Abstract
Sensor clouds are formed by IP-enabled wireless sensors and Internet of Things devices that are used for sensing and actuation in commercial and industrial applications. Data collected by the sensors are consolidated by distributed cloud data consolidation (DCS) servers to be utilized as raw sensory information by applications running data analytics and actuation functions. Alternatively, DC servers may feed sensor data to the cloud-hosted Big Data Analytics (BDS) servers. Sensor clouds and their respective DCS servers, as well as BDS servers, may form different security realms. These security realms’ ownership structures are complicated and differ from standard database servers, necessitating a dependable authentication technique to provide trusted access to DC and BDS servers. This paper proposes a new multiparty authentication framework to authenticate applications requesting access to the DCS and BDS servers without direct human or application access to the sensors and actuators. Only DC servers are permitted to communicate with sensors/actuators, and only applications certified by a Session Authority Cloud are granted access to DCS/BDS servers via an authentication protocol that includes many information and key exchanges. This solution may assure the reliable deployment of sensor clouds in different critical application domains (i.e., industry, commercial, national security, and defense, etc.) while reducing the potential of direct espionage of sensed/actuated systems. Linear Temporal Logic is used to explicitly analyze and establish the correctness of the presented framework. OPNET modeling and simulations are used to illustrate the protocol’s design and operations. The results demonstrate that multiparty authentication is conceivable for Sensor cloud computing systems.
Similar content being viewed by others
Data availability
All data are either included in the paper or can be found in the sources given.
Abbreviations
- DCS:
-
Distributed cloud data consolidation
- BDS:
-
Big data analytics
- LTL:
-
Linear temporal logic
- SAC:
-
Session authority cloud
- \(\textrm{SAC}_{\textrm{DB}}\) :
-
DB database
- \(\textrm{SAC}_{\textrm{SH}}\) :
-
Session handler
- MPSH:
-
Multiparty session handler
- \(\textrm{ID}_r^A\) :
-
Cloud membership root key of user A
- \(\textrm{ID}_s^A\) :
-
Subdomain membership key of user A
- RFID:
-
Radio frequency identification
- WSN:
-
Wireless sensor networking
- SSO:
-
Single sign-on
References
Sundmaeker, H., Guillemin, P., Friess, P., Woelffl, S.: e. Ccluster of european research projects on the internet of things. In vision and challenges for realizing the Internet of Things, page 0, European Commission, (2010)
Evans, D.: The internet of things,howthenext evolution of the internet is changing everything. Whitepaper. Cisco Internet Business Solutions Group (IBSG), 1:1–12, (2011)
Assunção, M.D., Calheiros, R.N., Bianchi, S., Netto, M.A.S., Buyya, R.: Big data computing and clouds: trends and future directions. J. Parallel Distrib. Comput. 79, 3–15 (2015)
Yang, Y., Longfei, W., Yin, G., Li, L., Zhao, H.: A survey on security and privacy issues in internet-of-things. IEEE Internet Things J. 4(5), 1250–1258 (2017)
Lin, J., Wei, Yu., Zhang, N., Yang, X., Zhang, H., Zhao, W.: A survey on internet of things: architecture, enabling technologies, security and privacy, and applications. IEEE Internet Things J. 4(5), 1125–1142 (2017)
Manasrah, A.M., Aldomi, A., Gupta, B.B.: An optimized service broker routing policy based on differential evolution algorithm in fog/cloud environment. Clust. Comput. 22(1), 1639–1653 (2019)
SYi, S., Li, C. Li, Q: A survey of fog computing: concepts, applications and issues. In: Proceedings of the 2015 workshop on mobile big data, pages 37–42, (2015)
Alessio, B., De Donato, W., Persico, V., Pescapé, A.: On the integration of cloud computing and internet of things. Proc. Future internet of things and cloud (FiCloud), 23–30 (2014)
Hussain Al-Aqrabi, L., Liu, R.H., Antonopoulos, N.: Cloud bi: future of business intelligence in the cloud. J. Comput. Syst. Sci. 81(1), 85–96 (2015)
Hill, R., Hirsch, L., Lake, P., Moshiri, S.: Guide to Cloud Computing: Principles and Practice. Springer (2012)
Al-Aqrabi, H., Hill, R., Lane, P., Aagela, H.: Securing manufacturing intelligence for the industrial internet of things. In: Fourth international congress on information and communication technology. pp 267–282. Springer (2020)
Alsboui, T., Qin, Y., Hill, R., Al-Aqrabi, H.: Towards a scalable iota tangle-based distributed ntelligence approach for the internet of things. In: Science and information conference, pp 487–501. Springer (2020)
Alsboui, T., Qin, Y., Hill, R., Al-Aqrabi, H.: Distributed intelligence in the internet of things: challenges and opportunities. SN Comput. Sci. 2(4), 277 (2021)
Da Li, X., He, W., Li, S.: Internet of things in industries: a survey. IEEE Trans. Ind. Inf. 10(4), 2233–2243 (2014)
Wasef, A., Shen, X.: Emap: expedite message authentication protocol for vehicular ad hoc networks. IEEE Trans. Mob. Comput. 12(1), 78–89 (2011)
Ferrag, M.A., Maglaras, L., Derhab, A., Janicke, H.: Authentication schemes for smart mobile devices: threat models, countermeasures, and open research issues. Telecommun. Syst. 73(2), 317–348 (2020)
Hada, S., Maruyama, H.: Session authentication protocol for web services. In: Proceedings 2002 symposium on applications and the internet (SAINT) workshops, pages 158–165. IEEE (2002)
Darabian, H., Dehghantanha, A., Hashemi, S., Homayoun, S., Choo, K.K.: An opcode-based technique for polymorphic internet of things malware detection. Concurr. Comput. Pract. Exp. 32(6), e5173 (2020)
Ferrag, M.A., Maglaras, L.A., Janicke, H., Jiang, J., Shu, L.: Authentication protocols for internet of things: a comprehensive survey. Secur. Commun. Netw. (2017)
Zhang, L., Chuanyan, H., Qianhong, W., Domingo-Ferrer, J., Qin, B.: Privacy-preserving vehicular communication authentication with hierarchical aggregation and fast response. IEEE Trans. Comput. 65(8), 2562–2574 (2015)
Li, H., Rongxing, L., Zhou, L., Yang, B., Shen, X.: An efficient merkle-tree-based authentication scheme for smart grid. IEEE Syst. J. 8(2), 655–663 (2013)
Jan, M., Nanda, P., Usman, M., He, X.: Pawn: a payload-based mutual authentication scheme for wireless sensor networks. Concurr. Comput. Pract. Exp. 29(17), e3986 (2017)
Bernstein, D., Vij, D.: Intercloud security considerations. In 2010 IEEE second international conference on cloud computing technology and science, pages 537–544. IEEE (2010)
Zubair, A.A., et al.: A cloud computing-based modified symbiotic organisms search algorithm (ai) for optimal task scheduling. Sensors 22(4), 1674 (2022)
Liu, L., Gao, J.: An organization-oriented model for federated indentity management and its application. In: 2008 6th IEEE international conference on industrial informatics. pp 197–202 (2008)
Krautheim, F.J.: Building Trust into Utility Cloud Computing. University of Maryland, Baltimore County (2010)
Khan, K.M., Malluhi, Q.: Establishing trust in cloud computing. IT Professional 12(5), 20–27 (2010)
Huang, J., Nicol, D.M.: Trust mechanisms for cloud computing. J. Cloud Comput. Adv. Syst. Appl. 2(1), 1–14 (2013)
Xiaonian, W., Zhang, R., Zeng, B., Zhou, S.: A trust evaluation model for cloud computing. Proc. Comput. Sci. 17, 1170–1177 (2013)
Celesti, A., Tusa, F., Villari, M., Puliafito, A.: Security and cloud computing: intercloud identity management infrastructure. In 2010 19th IEEE international workshops on enabling technologies: infrastructures for collaborative enterprises, pp 263–265. IEEE (2010)
Sharma, R., Joshi, B.: H-ibe: Hybrid-identity based encryption approach for cloud security with outsourced revocation. In: 2016 International conference on signal processing, communication, power and embedded system. pp 1192–1196. IEEE (2016)
Schridde, C., Dörnemann, T., Juhnke, E., Freisleben, B., Smith, M.: An identity-based security infrastructure for cloud environments. In 2010 IEEE International conference on wireless communications, networking and information security, pp 644–649. IEEE (2010)
Al-Aqrabi, H., Hill, R.: Dynamic multiparty authentication of data analytics services within cloud environments. In 2018 IEEE 20th International conference on high performance computing and communications. In: IEEE 16th international conference on smart city; IEEE 4th international conference on data science and systems (HPCC/SmartCity/DSS), pp 742–749. IEEE (2018)
Dai, Q., Zhao, X., Xu, Q., Jiang, H.: A new cross-realm group password-based authenticated key exchange protocol. In: 2011 Seventh international conference on computational intelligence and security. pp 856–860. IEEE (2011)
Xu, J., Zhang, D., Liu, L., Li, X.: Dynamic authentication for cross-realm soa-based business processes. IEEE Trans. Serv. Comput. 5(1), 20–32 (2010)
Gubbi, J., Buyya, R., Marusic, S., Palaniswami, M.: Internet of things (iot): a vision, architectural elements, and future directions. Futur. Gener. Comput. Syst. 29(7), 1645–1660 (2013)
Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., Ayyash, M.: Internet of things: a survey on enabling technologies, protocols, and applications. IEEE Commun. Surv. Tutor. 17(4), 2347–2376 (2015)
Uckelmann, D., Harrison, M., Michahelles, F.: An architectural approach towards the future internet of things. In Architecting the internet of things, pages 1–24. Springer, (2011)
Want, R., Schilit, B.N., Jenson, S.: Enabling the internet of things. Computer 48(1), 28–35 (2015)
Balachandran, B.M., Prasad, S.: Challenges and benefits of deploying big data analytics in the cloud for business intelligence. Proc. Comput. Sci. 112, 1112–1122 (2017)
JinJing, Q., Vasilakos, A.V., Wan, J., Lu, J., Qiu, D.: Security of the internet of things: perspectives and challenges. Wireless Netw. 20(8), 2481–2501 (2014)
Al-Aqrabi, H., Johnson, A.P., Hill, R., Lane, P., Liu, L.: A multi-layer security model for 5g-enabled industrial internet of things. In: International conference on smart city and informatization. pp 279–292. Springer (2019)
Saadeh, M., Sleit, A., Qatawneh, M., Almobaideen, W.: Authentication techniques for the internet of things: a survey. In: 2016 cybersecurity and cyberforensics conference. pp 28–34. IEEE (2016)
Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 Proceedings IEEE INFOCOM. pp 1–9. IEEE (2010)
Chadwick, D.W., Fatema, K.: A privacy preserving authorisation system for the cloud. J. Comput. Syst. Sci. 78(5), 1359–1373 (2012)
Yan, Z., Zhang, P., Vasilakos, A.V.: A survey on trust management for internet of things. J. Netw. Comput. Appl. 42, 120–134 (2014)
Sadeghi, A.R., Wachsmann, C., Waidner, M.: Security and privacy challenges in industrial internet of things. In: 2015 52nd ACM/EDAC/IEEE design automation conference. pp 1–6. IEEE (2015)
Li, H., Dai, Y., Tian, L., Yang, H.: Identity-based authentication for cloud computing. In: IEEE international conference on cloud computing. pp 157–166. Springer (2009)
Cimatti, A., Clarke, E., Giunchiglia, F., Roveri, M.: Nusmv: a new symbolic model checker. Int. J. Softw. Tools Technol. Transf. 2(4), 410–425 (2000)
Inc. OPNET Technologies. The opnet simulator. http://www.opnet.com
Ambre, A., Shekokar, N.: Insider threat detection using log analysis and event correlation. Proc. Comput. Sci. 45, 436–445 (2015)
Yusop, Z.M., Abawajy, J.: Analysis of insiders attack mitigation strategies. Proc. Soc. Behav. Sci. 129, 581–591 (2014)
Gonzales, D., Kaplan, J.M., Saltzman, E., Winkelman, Z., Woods, D.: Cloud-trust-a security assessment model for infrastructure as a service (iaas) clouds. IEEE Trans. Cloud Comput. 5(3), 523–536 (2015)
Author information
Authors and Affiliations
Contributions
HA contributed to conceptualization, methodology, investigation, validation, supervision, and writing—original draft, and provided software. RH was involved in conceptualization, investigation, supervision, and writing—review and editing. HA, AHM, and ME contributed to project administration, visualization, and writing—review and editing. MSD and HA were involved in investigation, visualization, and writing—review and editing. All authors have read and agreed to the published version of the manuscript.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Ethical approval
This article does not include studies with human participants or animals conducted by any of the authors. The authors state that all experiments and research outlined in this manuscript adhere to ethical standards.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Al-Aqrabi, H., Manasrah, A.M., Hill, R. et al. Dynamic authentication for intelligent sensor clouds in the Internet of Things. Int. J. Inf. Secur. (2024). https://doi.org/10.1007/s10207-024-00829-9
Published:
DOI: https://doi.org/10.1007/s10207-024-00829-9