Abstract
With the proliferation of Internet of Things (IoT) and its influence in various use case scenarios, it can be expected that IoT services will create a global reach. Smart cities, smart grids, smart industries, smart wearables etc. are some examples of IoT services today. Besides all the benefits that IoT provide, security issues of these services and data generated by IoT are of major concern. Traditional security practices of authentication and authorization have been initially designed for security needs of centralized client/server models which are good to deal with human-machine interaction over the Internet. In centralized systems, normally devices and users are trusted for being in the same application domain. Moreover, such systems can become a bottleneck for a number of queries at the same time; or may become a single point of failure causing unavailability of connected devices that are totally relying on a single trusted party. This paper explores the IoT security issues and concerns. Moreover, it provides a review of centralized and decentralized IoT security solutions in terms of authentication and authorization. Additionally, it discusses how Blockchain technology can be leveraged to provide IoT security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Muzammal, S.M., Shah, M.A., Zhang, S.-J., Yang, H.-J.: Conceivable security risks and authentication techniques for smart devices: a comparative evaluation of security practices. Int. J. Autom. Comput. 13, (2016). https://doi.org/10.1007/s11633-016-1011-5
Fernández-Caramés, T.M., Fraga-Lamas, P., Fernandez-Carames, T.M., Fraga-Lamas, P.: A review on the use of blockchain for the internet of things. IEEE Access 6, 32979–33001 (2018). https://doi.org/10.1109/ACCESS.2018.2842685
Fremantle, P., Aziz, B., Kirkham, T.: Enhancing IoT security and privacy with distributed ledgers - a position paper. In: Proceedings of 2nd International Conference on Internet Things, Big Data Security, pp. 344–349 (2017). https://doi.org/10.5220/0006353903440349
Muzammal, S.M., et al.: Counter measuring conceivable security threats on smart healthcare devices. IEEE Access (2018). https://doi.org/10.1109/access.2018.2826225
Lomotey, R.K.: Enhancing privacy in wearable IoT through a provenance architecture (2018). https://doi.org/10.3390/mti2020018
Muzammal, S.M., Shah, M.A.: ScreenStealer: addressing screenshot attacks on Android devices. In: 2016 22nd International Conference on Automation and Computing, ICAC 2016: Tackling the New Challenges in Automation and Computing (2016)
Gartner Says 6.4 Billion Connected “Things” Will Be in Use in 2016, Up 30 Percent From 2015. https://www.gartner.com/en/newsroom/press-releases/2017-02-07-gartner-says-8-billion-connected-things-will-be-in-use-in-2017-up-31-percent-from-2016
Afshar, V.: Cisco: Enterprises Are Leading the Internet of Things Innovation. https://www.huffingtonpost.com/entry/cisco-enterprises-are-leading-the-internet-of-things_us_59a41fcee4b0a62d0987b0c6
OWASP Internet of Things Project – OWASP. https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project
Panarello, A., Tapas, N., Merlino, G., Longo, F., Puliafito, A.: Blockchain and IoT integration: a systematic survey (2018)
IBM: IoT for Blockchain - IBM Watson IoT. https://www.ibm.com/internet-of-things/trending/blockchain
Noor, M.B.M., Hassan, W.H.: Current research on Internet of Things (IoT) security: a survey. Comput. Netw. (2018). https://doi.org/10.1016/j.comnet.2018.11.025
Trnka, M., Cerny, T., Stickney, N.: Survey of authentication and authorization for the internet of things. Secur. Commun. Netw. 2018 (2018). https://doi.org/10.1155/2018/4351603
Jesus, E.F., Chicarino, V.R.L., De Albuquerque, C.V.N., Rocha, A.A.D.A.: A survey of how to use blockchain to secure internet of things and the stalker attack. Secur. Commun. Netw. 2018 (2018). https://doi.org/10.1155/2018/9675050
Hilton, S.: Dyn Analysis Summary of Friday October 21 Attack—Dyn Blog (2016). https://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-attack/
Ferrante, A.J.: Battening down for the rising tide of IoT risks. ISSA J. 15, 20–24 (2017)
CISCO: Cisco’s Talos Intelligence Group Blog: New VPNFilter malware targets at least 500K networking devices worldwide. https://blog.talosintelligence.com/2018/05/VPNFilter.html
