ChapterPDF Available

Two phase authentication and VPN-based secured communication for IoT home networks

Authors:

Abstract and Figures

With the advancement of technology (i.e., devices), which are considered non-traditional in terms of internet capabilities, are now being embedded in microprocessors to communicate and these devices are known as IoT devices. This technology has enabled household devices to have the ability to communicate with the internet and a network comprising of such device can create a home IoT network. Such IoT devices are resource constrained and lack high-level security protocols. Thus, security becomes a major issue for such network systems. One way to secure the networks is through reliable authentication protocols and data transfer mechanism. As the household devices are controllable by the users remotely, they are accessed over the internet. Therefore, there should also be a method to make the communication over the internet between IoT devices and the users more secured. This paper proposes a two phase authentication protocol for authentication purposes and a VPN based secure channel creation for the communication of the devices in the network. Furthermore, the paper discusses the elliptic curve cryptography as a viable alternative to RSA for a more efficient Key exchange mechanism for low-powered IoT devices in the network.
Content may be subject to copyright.
Safely, Security and Reliability of robotic Systems: Algorithms, Applications and Technologies
Chapter 8 : Two Phase Authentication and VPN Based Secured Communication for IoT
Home Networks
Md Masuduzzaman
Ashik Mahmud
Anik Islam
Md Mofijul Islam
Abstract
With the advancement of technology (i.e., devices), which are considered non-traditional in terms
of internet capabilities, are now being embedded in microprocessors to communicate and these
devices are known as IoT devices. This technology has enabled household devices to have the
ability to communicate with the internet and a network comprising of such device can create a
home IoT network. Such IoT devices are resource constrained and lack high-level security
protocols. Thus, security becomes a major issue for such network systems. One way to secure the
networks is through reliable authentication protocols and data transfer mechanism. As the
household devices are controllable by the users remotely, they are accessed over the internet.
Therefore, there should also be a method to make the communication over the internet between
IoT devices and the users more secured. This paper proposes a two phase authentication protocol
for authentication purposes and a VPN based secure channel creation for the communication of
the devices in the network. Furthermore, the paper discusses the elliptic curve cryptography as a
viable alternative to RSA for a more efficient Key exchange mechanism for low-powered IoT
devices in the network.
Keywords: Authentication, Elliptic Curve Cryptography, Internet of Things, Security,
Vitual Private Network (VPN).
1. Introduction
1.1 Background
The Internet of Things (IoT) is a system of interconnected devices, sensors and actuators
etc. which work together in a network to reach a common goal [1]. Such technology can be
implemented in various ways to make our daily lives easier by placing internet capabilities in
devices which are not regularly used as network devices. In recent years, the application of
microprocessor-based controllers in devices ranging from toasters to airliners is being added to
connect them to the internet [2-4]. With such advancements in IoT technology, it is showing
potential to be deployed as consumer products for home usage [4]. Providing internet capabilities
to home devices, such as air conditioners, lights, fans, refrigerators etc., enables them to be
controlled remotely. Such type of application can be called home IoT networks. As the devices
Safely, Security and Reliability of robotic Systems: Algorithms, Applications and Technologies
connected to a home network and these devices can be controlled remotely which make these
devices vulnerable to malicious attacks [3-5] and secure data transferring is also needed [2]. So
there need to add methods of authentication and security between the user and the devices in the
network in order to prevent attacks [6-8]. Secure authentication of devices in a network includes a
key exchange mechanism and handshake between the devices [7-9]. This can be done through
centralized network system in which a central node is responsible for the security mechanisms or
through distributed networks where each node shares private keys and after successful handshake
communication is established [7-9].
1.2 Authentication Protocols
Authenticating devices in a home network is a key process in securing the user interaction
with IoT. If the network lacks security the end devices are vulnerable to attack and the purpose of
implementing IoT is diminished [10]. There are several authentication mechanisms for IoT
applications. Such as password based remote user authentication using one-way hash functions and
ticket based authentication [11]. Existing methods of authentication of devices include registering
devices in a cloud platform running with the home network and initiating a handshake and key
exchange [11, 12]. Such systems also include a current method of key exchange which is the RSA
key exchange mechanism [7]. As most of the IoT devices are resource constrained, DTLS protocol
is often used for handshaking [13].
