B.: Internet of things (IoT): taxonomy of security attacks. In: Electronic Design (ICED), 2016 3rd International Conference on, IEEE, pp. 321ā326 (2016)
SEC S: Sec 2: recommended elliptic curve domain parameters. Standards for Efcient Cryptography Group, Certicom Corp. https://www.secg.org/SEC2-Ver-1.0.pdf (2000)
Silverman, J.H.: The Arithmetic of Elliptic Curves, vol 106. Springer, Cham (2009). https://doi.org/10.1007/978-0-387-09494-6
Liu, A., Ning, P.: TinyECC: A confgurable library for elliptic curve cryptography in wireless sensor networks. In: Proceedings of the 7th International Conference on Information Processing In Sensor Networks, IEEE Computer Society, pp. 245ā256 (2008) https://doi.org/10.1109/ipsn.2008.47
Wenger, E.: Hardware architectures for MSP430-based wireless sensor nodes performing elliptic curve cryptography. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 290ā306. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38980-1_18
Wang, J., Li, J., Wang, H., Zhang, L.Y., Cheng, L.M., Lin, Q.: Dynamic scalable elliptic curve cryptographic scheme and its application to in-vehicle security. IEEE Internet Things J. https://ieeexplore.ieee.org/document/8463502 (2018). https://doi.org/10.1109/JIOT.2018.2869872
Lin, S.-C., Wen, C.-Y., Sethares, W.A.: Two-tier device-based authentication protocol against PUEA attacks for IoT applications. IEEE Trans. Signal Inf. Process. Over Netw. 4(1), 33ā47 (2018). https://doi.org/10.1109/TSIPN.2017.2723761
Li, N., Liu, D., Nepal, S.: Lightweight mutual authentication for IoT and its applications. IEEE Trans. Sustain. Comput. 2(4), 359ā370 (2017)
Shivraj, V., Rajan, M., Singh, M., Balamuralidhar, P.: One Time Password Authentication Scheme Based on Elliptic Curves for Internetof-Things (IoT), pp 1ā6. IEEE (2015)
Ahmed, A.A., Ahmed, W.A.: An efective multifactor authentication mechanism based on combiners of hash function over internet of things. Sensors 19(17), 3663 (2019)
Rahaman, O.: Data and information security in modern world by using elliptic curve cryptography. Comput. Sci. Eng. 7(2), 29ā44 (2017)
Liu, G., Quan, W., Cheng, N., Zhang, H., Yu, S.: Efcient ddos attacks mitigation for stateful forwarding in Internet of Things. J. Netw. Comput. Appl. 130, 1ā13 (2019)
Wang, W.C., Yona, Y., Wu, Y., Diggavi, S.N., Gupta, P.: Slate: a secure lightweight entity authentication hardware primitive. IEEE Trans. Inf. Forensics Secur. 15, 276ā285 (2019)
McAndrew, A.: Introduction to Cryptography with Open-Source Software. CRC Press, New York (2016b). https://doi.org/10.1201/9781439825716
Paar, C., Pelzl, J.: Hash functions. In: Understanding Cryptography A Textbook for Students and Practitioners, pp. 293ā317. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-04101-3_11. https://csrc.nist.gov/Projects/HashFunctions
Matsuo, S., Miyazaki, K., Otsuka, A., Basin, D.: How to evaluate the security of real-life cryptographic protocols? In: Sion, R., et al. (eds.) FC 2010. LNCS, vol. 6054, pp. 182ā194. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14992-4_16
Paulson, L.C.: The inductive approach to verifying cryptographic protocols. J. Comput. Secur. 6(1ā2), 85ā128 (1998)
Rubin, A.D., Honeyman, P.: Formal methods for the analysis of authentication protocols. Tech. Rep Center Inf. Technol. Integ. (1993)
Meadows, C.: Applying formal methods to the analysis of a key management protocol. J. Comput. Secur. 1(1), 5ā35 (1992)
Zhu, H.: A practical elliptic curve public key encryption scheme provably secure against adaptive chosen-message attack. IACR Cryptol. ePrint Arch. 2003, 87 (2003)
