Skip to main content
SpringerLink
Log in

Hash-Chain Based Authentication for IoT Devices and REST Web-Services

  • Conference paper
  • First Online:
Ambient Intelligence- Software and Applications – 7th International Symposium on Ambient Intelligence (ISAmI 2016) (ISAmI 2016)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 476))

Included in the following conference series:

Abstract

The number of everyday interconnected devices continues to increase and constitute the Internet of Things (IoT). Things are small computers equipped with sensors and wireless communications capabilities that are driven by energy constraints, since they use batteries and may be required to operate over long periods of time. The majority of these devices perform data collection. The collected data is stored on-line using web-services that, sometimes, operate without any special considerations regarding security and privacy. The current work proposes a modified hash-chain authentication mechanism that, with the help of a smart-phone, can authenticate each interaction of the devices with a REST web-service using One Time Passwords (OTP). Moreover, the proposed authentication mechanism adheres to the stateless, HTTP-like behavior expected of REST web-services, even allowing the caching of server authentication replies within a predefined time window. No other known web-service authentication mechanism operates in such manner.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Xia, F., Yang, L.T., Wang, L., Vinel, A.: Internet of things. International Journal of Communication Systems 25(9), 1101–1102 (2012)

    Article  Google Scholar 

  2. ABIresearch, The internet of things will drive wireless connected devices to 40.9 billion in 2020 (2014)

    Google Scholar 

  3. Press, G.: It’s Official: The Internet of Things Takes Over Big Data as the Most Hyped Technology (2014)

    Google Scholar 

  4. Costa, R., Pinto, A.: A framework for the secure storage of data generated in the iot. Advances in Intelligent and Soft Computing (2015)

    Google Scholar 

  5. Leach, P.J., Franks, J., Luotonen, A., Hallam-Baker, P.M., Lawrence, S.D., Hostetler, J.L., Stewart, L.C.: HTTP Authentication: Basic and Digest Access Authentication

    Google Scholar 

  6. Hardt, D.: The OAuth 2.0 Authorization Framework

    Google Scholar 

  7. Hardt, D., Jones, M.: The OAuth 2.0 Authorization Framework: Bearer Token Usage

    Google Scholar 

  8. Fielding, R., Reschke, J.: Hypertext Transfer Protocol (HTTP/1.1): Authentication

    Google Scholar 

  9. Jammer-Lahav, E.: The OAuth 1.0 Protocol

    Google Scholar 

  10. Peng, D., Li, C., Huo, H.: An extended usernametoken-based approach for REST-style web service security authentication. In: 2nd IEEE International Conference on Computer Science and Information Technology, ICCSIT 2009, pp. 582–586, August 2009

    Google Scholar 

  11. Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Heam, P.C., Kouchnarenko, O., Mantovani, J.: The Avispa Tool for the Automated Validation of Internet Security Protocols and Applications, vol. 5, pp. 281–285. Springer (2005)

    Google Scholar 

  12. Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Mantovani, J., Modersheim, S., Vigneron, L.: A high level protocol specification language for industrial security-sensitive protocols. In: Proc. SAPS, vol. 4, pp. 193–205

    Google Scholar 

  13. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 29, 198–208 (1983)

    Article  MathSciNet  MATH  Google Scholar 

  14. Pathan, M., Buyya, R., Vakali, A.: Content delivery networks: state of the art, insights, and imperatives. In: Buyya, R., Pathan, M., Vakali, A. (eds.) Content Delivery Networks. Lecture Notes Electrical Engineering, vol. 9, pp. 3–32. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  15. Stevens, M.M.J.: Fast Collision Attack on MD5, tech. rep., March 2006

    Google Scholar 

  16. Liang, J., Lai, X.-J.: Improved Collision Attack on Hash Function MD5. Journal of Computer Science and Technology 22, 79–87 (2007)

    Article  Google Scholar 

  17. Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) Advances in Cryptology–CRYPTO 2005. Lecture Notes in Computer Science, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. GCC, CIICESI, Escola Superior de Tecnologia e Gestão de Felgueiras, Politécnico do Porto and INESC TEC, Porto, Portugal

    António Pinto

  2. GCC, CIICESI, Escola Superior de Tecnologia e Gestão de Felgueiras, Politécnico do Porto, Porto, Portugal

    Ricardo Costa

Authors
  1. António Pinto
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ricardo Costa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to António Pinto .

Editor information

Editors and Affiliations

  1. Plan 4 MIT-huset C435, University of Umea, Umea, Sweden

    Helena Lindgren

  2. Dept de Info y Automática, Universidad de Salamanca, Salamanca, Spain

    Juan F. De Paz

  3. Department of Informatics, Universidade do Minho, Braga, Portugal

    Paulo Novais

  4. Departamento de Sistemas Informáticos, University of Castilla-La Mancha, Albacete, Spain

    Antonio Fernández-Caballero

  5. Dept. of Information and Communication, Sunchon National University, 540-742, Korea (Republic of)

    Hyun Yoe

  6. ETS Ingeniería Informática, University of Sevilla, Sevilla, Spain

    Andres Jiménez Ramírez

  7. Departamento de Informática y Automática, Universidad de Salamanca, Salamanca, Spain

    Gabriel Villarrubia

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Pinto, A., Costa, R. (2016). Hash-Chain Based Authentication for IoT Devices and REST Web-Services. In: Lindgren, H., et al. Ambient Intelligence- Software and Applications – 7th International Symposium on Ambient Intelligence (ISAmI 2016). ISAmI 2016. Advances in Intelligent Systems and Computing, vol 476. Springer, Cham. https://doi.org/10.1007/978-3-319-40114-0_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-40114-0_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-40113-3

  • Online ISBN: 978-3-319-40114-0

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation