Abstract
The number of everyday interconnected devices continues to increase and constitute the Internet of Things (IoT). Things are small computers equipped with sensors and wireless communications capabilities that are driven by energy constraints, since they use batteries and may be required to operate over long periods of time. The majority of these devices perform data collection. The collected data is stored on-line using web-services that, sometimes, operate without any special considerations regarding security and privacy. The current work proposes a modified hash-chain authentication mechanism that, with the help of a smart-phone, can authenticate each interaction of the devices with a REST web-service using One Time Passwords (OTP). Moreover, the proposed authentication mechanism adheres to the stateless, HTTP-like behavior expected of REST web-services, even allowing the caching of server authentication replies within a predefined time window. No other known web-service authentication mechanism operates in such manner.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Xia, F., Yang, L.T., Wang, L., Vinel, A.: Internet of things. International Journal of Communication Systems 25(9), 1101–1102 (2012)
ABIresearch, The internet of things will drive wireless connected devices to 40.9 billion in 2020 (2014)
Press, G.: It’s Official: The Internet of Things Takes Over Big Data as the Most Hyped Technology (2014)
Costa, R., Pinto, A.: A framework for the secure storage of data generated in the iot. Advances in Intelligent and Soft Computing (2015)
Leach, P.J., Franks, J., Luotonen, A., Hallam-Baker, P.M., Lawrence, S.D., Hostetler, J.L., Stewart, L.C.: HTTP Authentication: Basic and Digest Access Authentication
Hardt, D.: The OAuth 2.0 Authorization Framework
Hardt, D., Jones, M.: The OAuth 2.0 Authorization Framework: Bearer Token Usage
Fielding, R., Reschke, J.: Hypertext Transfer Protocol (HTTP/1.1): Authentication
Jammer-Lahav, E.: The OAuth 1.0 Protocol
Peng, D., Li, C., Huo, H.: An extended usernametoken-based approach for REST-style web service security authentication. In: 2nd IEEE International Conference on Computer Science and Information Technology, ICCSIT 2009, pp. 582–586, August 2009
Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Heam, P.C., Kouchnarenko, O., Mantovani, J.: The Avispa Tool for the Automated Validation of Internet Security Protocols and Applications, vol. 5, pp. 281–285. Springer (2005)
Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Mantovani, J., Modersheim, S., Vigneron, L.: A high level protocol specification language for industrial security-sensitive protocols. In: Proc. SAPS, vol. 4, pp. 193–205
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 29, 198–208 (1983)
Pathan, M., Buyya, R., Vakali, A.: Content delivery networks: state of the art, insights, and imperatives. In: Buyya, R., Pathan, M., Vakali, A. (eds.) Content Delivery Networks. Lecture Notes Electrical Engineering, vol. 9, pp. 3–32. Springer, Heidelberg (2008)
Stevens, M.M.J.: Fast Collision Attack on MD5, tech. rep., March 2006
Liang, J., Lai, X.-J.: Improved Collision Attack on Hash Function MD5. Journal of Computer Science and Technology 22, 79–87 (2007)
Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) Advances in Cryptology–CRYPTO 2005. Lecture Notes in Computer Science, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Pinto, A., Costa, R. (2016). Hash-Chain Based Authentication for IoT Devices and REST Web-Services. In: Lindgren, H., et al. Ambient Intelligence- Software and Applications – 7th International Symposium on Ambient Intelligence (ISAmI 2016). ISAmI 2016. Advances in Intelligent Systems and Computing, vol 476. Springer, Cham. https://doi.org/10.1007/978-3-319-40114-0_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-40114-0_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-40113-3
Online ISBN: 978-3-319-40114-0
eBook Packages: EngineeringEngineering (R0)