Chen, H., Ge, L., Xie, L.: A user authentication scheme based on elliptic curves cryptography for wireless ad hoc networks. Sensors 15(7), 17057ā17075 (2015)
Al Barghuthi, N.B., Saleh, M., Alsuwaidi, S., Alhammadi, S.: Evaluation of portable penetration testing on smart cities applications using raspberry pi III. In: 2017 Fourth HCT Information Technology Trends (ITT), IEEE, pp. 67ā72 (2017)
Fei, H.: Security and Privacy in Internet of Things (IoTs): Models, Algorithms, and Implementations. CRC Press (2016). https://doi.org/10.1201/b19516
Visoottiviseth, V., Akarasiriwong, P., Chaiyasart, S., Chotivatunyu, S.: PENTOS: penetration testing tool for internet of thing devices. In: TENCON 2017-2017 IEEE Region 10 Conference, IEEE, pp. 2279ā2284 (2017)
Denis, M., Zena, C., Hayajneh, T.: Penetration testing: concepts, attack methods, and defense strategies. In: 2016 IEEE Long Island Systems, Applications and Technology Conference (LISAT), pp 1ā6. IEEE (2016)
Liang, L., Zheng, K., Sheng, Q., Huang, X.: A denial of service attack method for an IOT system. In: 2016 8th International Conference on Information Technology in Medicine and Education (ITME), pp 360ā364. IEEE (2016)
Murray, R.: A Raspberry Pi Attacking Guide (2017)
Lee, J., Sung, Y., Park, J.H.: Lightweight sensor authentication scheme for energy efciency in ubiquitous computing environments. Sensors 16(12), 2044 (2016)
Kim, K.W., Han, Y.H., Min, S.G.: An authentication and key management mechanism for resource constrained devices in IEEE 80.211-based IoT access networks. Sensors 17(10), 2170 (2017)
Kim, J., Moon, J., Jung, J., Won, D.: Security analysis and improvements of session key establishment for clustered sensor networks. J. Sens. 20, 20 (2016)
Chen, Y., MartĆnez, J.-F., Castillejo, P., LĆ³pez, L.: A privacy protection user authentication and key agreement scheme tailored for the Internet of Things environment: PriAuth. Wireless Commun. Mob. Comput. 2017, 1ā17 (2017). https://doi.org/10.1155/2017/5290579
Srinivas, J., Mukhopadhyay, S., Mishra, D.: Secure and efficient user authentication scheme for multi-gateway wireless sensor networks. Ad Hoc Netw. 54, 147ā169 (2017). https://doi.org/10.1016/j.adhoc.2016.11.002
Lu, R., Heung, K., Lashkari, A.H., Ghorbani, A.A.: A lightweight privacy-preserving data aggregation scheme for fog computing enhanced IoT. IEEE Access 5, 3302ā3312 (2017)
Mahmood, Z., Ning, H., Ullah, A., Yao, X.: Secure authentication and prescription safety protocol for telecare health services using ubiquitous IoT. Appl. Sci. 7(10), 1069 (2017)
Shuai, M., Yu, N., Wang, H., Xiong, L.: Anonymous authentication scheme for smart home environment with provable security. Comput. Secur. 86, 132ā146 (2019)
Dang, T.K., Pham, C.D., Nguyen, T.L.: A pragmatic elliptic curve cryptography-based extension for energy-efficient device-to device communications in smart cities. Sustain. Cities Soc. 20, 102097 (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Hassan, A. (2022). An Effective Lightweight Cryptographic Algorithm to Secure Internet of Things Devices. In: Arai, K. (eds) Proceedings of the Future Technologies Conference (FTC) 2021, Volume 1. FTC 2021. Lecture Notes in Networks and Systems, vol 358. Springer, Cham. https://doi.org/10.1007/978-3-030-89906-6_27
Download citation
DOI: https://doi.org/10.1007/978-3-030-89906-6_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-89905-9
Online ISBN: 978-3-030-89906-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)