UNIT III

AUTHENTICATION IN IOT
Topics: Authentication in IoT- Computational Security for the IoT- Privacy-
Preserving time Series Data Aggregation- Secure Path Generation Scheme for
Real-Time Green Internet of Things.

3.1 Authentication in IoT

Authentication refers to the process to guarantee that an entity is who
it claims to be or that information has not been changed by an unauthorized
party. Authentication is classified by the security objective specific to a
service, such as message authentication, entity authentication, key
authentication, nonrepudiation, and access control.
Message authentication assures the integrity and origin of the
information. As synonyms of message authentication, data integrity preserves
the information from unauthorized alteration, while data origin authentication
assures the identity of the data originator; data origin authentication implies
data integrity because the originator is no longer the source of the modified
message.
Entity authentication, also named endpoint authentication or
identification, assures both the identity and the presence of the claimant at the
time of the process. The timely verification of one’s identity is either mutual,
when both parties—sender and receiver, for example—are confirmed with
each other, or unilateral, if only one party is assured of the other’s identity.
Key authentication assures the linkage of an entity and its key(s), which
extends to broader aspects of key management from key
establishment/agreement, key distribution, key usage control, and the key life
cycle. Key authentication plays a vital role in the Internet age when users
cannot meet face-to-face to exchange keys or know each other personally to
verify the keys. Trusted third parties’ step in as the certification authority
(CA) responsible for vouching for the key’s authenticity, such as binding keys
to distinct individuals, maintaining certificate usage, and revoking
certifications.
Nonrepudiation prevents an entity from denying its previous action;
often, a trusted third party is needed to resolve a dispute due to an entity
denying that it committed a certain action or no action.
Access control or authorization, following successful entity
authentication, posts selective restrictions on an entity to use data/resources.

To clear up the confusion in terms of authentication, this concept

classifies authentication by timeliness into two categories, from which the
others can be derived:
1. Entity authentication in real time: Alice and Bob, both active in the
communication, assure each other’s identity with no time delay.
2. Message authentication in an elastic time frame: Alice and Bob exchange
messages with assurance of the integrity and the origin of the messages
even at a later time.

Traditionally (before the mid-1970s), authentication was intrinsically

connected with secrecy. For example, password authentication during ancient
wartime was kept as a shared secret, such as a word between parties;
demonstrating the knowledge of this secret by revealing the word proved the
corroboration of the entity’s identity and then granted the entity a pass into
the territory.
Fixed-password schemes, involving time-invariant passwords, are
considered weak authentication, subject to attacks by eavesdropping and
exhaustive searching. Various techniques are applied to fixed-password
schemes to strengthen secrecy. Instead of a clear text password, the password
is encrypted to make it unintelligible or is salted/augmented with a random
string to increase the complexity of dictionary attack. However,
authentication does not require secrecy, as the discovery of hash functions
and digital signatures showed.

3.2 Computational Security for the IoT

The IoT will build bridges between the existing complex systems by
extending the reach of the Internet into the physical world. This will allow
deeper integration of the human world with nature (down to nanoscale levels)
as well as more efficient utilization of resources by intelligent management
of flows of people, goods, and assets. The goal is to build pervasive systems
and environments that are reliable, unobtrusive, autonomous, and secure. The
intelligent systems and smart environments involving the IoT can be
considered to be generalizations of the Internet. The controllability of the
systems and environments will be enhanced significantly through a network
of nested heterogeneous networks with numerous hybrid interfaces, leading
to a formation of an extremely complex system of systems. The intelligence
will especially concern the interfaces, while the objects and processes will be
assigned their unique identifications (IDs). The information flows pertinent
to such intelligence must be governed by information security policies
including information labeling (classification), modification, ownership, and
accountability.
The proliferation of the IoT will enable access to information about any
environment and about the status of any object, anytime, and anywhere.
Establishing these information highways is driven by the deployment of
various IoT sensors (physical devices) and markers (logical devices). In
addition to ubiquitous sensors, the radiofrequency ID (RFID) tags are another
key enabler of the IoT, even though these tags often have very limited
computational and memory capabilities.
So far, the security of the RFID networks concerns the use of so-called
blocker tags and the establishment of privacy zones. Information extracted
from the data reported by the IoT is vital to make meaningful decisions to
move the system toward a desirable state. Thus, the emergence of the IoT will
have profound effects on functionality, dynamics, processes, and activities,
including security of many if not all systems on the earth:

▪ The existing (already complex) systems will become more closely

interconnected and immersed.
▪ The interactions of components within and in between systems will
increase.
▪ The existing services will be modified while the opportunities for new
services will emerge.
▪ Our perception of the environment and the reality we live in will
change.
▪ The scale and scope of security problems (among others) will greatly
expand.
For example, the Internet redefined social interactions and is affecting the
structure and functions of the human brain. Nanoparticles are now used for
sensing the biochemical processes inside biological cells and for drug
delivery. The utility grids are enhanced using secure data aggregation to
optimize energy consumption.
The IoT will also drive machine-to-machine (M2M) communications.
Moreover, machine-to-human (M2H) communications are expected to be
increasingly more important; for instance, to enhance human brain
capabilities, and at the same time, to also enhance machines by exploiting the
computational power of the human brain. The IoT networks can be even used
to implement brain-to-brain communications. In general, the human brain is
the subject of intensive ongoing research. For instance, the brain’s complexity
has been created in only 4.5 million years as a direct consequence of social
interactions and our ability to bypass natural selection. Unlike very similar
biological structures of the body in all human beings, brain structures show
enormous variations among individuals.
As the human brain is primarily responsible for creating our culture as
well as for making decisions, the brain and our mind are now also the subject
of serious security concerns. In particular, a new concept of so-called
nonlinear or hybrid, network-centered wars involving political, economical,
social, psychological, and information contactless encounters as well as
conventional military operations, is outlined in a report.
This report, frequently debated on the Internet, argues that mankind has
entered a new era of permanent war, with the current phase being
psychological warfare, primarily targeting human thinking and decision-
making. As well as the for-Internet media, such warfare can exploit new data
from mobile phone sensors, and from enhanced personal communications and
other ambient technologies to affect our perceptions of reality, and also, in
turn, our decisions.
In summary, we may expect emergence of ecosystems of
interconnected things deployed in diverse environments with many industries
and players involved to make the world we live in more intelligent,
predictable, and controllable.
Complex systems are the main focus of many current scientific and
technical investigations. These systems can be conveniently modeled as
graphs representing interactions of a large number of nodes. They usually
require multiple models of different types at different spatiotemporal scales.
As an example, Figure 14.1 shows three interacting systems, with Network B
acting as a bridge or interface between Networks A and C. For example,
Network A is the human brain, Network C is the surrounding environment,
and Network B are the IoT sensors and actuators. Even though the security of
computer networks and of cyber systems have been studied and understood
extensively, the security of more general systems having a network-like
structure seems to be a new subject.

Figure 14.1: An example of three interacting networks (the gateway

nodes are filled) where, e.g., (a) is the human brain, (c) represents the
surrounding environment, and (b) is the IoT network creating the bridge
between the other two networks.

In general, security provisioning requires extra resources, and often, to trade

off reliability, availability, and security. The current approaches to security
emphasize prevention with pervasive monitoring and control through passive
protection, perhaps mimicking security as it evolved in nature. The security
of all systems can be described using security policies and procedures. For
networks involving technology, security must also account for hardware and
software implementations and their updates.

When considering the security of complex sociotechnical networks, the

main challenges accelerating the demand for their security are:
 ➢ Highly fragmented systems with diverse components and hybrid
interfaces.
➢ Components with varying levels of security certification, standards
compliance and interoperability.
➢ A mixture of components designed with embedded security features
and those with security added as an extra feature.
➢ A highly competitive environment with many manufacturers,
operators, contractors, suppliers, etc.
➢ The convergence of information and operation technologies.
➢ A growing need for remote access and management of subsystems.
➢ A paradigm shift in the motives and targets of the adversaries, fuelled
by IoT characteristics.

Ultimately, security provisioning must aim at

➢ Developing and supporting widely accepted good security practices

across IoT industries.
➢ Identifying security monetization opportunities and accounting for
underlying costs.
➢ Developing universal, systematic approaches to holistic security that
encompass all complex systems affecting our lives.
➢ Developing automated security threat (risk) assessments and security
analytics for arbitrary complex systems or their subsystems.

Some of these challenges and aims can be addressed by implementing

security at multiple scales, at different segments and at multiple layers.
Similarly to other networked services and functions, security can be either
implemented within the network core or at the network’s edges; a viable
network security will likely require combination of both these approaches.
3.3 Privacy-Preserving time Series Data Aggregation

Introduction:
The IoT can find many applications in the real world, including
eHealthcare systems, smart homes, environmental monitoring, industrial
automation, and smart grids, as shown in Table 15.1.

