FLAT: Um Protocolo de Autenticação Federada para a Internet das Coisas
Abstract
The expansion of the Internet of Things (IoT) creates a great challenge regarding the authentication of devices, especially when one considers the restriction of computational resources and the potential mobility of these devices between different authentication domains. Our solution, FLAT, is a federated authentication protocol specially suited for IoT, using symmetric cryptographic primitives when communicating with the resource constrained IoT Client. We present a prototype of the protocol and scenarios where it can be applied, as well as an evaluation of the computational and communication costs, whose results showed a reduction of around 36% in total communication costs.
References
Abomhara, M. and Køien, G. M. (2014). Security and privacy in the internet of things: Current status and open issues. In PRISMS 2014, pages 1–8.
Aranha, D. F. and Gouvêa, C. P. L. RELIC is an Efcient LIbrary for Cryptography. https://github.com/relic-toolkit/relic.
Atzori, L., Iera, A., and Morabito, G. (2010). The internet of things: A survey. Computer Networks, 54(15):2787 – 2805.
Brown, D. R., Gallant, R., and Vanstone, S. A. (2001). Provably secure implicit certicate schemes. In FC’01 Financial Cryptography, pages 156–165. Springer.
Cirani, S., Picone, M., Gonizzi, P., Veltri, L., and Ferrari, G. (2015). IoT-OAS: An OAuthbased Authorization Service Architecture for Secure Services in IoT Scenarios. IEEE Sensors Journal, 15(2):1224–1234.
Domenech, M. C., Boukerche, A., and Wangham, M. S. (2016). An Authentication and Authorization Infrastructure for the Web of Things. In Q2SWinet. ACM.
Fremantle, P. and Aziz, B. (2016). Oauthing: privacy-enhancing federation for the internet of things. In Cloudication of the Internet of Things (CIoT), pages 1–6. IEEE.
Fremantle, P., Aziz, B., Kopecký, J., and Scott, P. (2014). Federated identity and access management for the internet of things. In SIoT’14.
Hong, J., Levy, A., and Levis, P. (2016). Demo: Building Comprehensible Access Control for the Internet of Things Using Beetle. In MobiSys’16.
Koppula, S. and Muthukuru, J. (2016). Secure digital signature scheme based on ellipInternational Journal of Electrical and Computer tic curves for internet of things. Engineering, 6(3):1002.
Lopez, D. R., Macias, J., Molina, M., Rauschenbach, J., Solberg, A., and Stanica, M.(2006). Deliverable DJ5.2.3.1: Best Practice Guide – AAI Cookbook. Géant 2.
Menezes, A. J., van Oorschot, P. C., and Vanstone, S. A. (2001). Handbook of Applied Cryptography. CRC Press.
Neuman, C., Yu, T., Hartman, S., and Raeburn, K. (2005). The kerberos network authentication service (v5). RFC 4120, RFC Editor.
Nogueira, H., Custodio, R. F., Moecke, C. T., and Wangham, M. S. (2011). Using notary based public key infrastructure in shibboleth. In SBSeg’11, pages 405–413. SBC.
Sasso, F. C., De Moraes, R. A. R., and Martina, J. E. (2014). A proposal for a unied identity card for use in an academic federation environment. In Availability, Reliability and Security (ARES), 2014 Ninth International Conference on, pages 265–272. IEEE.
Shim, S. S., Bhalla, G., and Pendyala, V. (2005). Federated identity management. Computer, 38(12):120–122.
Silva, C. E. and Silva, G. C. (2017). Uma proposta de arquitetura para autorização federada com internet das coisas. In SBSeg’17, pages 783–766. SBC.
Suh, G. E. and Devadas, S. (2007). Physical unclonable functions for device authentication and secret key generation. In Proceedings of the 44th DAC, pages 9–14. ACM.
Ververidis, C. N. and Polyzos, G. C. (2008). Service discovery for mobile ad hoc networks: a survey of issues and techniques. IEEE Communications Surveys & Tutorials, 10(3).
Wangham, M. S., Mello, E. R. d., Souza, M. C., and Coelho, H. (2013). Gidlab: Laboratório de experimentação em gestão de identidades. In SBSeg’13, pages 481–486. SBC.
Wei, J. (2014). How wearables intersect with the cloud and the internet of things : Considerations for the developers of wearables. IEEE Consumer Electronics Magazine, 3(3):53–56.
