IJSRD - International Journal for Scientific Research & Development| Vol.

7, Issue 09, 2019 | ISSN (online): 2321-0613

Encryption/Decryption Scheme for IoT Communication to the Avoidance

of Man-in-the-Middle Attack
Prashant Singh1 Sakar Gupta2
1,2
Poornima College of Engineering, Jaipur, Rajasthan, India
Abstract— This paper proposed a secure technique for data
encryption and decryption for In-ternet of Thing (IoT)
communication. The main aim of this research is to sort out
the issue of Man-in-the-Middle attack. Currently, it becomes
difficult to secure data from attacker as they can easily
uncover the encryption key. Therefore, an algorithm is
suggested here for random key generation for data encryption
and decryption. In this algorithm, principle of spiral wheel is
used for rearranging the character sequences to produce
ciphers. It changes the sequence of characters in a particular
sequence. It is based on the concept of centroid of the
sequence to ob-tain the median of the pattern based on even
and odd numbers. This method comes into Symmetric key
algorithms. It produces a highly reliable and secured
communication interface for IoT to prevent from the attacks.
Keywords: Internet of Things, Man-in-the-Middle Attack,
Ciphers

I. INTRODUCTION
Nowadays, people day-to-day activities depend on Internet of
Things i.e. IoT. It uses the constrained devices for actuating
and sensing the operations. In 1999, Kevin Ashton coined the Fig. 1: Onboarding solution based on QR code [3].
term and concept of IoT. It offers the concept to interconnect For IoT environment, security plays one of the major
the internet with daily life common objects. Such gadgets role. Past years witness the exponential growth in number of
assembled globally to gather numerous information with the cybercrimes and cyber-attacks [3]. Constraint de-vices
performing of definite tasks with minimal or no hu-man contain low or no security feature that make them the main
intervention. Currently, global cyber market mostly target for cyber attackers. Recent years reported numerous
controlled by IoT and its principles. With a survey record by cases in which attackers got control over such constrained
Gartner, in the end of 2020, 21 billion intercon-nected devices devices and result as the mounting of DDoS attacks using
will mark their presence [1]. A giant network will bots. IoT does not support the security and network protocols
demonstrate their limitless applications in the world of used in traditional internet due to the low throughput of
internet. Some of the applications can be de-ployed as to network and constrained nature of the devices. There is
develop smart logistics, smart grids and to create smart cities always the need for new protocols in IoT for security and
etc. How-ever, every innovations come with tremendous communication purposes due to low power consumption, less
challenges. For example, constrained devices featured in IoT throughput and low computational complexity etc. IoT
have their limitations as throughput, short lifetime, limited environment demands lightweight security protocols to run
computational capacity etc. Such aspects generate new its applications [4-5]. It should include the strong
challenges for researchers, communication experts and authentication protocols for secured devices and networks.
computer/cyber experts [2]. It becomes must to provide an An entity’s identity verifies by authentication process. For
efficient and sustainable environment for making the best authentication proto-col, the process should include
effective communication between these constrained devices. double different credential of user for secured practic-es. IoT
Therefore, it becomes a challenge to provide effi-cient entities cannot afford the inclusion of cartographic primitives
network due to the requirement of different standards and that makes the authentication process more challenging. In
protocols used by different devices. Therefore, there is a need traditional market, they have high com-putational
to develop a heterogeneous network that has the potential to complexity. However, utilization of gateways as middle-ware
make communication with each devices in secured as well as for compu-tation increases the threshold of computational
efficient way. complexity. In such scheme, IoT devices are slightly less
powerful than the gateway nodes [6]. In last few years, sever-
al schemes on authentication for network and constrained
devices have been pro-posed and some of them are explained
in upcoming sections.

II. BACKGROUND
Traditional ways include access control mechanism for inter-
organizational data sharing in current systems [6]. Data hold

All rights reserved by www.ijsrd.com 403

 Encryption/Decryption Scheme for IoT Communication to the Avoidance of Man-in-the-Middle Attack
(IJSRD/Vol. 7/Issue 09/2019/100)

