Conference PaperPDF Available

An Experimentation on CoAP Multi Factor Authentication Mechanism with Reputation for Internet of Things Constrained Devices and Low Power Wide Area Network

  • January 2023
DOI:10.1109/ICOIN56518.2023.10048959
  • Conference: 2023 International Conference on Information Networking (ICOIN)
Authors:
Wesley R. Bezerra at Instituto Federal de Educação Ciência e Tecnologia Catarinense
Wesley R. Bezerra
Ricardo do Nascimento Boing at Federal University of Santa Catarina
Ricardo do Nascimento Boing
Cristiano Antonio Souza at Federal University of Santa Catarina
Cristiano Antonio Souza
Carlos Becker Westphall at Federal University of Santa Catarina
Carlos Becker Westphall
Download full-text PDF
Read full-text
Download citation

Abstract

The security of constrained devices in Internet ofThings presents itself as a challenge due to the limitation of existing resources. It is important to analyze appropriate security mechanisms for this resource-constrained environment, specifically for authentication. This study presents an experiment that analyzes a proposal for an original Constrained Application Protocol Multi-Factor Authentication with Reputation, in comparison to simple authentication and a reference with no authentication. From this experience it was possible to prove that multi-factor authentication with reputation is also an adequate solution for Low Power Wide Area Network and constrained devices and does not require much more resources than simple authentication. With this work it is possible to evaluate the adoption of Multi Factor Authentication with Reputation on Constrained Devices and to subsidize choices of Internet of Things projects with this type of configuration.
Content uploaded by Carlos Becker Westphall
Author content
All content in this area was uploaded by Carlos Becker Westphall on Feb 24, 2023
Content may be subject to copyright.
IEEE.org IEEE Xplore IEEE SA IEEE Spectrum More Sites SUBSCRIBE
Conferences > 2023 International Conference...
An Experimentation on CoAP Multi Factor Authentication
Mechanism with Reputation for Internet of Things Constrained
Devices and Low Power Wide Area Network
Publisher: IEEE
Cite This
PDF
Wesley Dos Reis Bezerra ; Ricardo Do Nascimento Boing ; Cristiano Antonio de Souza ; Carlos Becker Westphall
All Authors
More Like This
Wireless Wide-Area Networks for
Internet of Things: An Air
Interface Protocol for IoT and a
Simultaneous Access Channel for
Uplink IoT Communication
IEEE Vehicular Technology Magazine
Published: 2014
Low-Power Wide Area Network
Technologies for Internet-of-
Things: A Comparative Review
IEEE Internet of Things Journal
Published: 2019
Show More
IEEE Personal AccountIEEE Personal Account
CHANGE USERNAME/PASSWORD
Purchase DetailsPurchase Details
PAYMENT OPTIONS
VIEW PURCHASED DOCUMENTS
Profile InformationProfile Information
COMMUNICATIONS PREFERENCES
PROFESSION AND EDUCATION
TECHNICAL INTERESTS
Need Help?Need Help?
US & CANADA: +1 800 678 4333
WORLDWIDE: +1 732 981 0060
CONTACT & SUPPORT
FollowFollow

About IEEE Xplore | Contact Us | Help | Accessibility | Terms of Use | Nondiscrimination Policy | IEEE Ethics Reporting | Sitemap | IEEE Privacy Policy
A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2023 IEEE - All rights reserved.
Cart!Create Account
®
©
Abstract
Document Sections
I. Introduction
II. Related Works
III. Multi-Factor
Authentication with
Reputation (MFA_R)
Proposal
IV. Experiment
Description
V. Discussion and
Experiment Results
Show Full Outline
Authors
Figures
References
Keywords
Footnotes
Abstract:
The security of constrained devices in Internet of Things presents itself as a challenge due to the
limitation of existing resources. It is important to analyze appropriate security mechanisms for this
resource-constrained environment, specifically for authentication. This study presents an experiment
that analyzes a proposal for an original Constrained Application Protocol Multi-Factor Authentication
with Reputation, in comparison to simple authentication and a reference with no authentication. From
this experience it was possible to prove that multi-factor authentication with reputation is also an
adequate solution for Low Power Wide Area Network and constrained devices and does not require
much more resources than simple authentication. With this work it is possible to evaluate the adoption
of Multi Factor Authentication with Reputation on Constrained Devices and to subsidize choices of
Internet of Things projects with this type of configuration.
Published in: 2023 International Conference on Information Networking (ICOIN)
Date of Conference: 11-14 January 2023
Date Added to IEEE Xplore: 22 February 2023
ISBN Information:
Print on Demand(PoD) ISSN: 1976-7684
DOI: 10.1109/ICOIN56518.2023.10048959
Publisher: IEEE
Conference Location: Bangkok, Thailand
Authors
Figures
References
Keywords
Footnotes
I. Introduction
Identity management on Internet of Things (IoT) devices is a security challenge to be overcome.
Specifically, the issue of authentication has not been exhaustively addressed in some areas of IoT and
needs to be further investigated in the search for solutions tailored to some limitations [1]–[3]. Device
capacity limitations pose challenges in the use of complex algorithms and cryptography during the
authentication process. Correspondingly, limitations on data transmission are common to some Low
Power Wide Area Network (LPWAN) protocols. Such restrictions create further challenges for a more
robust authentication [4], [5].
Sign in to Continue Reading
Wesley Dos Reis Bezerra
PPGCC —UFSC - Federal University of Santa Catarina, University Campus - Trindade,
Florianópolis, Florianópolis, SC, Brazil
Ricardo Do Nascimento Boing
PPGCC —UFSC - Federal University of Santa Catarina, University Campus - Trindade,
Florianópolis, Florianópolis, SC, Brazil
Cristiano Antonio de Souza
PPGCC —UFSC - Federal University of Santa Catarina, University Campus - Trindade,
Florianópolis, Florianópolis, SC, Brazil
Carlos Becker Westphall
PPGCC —UFSC - Federal University of Santa Catarina, University Campus - Trindade,
Florianópolis, Florianópolis, SC, Brazil
ADVANCED SEARCH
All
Browse My Settings Help Institutional Sign In
Personal Sign In
... This work aims to formally verify a multi-factor authentication mechanism with a Reputation (MFA_R) [14] despite the existence of many security protocol analysis programs, such as ProVerif (https://bplanche.gitlabpages.inria.fr/proverif/-accessed on 1 July 2023) an automatic security protocol verification tool that includes secrecy, strong secrecy, and authentication checks, among others. ...
... As a contribution, the present study formally verifies the MFA_R mechanism. Other studies analyzed computational (processing time), spatial (memory usage), and network (packet analysis) aspects [14], and the security in message protocol [28,29] to be used in this mechanism-leaving such variables outside the scope of this study. This process was done through a detailed workflow of performing formal verification for security requirements on well-documented and replicable software components. ...
... Finally, a more practical study of the MFA_R application is also necessary through scalability issues, deployment options, and simulation using real sensors-going beyond the computational simulation carried out in the previously mentioned articles [14,28,29]. ...
A Formal Verification of a Reputation Multi-Factor Authentication Mechanism for Constrained Devices and Low-Power Wide-Area Network Using Temporal Logic
Article
Full-text available
There are many security challenges in IoT, especially related to the authentication of restricted devices in long-distance and low-throughput networks. Problems such as impersonation, privacy issues, and excessive battery usage are some of the existing problems evaluated through the threat modeling of this work. A formal assessment of security solutions for their compliance in addressing such threats is desirable. Although several works address the verification of security protocols, verifying the security of components and their non-locking has been little explored. This work proposes to analyze the design-time security of the components of a multi-factor authentication mechanism with a reputation regarding security requirements that go beyond encryption or secrecy in data transmission. As a result, it was observed through temporal logic that the mechanism is deadlock-free and meets the requirements established in this work. Although it is not a work aimed at modeling the security mechanism, this document provides the necessary details for a better understanding of the mechanism and, consequently, the process of formal verification of its security properties.
View
... In [32], a concept for an IoT wide-area communication system is presented, which was installed within the operator's licensed macrocellular band and appropriate for low-energy, complexity, and traffic IoT modules. In [33,34], a testing on CoAP Multi Factor Authentication Mechanism with Reputation for IoT Constrained Devices and a novel fair scalable relay control scheme for IoT have been employed. ...
... The amount of energy consumed by the nodes while transmitting and receiving the data packets is defined as energy consumption, which is formulated as Equation (33). ...
... The amount of energy consumed by the nodes while transmi ing and receiving the data packets is defined as energy consumption, which is formulated as Equation (33). ...