Witkovski, A., Santin, A., Abreu, V., and Marynowski, J. (2015). An IdM and Key-based Authentication Method for Providing Single Sign-On in IoT. In GLOBECOM. IEEE.
Aranha, D. F. and Gouvêa, C. P. L. RELIC is an Efcient LIbrary for Cryptography. https://github.com/relic-toolkit/relic.
Atzori, L., Iera, A., and Morabito, G. (2010). The internet of things: A survey. Computer Networks, 54(15):2787 – 2805.
Brown, D. R., Gallant, R., and Vanstone, S. A. (2001). Provably secure implicit certicate schemes. In FC’01 Financial Cryptography, pages 156–165. Springer.
Cirani, S., Picone, M., Gonizzi, P., Veltri, L., and Ferrari, G. (2015). IoT-OAS: An OAuthbased Authorization Service Architecture for Secure Services in IoT Scenarios. IEEE Sensors Journal, 15(2):1224–1234.
Domenech, M. C., Boukerche, A., and Wangham, M. S. (2016). An Authentication and Authorization Infrastructure for the Web of Things. In Q2SWinet. ACM.
Fremantle, P. and Aziz, B. (2016). Oauthing: privacy-enhancing federation for the internet of things. In Cloudication of the Internet of Things (CIoT), pages 1–6. IEEE.
Fremantle, P., Aziz, B., Kopecký, J., and Scott, P. (2014). Federated identity and access management for the internet of things. In SIoT’14.
Hong, J., Levy, A., and Levis, P. (2016). Demo: Building Comprehensible Access Control for the Internet of Things Using Beetle. In MobiSys’16.
Koppula, S. and Muthukuru, J. (2016). Secure digital signature scheme based on ellipInternational Journal of Electrical and Computer tic curves for internet of things. Engineering, 6(3):1002.
Lopez, D. R., Macias, J., Molina, M., Rauschenbach, J., Solberg, A., and Stanica, M.(2006). Deliverable DJ5.2.3.1: Best Practice Guide – AAI Cookbook. Géant 2.
Menezes, A. J., van Oorschot, P. C., and Vanstone, S. A. (2001). Handbook of Applied Cryptography. CRC Press.
Neuman, C., Yu, T., Hartman, S., and Raeburn, K. (2005). The kerberos network authentication service (v5). RFC 4120, RFC Editor.
Nogueira, H., Custodio, R. F., Moecke, C. T., and Wangham, M. S. (2011). Using notary based public key infrastructure in shibboleth. In SBSeg’11, pages 405–413. SBC.
Sasso, F. C., De Moraes, R. A. R., and Martina, J. E. (2014). A proposal for a unied identity card for use in an academic federation environment. In Availability, Reliability and Security (ARES), 2014 Ninth International Conference on, pages 265–272. IEEE.
Shim, S. S., Bhalla, G., and Pendyala, V. (2005). Federated identity management. Computer, 38(12):120–122.
Silva, C. E. and Silva, G. C. (2017). Uma proposta de arquitetura para autorização federada com internet das coisas. In SBSeg’17, pages 783–766. SBC.
Suh, G. E. and Devadas, S. (2007). Physical unclonable functions for device authentication and secret key generation. In Proceedings of the 44th DAC, pages 9–14. ACM.
Ververidis, C. N. and Polyzos, G. C. (2008). Service discovery for mobile ad hoc networks: a survey of issues and techniques. IEEE Communications Surveys & Tutorials, 10(3).
Wangham, M. S., Mello, E. R. d., Souza, M. C., and Coelho, H. (2013). Gidlab: Laboratório de experimentação em gestão de identidades. In SBSeg’13, pages 481–486. SBC.
Wei, J. (2014). How wearables intersect with the cloud and the internet of things : Considerations for the developers of wearables. IEEE Consumer Electronics Magazine, 3(3):53–56.
Witkovski, A., Santin, A., Abreu, V., and Marynowski, J. (2015). An IdM and Key-based Authentication Method for Providing Single Sign-On in IoT. In GLOBECOM. IEEE.
Published
2018-05-10
How to Cite
SANTOS, Maria L. B. A.; CARNEIRO, Jéssica C.; FRANCO, Antônio M. R.; TEIXEIRA, Fernando A.; HENRIQUES, Marco A.; OLIVEIRA, Leonardo B..
FLAT: Um Protocolo de Autenticação Federada para a Internet das Coisas. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 36. , 2018, Campos do Jordão.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2018
.
p. 477-490.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2018.2436.
