Esquema de Autenticação e Acordo de Chaves para Internet das Coisas

Degemar Pereira da Silva; Ramon Fontes; Augusto Neto; Gustavo Girao Barreto Da Silva; Roger Immich

doi:10.5753/wgrs.2023.780

Degemar Pereira da Silva UFRN
Ramon Fontes UFRN
Augusto Neto UFRN
Gustavo Girao Barreto Da Silva UFRN
Roger Immich UFRN

DOI: https://doi.org/10.5753/wgrs.2023.780

Abstract

The Internet of Things (IoT) continues to advance by leaps and bounds, allowing more and more devices to be connected to the Internet every day. This technology faces several challenges, including information security and privacy. In IoT environments, security is essential to prevent the entry of malicious devices, provide secure communication, and protect sensitive data. The present work presents AuThenTication and Key Agreement sCHeme for Internet of Things (ATTACH-IoT). The proposed scheme was developed using XOR logic gates, symmetric cryptography, and hash functions. In addition, the Physical Unclonable Functions (PUF) technique was adopted for the unique and automatic identification of IoT devices, thus allowing the environment to be configured autonomously without needing to add a user and password for each of the devices. A proof of concept was implemented using containers, and formal validation was performed using Scyther. The results showed the proposed scheme’s efficiency, meeting all the security requirements tested by the tool.

References

Bittencourt, L. et al. (2018). The internet of things, fog and cloud continuum: Integration and challenges. Internet of Things, 3-4:134 – 155.

Bolotnyy, L. and Robins, G. (2007). Physically unclonable function-based security and privacy in rfid systems. In Fifth Annual IEEE International Conference PerCom, pages 211–220.

Cremers, C. J. F. (2008). The scyther tool: Verification, falsification, and analysis of security protocols. In Gupta, A. and Malik, S., editors, Computer Aided Verification, pages 414–418, Berlin, Heidelberg. Springer Berlin Heidelberg.

do Prado, P. F. et al. (2021). Mobile Edge Computing for Content Distribution and Mobility Support in Smart Cities, pages 473–500. Springer International Publishing, Cham.

Fernandes, R. et al. (2020). S3as: uma solução de autenticação e autorização através de aplicativos de smartphones. Revista Eletrônica Argentina-Brasil de Tecnologias da Informação e da Comunicação, 3(1).

Fiorenza, M. and et al. (2021). Representação e aplicação de políticas de segurança em firewalls de redes híbridas. In Anais do XXXIX Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 490–503, Porto Alegre, RS, Brasil. SBC.

Garcia-Morchon, O. et al. (2019). Internet of Things (IoT) Security: State of the Art and Challenges. RFC 8576.

Hassija, V. et al. (2019). A survey on iot security: Application areas, security threats, and solution architectures. IEEE Access, 7:82721–82743.

il Bae, W. and Kwak, J. (2017). Smart card-based secure authentication protocol in multiserver IoT environment. Multimedia Tools and Applications, 79(23-24):15793–15811.

Kreutz, D. et al. (2020). Auth4app: Protocols for identification and authentication using mobile applications. In Anais do XX SBSEG, pages 422–435, Porto Alegre, RS, Brasil. SBC.

Lee, J. et al. (2019). Secure three-factor authentication protocol for multi-gateway IoT environments. Sensors, 19(10):2358.

Oh, J. et al. (2021). A secure and lightweight authentication protocol for iot-based smart homes. Sensors, 21(4).

Pisani, F. et al. (2020). Fog computing on constrained devices: Paving the way for the future iot. Advances in Edge Computing: Massive Parallel Processing and Applications, 35:22.

Rührmair, U. and Holcomb, D. E. (2014). Pufs at a glance. In 2014 Design, Automation Test in Europe Conference Exhibition (DATE), pages 1–6.

Zhu, F. et al. (2019). A lightweight rfid mutual authentication protocol with puf. Sensors, 19(13).