Khandelwal, S.: Internet-Connected Teddy Bear Leaks Millions of Voice Messages and Password. https://thehackernews.com/2017/02/iot-teddy-bear.html
New IoT-malware grew three-fold in H1 2018—Kaspersky Lab. https://www.kaspersky.com/about/press-releases/2018_new-iot-malware-grew-three-fold-in-h1-2018
Restuccia, F., D’Oro, S., Melodia, T.: Securing the internet of things in the age of machine learning and software-defined networking. IEEE Internet Things J. 5, 4829–4842 (2018). https://doi.org/10.1109/JIOT.2018.2846040
Electricity Information Sharing and Analysis Center(E-ISAC): Analysis of the Cyber Attack on the Ukrainian Power Grid Table of Contents (2016)
Greenberg, A.: Hackers Remotely Kill a Jeep on the Highway—With Me in It—WIRED. https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
Osborne, C.: Over a dozen vulnerabilities uncovered in BMW vehicles—ZDNet. https://www.zdnet.com/article/over-a-dozen-vulnerabilities-uncovered-in-bmw-vehicles/
Kruse-brandao, J., Garcia, J.L., Edwards, M.: Baseline Security Recommendations for IoT (2017)
Krebs, B.: Study: Attack on KrebsOnSecurity Cost IoT Device Owners $323K—Krebs on Security. https://krebsonsecurity.com/2018/05/study-attack-on-krebsonsecurity-cost-iot-device-owners-323k/
Grange, W.: Hajime worm battles Mirai for control of the Internet of Things. https://www.symantec.com/connect/blogs/hajime-worm-battles-mirai-control-internet-things
Tony, B., Meg, J., Reyes, E.A.: Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S. (2018). https://www.latimes.com/local/lanow/la-me-ln-times-delivery-disruption-20181229-story.html
Bilefsky, D.: Hackers Use New Tactic at Austrian Hotel: Locking the Doors. https://www.nytimes.com/2017/01/30/world/europe/hotel-austria-bitcoin-ransom.html
Goodin, D.: BrickerBot, the permanent denial-of-service botnet, is back with a vengeance—Ars Technica. https://arstechnica.com/information-technology/2017/04/brickerbot-the-permanent-denial-of-service-botnet-is-back-with-a-vengeance/
Bundesnetzagentur - News - Bundesnetzagentur withdraws dummy “Cayla” from circulation (2017). https://www.bundesnetzagentur.de/SharedDocs/Pressemitteilungen/DE/2017/14012017_cayla.html
D’Orazio, C.J., Choo, K.K.R., Yang, L.T.: Data exfiltration from internet of things devices: IOS devices as case studies. IEEE Internet Things J. 4, 524–535 (2017). https://doi.org/10.1109/JIOT.2016.2569094
Ouaddah, A., Mousannif, H., Abou Elkalam, A., Ait Ouahman, A.: Access control in the Internet of Things: big challenges and new opportunities. Comput. Netw. 112, 237–262 (2017). https://doi.org/10.1016/j.comnet.2016.11.007
Sharma, A.: Blockchain for Authentication—Benefits, and Challenges. https://hackernoon.com/blockchain-for-authentication-benefits-and-challenges-94a93f034f40
Gope, P., Hwang, T.: BSN-Care: a secure IoT-based modern healthcare system using body sensor network. IEEE Sens. J. 16, 1368–1376 (2016). https://doi.org/10.1109/JSEN.2015.2502401
Chan, A.: Proactive security strategies to stave off growing cyber-attacks in IoT and credential abuse – CSO—The Resource for Data Security Executives. https://www.cso.com.au/article/648557/proactive-security-strategies-stave-off-growing-cyber-attacks-iot-credential-abuse/
Burgess, M.: Austrian hotel Romantik Seehotel Jaegerwirt was hit by a cyberattack—WIRED UK. https://www.wired.co.uk/article/austria-hotel-ransomware-true-doors-lock-hackers
Farash, M.S., Turkanović, M., Kumari, S., Hölbl, M.: An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment. Ad Hoc Netw. 36, 152–176 (2016). https://doi.org/10.1016/J.ADHOC.2015.05.014
Peris-Lopez, P., González-Manzano, L., Camara, C., de Fuentes, J.M.: Effect of attacker characterization in ECG-based continuous authentication mechanisms for Internet of Things. Future Gener. Comput. Syst. 81, 67–77 (2018). https://doi.org/10.1016/j.future.2017.11.037
Li, F., Hong, J., Omala, A.A.: Efficient certificateless access control for industrial Internet of Things. Future Gener. Comput. Syst. 76, 285–292 (2017). https://doi.org/10.1016/j.future.2016.12.036
Kim, H., Lee, E.A.: Authentication and authorization for the internet of things. IT Prof. 19, 27–33 (2017). https://doi.org/10.1039/b904090k
Ngu, A.H.H., Gutierrez, M., Metsis, V., Nepal, S., Sheng, M.Z.: IoT middleware: a survey on issues and enabling technologies. IEEE Internet Things J. (2016). https://doi.org/10.1109/jiot.2016.2615180
Madsen, P.: Standardized Identity Protocols and the Internet of Things (2015)