Optimized Back Propagation Neural Network Using Quasi-Oppositional Learning-Based African Vulture Optimization Algorithm for Data Fusion in Wireless Sensor Networks
Article
Full-text available
A Wireless Sensor Network (WSN) is a group of autonomous sensors geographically distributed for environmental monitoring and tracking purposes. Since the sensors in the WSN have limited battery capacity, the energy efficiency is considered a challenging task because of redundant data transmission and inappropriate routing paths. In this research, a Quasi-Oppositional Learning (QOL)-based African Vulture Optimization Algorithm (AVOA), referred to as QAVOA, is proposed for an effective data fusion and cluster-based routing in a WSN. The QAVOA-based Back Propagation Neural Network (BPNN) is developed to optimize the weights and threshold coefficients for removing the redundant information and decreasing the amount of transmitted data over the network. Moreover, the QAVOA-based optimal Cluster Head Node (CHN) selection and route discovery are carried out for performing reliable data transmission. An elimination of redundant data during data fusion and optimum shortest path discovery using the proposed QAVOA-BPNN is used to minimize the energy usage of the nodes, which helps to increase the life expectancy. The QAVOA-BPNN is analyzed by using the energy consumption, life expectancy, throughput, End to End Delay (EED), Packet Delivery Ratio (PDR) and Packet Loss Ratio (PLR). The existing approaches such as Cross-Layer-based Harris-Hawks-Optimization (CL-HHO) and Improved Sparrow Search using Differential Evolution (ISSDE) are used to evaluate the QAVOA-BPNN method. The life expectancy of QAVOA-BPNN for 500 nodes is 4820 rounds, which is high when compared to the CL-HHO and ISSDE.
View
THIS IS THE WAY!: ANALYSIS OF ARTICLES FOCUSED ON THE INTERNET OF THINGS WITH THE AIM OF EXPLAINING THE ISSUE TO EXISTING AND FUTURE RESEARCHERS
Article
Full-text available
  • May 2023
The purpose of this paper is to provide an overview of the Internet of Things issue from the perspective of scientists who specialize in this area. It is crucial to conduct new research on the Internet of Things because it raises awareness and improves the connectivity of other discoveries. The purpose of this study is to estimate, based on bibliometric analysis, the most frequently used keywords associated with the term IoT in its gradual development since its inception. The purpose of this analysis is to aid new scientists in integrating IoT more quickly. Changes in keywords associated with the term IoT over distinct time periods will be included among the anticipated outcomes. This is due to the fact that as more Internet-capable devices become available, the IoT's applications are expanding.
View
SELAMAT: A New Secure and Lightweight Multi-Factor Authentication Scheme for Cross-Platform Industrial IoT Systems
Article
Full-text available
The development of the industrial Internet of Things (IIoT) promotes the integration of the cross-platform systems in fog computing, which enable users to obtain access to multiple application located in different geographical locations. Fog users at the network’s edge communicate with many fog servers in different fogs and newly joined servers that they had never contacted before. This communication complexity brings enormous security challenges and potential vulnerability to malicious threats. The attacker may replace the edge device with a fake one and authenticate it as a legitimate device. Therefore, to prevent unauthorized users from accessing fog servers, we propose a new secure and lightweight multi-factor authentication scheme for cross-platform IoT systems (SELAMAT). The proposed scheme extends the Kerberos workflow and utilizes the AES-ECC algorithm for efficient encryption keys management and secure communication between the edge nodes and fog node servers to establish secure mutual authentication. The scheme was tested for its security analysis using the formal security verification under the widely accepted AVISPA tool. We proved our scheme using Burrows Abdi Needham’s logic (BAN logic) to prove secure mutual authentication. The results show that the SELAMAT scheme provides better security, functionality, communication, and computation cost than the existing schemes.
View
Building Low-Interactivity Multi-Factor Authenticated Key Exchange for Industrial Internet-of-Things
Article
Full-text available
  • Jul 2020
Industrial Internet of Things (IIoT) brings together computers, devices, advanced analytics, and people in industries such as transportation, oil plant and power grid, that leads to major efficiency and productivity gains for almost any industrial procedures. Due to the interconnection of devices in IIoT, communication security has become a critical issue to address in many emerging industry standards which require the authentication and key exchange procedure to be done to guarantee the authorized machine access (e.g., from users) and secure the data transmission between machines. To overcome the shortcoming (i.e., low entropy) of the memorable password in user authentication, it is rightfully recommended by industry standards (such as IEC-62443 family) to use multi-factor authentication for higher security levels. Notably, latency is one of the main sources of inefficiency when a device is communicating with other machines on IIoT. To mitigate latency, smooth projective hash function (SPHF) built from wellstudied standard assumptions is used to achieve low-interactivity multi-factor authenticated key exchange protocol (MFAKE), because SPHF allows each party to prove to the others that he knows the right authentication factor(s). In this paper, we are therefore motivated to build a new MFAKE named “secure remote multifactor (SRMF)” to achieve the human involved “machine-to-machine” secure communication in IIoT. That is, SRMF leverages multiple user-centric authentication factors (such as password, biometric fingerprints, and PIN), and it can synergistically support multi-factor registration (MFR), multi-factor authentication (MFA) and multifactor key exchange (MFKE). Further, to prevent authentication factors stored at the server exposing to attackers, the password-harden service (i.e., Pythia-PRF, USENIX’15) inspires us to develop a multifactor hardening service (MFHS) utilizing an oblivious pseudorandom function (OPRF). The balanced security of the proposed protocol is proved under the model of Bellare-Pointcheval-Rogaway (EUROCRYPTO’ 00) along with theoretical and experimental evaluations.
View
A survey of security and privacy issues in the Internet of Things from the layered context
Article
Full-text available
  • Jun 2022
Internet of Things (IoT) is a novel paradigm, which not only facilitates a large number of devices to be ubiquitously connected over the Internet but also provides a mechanism to remotely control these devices. The IoT is pervasive and is almost an integral part of our daily life. These connected devices often obtain user's personal data and store it online. The security of collected data is a big concern in recent time. As devices are becoming increasingly connected, privacy and security issues become more and more critical and these need to be addressed on an urgent basis. IoT implementations and devices are eminently prone to threats that could compromise the security and privacy of the consumers, which, in turn, could influence its practical deployment. In recent past, some research has been carried out to secure IoT devices with an intention to alleviate the security concerns of users. There have been research on blockchain technologies to tackle the privacy and security issues of the collected data in IoT. The purpose of this paper is to highlight the security and privacy issues in IoT systems. To this effect, the paper examines the security issues at each layer in the IoT protocol stack, identifies the under-lying challenges and key security requirements and provides a brief overview of existing security solutions to safeguard the IoT from the layered context.
View
Blockchain-Based Secure Crowdsourcing in Wireless IoT
Article
  • Mar 2022
With the explosive growth of interconnected smart devices and sensors, the Internet has been entering the Internet of things (IoT) era and revolutionizing many aspects of our daily life. Meanwhile, crowdsourcing has been considered as a promising technology to realize collaborative intelligence. Therefore, more and more IoT-based crowdsourcing applications are emerged to take advantages of the widely distributed IoT devices to sense, collect, and analyze data with the aim to solve complex and nontrivial tasks. However, there exist many technical challenges to be addressed in the IoT-based crowdsourcing, such as security, privacy, and incentive provision. In this paper, we propose a blockchain-based architecture as an integrated solution to realize the secure and trustworthy crowdsourcing in wireless IoT. We first overview the challenges in the traditional crowdsourcing system. Then, we briefly introduce the background of the blockchain and smart contract, and propose a blockchain-based crowdsourcing architecture. In particular, we elaborate the utilization of smart contract on the specific phases of crowdsourcing. By deploying the smart contract instance, we confirm the proposed blockchain-based architecture is feasible.
View
A continuous authentication protocol without trust authority for zero trust architecture
Article
Zero-trust security is a novel concept to cope with intricate access, which can not be handled by the conventional perimeter-based architecture anymore. The device-to-device continuous authentication protocol is one of the most crucial cornerstones, especially in the IoT scenario. In the zero-trust architecture, trust does not rely on any position, person or device. However, to the best of our knowledge, almost all existing device-to-device continuous authentication relies on a trust authority or a node to generate secret keys or secret values. This is betrayed by the principle of zero-trust architecture. In this paper, we employ the blockchain to eliminate the trusted node. One node is chosen to produce the public parameter and secret keys for two entities through the practical Byzantine fault tolerance consensus mechanism. Additionally, the devices are categorized into three folds: trusted device, suspected device and untrusted device. Only the first two can participate in authentication, and they have different lengths of security parameters and intervals to reach a better balance between security and efficiency. Then we prove the security of the initial authentication part in the eCK model and give an informal analysis of the continuous authentication part. Finally, we implement the proposed protocol on simulated devices. The result illustrates that our scheme is highly efficient, and the continuous authentication only costs around 0.1ms.
View
Forecasting fine-grained city-scale cellular traffic with sparse crowdsourced measurements
Article
With the rapid development of wireless technology and the edge computing applications, an increasing number of 4G/5G infrastructure are densely deployed to meet the booming cellular traffic demands. Monitoring and forecasting urban cellular traffic is fundamental for urban planning, network resources allocation, traffic engineering, etc. In this paper, we address the crowdsourcing-based urban cellular traffic prediction problem, i.e., to predict the city-scale fine-grained cellular traffic patterns based on partial user-generated measurements. We propose a novel deep generative adversarial network (GAN) model called CrowdGAN to solve the problem. Specifically, CrowdGAN employs a convolutional Long Short-Term Memory (LSTM) network to extract spatio-temporal features from sparse traffic maps, and adopts a novel design of co-training a generator and a discriminator under the supervision of an accuracy assurance network to generate a high-resolution cellular traffic map for prediction. We implement the proposed CrowdGAN in TensorFlow and evaluate its performance using two real-world cellular traffic datasets. Extensive experiments show that CrowdGAN significantly outperforms the baselines on a variety of performance metrics, and achieves at least 47% reduction in root-mean-squared error compared to the state-of-the-art.
View
An IoT Solution for Air Quality Monitoring and Hazard Identification for Smart City Development
Conference Paper
  • Jun 2022
Many IoT solutions are focused on air quality monitoring. The applicability of IoT to the entire process of hazard identification has not been fully harnessed. This paper conceptualized a smart IoT architecture for air quality monitoring and hazard identification. Notably, a data governance layer is part of the proposed cloud centric database architecture, to tackle the concerns about data governance. For the architecture, JavaScript Object Notation was adopted as a standard for data exchange to enable interoperability among components from different service providers and device manufacturers. As a proof of concept, an IoT node for air quality monitoring was prototyped. A web application with crowdsourcing capability was developed to provide a platform through which users can report and be notified of hazardous incidents. The results obtained during the testing phases of the two architectural components developed herein shows that the proposed architecture is characterized with adequate interoperability. Specifically, the air quality node logged air quality data to two different cloud databases: Google Firebase and Thingspeak platform. Subsequently, the air quality data was tunneled from the databases and visualized on the Web Application developed herein. By developing a solution for hazard identification, this research has contributed towards smart city development.
View
Deep Learning-based Continuous Authentication for an IoT-enabled healthcare service
Article
The Internet of Things (IoT) has introduced a new dimension to the Internet in the last decade; nonetheless, security, particularly attacks on authentication, continue to be a significant concern in IoT. The majority of research endeavours consider external attacks that originate from outside of an IoT network. Their authentication mechanisms authenticate users at the outset of a session. However, a device or user within the network may be a more significant threat than the external attacker due to their accessibility. An intruder during the session can physically grasp any IoT device and impersonate it. Therefore, the suggested security system continuously authenticates legitimate users inside a session. The system takes data from users and authenticates them using a Deep Learning-based Long Short-Term Memory classification algorithm. There are 3.5 percent false acceptances and 2.4% false rejections for the security system. The research also compared the suggested approach to other current security techniques.
View
A Fast and Scalable Authentication Scheme in IoT for Smart Living
Article
Numerous resource-limited smart objects (SOs) such as sensors and actuators have been widely deployed in smart environments, opening new attack surfaces to intruders. The severe security flaw discourages the adoption of the Internet of things in smart living. In this paper, we leverage fog computing and microservice to push certificate authority (CA) functions to the proximity of data sources. Through which, we can minimize attack surfaces and authentication latency, and result in a fast and scalable scheme in authenticating a large volume of resource-limited devices. Then, we design lightweight protocols to implement the scheme, where both a high level of security and low computation workloads on SO (no bilinear pairing requirement on the client-side) is accomplished. Evaluations demonstrate the efficiency and effectiveness of our scheme in handling authentication and registration for a large number of nodes, meanwhile protecting them against various threats to smart living. Finally, we showcase the success of computing intelligence movement towards data sources in handling complicated services.
View
Security Architecture for Secure Multicast CoAP Applications
Article
  • Jan 2020
Multicast communication has been recently supported by the constrained application protocol (CoAP), for the purpose of managing and controlling a group of homogeneous sensor devices. It can improve the efficiency of communication and reduce bandwidth requirements for several Internet of Things (IoT) and industrial IoT (IIoT) applications. To prevent unauthorized access to the sensing/actuating devices, both unicast and multicast CoAP messages should be secured to guarantee both confidentiality and integrity. For unicast CoAP applications, the datagram TLS (DTLS) Handshake can be applied for mutual authentication and session key derivation. However, it cannot be used for multicast CoAP applications since it is basically applied between two CoAP endpoints. Especially, two kinds of keys, a group key and a set of pairwise keys, are required to secure the multicast CoAP messages. In this article, the security architecture and associated protocols for multicast CoAP security are proposed. With the exchange of a pair of multicast CoAP messages, the group key and the set of pairwise keys can be established between a CoAP client and a set of CoAP servers without employing the DTLS Handshake . The security and performance analysis show that it is a viable solution for multicast CoAP applications even over the unreliable user datagram protocol.
View