research-article

Open access

AoT: Authentication and Access Control for the Entire IoT Device Life-Cycle

Authors:

Antonio L. Maia Neto,

Artur L. F. Souza,

Michele Nogueira,

Ivan Oliveira Nunes,

Leonardo Cotta,

Nicolas Gentille,

Antonio A. F. Loureiro,

Diego F. Aranha,

Harsh Kupwade Patil,

Leonardo B. OliveiraAuthors Info & Claims

SenSys '16: Proceedings of the 14th ACM Conference on Embedded Network Sensor Systems CD-ROM

Pages 1 - 15

https://doi.org/10.1145/2994551.2994555

Published: 14 November 2016 Publication History

Abstract

The consumer electronics industry is witnessing a surge in Internet of Things (IoT) devices, ranging from mundane artifacts to complex biosensors connected across disparate networks. As the demand for IoT devices grows, the need for stronger authentication and access control mechanisms is greater than ever. Legacy authentication and access control mechanisms do not meet the growing needs of IoT. In particular, there is a dire need for a holistic authentication mechanism throughout the IoT device life-cycle, namely from the manufacturing to the retirement of the device. As a plausible solution, we present Authentication of Things (AoT), a suite of protocols that incorporate authentication and access control during the entire IoT device life span. Primarily, AoT relies on Identity- and Attribute-Based Cryptography to cryptographically enforce Attribute-Based Access Control (ABAC). Additionally, AoT facilitates secure (in terms of stronger authentication) wireless interoperability of new and guest devices in a seamless manner. To validate our solution, we have developed AoT for Android smartphones like the LG G4 and evaluated all the cryptographic primitives over more constrained devices like the Intel Edison and the Arduino Due. This included the implementation of an Attribute-Based Signature (ABS) scheme. Our results indicate AoT ranges from highly efficient on resource-rich devices to affordable on resource-constrained IoT-like devices. Typically, an ABS generation takes around 27 ms on the LG G4, 282 ms on the Intel Edison, and 1.5 s on the Arduino Due.

Supplementary Material

MOV File (p1.mov)

Download
866.68 MB

References

[1]

Kevin Ashton. That 'Internet of Things' Thing. RFiD Journal, 22:97--114, 2009.

[2]

Luigi Atzori, Antonio Iera, and Giacomo Morabito. The Internet of Things: A survey. Computer Networks, 54(15):2787--2805, 2010.

Digital Library

[3]

Mark Luk, Adrian Perrig, and Bram Whillock. Seven Cardinal Properties of Sensor Network Broadcast Authentication. In Workshop on Security of Ad Hoc and Sensor Networks (SASN), 2006.

Digital Library

[4]

Sungmin Hong, Daeyoung Kim, Minkeun Ha, Sungho Bae, Sang Jun Park, Wooyoung Jung, and Jae-Eon Kim. SNAIL: an IP-Based Wireless Sensor Network Approach to the Internet of Things. Wireless Communications, 17(6):34--42, 2010.

Digital Library

[5]

Attila Altay Yavuz. ETA: Efficient and Tiny and Authentication for Heterogeneous Wireless Systems. In Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2013.

Digital Library

[6]

Salmin Sultana, Daniele Midi, and Elisa Bertino. Kinesis: a Security Incident Response and Prevention System for Wireless Sensor Networks. In Conference on Embedded Networked Sensor Systems (SenSys), 2014.

Digital Library

[7]

Stylianos Gisdakis, Thanassis Giannetsos, and Panos Papadimitratos. SHIELD: a Data Verification Framework for Participatory Sensing Systems. In Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2015.

Digital Library

[8]

Tobias Markmann, Thomas C Schmidt, and Matthias Wählisch. Federated End-to-End Authentication for the Constrained Internet of Things Using IBC and ECC. In Conference of the ACM Special Interest Group on Data Communication (SIGCOMM), 2015.