Ourad, A.Z., Belgacem, B., Salah, K.: Using blockchain for IOT access control and authentication management. In: Georgakopoulos, D., Zhang, L.-J. (eds.) ICIOT 2018. LNCS, vol. 10972, pp. 150–164. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-94370-1_11
Tao, M., Ota, K., Dong, M., Qian, Z.: AccessAuth: capacity-aware security access authentication in federated-IoT-enabled V2G networks. J. Parallel Distrib. Comput. 118, 107–117 (2018). https://doi.org/10.1016/j.jpdc.2017.09.004
Vijayakumar, P., Chang, V., Jegatha Deborah, L., Balusamy, B., Shynu, P.G.: Computationally efficient privacy preserving anonymous mutual and batch authentication schemes for vehicular ad hoc networks. Future Gener. Comput. Syst. 78, 943–955 (2018). https://doi.org/10.1016/j.future.2016.11.024
Sicari, S., Rizzardi, A., Grieco, L.A., Piro, G., Coen-Porisini, A.: A policy enforcement framework for Internet of Things applications in the smart health. Smart Health 3–4, 39–74 (2017). https://doi.org/10.1016/J.SMHL.2017.06.001
Lee, S.-H., Huang, K.-W., Yang, C.-S.: TBAS: token-based authorization service architecture in Internet of things scenarios. Int. J. Distrib. Sens. Netw. 13 (2017). https://doi.org/10.1177/1550147717718496
Symantec Security Response: Latest Intelligence for September 2017—Symantec Connect Community. https://www.symantec.com/connect/blogs/latest-intelligence-june-2017
Ouaddah, A., Elkalam, A.A., Ouahman, A.A.: Towards a novel privacy-preserving access control model based on blockchain technology in IoT. In: Rocha, Á., Serrhini, M., Felgueiras, C. (eds.) Europe and MENA Cooperation Advances in Information and Communication Technologies. Advances in Intelligent Systems and Computing, vol. 520, pp. 523–533. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-46568-5_53
Ethereum.org: Ethereum Project. https://www.ethereum.org/
Hammi, M.T., Bellot, P., Serhrouchni, A.: BCTrust: a decentralized authentication blockchain-based mechanism. In: IEEE Wireless Communications and Networking Conference WCNC, 1–6 April 2018 (2018). https://doi.org/10.1109/wcnc.2018.8376948
ethdocs: Ethereum Homestead Documentation—Ethereum Homestead 0.1 documentation. http://www.ethdocs.org/en/latest/index.html
Novo, O.: Blockchain meets IoT: an architecture for scalable access management in IoT. IEEE Internet Things J. 5, 1184–1195 (2018). https://doi.org/10.1109/JIOT.2018.2812239
Hammi, M.T., Hammi, B., Bellot, P., Serhrouchni, A., Tahar Hammi, M.: Bubbles of trust: a decentralized blockchain-based authentication system for IoT. Comput. Secur. (2018). https://doi.org/10.1016/j.cose.2018.06.004
Dorri, A., Kanhere, S.S., Jurdak, R., Gauravaram, P.: Blockchain for IoT security and privacy: the case study of a smart home. In: 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 618–623 (2017). https://doi.org/10.1109/percomw.2017.7917634
Di, D., Maesa, F.: Blockchain based access control services. In: IEEE International Symposium on Recent Advances on Blockchain and Its Applications (BlockchainApp), 2018 IEEE International Conference on Blockchain (2018)
Ramachandran, A., Kantarcioglu, D.M.: Using Blockchain and smart contracts for secure data provenance management (2017)
Zhang, Y., Kasahara, S., Shen, Y., Jiang, X., Wan, J.: Smart contract-based access control for the internet of things, 1–11 (2018). https://doi.org/10.1109/jiot.2018.2847705
Singh, K.J., Kapoor, D.S.: Create your own internet of things: a survey of IoT platforms. IEEE Consum. Electron. Mag. 6, 57–68 (2017). https://doi.org/10.1109/MCE.2016.2640718
Christidis, K., Devetsikiotis, M.: Blockchains and smart contracts for the internet of things. IEEE Access 4, 2292–2303 (2016). https://doi.org/10.1109/ACCESS.2016.2566339
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Muzammal, S.M., Murugesan, R.K. (2020). A Study on Secured Authentication and Authorization in Internet of Things: Potential of Blockchain Technology. In: Anbar, M., Abdullah, N., Manickam, S. (eds) Advances in Cyber Security. ACeS 2019. Communications in Computer and Information Science, vol 1132. Springer, Singapore. https://doi.org/10.1007/978-981-15-2693-0_2
Download citation
DOI: https://doi.org/10.1007/978-981-15-2693-0_2
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-2692-3
Online ISBN: 978-981-15-2693-0
eBook Packages: Computer ScienceComputer Science (R0)