The IoT has attracted a lot of attention; and yet, despite all the attention,
many security and privacy challenges have remained. Since most devices in
the IoT are often deployed in unattended areas, they are vulnerable to physical
attacks that are not detected immediately; and the nature of broadcasting
using wireless communication also makes it easy for an attacker to launch an
eavesdropping attack. As many research efforts have been made about IoT
security challenges, the main focus is on addressing privacy challenges in the
IoT.
To address privacy challenges, that is, to protect an individual device’s
data privacy in the IoT, many privacy-preserving data aggregation schemes
have been proposed. However, most of them only support one-dimensional
data aggregation, which sometimes cannot meet the accuracy requirements of
IoT scenarios. Although EPPA deals with multidimensional data aggregation,
it may not support large-space data aggregation very well.

Therefore, aiming at the above challenges, we propose a novel privacy-

preserving time series aggregation scheme for the IoT, which is characterized
by exploiting the properties of group Z∗p2 to support data aggregation for both
small plaintext space and large plaintext space at the same time, which is thus
more efficient than traditional data aggregation. Concretely, the main
contributions are threefold.

➢ Firstly, we propose a novel privacy-preserving time series aggregation

scheme based on the group Z∗p2. The proposed scheme can use one single

aggregated piece of data to achieve both small plaintext space aggregation

and large plaintext space aggregation in a privacy-preserving way at the

same time.

➢ Secondly, with a formal security-proof technique, we show that our

proposed scheme can achieve each individual node’s data privacy

preservation.

➢ Finally, we implement our proposed scheme in Java and run extensive

experiments to validate its efficiency in terms of low computational cost

and communication overheads, and discuss the trade-off between utility

and differential privacy levels.

3.4 Secure Path Generation Scheme for Real-Time Green
Internet of Things

The IoT is expected to offer promising solutions to transform the

operation and role of many existing systems such as transportation systems
and manufacturing systems, and enables applications in many domains.

The IoT aims to connect different things over networks. The goal of the
IoT is to provide a good and efficient service for many applications. A real-
time IoT application must react to stimuli from its environment within time
intervals dictated by its environment. The instant when a result must be
produced is called a deadline.

Wireless sensor networks (WSNs) have recently been in the limelight

for many domains. The IoT can be explained as a general-purpose sensor
network.

WSNs will constitute an integral part of the IoT paradigm, spanning

many different application areas. Since sensor nodes usually are developed
by low-cost hardware, one major challenge in the development of many
sensor network applications is to provide high-security features with limited
resources.

3.4.1 Data gathering of IoT

The IoT is a novel networking paradigm which allows the

communication among all sorts of physical objects over the Internet. In the
IoT paradigm, many of the objects that surround us will be on the network in
one form or another. Ubiquitous sensing enabled by WSN technologies cuts
across many areas of modern-day living. This offers the ability to measure,
infer, and understand environmental indicators, from delicate ecologies and
natural resources to urban environments.

Recent technological advances have enabled the development of low-

cost, low-power, and multifunctional sensor devices. These nodes are devices
with integrated sensing, processing, and communication capabilities. Sensor
technology has enabled a broad range of ubiquitous computing applications,
such as agricultural, industrial, and environmental monitoring.

As shown in Figure 3.4.1, WSN can work as part of the IoT; the
collection and processing of such data leads to unprecedented challenges in
mining and processing such data. Such data needs to be processed in real time
and the processing may be highly distributed in nature. However, sensor
networks are different from traditional networking. The sensor network has
some physical resource constraints and special properties, thus contributing
to the green IoT concept.

Figure 3.4.1: System model with multihop communications in the green

internet of things.
 We need to redesign the management methodology for it. The physical
resource constraints of the sensor network include limited bandwidth and
quality of service (QoS), limited computation power, limited memory size,
and a limited supply of energy. The effective lifetime of the sensor is
determined by its power supply. Energy conservation is one of the main
system design issues.

In scientific settings, WSNs can act as intelligent data collection

instruments; one might task the relevant subset of nodes to sense the physical
world and transmit the sensed values, using multihop communication paths,
toward a base station where all the processing takes place. Since the energy
cost of processing data is one order of magnitude smaller than the energy cost
of transmitting the same data, it is more energy efficient to carry out as much

processing as possible inside the WSN, as this is likely to reduce the number
of bytes that are transmitted to the base station.