by a trusted server performed the access control. It includes processes happened in open environment as wire-less
managing a set of user’s information by the server with their communication. IoT features sensors as its key element. They
rights to access and deliver the information in between have limited ener-gy capabilities and processing. Therefore,
authorized users. According to a policy, one key in complex security schemes failed to provide protection from
cryptographic system can decrypt multiple ciphertexts. It vulnerable attacks. Security vulnerability occurred due to the
works on the concept of Attributed-Based Encryption (ABE) gaps and loopholes present in authentication. It offers
[7]. Later, there is a refinement of ABE in two certain unauthorized access to devices. It results disturbing and
directions. These are as Key-Policy ABE and Cypher text- harming the systems through random attacks that includes a
Policy ABE. In first one [5], attributes are set for each definite goal performed by criminals, hackers or even
ciphertexts. Here, with an integrated policy, the decryption government agencies. Classifi-cation of attacks have been
keys are generated to decide the decryption order of the doc- made in two ways depending on the type of attackers. First is
uments. In another one, [2] mimics a role-based access inexperienced attackers or unstructured attacks with their
control. In such scheme, sys-tem provides the keys to users hacking tools. Sec-ond is structured attacks through
based on the encrypted ciphertexts and their roles with a experienced people with the known of vulnerability of attack
specific access policy. In recent studies, the overhead concept and performed by writing script/codes by using sophisticated
is considerable for the restriction of devices. On the other tools. Figure 2 illustrates the different ways to perform the
hand, key management prefers the concept of attribute-based attacks.
encryption [1]. Symmetric algorithms are preferred for huge
amount of data encryption in sensors directly due to
performance reasons. Dynamic re-strictions not occurred in
the concept of attribute-based encryption, as they require the
access during the operation time.
Broadcast authentication protocol TESLA follows
the Hash-chains as a tool [7]. This concept utilizes the
elements with hash-chains assigned to definite time-slots. To
strengthen the stream ciphers, Rivest [8] used a pattern of
backward and forward hash chains. Another system named as
BAC systems contains four distinct energy efficiency classes
[3]. It has more control capabilities with more fine-grained
sensors arranged in a higher efficiency class. Currently, an
organization having large building area and complexes can
easily comprise tens of thousands of sensors. It generates a
good amount of data stream providing the insight the building
actions. It leads to the need for more protection from the Fig. 2: Classification of type of attacks in IoT [13].
attackers, specifically during the outsourcing han-dling of the A. Physical Attacks
data. One of the major research project named as BaaS in the It include the attack that physically temper the device due to
EU FP-7 [4] targets to increase building energy efficiency. It
the data distribution in the open environment with unattended
can be performed through as-sessing and analyzing the data
information. It offers the opportunity to at-tackers to disturb
of operational building that advances the regulation schemes
the communication [7-8].
accordingly. It provides an IoT platform for the
interconnection of multiple buildings through data repository, B. Reconnaissance Attacks
BMS and internet services for batch analysis and real time It involves the use of packet sniffer tools or traffic analysis
application. for data extraction by the attackers. They also tries to find out
the IP address of targetted device.
III. CLASSIFICATION OF ATTACKS IN IOT
C. Denial of Services (DoS)
IoT needs to address the security in the designed system i.e.
the most important con-cerns. Efficient data communication It consists the unavailability of resources and system by
demands high-level security from random cyber-attacks [9]. attacker leads to blocking the access of information. It is due
Attacks such as Sybil, eavesdropping, message modification, to the limited capabilities of sensor that makes to exhaust the
traf-fic analysis and Denial of Service (DoS) etc. are harming device and cut the connection to system. These type of attacks
the people and institutions by obtaining their access placed on the layer of TCP models such as transport layer,
information as well as gain financial benefits [10]. The ex- network layer, physical layer, datalink layer and application
ponential growth of IoT attracts the cyber-attackers with layer. All have the same intention as to block the transfer of
more number and in com-plex manner. It becomes information. It is sub-divided into different techniques that
sophisticate to breach the security with new tools [11-12]. can be dis-cussed as follow [14-15].
Most of the user data are spread in the large area and
distributed in nature as they are attended by them. Therefore, 1) Jamming:
it becomes easier to attain physical access of the devic-es b Attackers block the communication channel between the two
the attackers. Apart from such access, another aim for layers in order to prevent data communication by controlling
intruder is to hit on data communication process as all the the signals.

All rights reserved by www.ijsrd.com 404

 Encryption/Decryption Scheme for IoT Communication to the Avoidance of Man-in-the-Middle Attack
(IJSRD/Vol. 7/Issue 09/2019/100)

2) Node Tempering: IV. PROPOSED ALGORITHM

Attackers physically disturb and temper the node in order to This paper presents a novel algorithm of encryption/
attain the control like hijacking it and access the information. decryption process to avoid at-tack from IoT system. It give
3) Collision: a process to generate signature for the device which is only
It is performed by adding a duplicate or fake node in the one time applicable to prevent from Man-in-the-Middle
network to capture it and then to produce unnecessary traffic. (MiM) attack. Proposed algorithm is named as Quondam
It creates collisions between the data result as dropping the Signature Algorithm (QSA). Algorithm for the pro-cess is
valid packet containing information. explained as format setting and signature generation.
4) Unfairness& Battery Exhaustion:
It is the node de out situation through repeat-ed collisions A. Algorithm for format setting
attacks result in the Battery exhaustion. It occurs mostly in 1) Step 1: Start
conditions like limited battery power such as Wireless Sensor 2) Step 2: Client Connection Request = CR
Network (WSN) as nodes have very limited battery power Time Stamp = TS
[16]. Client Identity = CI
5) Spoofing: 3) Step 3: The process is divided into two parts as,
It misleads the data communication by the use of evil node 1) CI = MAC ADD
for changing the direction. = 8 Digit HEXADECIMAL
6) Hello Flood Attacks: = 8×4
In this, user received hello packer b attackers for making them 2) TS = Set current system’s date & time in definite format
to use compromise node. This will forward the packets to its as MM DD YYYY hh mm
neighbor. They assume that it belongs to them leads to create = 12 Digit CHARACTER
congestion because of the generation of to the network.
7) Homing: B. Algorithm for Signature Generation
In this black hole is created by finding the node near to the 1) Step 1: Get system date & time in specific format as (D[
sink or the cluster node. They try to disable the node for black ]) and (T [ ])
hole generation. 2) Step 2: Append system as date & time to form the time
8) Selective forwarding: stamp vector TS[ ],
In this data is forwarded by malicious node through selective TS[ ] = D[ ] + T[ ]
nodes rather than all nodes. It results as packet drop due to 3) Step 3: Multiply time stamp vector TS[ ] with
the congestion on a node. substitution matrix S[ ].
9) Sybil: 4) Step 4: Pre-installed at C & S to authentic users.
This attack consists multiple identities of the node in the 5) Step 5: Achieve Quondam matrix QM [ ].
network to tem-per the flow of traffic. It makes them isolate S[ ]12×12
from the main system to disturb the communication and 𝑆1 0 0 0 0 0 0 0 0 0 0 0
utilize them for malicious purpose. 0 𝑆2 0 0 0 0 0 0 0 0 0 0
10) Wormhole: 0 0 𝑆3 0 0 0 0 0 0 0 0 0
This attack malicious record the data of packets with the 0 0 0 𝑆4 0 0 0 0 0 0 0 0
delivery of them at different locations. It is a critical attack in 0 0 0 0 𝑆5 0 0 0 0 0 0 0
which the transmission of data is done selectively. It follows 0 0 0 0 0 𝑆6 0 0 0 0 0 0
a defined route for data at the implementation of launch of the =
0 0 0 0 0 0 𝑆7 0 0 0 0 0
network. Malicious nodes are present in the shortest route. 0 0 0 0 0 0 0 𝑆8 0 0 0 0
11) Acknowledgment Flooding: 0 0 0 0 0 0 0 0 𝑆9 0 0 0
In this attack, the nodes provide the false information to get 0 0 0 0 0 0 0 0 0 𝑆10 0 0
the acknowledgment from the malicious node and create 0 0 0 0 0 0 0 0 0 0 𝑆11 0
spoofing at the neighboring node. 0 0 0 0 0 0 0 0 0 0 0 𝑆12
12) Flooding: Where, S1, S2,…..,S12 ≠ 0.
It is performed by high traffic congestion through the 6) Step 6: Achieved the value of QM12×12[ ].
generation of unnecessary messages. 7) Step 7: Extract diagonal elements from QM12×12[ ] to
13) De-synchronization: form 12 character long QS[ ].
It consists fake information produced at both ends of 8) Step 8: Append QS[ ] with CI[ ] and send it to server of
communications. It makes to retransmit the data many times M20×1 as,
in order to correct the error but results as energy exhaustion M20×1 = [ M1 M2 M3…….M20]
at one or both ends. 9) Step 9: Server receives message from client as M20×1.
D. Access Attacks 10) Step 10: Encryption finish
11) Step 11: Server separates QS[ ] & CI[ ] as,
In this, attackers obtain the remote or physical access of the
M20×1 = QS[ ]12×1 + CI[ ]8×1
system devices using IP addressing. Later, they temper and
12) Step 12: Forms Quondam signature as DM[ ]12×12 .
use the devices for malicious purposes.
13) Step 13: Obtained TS[ ] with the equation as,
TS[ ] = QM[ ] × S-1
14) Step 14: Decryption finish

All rights reserved by www.ijsrd.com 405

 Encryption/Decryption Scheme for IoT Communication to the Avoidance of Man-in-the-Middle Attack
(IJSRD/Vol. 7/Issue 09/2019/100)

V. RESULT AND DISCUSSION [5] Hwang, M. S. and Li, L. H.: A new remote user
After implementation of the process on C# tool using load authentication scheme using smart cards, IEEE
MTC and RTC, the pro-cess run successfully. It shows better Transactions on Consumer Electronics, 46(1), 28-30
results as cost in communication and communi-cation (2000).
overhead [17]. Figure 3 illustrates the achieved results in [6] Xu, J., Zhu, W. T. and Feng, D. G.: An improved smart
form of cost in com-munication (bit) for the existing systems. card based password au-thentication scheme with
It depicts the exchange procedure between payload header provable security, Computer Standards & Interfaces,
and multiple messages during Physical Unclonable Function 31(4), 723-728 (2009).
(PUF) authentication in terms of communication cost. [7] Yu, S.: Big privacy: Challenges and opportunities of
Communication cost is defined as the number of bits privacy study in the age of big data. IEEE access 4, 2751-
interchanged over the network during authentication. 2763 (2016).
[8] J. Song, A. Kunz, M. Schmidt, and P. Szczytowski.
Connecting and Managing M2M Devices in the Future
Internet. Springer Journal of Mobile Networks and
Appli-cations, 19(1), 4–17, (2014).
[9] Amirhossein, S.: Improving the Security of Internet of
Things Using Encryption Al-gorithms, International
Scholarly and Scientific Research & Innovation, 11(5),
(2017). F.: Article title. Journal 2(5), 99–110 (2016).
[10] Arbia, R. S., Enrico, N., Yacine and C., Zied C.: A
roadmap for security challenges in the Internet of Things,
Digital Communications and Networks April 2017,
http://dx.doi.org/10.1016/j.dcan.2017.04.003).
[11] Alajmi, N.: Wireless Sensor Networks Attacks and
Fig. 3: Cost in communication during authentication. Solutions, arXiv preprint arXiv:1407.6290 (2014).
[12] Diaz, A. and Pablo, S.: Simulation of attacks for security
in wireless sensor net-work, Sensors 16(11), (2016).
VI. CONCLUSION
[13] Rashid, H. and Irfan, A.: Review of Different
In this paper, novel algorithms are proposed for data Encryptionand Decryption Tech-niques Used for
encryption and decryption to solve the issue of random Security and Privacy of IoT in Different Applications,
attacks on IoT. This process generates one time accessible IEEE Interna-tional Conference on Smart Energy Grid
device signature as Quondam signature algorithm (QSA). It Engineering, (2018).
solves the issue of man-in-the-middle attack. Results shows [14] Muhammad, A. I., Oladiran, G. O. & Magdy, A. B.: A
the requirement of less cost in communication bits of Review on Internet of Things (Iot): Security and Privacy
proposed algorithm. It can also extendable towards the time Requirements and the Solution Approaches (Glob-al
frame for better analysis. Various schemes in terms cost in Journal of Computer Science and Technology: E
communication were being compared to prove the Network, Web & Security, 16(7), (2016).
significance of the results. Same work can apply as the [15] Borgohain, T., Uday, K. and Sugata S.: Survey of
solution of other attacks resent in the IoT systems. It is a security and privacy issues of Internet of Things." arXiv
secure command for executing the protocol with the options preprint arXiv:1501.02211 (2015).
to fill certain parameters for smart phones or other smart [16] El, M., Otmane, M. L. and Mostafa, B.: Internet of
devices for IoT. Things Security: Layered clas-sification of attacks and
possible Countermeasures, Electronic Journal of Infor-
REFERENCES mation Technology 9 (2016).
[1] Das, M. L.: Two-factor user authentication in wireless [17] Mughal, M. A., Luo, X., Mahmood, Z. and Ullah, A.:
sensor networks, IEEE Transactions on Wireless Physical Unclonable Func-tion Based Authentication
Communications, 8(3), 1086-1090 (2009). Scheme for Smart Devices in Internet of Things, IEEE
[2] Xue, K., Changsha, Hong, P. and Ding, R.: A temporal- International Conference on Smart Internet of Things,
credential-based mutual authentication and key (2018).
agreement scheme for wireless sensor networks, Journal
of Network and Computer Applications, 36(1), 316-323
(2013).
[3] Farash, M. S., Turkanovic, M., Kumari, S. and Holbl, M.:
An efficient user authen-tication and key agreement
scheme for heterogeneous wireless sensor network tai-
lored for the Internet of Things environment, Ad Hoc
Networks, 36, 152-176 (2016).
[4] Akyildiz, I. F., Su, W., Sankarasubramaniam, Y. and
Cayirci, E.: Wireless sensor networks: a survey,
Computer networks, 38(4), 393-422 (2002).

All rights reserved by www.ijsrd.com 406