Advertisement

A Study on Secured Authentication and Authorization in Internet of Things: Potential of Blockchain Technology

  • Syeda Mariam Muzammal
  • Raja Kumar MurugesanEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1132)

Abstract

With the proliferation of Internet of Things (IoT) and its influence in various use case scenarios, it can be expected that IoT services will create a global reach. Smart cities, smart grids, smart industries, smart wearables etc. are some examples of IoT services today. Besides all the benefits that IoT provide, security issues of these services and data generated by IoT are of major concern. Traditional security practices of authentication and authorization have been initially designed for security needs of centralized client/server models which are good to deal with human-machine interaction over the Internet. In centralized systems, normally devices and users are trusted for being in the same application domain. Moreover, such systems can become a bottleneck for a number of queries at the same time; or may become a single point of failure causing unavailability of connected devices that are totally relying on a single trusted party. This paper explores the IoT security issues and concerns. Moreover, it provides a review of centralized and decentralized IoT security solutions in terms of authentication and authorization. Additionally, it discusses how Blockchain technology can be leveraged to provide IoT security.

Keywords

IoT security Authentication Authorization Blockchain 

References

  1. 1.
    Muzammal, S.M., Shah, M.A., Zhang, S.-J., Yang, H.-J.: Conceivable security risks and authentication techniques for smart devices: a comparative evaluation of security practices. Int. J. Autom. Comput. 13, (2016).  https://doi.org/10.1007/s11633-016-1011-5CrossRefGoogle Scholar
  2. 2.
    Fernández-Caramés, T.M., Fraga-Lamas, P., Fernandez-Carames, T.M., Fraga-Lamas, P.: A review on the use of blockchain for the internet of things. IEEE Access 6, 32979–33001 (2018).  https://doi.org/10.1109/ACCESS.2018.2842685CrossRefGoogle Scholar
  3. 3.
    Fremantle, P., Aziz, B., Kirkham, T.: Enhancing IoT security and privacy with distributed ledgers - a position paper. In: Proceedings of 2nd International Conference on Internet Things, Big Data Security, pp. 344–349 (2017).  https://doi.org/10.5220/0006353903440349
  4. 4.
    Muzammal, S.M., et al.: Counter measuring conceivable security threats on smart healthcare devices. IEEE Access (2018).  https://doi.org/10.1109/access.2018.2826225CrossRefGoogle Scholar
  5. 5.
    Lomotey, R.K.: Enhancing privacy in wearable IoT through a provenance architecture (2018).  https://doi.org/10.3390/mti2020018CrossRefGoogle Scholar
  6. 6.
    Muzammal, S.M., Shah, M.A.: ScreenStealer: addressing screenshot attacks on Android devices. In: 2016 22nd International Conference on Automation and Computing, ICAC 2016: Tackling the New Challenges in Automation and Computing (2016)Google Scholar
  7. 7.
  8. 8.
    Afshar, V.: Cisco: Enterprises Are Leading the Internet of Things Innovation. https://www.huffingtonpost.com/entry/cisco-enterprises-are-leading-the-internet-of-things_us_59a41fcee4b0a62d0987b0c6
  9. 9.
    OWASP Internet of Things Project – OWASP. https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project
  10. 10.
    Panarello, A., Tapas, N., Merlino, G., Longo, F., Puliafito, A.: Blockchain and IoT integration: a systematic survey (2018)CrossRefGoogle Scholar