2. Related Works
2.1 Wi-Fi Network Based Security
The system contains a home gateway, the user or mobile device and several IoT devices
connected through a Wi-Fi network, as shown in Figure 8.1.
Users can access the IoT devices from the home gateway and the gateway performs
authentication and monitoring functions between the devices in the system [4]. The
authentication protocol used in this system involves the use of public key cryptography [7]
with pre-shared keys between the gateway and a new device which utilizes Elliptic Curve
Cryptography (ECC) to reduce key size [4], as shown in Figure 8.2. This model lacks a
proper mechanism for the handshaking protocol for constrained devices. Although ECC
was used to reduce key size shared for authentication, the whole application lacks security
measures if a malicious attacker is able to infiltrate the system.
2.2 PAuthKey Protocol
Figure 8.1. System Step for Wi-Fi based security.
Figure 8.2. Simple handshake protocol using ECC.
Safely, Security and Reliability of robotic Systems: Algorithms, Applications and Technologies
The system authenticates its devices in a two-phase authentication protocol [7, 9, 11], as
shown in Figure 8.3. The network consists of several nodes in a cluster that communicates with the
user over the IoT cloud through a gateway. A Certificate Authority (CA) is connected to the network
and is responsible for authenticating the devices using handshake and key exchange. The first phase
of the authentication is done manually by registering the devices in the certificate authority [9-11].
The second phase is done through initiating handshake using DTLS handshaking protocol and
exchanging keys using ECC [7, 8, 13]. Since the user communicates with the IoT devices over the
IoT cloud or internet, in these areas, the data packets remain vulnerable to attackers. Even though
they are encrypted, there still lie possibilities of the packets being sniffed and decrypted.
2.3 Two-way Authentication Security Scheme on Existing DTLS Protocol
This system comprises of a network containing a certificate authority which is responsible
for authorizing the devices and an access control server for exchanging key, as shown in Figure
8.4. The devices communicate with each other over the internet and the IoT devices
communicate with the user and the server through a gateway [15]. The key aspect of this system
is the use of DTLS handshake for mutual authentication of the devices, i.e. a two-way
authentication [13-16], as shown in Figure 8.5. During the handshake, keys are exchanged using
RSA cryptography [15].
This model also briefly talks about using VPN as a mechanism to secure payload over the
internet for their proposed model [10, 15, 17]. As this model uses the RSA key exchange
mechanism, there exist the probability of large network overheads occurring due to large key size.
This can be modified by using a key exchanging mechanism which generates a lower key size for
the same security bit for RSA.
3. Network Model and Assumption
Our proposed network model follows the existing network model used in the PAuthKey
system for the authentication process [11]. Since the devices in their network are
communicating over the internet or IoT cloud [11, 18], we modified the network using VPN
for secure communication. Here, the model is made such that the wireless sensor networks
(WSN) clusters with gateways (GW) can be an individual house or a room so that the system
is scalable to larger implementations. The certificate authority used in PAuthKey system
[11] has been replaced by a VPN server which is responsible for registering the devices as
well as authenticating the devices using DTLS handshake [11, 15] and public key
cryptography for key exchange mechanism [7]. The VPN server also establishes VPN
endpoint to gateway tunnels [19, 20] for securing data packets sent by any devices in the
system. The VPN server is responsible for creating VPN tunnels for data communication
Figure 8.3. PAuthKey Network Model.
Figure 8.4. DTLS based Security and Two-way Authentication Network Model.
Figure 8.5. DTLS Handshake Mechanism for Two-way Authentication.
Safely, Security and Reliability of robotic Systems: Algorithms, Applications and Technologies
between the user and the device or the gateways and the server. The VPN server is
responsible for creating VPN tunnels for data communication between the user and the
device or the gateways and the server.
