Abstract

The term Internet of Things (IoT) refers to the ability to extend network connectivity and computing capability to objects and devices. These devices collect, exchange and analyze data without any human interaction. Generally, IoT architecture requires data communication and cloud computing services. However, security is a big challenge for IoT services. Strong user authentication is the first requirement for IoT services to avoid malicious unauthenticated device. This work explores the weakness of conventional authentication methods in cloud environments. An improved strong user authentication scheme has been proposed. This new scheme is based on local certification authority for IoT devices in cloud computing where devices are authenticated using private public key infrastructure (PKI). The proposed approach has superior security performance compared to conventional techniques. It is shown that our approach doesn’t require any hardware tokens, reduce the computation and then improve authentication strength.

Keyword

IoT, Security, VPN, Cloud computing, Authentication, Private key, Public key, Digital signature, PKI, Certification authority.

Cite this article

Abdelkader YM, Ahmed M

Refference

[1][1]Hand E. Head in the clouds. Nature News. 2007.

[2][2]Weiss A. Computing in the clouds. Networker. 2007; 11(4):16-25.

[3][3]Yang Y, Lu H, Weng J. Multi-user private keyword search for cloud computing. In international conference on cloud computing technology and science 2011 (pp. 264-71). IEEE.

[4][4]Kaavi J. Strong authentication with mobile phones. Helsinki University of Technology, Fall. 2010.

[5][5]Jiang R. Advanced secure user authentication framework for cloud computing. International Journal on Smart Sensing & Intelligent Systems. 2013; 6(4):1700-24.

[6][6]Rivest RL, Shamir A, Adleman L. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM. 1978; 21(2):120-6.

[7][7]Kinastowski W. Digital signature as a cloud-based service. In the international conference on cloud computing 2013(pp. 68-72).

[8][8]Ford M, Stevenson T, Lew HK, Spanier S. Internetworking technologies handbook. Macmillan Publishing Co., Inc.; 1997.

[9][9]Diffie W, Hellman ME. Special feature exhaustive cryptanalysis of the NBS data encryption standard. Computer. 1977; 10(6):74-84.

[10][10]Reynard R. Secret code breaker II: a cryptanalysts handbook. Smith & Daniel; 1997.

[11][11]Patange T. How to defend yourself against MITM or Man-in-the-middle attack. 2013.

[12][12]Katz J. Efficient cryptographic protocols preventing man-in-the-middle attacks. Columbia University; 2002.

[13][13]Prakash MV, Infant PA, Shobana SJ. Eliminating vulnerable attacks using one-time password and passtext–analytical study of blended schema. Universal Journal of Computer Science and Engineering Technology. 2010; 1(2):133-40.

[14][14]Alliance SC. Strong authentication using smart card technology for logical access. A Smart Card Alliance Access Control Council White Paper. 2012:1-26.

[15][15]Yang B, Hu Z, Xiao Z. Efficient certificateless strong designated verifier signature scheme. In international conference on computational intelligence and security 2009 (pp. 432-6). IEEE.

[16][16]Tianhuang C, Xiaoguang X. Digital signature in the application of e-commerce security. In international conference on e-health networking digital ecosystems and technologies (EDT) 2010 (pp. 366-9). IEEE.

[17][17]Atwady Y, Hammoudeh M. A survey on authentication techniques for the internet of things. In proceedings of the international conference on future networks and distributed systems 2017. ACM.

[18][18]Silva EdOe, Lima WTSd, Ferraz FS, Ribeiro FIdN. Authentication and the Internet of Things: a survey based on a systematic mapping. In proceedings of the international conference on software engineering advances 2017 (pp. 34-40).

[19][19]Zhou L, Li X, Yeh KH, Su C, Chiu W. Lightweight IoT-based authentication scheme in cloud computing circumstance. Future Generation Computer Systems. 2019; 91:244-51.

[20][20]Hammi MT, Hammi B, Bellot P, Serhrouchni A. Bubbles of trust: a decentralized blockchain-based authentication system for IoT. Computers & Security. 2018; 78:126-42.

[21][21]Alizai ZA, Tareen NF, Jadoon I. Improved IoT device authentication scheme using device capability and digital signatures. In international conference on applied and engineering mathematics 2018 (pp. 1-5). IEEE.