  11. 11.
    IBM: IoT for Blockchain - IBM Watson IoT. https://www.ibm.com/internet-of-things/trending/blockchain
  12. 12.
    Noor, M.B.M., Hassan, W.H.: Current research on Internet of Things (IoT) security: a survey. Comput. Netw. (2018).  https://doi.org/10.1016/j.comnet.2018.11.025CrossRefGoogle Scholar
  13. 13.
    Trnka, M., Cerny, T., Stickney, N.: Survey of authentication and authorization for the internet of things. Secur. Commun. Netw. 2018 (2018).  https://doi.org/10.1155/2018/4351603CrossRefGoogle Scholar
  14. 14.
    Jesus, E.F., Chicarino, V.R.L., De Albuquerque, C.V.N., Rocha, A.A.D.A.: A survey of how to use blockchain to secure internet of things and the stalker attack. Secur. Commun. Netw. 2018 (2018).  https://doi.org/10.1155/2018/9675050CrossRefGoogle Scholar
  15. 15.
    Hilton, S.: Dyn Analysis Summary of Friday October 21 Attack—Dyn Blog (2016). https://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-attack/
  16. 16.
    Ferrante, A.J.: Battening down for the rising tide of IoT risks. ISSA J. 15, 20–24 (2017)Google Scholar
  17. 17.
    CISCO: Cisco’s Talos Intelligence Group Blog: New VPNFilter malware targets at least 500K networking devices worldwide. https://blog.talosintelligence.com/2018/05/VPNFilter.html
  18. 18.
    Khandelwal, S.: Internet-Connected Teddy Bear Leaks Millions of Voice Messages and Password. https://thehackernews.com/2017/02/iot-teddy-bear.html
  19. 19.
  20. 20.
    Restuccia, F., D’Oro, S., Melodia, T.: Securing the internet of things in the age of machine learning and software-defined networking. IEEE Internet Things J. 5, 4829–4842 (2018).  https://doi.org/10.1109/JIOT.2018.2846040CrossRefGoogle Scholar
  21. 21.
    Electricity Information Sharing and Analysis Center(E-ISAC): Analysis of the Cyber Attack on the Ukrainian Power Grid Table of Contents (2016)Google Scholar
  22. 22.
    Greenberg, A.: Hackers Remotely Kill a Jeep on the Highway—With Me in It—WIRED. https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
  23. 23.
    Osborne, C.: Over a dozen vulnerabilities uncovered in BMW vehicles—ZDNet. https://www.zdnet.com/article/over-a-dozen-vulnerabilities-uncovered-in-bmw-vehicles/
  24. 24.
    Kruse-brandao, J., Garcia, J.L., Edwards, M.: Baseline Security Recommendations for IoT (2017)Google Scholar
  25. 25.
    Krebs, B.: Study: Attack on KrebsOnSecurity Cost IoT Device Owners $323K—Krebs on Security. https://krebsonsecurity.com/2018/05/study-attack-on-krebsonsecurity-cost-iot-device-owners-323k/
  26. 26.
    Grange, W.: Hajime worm battles Mirai for control of the Internet of Things. https://www.symantec.com/connect/blogs/hajime-worm-battles-mirai-control-internet-things
  27. 27.
    Tony, B., Meg, J., Reyes, E.A.: Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S. (2018). https://www.latimes.com/local/lanow/la-me-ln-times-delivery-disruption-20181229-story.html
  28. 28.
    Bilefsky, D.: Hackers Use New Tactic at Austrian Hotel: Locking the Doors. https://www.nytimes.com/2017/01/30/world/europe/hotel-austria-bitcoin-ransom.html
  29. 29.
    Goodin, D.: BrickerBot, the permanent denial-of-service botnet, is back with a vengeance—Ars Technica. https://arstechnica.com/information-technology/2017/04/brickerbot-the-permanent-denial-of-service-botnet-is-back-with-a-vengeance/
  30. 30.
    Bundesnetzagentur - News - Bundesnetzagentur withdraws dummy “Cayla” from circulation (2017). https://www.bundesnetzagentur.de/SharedDocs/Pressemitteilungen/DE/2017/14012017_cayla.html
  31. 31.
    D’Orazio, C.J., Choo, K.K.R., Yang, L.T.: Data exfiltration from internet of things devices: IOS devices as case studies. IEEE Internet Things J. 4, 524–535 (2017).  https://doi.org/10.1109/JIOT.2016.2569094CrossRefGoogle Scholar
  32. 32.
    Ouaddah, A., Mousannif, H., Abou Elkalam, A., Ait Ouahman, A.: Access control in the Internet of Things: big challenges and new opportunities. Comput. Netw. 112, 237–262 (2017).  https://doi.org/10.1016/j.comnet.2016.11.007CrossRefGoogle Scholar
  33. 33.
    Sharma, A.: Blockchain for Authentication—Benefits, and Challenges. https://hackernoon.com/blockchain-for-authentication-benefits-and-challenges-94a93f034f40
  34. 34.
    Gope, P., Hwang, T.: BSN-Care: a secure IoT-based modern healthcare system using body sensor network. IEEE Sens. J. 16, 1368–1376 (2016).  https://doi.org/10.1109/JSEN.2015.2502401CrossRefGoogle Scholar
  35. 35.
    Chan, A.: Proactive security strategies to stave off growing cyber-attacks in IoT and credential abuse – CSO—The Resource for Data Security Executives. https://www.cso.com.au/article/648557/proactive-security-strategies-stave-off-growing-cyber-attacks-iot-credential-abuse/
  36. 36.
    Burgess, M.: Austrian hotel Romantik Seehotel Jaegerwirt was hit by a cyberattack—WIRED UK. https://www.wired.co.uk/article/austria-hotel-ransomware-true-doors-lock-hackers
  37. 37.
    Farash, M.S., Turkanović, M., Kumari, S., Hölbl, M.: An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment. Ad Hoc Netw. 36, 152–176 (2016).  https://doi.org/10.1016/J.ADHOC.2015.05.014CrossRefGoogle Scholar
  38. 38.
    Peris-Lopez, P., González-Manzano, L., Camara, C., de Fuentes, J.M.: Effect of attacker characterization in ECG-based continuous authentication mechanisms for Internet of Things. Future Gener. Comput. Syst. 81, 67–77 (2018).  https://doi.org/10.1016/j.future.2017.11.037CrossRefGoogle Scholar
  39. 39.
    Li, F., Hong, J., Omala, A.A.: Efficient certificateless access control for industrial Internet of Things. Future Gener. Comput. Syst. 76, 285–292 (2017).  https://doi.org/10.1016/j.future.2016.12.036CrossRefGoogle Scholar
  40. 40.
    Kim, H., Lee, E.A.: Authentication and authorization for the internet of things. IT Prof. 19, 27–33 (2017).  https://doi.org/10.1039/b904090kCrossRefGoogle Scholar
  41. 41.
    Ngu, A.H.H., Gutierrez, M., Metsis, V., Nepal, S., Sheng, M.Z.: IoT middleware: a survey on issues and enabling technologies. IEEE Internet Things J. (2016).  https://doi.org/10.1109/jiot.2016.2615180
  42. 42.
    Madsen, P.: Standardized Identity Protocols and the Internet of Things (2015)Google Scholar
  43. 43.
    Ourad, A.Z., Belgacem, B., Salah, K.: Using blockchain for IOT access control and authentication management. In: Georgakopoulos, D., Zhang, L.-J. (eds.) ICIOT 2018. LNCS, vol. 10972, pp. 150–164. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-94370-1_11CrossRefGoogle Scholar
  44. 44.
    Tao, M., Ota, K., Dong, M., Qian, Z.: AccessAuth: capacity-aware security access authentication in federated-IoT-enabled V2G networks. J. Parallel Distrib. Comput. 118, 107–117 (2018).  https://doi.org/10.1016/j.jpdc.2017.09.004CrossRefGoogle Scholar
  45. 45.
    Vijayakumar, P., Chang, V., Jegatha Deborah, L., Balusamy, B., Shynu, P.G.: Computationally efficient privacy preserving anonymous mutual and batch authentication schemes for vehicular ad hoc networks. Future Gener. Comput. Syst. 78, 943–955 (2018).  https://doi.org/10.1016/j.future.2016.11.024CrossRefGoogle Scholar