Digital Library

[9]

Chieh-Jan Mike Liang, Börje F. Karlsson, Nicholas D. Lane, Feng Zhao, Junbei Zhang, Zheyi Pan, Zhao Li, and Yong Yu. SIFT: Building an Internet of Safe Things. In International Conference on Information Processing in Sensor Networks (IPSN), 2015.

Digital Library

[10]

Fernando A. Teixeira, Gustavo V. Machado, Fernando M. Q. Pereira, Hao Chi Wong, José M. S. Nogueira, and Leonardo B. Oliveira. SIoT: Securing the Internet of Things Through Distributed System Analysis. In International Conference on Information Processing in Sensor Networks (IPSN), 2015.

Digital Library

[11]

Douglas Stinson. Cryptography: Theory and Practice. CRC/C&H, 2002.

Digital Library

[12]

A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security Protocols for Sensor Networks. Wireless Networks, 8(5):521--534, 2002.

Digital Library

[13]

Sencun Zhu, Sanjeev Setia, and Sushil Jajodia. LEAP: Efficient Security Mechanisms for Large-scale Distributed Sensor Networks. In Conference on Computer and Communications Security (CCS), 2003.

Digital Library

[14]

R. Di Pietro, L. V. Mancini, and A. Mei. Random Key-Assignment for Secure Wireless Sensor Networks. In Workshop on Security of Ad Hoc and Sensor Networks (SASN), pages 62--71, 2003.

Digital Library

[15]

Seyit A. Çamtepe and Bülent Yener. Combinatorial Design of Key Distribution Mechanisms for Wireless Sensor Networks. In European Symposium on Research in Computer Security (ESORICS), 2004.

[16]

Ronald J. Watro, Derrick Kong, Sue fen Cuti, Charles Gardiner, Charles Lynn, and Peter Kruus. TinyPK: Securing Sensor Networks with Public Key Technology. In Workshop on Security of Ad Hoc and Sensor Networks (SASN), 2004.

Digital Library

[17]

N. Gura, A. Patel, A. Wander, H. Eberle, and S. C. Shantz. Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs. In Conference on Cryptographic Hardware and Embedded Systems (CHES), 2004.

[18]

David J. Malan, Matt Welsh, and Michael D. Smith. A Public-Key Infrastructure for Key Distribution in TinyOS Based on Elliptic Curve Cryptography. In Conference on Sensor and Ad Hoc Communications and Networks (SECON), 2004.

[19]

W. Du, J. Deng, Y. S. Han, P. K. Varshney, J. Katz, and A. Khalili. A Pairwise Key Pre-distribution Scheme for Wireless Sensor Networks. Transactions on Information and System Security (TISSEC), 2005.

Digital Library

[20]

Donggang Liu, Peng Ning, and Rongfang Li. Establishing Pairwise Keys in Distributed Sensor Networks. Transactions on Information and System Security (TISSEC), 2005.

Digital Library

[21]

Leonardo B. Oliveira, Adrian Ferreira, Marco A. Vilaça, Hao Chi Wong, Marshall Bern, Ricardo Dahab, and Antonio A. F. Loureiro. SecLEACH-- On the Security of Clustered Sensor Networks. Signal Process., 87(12):2882--2895, 2007.

Digital Library

[22]

Leonardo B. Oliveira, Michael Scott, Julio Lopez, and Ricardo Dahab. TinyPBC: Pairings for Authenticated Identity-Based Non-Interactive Key Distribution in Sensor Networks. In International Conference on Networked Sensing Systems (INSS), 2008.

[23]

Piotr Szczechowiak, Anton Kargl, Michael Scott, and Martin Collier. On the Application of Pairing Based Cryptography to Wireless Sensor Networks. In Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2009.

Digital Library

[24]

Leonardo B. Oliveira, Aman Kansal, Bodhi Priyantha, Michel Goraczko, and Feng Zhao. Secure-TWS: Authenticating Node to Multi-user Communication in Shared Sensor Networks. In International Conference on Information Processing in Sensor Networks (IPSN), 2009.

Digital Library

[25]

Harsh Kupwade Patil and Stephen A Szygenda. Security for Wireless Sensor Networks Using Identity-Based Cryptography. CRC Press, 2012.

Digital Library

[26]

Adi Shamir. Identity-based Cryptosystems and Signature Schemes. In International Cryptology Conference on Advances in Cryptology (CRYPTO), 1984.

Digital Library

[27]

R. Sakai, K. Ohgishi, and M. Kasahara. Cryptosystems Based on Pairing. In Symposium on Cryptography and Information Security (SCIS), 2000.

[28]

Dan Boneh and Matthew K. Franklin. Identity-Based Encryption from the Weil Pairing. In International Cryptology Conference on Advances in Cryptology (CRYPTO), 2001.

Digital Library

[29]

Clifford Cocks. An Identity Based Encryption Scheme Based on Quadratic Residues. In International Conference on Cryptography and Coding (IMACC), 2001.

Digital Library

[30]

Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data. In Conference on Computer and Communications Security (CCS), 2006.

Digital Library

[31]

John Bethencourt, Amit Sahai, and Brent Waters. Ciphertext-policy Attribute-based Encryption. In Symposium on Security and Privacy (S&P), 2007.

Digital Library

[32]

Eric Yuan and Jin Tong. Attributed Based Access Control (ABAC) for Web Services. In International Conference on Web Services (ICWS), 2005.

Digital Library

[33]

Vincent C Hu, David Ferraiolo, Rick Kuhn, Arthur R Friedman, Alan J Lang, Margaret M Cogdell, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone, et al. Guide to Attribute Based Access Control (ABAC) Definition and Considerations. NIST Special Publication, 800:162, 2013.

[34]

Sanjit Chatterjee and Palash Sarkar. Identity-Based Encryption. Springer Publishing Company, Incorporated, 2011.

Digital Library

[35]

Cas Cremers. The scyther tool: Verification, falsification, and analysis of security protocols. In Conference on Computer Aided Verification (CAV), 2008.

Digital Library

[36]

Cas JF Cremers, Pascal Lafourcade, and Philippe Nadeau. Comparing State Spaces in Automatic Security Protocol Analysis. Formal to Practical Security, 5458:70--94, 2009.

[37]

Hemanta K Maji, Manoj Prabhakaran, and Mike Rosulek. Attribute-Based Signatures: Achieving Attribute-Privacy and Collusion-Resistance. IACR Cryptology ePrint Archive, 2008:328, 2008.

[38]

Jin Li, Man Ho Au, Willy Susilo, Dongqing Xie, and Kui Ren. Attribute-based Signature and its Applications. In Symposium on Information, Computer and Communications Security (ASIACCS), 2010.

Digital Library

[39]

Matt Bishop. Computer security: art and science, volume 200. Addison-Wesley, 2012.

[40]

A. Menezes, T. Okamoto, and St Vanstone. Reducing Elliptic Curve Logarithms to Logarithms in a Finite Field. Transactions on Information Theory, 39(5):1639--1646, 1993.

Digital Library

[41]

Dan Boneh and Matthew Franklin. Identity-based encryption from the weil pairing. SIAM Journal on Computing, 32(3):586--615, 2003.

Digital Library

[42]

Antoine Joux. A One Round Protocol for Tripartite Diffie-Hellman. J. Cryptology, 17(4):263--276, 2004.

Digital Library

[43]

Jenny Torres, Michele Nogueira, and Guy Pujolle. Identity-Based Cryptography: Applications, Vulnerabilities and Future Directions. In IT Policy and Ethics: Concepts, Methodologies, Tools, and Applications, pages 430--450. IGI Global, 2013.

[44]

Noel McCullagh and Paulo S. L. M. Barreto. A New Two-party Identity-based Authenticated Key Agreement. In International Conference on Topics in Cryptology (CT-RSA), 2005.