4. Proposed Solution
4.1 MAC Address Based User Registration
Similar to the aforementioned systems, our system also uses a registration phase for the
devices in the network [4, 8, 15], as shown in Figure 8.6.
In our system, the VPN server contains a database that keeps a record of valid users which
includes their usernames, password and MAC address, as shown in Table 1. This record is
kept as a fail-safe such that if an authorized user does manage to gain access to the system,
the server can deny them access as their MAC address does not match with any registered
addresses.
Table 1. MAC Address Based User Registration.
User Info
MAC
User1
30-65-EC-6F-C4-58
User2
00-1B-63-84-45-E6
User3
00-1B-44-11-3A-B7
4.2 Authentication Protocol
Use of ECC is now being adopted as an alternate public key exchange mechanism for IoT
based networks [4, 21]. In PAuthKey [11] and Wi-Fi based system [4], the usage of ECC
was also adopted along with DTLS handshake. On the other hand, the DTLS two-way
authentication protocol used RSA as their method for key exchange. In our proposed method,
we use ECC along with DTLS handshake for authentication purposes. The reason ECC is
used in lieu of RSA is that ECC is more suitable for resource-constrained devices. ECC
keys are generated through computation on an elliptical curve whose basic equation is
y2 = x2 + ax + b (1)
The trapdoor function of ECC is similar to RSA with complex mathematical computation
[14], this is due to elliptic curves having horizontal symmetry and any non-vertical line
will intersect the curve in 3 places at most. Moreover, the endpoint of the non-vertical
intersection can be reflected to form another nonvertical intersection resulting in the scope
of more key generation [21, 22]. The major advantages that ECC has over RSA are:
Figure 8.6. Proposed Network Model.
Safely, Security and Reliability of robotic Systems: Algorithms, Applications and Technologies
- ECC relies on difficult discrete logarithm functions which make it more difficult to
decrypt by malicious attackers [22].
- ECC generates keys with shorter size compared to RSA for the same security bits [21,
22].
-For the same bit size, ECC generates more number of keys than RSA [22], which is
provided in Table 2.
Table 2. Comparable key sizes between RSA and ECC
Security Bits
ECC
RSA
80
260
1024
112
224
2048
128
256
3072
192
384
7680
256
521
15350
4.3 Data Transfer Security Using VPN
In our network model and the network models discussed in our related works, users
communicate with IoT devices through the internet or IoT cloud [4, 11, 15]. This may leave
the data packets being sent vulnerable to eavesdropping or sniffing attacks. To solve this
problem, our model introduces VPN to the network. A VPN endpoint to gateway tunnel [20]
which is created from the server to the gateways, from user to server and from user to
gateway by the VPN server as shown in Figure 8.4. This enables the devices to communicate
using private IP’s over a secured channel. Furthermore, such type of secured communication
ensures that CIA (Confidentiality, Integrity, and Authenticity) is maintained in the system.
5. Conclusion and Future Work
5.1 Scope of Future Work
This solution focuses on secure data communication and authentication protocols for home
IoT networks. The proposed network model mainly focuses on home networks including
control over multiple homes for one user based on cluster topology. This network is scalable
to larger network areas such as industries and hospitals and even smart cities. Furthermore,
the scope of improving VPN based communication over the internet is vast as this solution
focus on conceptual based discussion rather than practical implementation.
5.2 Conclusion
In this solution, the problem that was focused on the authentication mechanism of devices
in a home IoT network and secured communication of devices over the internet. Efficient
authenticating mechanism based on ECC and DTLS handshake was introduced and VPN
based tunneling was proposed to secure data communication. Moreover, MAC address-
Safely, Security and Reliability of robotic Systems: Algorithms, Applications and Technologies
based fail-safe solution was also proposed such that in an unlikely event an unauthorized
user gains access to the system, they can be dealt with.
6. References
1. Parvaneh Asghari, Amir Masoud Rahmani, Hamid Haj Seyyed Javadi, "Internet
of Things applications: A systematic review" Computer Networks (2019),
Volume 148, 2019, Pages 241-261, ISSN 1389-1286.