  46. 46.
    Sicari, S., Rizzardi, A., Grieco, L.A., Piro, G., Coen-Porisini, A.: A policy enforcement framework for Internet of Things applications in the smart health. Smart Health 3–4, 39–74 (2017).  https://doi.org/10.1016/J.SMHL.2017.06.001CrossRefGoogle Scholar
  47. 47.
    Lee, S.-H., Huang, K.-W., Yang, C.-S.: TBAS: token-based authorization service architecture in Internet of things scenarios. Int. J. Distrib. Sens. Netw. 13 (2017).  https://doi.org/10.1177/1550147717718496CrossRefGoogle Scholar
  48. 48.
    Symantec Security Response: Latest Intelligence for September 2017—Symantec Connect Community. https://www.symantec.com/connect/blogs/latest-intelligence-june-2017
  49. 49.
    Ouaddah, A., Elkalam, A.A., Ouahman, A.A.: Towards a novel privacy-preserving access control model based on blockchain technology in IoT. In: Rocha, Á., Serrhini, M., Felgueiras, C. (eds.) Europe and MENA Cooperation Advances in Information and Communication Technologies. Advances in Intelligent Systems and Computing, vol. 520, pp. 523–533. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-46568-5_53CrossRefGoogle Scholar
  50. 50.
    Ethereum.org: Ethereum Project. https://www.ethereum.org/
  51. 51.
    Hammi, M.T., Bellot, P., Serhrouchni, A.: BCTrust: a decentralized authentication blockchain-based mechanism. In: IEEE Wireless Communications and Networking Conference WCNC, 1–6 April 2018 (2018).  https://doi.org/10.1109/wcnc.2018.8376948
  52. 52.
    ethdocs: Ethereum Homestead Documentation—Ethereum Homestead 0.1 documentation. http://www.ethdocs.org/en/latest/index.html
  53. 53.
    Novo, O.: Blockchain meets IoT: an architecture for scalable access management in IoT. IEEE Internet Things J. 5, 1184–1195 (2018).  https://doi.org/10.1109/JIOT.2018.2812239CrossRefGoogle Scholar
  54. 54.
    Hammi, M.T., Hammi, B., Bellot, P., Serhrouchni, A., Tahar Hammi, M.: Bubbles of trust: a decentralized blockchain-based authentication system for IoT. Comput. Secur. (2018).  https://doi.org/10.1016/j.cose.2018.06.004CrossRefGoogle Scholar
  55. 55.
    Dorri, A., Kanhere, S.S., Jurdak, R., Gauravaram, P.: Blockchain for IoT security and privacy: the case study of a smart home. In: 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 618–623 (2017).  https://doi.org/10.1109/percomw.2017.7917634
  56. 56.
    Di, D., Maesa, F.: Blockchain based access control services. In: IEEE International Symposium on Recent Advances on Blockchain and Its Applications (BlockchainApp), 2018 IEEE International Conference on Blockchain (2018)Google Scholar
  57. 57.
    Ramachandran, A., Kantarcioglu, D.M.: Using Blockchain and smart contracts for secure data provenance management (2017)Google Scholar
  58. 58.
    Zhang, Y., Kasahara, S., Shen, Y., Jiang, X., Wan, J.: Smart contract-based access control for the internet of things, 1–11 (2018).  https://doi.org/10.1109/jiot.2018.2847705CrossRefGoogle Scholar
  59. 59.
    Singh, K.J., Kapoor, D.S.: Create your own internet of things: a survey of IoT platforms. IEEE Consum. Electron. Mag. 6, 57–68 (2017).  https://doi.org/10.1109/MCE.2016.2640718CrossRefGoogle Scholar
  60. 60.
    Christidis, K., Devetsikiotis, M.: Blockchains and smart contracts for the internet of things. IEEE Access 4, 2292–2303 (2016).  https://doi.org/10.1109/ACCESS.2016.2566339CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  1. 1.Taylor’s UniversitySubang JayaMalaysia

Personalised recommendations