Digital Library

[45]

Amit Sahai and Brent Waters. Fuzzy Identity-based Encryption. In International Conference on Theory and Applications of Cryptographic Techniques (EUROCRYPT), 2005.

Digital Library

[46]

Huai-Xi Wang, Yan Zhu, Rong-Quan Feng, and Stephen S Yau. Attribute-Based Signature with Policy-and-Endorsement Mechanism. Journal of Computer Science and Technology, 25(6):1293--1304, 2010.

[47]

Antoine Joux. The Weil and Tate Pairings as Building Blocks for Public Key Cryptosystems. In International Symposium on Algorithmic Number Theory (ANTS), 2002.

Digital Library

[48]

Dan Boneh, Craig Gentry, and Michael Hamburg. Space-efficient identity based encryption without pairings. In Symposium on Foundations of Computer Science (FOCS), 2007.

Digital Library

[49]

Steven D. Galbraith. Mathematics of Public Key Cryptography. Cambridge University Press, 2012.

Digital Library

[50]

Adrian Perrig, Robert Szewczyk, Victor Wen, David E. Culler, and J. D. Tygar. SPINS: Security Protocols for Sensor Netowrks. In International Conference on Mobile Computing and Networking (MobiCom), 2001.

Digital Library

[51]

Alexandra Boldyreva, Vipul Goyal, and Virendra Kumar. Identity-based Encryption with Efficient Revocation. In Conference on Computer and Communications Security (CCS), 2008.

Digital Library

[52]

Henk van Tilborg and Sushil Jajodia. Encyclopedia of Cryptography and Security. Springer US, 2011.

Digital Library

[53]

D. F. Aranha and C. P. L. Gouvêa. RELIC is an Efficient LIbrary for Cryptography. https://github.com/relic-toolkit/relic.

[54]

Michael Scott. Computing the Tate Pairing. In International Conference on Topics in Cryptology (CT-RSA), 2005.

Digital Library

[55]

Paulo S. L. M. Barreto and Michael Naehrig. Pairing-friendly Elliptic Curves of Prime Order. In Selected Areas in Cryptography (SAC), 2005.

Digital Library

[56]

Frederik Vercauteren. Optimal Pairings. Transactions on Information Theory, 56(1):455--461, 2010.

Digital Library

[57]

Chae Hoon Lim and Pil Joong Lee. More Flexible Exponentiation with Precomputation. In International Cryptology Conference on Advances in Cryptology (CRYPTO), 1994.

Digital Library

[58]

A. Kato, M. Scott, T. Kobayashi, and Y. Kawahara. Barreto-Naehrig Curves. IETF draft available at https://tools.ietf.org/html/draft-kasamatsu-bncurves, 2016.

[59]

Xiaodong Dawn Song. An Automatic Approach for Building Secure Systems. PhD thesis, University of California at Berkeley, 2002.

[60]

Steven D. Galbraith and Pierrick Gaudry. Recent Progress on the Elliptic Curve Discrete Logarithm Problem. Designs, Codes and Cryptography, 78(1):51--72, 2016.

Digital Library

[61]

Adi Shamir. How to Share a Secret. Communications ACM, 22(11):612--613, 1979.

Digital Library

[62]

Xuefei Cao, Weidong Kou, Lanjun Dang, and Bin Zhao. IMBAS: Identity-based Multi-user Broadcast Authentication in Wireless Sensor Networks. Computer Communications, 31(4):659--667, 2008.

Digital Library

[63]

Lidong Zhou and Zygmunt J. Haas. Securing Ad Hoc Networks. IEEE Network, 13(6):24--30, 1999.

Digital Library

[64]

S. Capkun, L. Buttyan, and J. P. Hubaux. Self-Organized Public-Key Management for Mobile Ad Hoc Networks. Transactions on Mobile Computing, 2(1):17, 2003.

Digital Library

[65]

Lakshmi Venkatraman and Dharma P. Agrawal. A novel authentication scheme for ad hoc networks. In Wireless Communications and Networking Conference (WCNC), 2002.

