PresentationPDF Available

Mutual Authentication with Multi-factor and Hybrid Approach to Intrusion Detection in IoT-Fog-Cloud Environment

Authors:

Abstract

Authentication of restricted memory devices presents significant problems since memory consumption is high in mutual authentication using cryptographic protocols in IoT environments. The development of a multi-factor mutual authentication method that can be used in fog and cloud computing remains a challenge, according to previous studies. The present work aims to improve a method of mutual authentication with multi-factor using an adjustable variable response time, challenge-response function, and nonce. So, with these factors, the same method can be regulated for both the Fog and Cloud Computing contexts. In the Internet of Things (IoT) systems, information of various kinds is continuously captured, processed, and transmitted by systems generally interconnected by the Internet and distributed solutions. Attacks to capture information and overload services are common. This fact makes security techniques indispensable in IoT environments. Intrusion detection is one of the vital security points, aimed at identifying attempted attacks. We present an intrusion detection architecture that operates in the fog computing layer. It has two steps and aims to classify events into specific types of attacks or non-attacks, for the execution of countermeasures. Our work presents a relevant contribution to the state of the art in this aspect. We propose a hybrid binary classification method called DNN-kNN. The approach is based on Deep Neural Networks (DNN) and the k-Nearest Neighbor (kNN) algorithm.
Mutual Authentication with Multi-
factor and Hybrid Approach to Intrusion
Detection in IoT-Fog-Cloud
Environment
Leandro Loffi
Cristiano Antonio de Souza
Carlos Becker Westphall
Carla Merkle Westphall
Renato Bobsin Machado
Federal University of Santa Catarina
Western Paraná State University
1
INFONOR 2021 - XII International Conference on Computing and Informatics of Northern Chile.
From September 1st to 3rd. Arica, Chile.
Summary -Mutual Authentication with Multi-factor
Contextualization
Problem
Related Works
Objectives
Solution
Scope
Evaluation
Result
Analyze
Conclusions
2
Contextualization -Mutual Authentication with Multi-factor
The IoT paradigm aims at the interconnection of physical
and logical objects, resulting in information to some
service (HALLER, KARNOUSKOS, SCHROTH, 2008).
The main characteristic of an IoT network are devices
that characterize a network of sensors and actuators
(XIA et al., 2012)
Source: www.freepik.com/index.php?goto=74&idfoto=1215808
3
Contextualization -Mutual Authentication with Multi-factor
Fog Computing is a layered model to enable ubiquitous access to scalable computing shared
resources (IORGA et al., 2018).
4
Source: nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.500-
325.pdf
Contextualization -Mutual Authentication with Multi-factor
Mutual Authentication refers in two parts authenticating each other at the same time
(OTWAY, REES, 1987).
5
Problem -Mutual Authentication with Multi-factor
As the first line of defense in an IoT network, the authentication addresses the problem of checking an identity
(SCHNEIER, 1995). 6
Problem -Mutual Authentication with Multi-factor
Devices located at the edge of IoT networks
usually have low processing power and are
bounded by energy restrictions.
Thus, these devices have limited resources
to implement security measures.
If we consider the authentication as the
starting communication point between two
parts, using simple ID exchange, and/or
authentication methods without initial
parts verification, it is not considered
sufficient to guarantee the security.
7
Related Works -Mutual Authentication with Multi-factor
The previous work was subdivided into the following aspects:
Simple: Single or one-way authentication;
Mutual: Mutual or two-way authentication;
IoT:Protocol applied in environments with memory constraint, considering the Fog
Computing contexts;
Factors:Protocol that considers several factors for authentication (Not for IoT).
8
Related Works -Mutual Authentication with Multi-factor
Works
Simple
Mutual
IoT
Factors
1
º
(AMIN
et al., 2018) x - x -
2
º
(GOPE
et al., 2017) - x x -
3
º
(IBRAHIM,
2016) - x x -
4
º
(JAN
et al., 2017) - x x -
5
º
(KUMAR,
GANDHI, 2017) x - x -
6
º
(LI,
LIU, NEPAL, 2017) - x x -
7
º
(PIRAMUTHU,
DOSS, 2017) x - - x
8
º
(TEWARI,
GUPTA, 2017) - x x -
9
º
(WU
et al., 2018) - x x -
This
work - x x x
9
However, in general, these methods do not address in a combined way the
mutual authentication with simultaneous analysis of identification factors.
Objectives -Mutual Authentication with Multi-factor
The purpose of this work is to present an authentication model that will
authenticate the parties in an Internet of Things environment applied in the context
of Fog Computing.
Specific objectives:
1. Develop strategies of identification factors of the parties;
2. To p ropo se a met hod of mutual authentication with the developed factors;
3. Implement the proposed method in an Internet of Things environment in the
context of Fog Computing; and
4. Evaluate the mutual authentication model in the IoT environment that is
memory restricted in the involved parties.
10
Solution -Mutual Authentication with Multi-factor
11
Solution -Mutual Authentication with Multi-factor
Red: Identification of Parties;
Green: Asymmetric Key Exchange;
Yellow : Symmetric Key Agreement;
Blue: Encrypted Data. 12
Mutual Authentication Method
Solution -Mutual Authentication with Multi-factor
Identification of Parties
n = HASH(time | IDdest | IDorig | seq).
13
Solution -Mutual Authentication with Multi-factor
Asymmetric Key Exchange
14
Solution -Mutual Authentication with Multi-factor
Symmetric Key Agreement
15
Solution -Mutual Authentication with Multi-factor
Encrypted Data
16
Scope -Mutual Authentication with Multi-factor
17
Covers encryption methods:
AES (Advanced Encryption Standard);
RSA (R. Rivest, A. Shamir and L. Adleman);
SHA256; and
Diffie-Hellman.
Architecture and platform:
Raspberry Pi 3 of model B;
FOG: notebook i7 of 8 core with Ubuntu
18.04 LTS and with 8 GB of RAM
CLOUD: Google Cloud Compute Engin
with 1 core (Skylake CPU) with Ubuntu
18.04 LTS and with 8 GB of RAM Architecture evaluation
Evaluation -Mutual Authentication with Multi-factor
18
The “Network” tab is related to the
network time between the peers.
Total Send” is the total time of
sending to the receiver.
“Verification” is the total time for
checking the authentication factors.
“Signature” is the time for signing
the parameters.
“Nonce” is the time for creating a
new nonce.
“Encryption” is the time for the
encryption of the data to be
trafficked.
“Mount Pack” is the total time to
mount each shipping package, this is
related only to the first step
presented in the ”Step” tab.
Evaluation -Mutual Authentication with Multi-factor
19
Processing time of each step
The time for each step of the authentication
processing is displayed. The lower numbers are
each step shown in the Mutual Authentication
Method.
Evaluation -Mutual Authentication with Multi-factor
20
View of disk and network consumption
Evaluation -Mutual Authentication with Multi-factor
21
Evaluation with CL-AtSe and OFMC
We simulate the proposed scheme using formal security verification through the broadly accepted AVISPA
tool (ARMANDO et al., 2006).
The AVISPA (Automated Validation of Internet Security-sensitive Protocols and Applications) tool only
detects if a security protocol is secure against the replay and man-in-the-middle attacks.
Result -Mutual Authentication with Multi-factor
22
Example of Factor Authentication
Analyze -Mutual Authentication with Multi-factor
23
Performance Evaluation:
In Table III and IV:
Clearly, it can be seen in Table III and IV that the network time depends very much on the
location.
In the context of Cloud Computing a variation of more than 1 millisecond occurred in
some steps to the previous ones.
Justifying that different routes may occur between the client and the server.
In Graph 1 -Processing time of each step:
You can see that the longest time belongs to the client because it has lower processor
power.
Another point that can be analyzed, is that the Cloud was high in processing than the Fog
environment, because it is place with high processing power.
Conclusion -Mutual Authentication with Multi-factor
24
Conclusion -Mutual Authentication with Multi-factor
A new mutual authentication model was introduced in IoT environments for the Fog Computing contexts.
Authentication is performed during the handshake, more specifically during the verification of the Authentication
Factors: Challenge-Response Function, Response Time and Nonce.
The work presented some limitations. In terms of suitable algorithms, it does not present high performance in
data encryption with the AES algorithm library.
The combination of mutual authentication and different factors in an IoT environment is a contribution of this
paper. Related works summarized in Table I do not combine mutual authentication and different factors in their
proposals. They do not describe any performance results. Consequently, it is not possible to compare
performance findings obtained in this paper with any other related work.
It is proposed to improve the model with the use of several types of ciphers, using handshake suites, similar to
that used in TLS (Transport Layer Security) / SSL (Secure Sockets Layer).
25
title = {Mutual authentication with multi-factor in IoT-Fog-Cloud environment},
journal = {Journal of Network and Computer Applications},
volume = {176},
pages = {102932},
year = {2021},
issn = {1084-8045},
doi = {https://doi.org/10.1016/j.jnca.2020.102932},
url = {https://www.sciencedirect.com/science/article/pii/S108480452030391X},
author = {Leandro Loffi and Carla Merkle Westphall and Lukas Derner Grüdtner and
Carlos Becker Westphall},
Reference -Mutual Authentication with Multi-factor
26
Summary -Hybrid Approach to Intrusion Detection
27
Contextualization
Problem
Related Works
Objectives
Solution
Evaluation
Conclusions
Tec h n ological expansion;
Increased computational incidents:
Attack against provider Dyn 2016 (Botnet Mirai) (Kolias et al., 2017);
Internet of Things (IoT) (ATZORI, IERA, MORABITO, 2010);
Security has great importance in IoT (Roman, Lopez, Mambo, 2018).
Contextualization -Hybrid Approach to Intrusion
Detection
28
Contextualization -Hybrid Approach to Intrusion
Detection
29
Intrusion;
Intrusion Detection System (IDS);
Intrusion Detection and Prevention System (IDPS);
Types of detection methods (Mitchell and Chen, 2014):
Signature;
Anomaly;
Specification.
Problem -Hybrid Approach to Intrusion Detection
30
Vulnerabilities in fog and IoT:
Heterogeneous environment;
Resource restrictions;
High number of devices;
Some threats present in the fog and IoT environment:
Threats during manufacturing, installation, maintenance;
Denial of Service (DoS) and Distributed DoS (DDoS);
Man-In-The-Middle (MITM);
Routing attacks;
Conventional attacks.
Need to detect attack and execute countermeasures;
Need to detect the type of attack;
Execution of countermeasures;
Alert for network manager.
Related Works -Hybrid Approach to Intrusion Detection
31
Works
Multiclass
2Step
Method
Observations
Prabavathy
et al. (2018)x - OS-ELM Low accuracy for some types of attacks
Diro
et al. (2018) x - DNN Low accuracy for some types of attacks
Li et al. (2018)
- - KNN Computational cost can be high
Pajouh
et al. (2019) x - KNN Computational cost can be high
Xu
, Qian and Hu (2019) x - SVM It only addresses DoS and probing
Priyadarshini
and Barik (2019) - - LSTM Focused only on DDoS
Almiani
et al. (2020) x - RNN Average accuracy for some types of attacks
Zhong
et al. (2020) - - LSTM Not designed for fog computing
Atefi
et al. (2020)- - DNN Few experiments performed for evaluation
This
work x x DNN-KNN KNN computational cost reduction
Related Works -Hybrid Approach to Intrusion Detection
32
Some works focus on binary detection:
It is not possible to identify the type of attack;
Existing multi-class approaches:
Lower accuracy than binary methods;
Low accuracy for some types of attacks;
Robust methods in fog can consume a lot of resources;
Analysis in the cloud has the problem of latency.
Objectives - Hybrid Approach to Intrusion Detection
33
Propose ahybrid and hierarchical approach based on fog and cloud computing for
intrusion detection and prevention in IoT environments.The approach focuses on
detecting the specific category of attack as well as implementing the appropriate
countermeasures to mitigate it.
Propose an intrusion detection approach based on binary and multiclass
detection;
Propose binary method for the first detection step;
Propose multiclass method for the identification step;
Generate and implement amapping between IoT attacks and appropriate
mitigation countermeasures.
Solution -Hybrid Approach to Intrusion Detection
34
Solution -Hybrid Approach to Intrusion Detection
35
Approach to attack type detection and threat mitigation;
Consisting of 3 steps;
Combines binary detection and multiclass detection to identify the type of
attack:
Detection (binary detection);
Identification (multiclass detection).
Solution -Hybrid Approach to Intrusion Detection
36
Hierarchical architecture:
Fog;
Cloud;
Multiclass classifier can be a more
robust method.
Solution -Hybrid Approach to Intrusion Detection
37
DNN-kNN method:
Hybrid approach with Deep Neural Network (DNN) and k-Nearest Neighbor (kNN).
Solution -Hybrid Approach to Intrusion Detection
38
Artificial Neural Networks (ANN):
Biological inspiration;
Artificial neuron;
Deep Neural Networks (DNN);
Training;
Good accuracy;
May suffer from instabilities.
Solution -Hybrid Approach to Intrusion Detection
39
DNN
Multilayer Perceptron Feed-foward;
Two hidden layers;
Hyperbolic tangent;
Output layer:
Two neurons;
Softmax.
Solution -Hybrid Approach to Intrusion Detection
40
k-Nearest Neighbors (kNN):
Instance-based learning;
Classification based on similarity of instances;
Majority class among the k nearest neighbors;
Does not generate model;
Usually has small error rate;
Higher computational cost.
It was considered k = 1:
Classification according to nearest neighbor;
Euclidean Distance:
Base of examples structured in K-D Tree:
K-Dimensional Tree.
Solution -Hybrid Approach to Intrusion Detection
41
Solution -Hybrid Approach to Intrusion Detection
42
Training process:
Evaluation -Hybrid Approach to Intrusion Detection
43
Experiments to assess the feasibility of applying the method in a real
environment:
NSL-KDD and CICIDS2017 database;
Cross-validation 10 folds;
The results of the experiment can be organized as follows:
False Negative (FN);
False Positive (FP);
True Negatives (TN);
True Positive (TP).
Evaluation -Hybrid Approach to Intrusion Detection
44
Performance Metrics:
Accuracy:the proportion of instances correctly classified
in relation to the total of instances;
Error: the proportion of incorrectly classified instances in
relation to the total of instances;
Precision:proportion of instances correctly detected as
intrusive among all detected as intrusive;
Recall:number of instances correctly classified as
intrusive among all intrusive instances;
True Negative Rate (TNR):number of instances correctly
classified as benign, among all benign instances;
F-score:is the harmonic mean of accuracy and recall,
where it reaches its best value at 1and worst at 0;
Matthews Correlation Coefficient (MCC):is used as a
measure of the quality of binary classifications.Where -1
indicates acompletely wrong binary classifier, while 1
indicates acompletely correct binary classifier.
Evaluation -Hybrid Approach to Intrusion Detection
45
Comparison of the results of different learning methods in experiments
with the NSL-KDD database:
Deep Neural Network (DNN), k-Nearest Neighbor (kNN), Support Vector Machine (SVM), Decision Tree (DT) e Random Forest (RF).
Evaluation -Hybrid Approach to Intrusion Detection
46
Comparison with different machine learning methods:
Evaluation -Hybrid Approach to Intrusion Detection
47
DNN-kNN and kNN performed very well on the previous metrics;
Computational cost of kNN is high;
Processing time analysis to classify 12597 examples from the NSL-KDD
base:
Evaluation -Hybrid Approach to Intrusion Detection
48
Comparison of results from different related works in experiments with the
NSL-KDD database.
Evaluation -Hybrid Approach to Intrusion Detection
49
Performance comparison of different recents approaches with the
CICIDS2017 Friday Afternoon DDoS dataset:
Evaluation -Hybrid Approach to Intrusion Detection
50
Performance comparison of different recent approaches with the
CICIDS2017 Wednesday DoS dataset:
Conclusions - Hybrid Approach to Intrusion Detection
51
We present the two-step approach for detecting and identifying intrusions
in IoT and Fog computing;
We propose the DNN-kNN, a hybrid binary classification method with high
accuracy and detection rates to compose the first level of the approach;
DNN-kNN obtained promising results in relation to classic machine learning
methods and in relation to state-of-the-art works in the evaluation with the
NSL-KDD and CICIDS2017 databases;
As future works, we highlight the design of the method to compose the
second level and also the design of the countermeasure approach.
title = {Hybrid approach to intrusion detection in fog-based IoT environments},
journal = {Computer Networks},
volume = {180},
pages = {107417},
year = {2020},
issn = {1389-1286},
doi = {https://doi.org/10.1016/j.comnet.2020.107417},
url = {https://www.sciencedirect.com/science/article/pii/S1389128619315439},
author = {Cristiano Antonio {de Souza} and Carlos Becker Westphall and Renato
Bobsin Machado and João Bosco Mangueira Sobral and Gustavo dos Santos Vieira},
Reference -Hybrid Approach to Intrusion Detection
52
Thank you very much!
leandro.loffi@posgrad.ufsc.br
cristiano.souza.c@posgrad.ufsc.br
carlos.westphall@ufsc.br
carla.merkle.westphall@ufsc.br
renato.machado@unioeste.br
53
ResearchGate has not been able to resolve any citations for this publication.
ResearchGate has not been able to resolve any references for this publication.