Security Analysis and Improvements of Authentication and Access Control in the Internet of Things
Open Access
- 13 August 2014
- Vol. 14 (8), 14786-14805
- https://doi.org/10.3390/s140814786
Abstract
Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al. According to our analysis, Jing et al.’s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost.Keywords
This publication has 24 references indexed in Scilit:
- Differentiated Virtual Passwords, Secret Little Functions, and Codebooks for Protecting Users From Password TheftIEEE Systems Journal, 2012
- Scatter – secure code authentication for efficient reprogramming in wireless sensor networksInternational Journal of Sensor Networks, 2011
- The Internet of Things: A surveyComputer Networks, 2010
- Internet of Things – New security and privacy challengesComputer Law & Security Review, 2010
- An energy-efficient access control scheme for wireless sensor networks based on elliptic curve cryptographyJournal of Communications and Networks, 2009
- Identities in the Future Internet of ThingsWireless Personal Communications, 2009
- Transactions papers a routing-driven Elliptic Curve Cryptography based key management scheme for Heterogeneous Sensor NetworksIEEE Transactions on Wireless Communications, 2009
- Proximity-based authentication of mobile devicesInternational Journal of Security and Networks, 2009
- A novel localised authentication scheme in IEEE 802.11 based Wireless Mesh NetworksInternational Journal of Security and Networks, 2008
- Anonymous authentication protocol for GSM networksInternational Journal of Security and Networks, 2008