[66]

Yih-Chun Hu, Adrian Perrig, and David B. Johnson. Ariadne: a Secure On-demand Routing Protocol for Ad Hoc Networks. In International Conference on Mobile Computing and Networking (MobiCom), 2002.

Digital Library

[67]

Yongguang Zhang and Wenke Lee. Intrusion Detection in Wireless Ad-hoc Networks. In International Conference on Mobile Computing and Networking (MobiCom), 2000.

[68]

Ian Timothy Fischer, Cynthia Kuo, Ling Huang, and Mario Frank. Smartphones: Not Smart Enough? In Workshop on Security and Privacy in Smartphones & Mobile Devices (SPSM), 2012.

Digital Library

[69]

Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K. Reiter, and Aviel D. Rubin. The Design and Analysis of Graphical Passwords. In USENIX Security Symposium (Security), 1999.

Digital Library

[70]

Volker Roth, Kai Richter, and Rene Freidinger. A PIN-entry Method Resilient Against Shoulder Surfing. In Conference on Computer and Communications Security (CCS), 2004.

Digital Library

[71]

S M Taiabul Haque, Matthew Wright, and Shannon Scielzo. Passwords and Interfaces: Towards Creating Stronger Passwords by Using Mobile Phone Handsets. In Workshop on Security and Privacy in Smartphones & Mobile Devices (SPSM), 2013.

Digital Library

[72]

Yimin Chen, Jingchao Sun, Rui Zhang, and Yanchao Zhang. Your Song Your Way: Rhythm-based Two-factor Authentication for Multi-touch Mobile Devices. In Conference on Computer Communications (INFOCOM), 2015.

[73]

L. Cotta, A. L. Fernandes, L. T. C. Melo, L. F. Z. Saggioro, F. Martins, A. L. M. Neto, A. A. F. Loureiro, Í Cunha, and L. B. Oliveira. Nomadikey: User authentication for smart devices based on nomadic keys. In International Conference on Communications (ICC), 2016.

[74]

Serge Egelman, Sakshi Jain, Rebecca S. Portnoff, Kerwell Liao, Sunny Consolvo, and David Wagner. Are You Ready to Lock? In Conference on Computer and Communications Security (CCS), 2014.

Digital Library

[75]

Matteo Dell'Amico, Pietro Michiardi, and Yves Roudier. Password Strength: An Empirical Analysis. In Conference on Computer Communications (INFOCOM), 2010.

Digital Library

[76]

Hristo Bojinov and Dan Boneh. Mobile Token-based Authentication on a Budget. In Workshop on Mobile Computing Systems and Applications (WMCSA), 2011.

Digital Library

[77]

Jiayang Liu, Zhen Wang, Lin Zhong, J. Wickramasuriya, and V. Vasudevan. uWave: Accelerometer-based Personalized Gesture Recognition and Its Applications. In International Conference on Pervasive Computing and Communications (PerCom), 2009.

Digital Library

[78]

Alexander De Luca, Alina Hang, Frederik Brudy, Christian Lindner, and Heinrich Hussmann. Touch Me Once and I Know It's You!: Implicit Authentication Based on Touch Screen Patterns. In Conference on Human Factors in Computing Systems (CHI), 2012.

Digital Library

[79]

Masoud Rostami, Ari Juels, and Farinaz Koushanfar. Heart-to-Heart (H2H): Authentication for Implanted Medical Devices. In Conference on Computer and Communications Security (CCS), 2013.

Digital Library

[80]

Markus Jakobsson, Elaine Shi, Philippe Golle, and Richard Chow. Implicit Authentication for Mobile Devices. In Conference on Hot Topics in Security (HotSec), 2009.

Digital Library

[81]

V. Mora-Afonso, P. Caballero-Gil, and J. Molina-Gil. Strong Authentication on Smart Wireless Devices. In International Conference on Future Generation Communication Technology (FGCT), 2013.