2. Anik Islam, Soo Young Shin,"A blockchain-based secure healthcare scheme with
the assistance of unmanned aerial vehicle in Internet of Things", Computers &
Electrical Engineering, Volume 84, 2020, 106627, ISSN 0045-7906,
https://doi.org/10.1016/j.compeleceng.2020.10662
3. Huichen Lin, Neil W. Bergmann "IoT Privacy and Security Challenges for Smart
Home Environments", University of Queensland, Australia, 2016.
4. Freddy K Santoso, and Nicholas C H Vun, "Securing IoT for Smart Home
System" 2015 IEEE International Symposium on Consumer Electronics (ISCE).
5. Shivaji Kulkarni, Shrihari Durg, Nalini Iyer, "Internet of Things (IoT) Security"
International Conference on Computing for Sustainable Global Development
(INDIACom), 2016.
6. Kim Thuat Nguyen, Maryline Laurent, Nouha Oualha, "Survey on secure
communication protocols for the internet of Things" Ad Hoc Networks, 2015.
7. SRINIVASAN NAGARAJ, Dr.G.S.V.P.RAJU, V.SRINADTH. Data Encryption
and Authetication Using Public Key Approach. International Conference on
Intelligent Computing, Communication \& Convergence., 2015.
8. A. Islam and S. Y. Shin, "BUS A Blockchain-Enabled Data Acquisition Scheme
With the Assistance of UAV Swarm in Internet of Things", in IEEE Access, vol.
7, pp. 103231-103249, 2019.
9. Pawani Porambage, Corinna Schmitt, Pardeep Kumar, Andrei Gurtov, Mika
Ylianttila. Two-phase Authentication Protocol for Wireless Sensor Networks in
Distributed IoT Applications. IEEE WCNC'14 Track 3 (Mobile and Wireless
Networks), 2014.
10. Zhi-Kai Zhang, Michael Cheng Yi Cho, Shiuhpyng Shieh. Emerging Security
Threats and Countermeasures in IoT. National Chiao Tung University Hsinchu,
Taiwan.
11. M. Young, The Technical Writer's Handbook. Mill Valley, CA: University
Science, 1989.
12. A. Islam and S. Y. Shin, BUAV A blockchain based secure UAV-assisted data
acquisition scheme in Internet of Things, in Journal of Communications and
Networks, vol. 21, no. 5, pp. 491-502, Oct. 2019.
13. Gl ederson Lessa dos Santos, Vinıcius Tavares Guimaraes, Guilherme da Cunha
Rodrigues, Lisandro Zambenedetti Granville, Liane Margarida Rockenbach
Tarouco. A DTLS-based Security Architecture for the Internet. 20th IEEE
Symposium on Computers and Communication (ISCC), 2015.
14. Corinna Schmitt,. Thomas Kothmayr, Wen Hu, Burkhard Stiller. Two-way
Authentication for the Internet-of-Things. Ministry of Education and Research:
the SODA Project under Grant Agreement No. 01IS09040A.and the AutHoNe
Project under Grant Agreement No. 01BN070[25], 2012.
Safely, Security and Reliability of robotic Systems: Algorithms, Applications and Technologies
15. Thomas Kothmayr,Corinna Schmitt,Wen Hub, Michael Brünig, Georg Carle
"DTLS based security and two-way authentication for the Internet of Things" Ad
Hoc Networks, 2013.
16. Priyan Malarvizhi Kumar, Usha Devi Gandhi. Enhanced DTLS with CoAP-based
authentication scheme for the internet of things in healthcare application. Springer
Science+Business Media, LLC 2017.
17. Rolf H. Weber. Internet of Things New security and privacy challenges.
University of Zurich, Zurich, Switzerland, 2010.
18. Vijay Sivaraman, Hassan Habibi Gharakheili, Arun Vishwanath, Roksana Boreli,
Olivier Mehani. Network-Level Security and Privacy Control for Smart-Home
IoT Devices. Eight International Workshop on Selected Topics in Mobile and
Wireless Computing, 2015.7
19. N.M. Mosharaf Kabir Chowdhury, Raouf Boutaba. A survey of network
virtualization. Computer Networks 54 (2010), 862876.
20. V.C. Gungor, F.C. Lambert. A survey on communication networks for electric
system automation. Computer Networks 50 (2006), 877897.
21. Z. Liu, H. Seo. IoT-NUMS: Evaluating NUMS Elliptic Curve Cryptography for
IoT Platforms. IEEE Transactions on Information Forensics and Security, Volume
14, Issue 3, 720-729, March 2019.
22. Rounak Sinha, Hemant Kumar Srivastava, Sumita Gupta. Performance Based
Comparison Study of RSA and Elliptic Curve Cryptography. International Journal
of Scientific \& Engineering Research, Volume 4, Issue 5, May-2013.
Authors Bio:
Mr. Md Masuduzzaman is currently pursuing his Ph.D in IT convergence engineering at Kumoh
National Institute of Technology, Gumi, South Korea. Previously he has worked as a Lecturer at
American International University-Bangladesh for 4 years [2015-2019]. He is in study leave now
to complete his PhD program. His major research interests include Blockchain, Internet of
Things (IoT), Unmanned Aerial Vehicle (UAV), Edge Computing, Machine Learning,
Cryptography and Network Security. He has several publications on International Journal and
Conferences across the world.
e-mail: masud.prince@kumoh.ac.kr
Affiliation/Address:
Department of IT Convergence Engineering, Kumoh National Institute of Technology (KIT),
Gumi 39177, South Korea
Mr. Ashik Mahmud is currently is pursuing his Masters degree at Hochschule Rhein-Waal University,
Germany. Earlier he has worked as a web developer at Composis Blades Inc. in Bangladesh as software
engineer from 2018 to 2019. His major research interest includes web development, web engineering,
web Security etc. He has several publication on internation conferences.
e-mail: mahmud.devops@gmail.com
Safely, Security and Reliability of robotic Systems: Algorithms, Applications and Technologies
Affiliation/Address:
Department of Computer Science and Engineering, American International University-
Bangladesh, Dhaka, Bangladesh.
Mr. Anik Islam was born in 1992. He received the B.Sc. in software engineering and M.Sc. degrees in
computer science from American International University-Bangladesh (AIUB), Dhaka, Bangladesh, in
2014 and 2017, respectively. He is currently working toward the PhD degree with the WENS Laboratory,
Kumoh National Institute of Technology, Gumi, South Korea. He has more than 5 years of experience of
working in the software development field. He has participated in various software competitions with
good achievements. His major research interests include blockchain, internet of things, unmanned aerial
vehicle, social internet of things, edge computing, and distributed system.
e-mail: anik.islam@kumoh.ac.kr
Affiliation/Address:
Department of IT Convergence Engineering, Kumoh National Institute of Technology (KIT),
Gumi 39177, South Korea
Mr. Md Mofijul Islam is currently pursuing Ph.D. Degree in System and Information Engineering at
University of Virginia. He received the B.S. and M.S. degrees in computer science and engineering from
the Department of Computer Science and Engineering, University of Dhaka, Bangladesh. He was a
Lecturer at the Department of Computer Science and Engineering, University of Dhaka (Sep 2017- Aug
2019). He also was a Lecturer at the Department of Computer Science and Engineering, United
International University (Jan 2015-Sep 2017). He was a Software Engineer with Tiger It Ltd (April 2014-
Jul 2014). He is also involved in programming training, mobile apps, and different software contest
team-building activities. His research interests include Artificial Intelligence, Multimodal Learning, Self-
Supervised Learning, Human-Robot Interaction, and Optimization.
e-mail: mi8uu@virginia.edu
Affiliation/Address:
Department of System and Information Engineering, University of Virginia, 2002 Jefferson park
avenue, Apt 17, Charlottesville, Virginia.
ResearchGate has not been able to resolve any citations for this publication.
Article
Full-text available
This paper presents a blockchain enabled secure data acquisition scheme utilizing an Unmanned Aerial Vehicle (UAV) swarm where data are collected from internet of things (IoT) devices and subsequently, forwarded to the nearest server through the UAV swarm. Before initiating data acquisition, the UAV swarm shares a shared key with IoT devices in order to maintain communications. However, prior to transmitting data, IoT devices encrypt the data and forward it to the UAV swarm. Upon receiving the data, the UAV swarm implements a two-phase validation utilizing the π-hash bloom filter and the digital signature algorithm to validate the sender; in addition, prior to forwarding data to the nearest server, it performs encryption. However, before adding data in blockchain, consent from all validators is required. Finally, the data are stored in blockchain with the approval of validators. A security analysis is performed to demonstrate the feasibility of the proposed scheme. Finally, the effectiveness of the proposed scheme is manifested through implementation and simulation. The security analysis and the performance results show that UAV assist IoT devices both in terms of connectivity and energy consumption, and provides security against the threats mentioned in the paper.
Article
Full-text available
As health data are very sensitive, there is a need to prevent and control the health data with end-to-end security solutions. In general, a number of authentication and authorization schemes are available to prevent and protect the sensitive data, which are collected with the help of wearable Internet of Things (IoT) devices. The transport layer security (TLS) protocol is designed to transfer the data from source to destination in more reliable manner. This protocol enables a user to overcome the no lost or reordered messages. The more challenge with TLS is to tolerate unreliability. In order to overcome this issue, Datagram transport layer security (DTLS) protocol has been designed and used in low-power wireless constrained networks. The DTLS protocol consists of a base protocol, record layer, handshake protocol, ChangeCipherSpec and alert protocol. The complex issue with the DTLS protocol is the possibility of an attacker could send a number of ClientHello messages to a server. This scenario would cause a denial-of-service (DOS) attack against the server. This DoS attack enables new connection between the attacker and server, increasing attacker bandwidth, and allocation of resources for every ClientHello message. In order to overcome this issue, we have proposed a smart gateway-based authentication and authorization method to prevent and protect more sensitive physiological data from an attacker and malicious users. The enhanced smart gateway-based DTLS is demonstrated with the help of Contiki Network Simulator. The packet loss ratio is calculated for the CoAP, host identity protocol, CoAP-DTLS and CoAP-enhanced DTLS to evaluate the performance of the proposed work. Data transmission and handshake time are also calculated to evaluate the efficiency of the enhanced DTLS.
Article
Full-text available
Often the Internet of Things (IoT) is considered as a single problem domain, with proposed solutions intended to be applied across a wide range of applications. However, the privacy and security needs of critical engineering infrastructure or sensitive commercial operations are very different to the needs of a domestic Smart Home environment. Additionally, the financial and human resources available to implement security and privacy vary greatly between application domains. In domestic environments, human issues may be as important as technical issues. After surveying existing solutions for enhancing IoT security, the paper identifies key future requirements for trusted Smart Home systems. A gateway architecture is selected as the most appropriate for resource-constrained devices, and for high system availability. Two key technologies to assist system auto-management are identified. Firstly, support for system auto-configuration will enhance system security. Secondly, the automatic update of system software and firmware is needed to maintain ongoing secure system operation.
Conference Paper
Full-text available
The increasing uptake of smart home appliances, such as lights, smoke-alarms, power switches, baby monitors, and weighing scales, raises privacy and security concerns at unprecedented scale, allowing legitimate and illegitimate entities to snoop and intrude into the family's activities. In this paper we first illustrate these threats using real devices currently available in the market. We then argue that as more such devices emerge, the attack vectors increase, and ensuring privacy/security of the house becomes more challenging. We therefore advocate that device-level protections be augmented with network-level security solutions, that can monitor network activity to detect suspicious behavior. We further propose that software defined networking technology be used to dynamically block/quarantine devices, based on their network activity and on the context within the house such as time-of-day or occupancy-level. We believe our network-centric approach can augment device-centric security for the emerging smart-home.
Article
Internet of things (IoT), mobile edge computing (MEC), and unmanned aerial vehicle (UAV) have attracted significant attention in both industry and academic research. By consolidating these technologies, IoT can be facilitated with improved connectivity, better data transmission, energy saving, and other advantages. However, the communication between these entities is subject to potential cyber threats. In addition, the integrity of the data must be maintained after storing into local storage. Blockchain is a data structure that supports features like pseudonymity, data integrity etc. This paper represents a blockchain based data acquisition process in which information is gathered from IoTs using UAV as a relay and is securely kept in blockchain at MEC server. In the proposed scheme, data are encrypted prior to transfer to MEC server with the assistance of a UAV. Upon receiving the data, MEC server validates the data and the identity of the sender. Successful validation is followed by stocking of the data into blockchain, subsequent to obtaining consent from the validators. Security analysis is conducted in order to show the feasibility of the proposed secure scheme. Finally, the performance of the proposed scheme is analyzed via simulation and implementation.
Article
Internet of Things (IoT) is considered as an ecosystem that contains smart objects equipped with sensors, networking and processing technologies integrating and working together to provide an environment in which smart services are taken to the end users. The IoT is leading numerous benefits into the human life through the environment wherein smart services are provided to utilize every activity anywhere and anytime. All these facilities and services are conveyed through the diverse applications which are performed in the IoT environment. The most important utilities that are achieved by the IoT applications are monitoring and consequently immediate decision making for efficient management. In this paper, we intend to survey in divers IoT application domains to comprehend the different approaches in IoT applications which have been recently presented based on the Systematic Literature Review (SLR) method. The aim of this paper is to categorize analytically and statistically, and analyze the current research techniques on IoT applications approaches published from 2011 to 2018. A technical taxonomy is presented for the IoT applications approaches according to the content of current studies that are selected with SLR process in this study including health care, environmental monitoring, smart city, commercial, industrial and general aspects in IoT applications. IoT applications are compared with each other according to some technical features such as Quality of Service (QoS), proposed case study and evaluation environments. The achievements and disadvantages of each study is discussed as well as presenting some hints for addressing their weaknesses and highlighting the future research challenges and open issues in IoT applications.
Article
In 2015, NIST held a workshop calling for new candidates for the next generation of elliptic curves to replace the almost two-decade old NIST curves. NUMS (Nothing Upon My Sleeves) curves are among the potential candidates presented in the workshop. Here, we present the first implementation of the NUMS256, NUMS379, and NUMS384 curves on two types of embedded devices. The implementations, which exhibit regular, constant-time execution to protect against timing and simple side-channel attacks, set new speed records and advance the state-of-the-art of curve-based(without endomorphism) scalar multiplication on 8-bit AVR and 32-bit ARM11 microcontrollers. For example, our NUMS256 implementation computes a scalar multiplication in~1.4 million cycles on a low-power 32-bit ARM11 microcontroller using mixed C and Assembly language. These results demonstrate the potential of deploying IoT-NUMS on constrained and low-power applications such as protocols for the Internet of Things (IoT). IEEE
Conference Paper
This paper presents an approach to incorporate strong security in deploying Internet of Things (IoT) for smart home system, together with due consideration given to user convenience in operating the system. The IoT smart home system runs on conventional wifi network implemented based on the AllJoyn framework, using an asymmetric Elliptic Curve Cryptography to perform the authentications during system operation. A wifi gateway is used as the center node of the system to perform the system initial configuration. It is then responsible for authenticating the communication between the IoT devices as well as providing a mean for the user to setup, access and control the system through an Android based mobile device running appropriate application program.
Article
IoT (Internet of Things) diversifies the future Internet, and has drawn much attention. As more and more gadgets (i.e. Things) connected to the Internet, the huge amount of data exchanged has reached an unprecedented level. As sensitive and private information exchanged between things, privacy becomes a major concern. Among many important issues, scalability, transparency, and reliability are considered as new challenges that differentiate IoT from the conventional Internet. In this paper, we enumerate the IoT communication scenarios and investigate the threats to the large-scale, unreliable, pervasive computing environment. To cope with these new challenges, the conventional security architecture will be revisited. In particular, various authentication schemes will be evaluated to ensure the confidentiality and integrity of the exchanged data.