Cited By

De Vaere PStöger FPerrig ATsudik GQuek TGao DZhou JCardenas A(2024)The SA4P Framework: Sensing and Actuation as a PrivilegeProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3657006(873-885)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3657006
Jois TPavlovich TMcCarron BKotz DPierson TStephenson BStone JBattestilli LRebelsky SShoop L(2024)Smart Use of Smart Devices in Your Home: A Smart Home Security and Privacy Workshop for the General PublicProceedings of the 55th ACM Technical Symposium on Computer Science Education V. 110.1145/3626252.3630925(611-617)Online publication date: 7-Mar-2024
https://dl.acm.org/doi/10.1145/3626252.3630925
Liu CChen BShao WZhang CWong KZhang Y(2024)Unraveling Attacks to Machine-Learning-Based IoT Systems: A Survey and the Open Libraries Behind ThemIEEE Internet of Things Journal10.1109/JIOT.2024.337773011:11(19232-19255)Online publication date: 1-Jun-2024
https://doi.org/10.1109/JIOT.2024.3377730

Recommendations

Secure and efficient data transmission in the Internet of Things

Recently, the concept of the Internet of Things (IoT) has drawn considerable attention from both industry and academia. In the IoT, millions of objects with sensors collect data and send the data to servers that analyze, manage and use the data in order ...
Identity-based deniable authenticated encryption and its application to e-mail system

An authenticated encryption (AE) scheme simultaneously achieves two security goals: confidentiality and authenticity. AE can be divided into symmetric AE and asymmetrical (public key) AE. In a symmetric AE scheme, deniability is gained automatically. ...
A combined public-key scheme in the case of attribute-based for wireless body area networks

The wireless body area networks (WBANs) is a practical application model of Internet of things. It can be used in many scenarios, especially for e-healthcare. The medical data of patients is collected by sensors and transmitted using wireless ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SenSys '16: Proceedings of the 14th ACM Conference on Embedded Network Sensor Systems CD-ROM

November 2016

398 pages

ISBN:9781450342636

DOI:10.1145/2994551

Copyright © 2016 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 November 2016

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

LG Electronics, CNPq, CAPES, and FAPEMIG

Conference

SenSys '16

Sponsor:

SenSys '16: The 14th ACM Conference on Embedded Network Sensor Systems

November 14 - 16, 2016

CA, Stanford, USA

Acceptance Rates

Overall Acceptance Rate 174 of 867 submissions, 20%

Upcoming Conference

SenSys '24

Sponsor:
sigbed
sigbed
sigbed
sigbed
sigbed

The 22nd ACM Conference on Embedded Networked Sensor Systems

November 4 - 7, 2024

Hangzhou , China

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
2,938
Total Downloads

Downloads (Last 12 months)321
Downloads (Last 6 weeks)45

Reflects downloads up to 16 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

De Vaere PStöger FPerrig ATsudik GQuek TGao DZhou JCardenas A(2024)The SA4P Framework: Sensing and Actuation as a PrivilegeProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3657006(873-885)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3657006
Jois TPavlovich TMcCarron BKotz DPierson TStephenson BStone JBattestilli LRebelsky SShoop L(2024)Smart Use of Smart Devices in Your Home: A Smart Home Security and Privacy Workshop for the General PublicProceedings of the 55th ACM Technical Symposium on Computer Science Education V. 110.1145/3626252.3630925(611-617)Online publication date: 7-Mar-2024
https://dl.acm.org/doi/10.1145/3626252.3630925
Liu CChen BShao WZhang CWong KZhang Y(2024)Unraveling Attacks to Machine-Learning-Based IoT Systems: A Survey and the Open Libraries Behind ThemIEEE Internet of Things Journal10.1109/JIOT.2024.337773011:11(19232-19255)Online publication date: 1-Jun-2024
https://doi.org/10.1109/JIOT.2024.3377730

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents