Object Authentication in the Context of the Internet of Things: A Survey

Authors

  • Maha Saadeh Middlesex University, Dubai, UAE https://orcid.org/0000-0003-0119-5623
  • Azzam Sleit Department of Computer Science, The University of Jordan, Amman, Jordan
  • Khair Eddin Sabri Department of Computer Science, The University of Jordan, Amman, Jordan https://orcid.org/0000-0002-8865-920X
  • Wesam Almobaideen Department of Computer Science, The University of Jordan, Amman, Jordan and Rochester Institute of Technology, Dubai, UAE https://orcid.org/0000-0002-5752-9808

DOI:

https://doi.org/10.13052/jcsm2245-1439.932

Keywords:

Internet of Things, Object authentication, Authentication challenges, Identity-based Cryptography, Smart-card authentication

Abstract

Internet of Things (IoT) is considered as the future of the Internet that connects billions of objects all together. Trusted communication between these objects is a crucial requirement for the wide deployment of IoT services. Consequently, effective authentication procedures should be applied between the communicating objects. This paper provides a comprehensive survey of object authentication in the IoT. The survey aims to direct future researchers in the field of IoT object authentication by delving into the details of authentication schemes and going through different comparisons. Comparisons are based on various criteria which include authentication process characteristics, the underlying architecture, key generation and distribution techniques, supporting IoT challenges, security analysis, and performance evaluation. Additionally, this survey highlights the main issues and challenges of IoT objects authentication and recommends future research directions.

Downloads

Download data is not yet available.

Author Biographies

Maha Saadeh, Middlesex University, Dubai, UAE

Maha Saadeh received her Ph.D. degree in computer science from the University of Jordan in January 2018. She worked as a research and teaching assistant at the computer science department, The University of Jordan from September 2009 to September 2010. She is currently working with Middlesex University in Dubai, UAE. She has a number of publications in a number of local and international journals and conferences. Her research interests are wireless networks, network security, and the Internet of Things (IoT).

Azzam Sleit, Department of Computer Science, The University of Jordan, Amman, Jordan

Azzam Sleit is the Former Minister of Information and Communications Technology (2013–2015). He is currently working as a Professor of Computer Science, King Abdulla II School for Information Technology, University of Jordan, where he functioned as the Dean (2015–2016) and the Assistant President/Director of the Computer Center (2007–2009). Dr. Sleit holds B.Sc, M.Sc. and Ph.D. in Computer Science. He received his Ph.D. in 1995 from Wayne State University, Michigan. Dr. Sleit was the Chief Information Officer at Hamad Medical/Ministry of Public Health, Qatar. Before joining Hamad Medical, Dr. Sleit was the Vice President of Strategic Group & Director of Professional Services of Triada, USA, where he introduced the NGram Technology and Associative Memory Structures. Dr. Sleit authored more than one hundred refereed research papers related to Cloud Computing, Imaging Databases, Data Mining, Health and Management Information Systems and Software Engineering, published in reputable journals and conferences.

Khair Eddin Sabri, Department of Computer Science, The University of Jordan, Amman, Jordan

Khair Eddin Sabri is a professor in the Computer Science Department at The University of Jordan. He obtained his B.Sc. degree in Computer Science from the Applied Science University, Jordan in June 2001. He also received M.Sc. degree in Computer Science from The University of Jordan in January 2004 and a Ph.D. degree in Software Engineering from McMaster University, Ontario Canada in June 2010. He is a member of the Formal Requirements and Information Security Enhancement (FRAISE) Research Group. His main research interest is the formal verification and analysis of security properties.

Wesam Almobaideen, Department of Computer Science, The University of Jordan, Amman, Jordan and Rochester Institute of Technology, Dubai, UAE

Wesam Almobaideen is a full professor of computer networks and security at Rochester Institute of Technology (RIT) in Dubai. He holds a B.Sc. in computer science from Muta’h University, Karak, Jordan, M.Sc. degree from The University of Jordan, Amman, Jordan, and a Ph.D. from Bologna University, Bologna, Italy. Before joining RIT-Dubai, he was chairperson of the Department of Computer Science at the University of Jordan for five years. He has also served as Director of the Computer Center for three years, Assistant Dean of the Faculty of Graduate Studies, and Director of the Accreditation and Quality Assurance Office.

His research interests include Wireless Networks, Computer security and Cybersecurity, Internet of Things and cloud Computing. He has published more than 50 research papers in reputable conferences and journals and has supervised over 40 graduate master and doctorate level students.

References

F. Alaba, M. Othman, I. A. Hashem and F. Alotaibib, "Internet of things Security: A Survey," Journal of Network and Computer Applications, vol. 88, pp. 20-28, 2017.

K. Zhao and L. Ge, "A Survey on the Internet of Things Security," in Ninth International Conference on Computational Intelligence and Security, 2013.

W. Almobaideen, M. Allan and M. Saadeh, "SMART ARCHAEOLOGICAL TOURISM: CONTENTION, CONVENIENCE AND ACCESSIBILITY IN THE CONTEXT OF CLOUD-CENTRIC IOT," Mediterranean Archaeology and Archaeometry, vol. 16, no. 1, 2016.

W. Almobaideen, M. Saadeh, N. Al-Anbaki, R. Zaghloul and A. Aladwan, "Geographical Route Selection Based On User Public Transportation and Service Preferences," in 9th International Conference on Next Generation Mobile Apps, Services and Technologies (NGMAST), Cambridge, 2015.

S. Li, L. Da Xu and S. Zhao, "The internet of things: a survey," Information Systems Frontiers, vol. 17, no. 2, p. 243–259, 2015.

R. Khan, S. U. Khan, R. Zaheer and S. Khan, "Future Internet: The Internet of Things Architecture,Possible Applications and Key Challenges," in 10th International Conference on Frontiers of Information Technology, 2012.

S. Andreev, O. Galinina, A. Pyattaev, M. Gerasimenko, T. Tirronen, J. Torsner, J. Sachs, M. Dohler and Y. Koucheryavy, "Understanding the IoT Connectivity Landscape –A Contemporary M2M Radio Technology Roadmap," Communications Magazine, vol. 53, no. 9, pp. 32 - 40, 16 September 2015.

Z. Yan, P. Zhang and A. V. Vasilakos, "A survey on trust management for Internet of Things," Journal of Network and Computer Applications, vol. 42, p. 120–134, 2014.

M. Saadeh, . A. Sleit, M. Qatawneh and . W. Almobaideen, "Authentication Techniques for the Internet of Things: A Survey," in Cybersecurity and Cyberforensics Conference, Amman, Jordan, 2016.

K. . T. Nguyen, M. Laurent and N. Oualha, "Survey on secure communication protocols for the Internet," Ad Hoc Networks, vol. 32, pp. 17-31, September 2015.

Girish and H. Phaneendra , "Identity-Based Cryptography and Comparison with traditional Public key Encryption: A Survey," International Journal of Computer Science and Information Technologies, vol. 5, no. 4, pp. 5521-5525, 2014.

J. Baek, J. Newmarch, R. Safavi-Naini and W. Susilo, "A Survey of Identity-Based Cryptography," in Identification And Authentication Issues In Computing, Melbourne, 2004.

M. C. Gorantla, R. Gangishetti and . A. Saxena, "A Survey on ID-Based Cryptographic Primitives," 2005.

S. Zhao, A. Aggarwal, R. Frost and X. Bai, "A Survey of Applications of Identity-Based Cryptography in Mobile Ad-Hoc Networks," IEEE COMMUNICATIONS SURVEYS & TUTORIALS, vol. 14, no. 2, pp. 380 - 400, 24 March 2011.

A. Tripathi and K. Burse, "Identity based Signcryption and security attacks and prevention- A Survey," International Journal of Engineering and Technical Research, vol. 2, no. 11, pp. 167 -169, 14 November 2014.

M. Langute and H. A. Hingoliwala , "Survey: Identity- Based Encryption in Cloud Computing," International Journal of Science and Research, vol. 4 , no. 12, pp. 862-866, December 2015 .

P. Mahapatra and A. Naveena, "A Survey on Identity Based Batch Verification Scheme for Privacy and Security in VANET," International Research Journal of Engineering and Technology, vol. 3, no. 4, April 2016.

D. Kalyani and R. Sridevi, "Survey on Identity based and Hierarchical Identity based Encryption Schemes," International Journal of Computer Applications, vol. 134, no. 14, January 2016.

M. Alizadeh, S. Abolfazli, M. Zamani and S. Baharun, "Authenticationin mobile cloud computing," Journal of Network and Computer Applications, vol. 61, pp. 59-80, February 2016.

M. A. Ferrag, L. A. Maglaras, H. Janicke and J. Jiang, "Authentication Protocols for Internet of Things: A Comprehensive Survey," 2016.

S. S. Manvi and S. Tangade, "A survey on authentication schemes in VANETs for secured communication," Vehicular Communications, vol. 9, p. 19–30, 2017.

V. Radha and D. H. Reddya, "A Survey on Single Sign-On Techniques," Procedia Technology, vol. 4, p. 134 –139, 14 June 2012.

T. Limbasiy and N. Doshi, "An analytical study of biometric based remote user authentication schemes using smart cards," Computers & Electrical Engineering, vol. 59, p. 305–321, April 2017.

R. Boussada, M. E. Elhdhili and . L. A. Saidane , "Toward Privacy Preserving in IoT E-health Systems: A Key Escrow Identity-based Encryption Scheme," in 15th IEEE Annual Consumer Communications & Networking Conference (CCNC), 2018.

M. E. Hellman, "An Overview of Public Key Cryptography," IEEE Communications Magazine, vol. 40, no. 5, pp. 42 - 49, 2002.

Digital_signature, "Digital_signature," wikipedia, 2017. [Online]. Available: https://en.wikipedia.org/wiki/Digital_signature. [Accessed 11 7 2017].

X.509, "X.509," wikipedia, 2017. [Online]. Available: https://en.wikipedia.org/wiki/X.509. [Accessed 10 7 2017].

F. Chu, R. Zhang, R. Ni and W. Dai, "An ImprovedIdentity Authentication Scheme for Internet of Things in Heterogeneous Networking Environments," in Network-Based Information Systems, Gwangju, South Korea, 2013.

J. Liu, Y. Xiao and C. L. P. Chen, "Authentication and Access Control in the Internet of Things," in 32nd International Conference on Distributed Computing Systems Workshops, 2012.

O. Salman , . S. Abdallah , . I. H. Elhajj , . A. Chehab and A. Kayssi , "Identity-Based Authentication Scheme for the Internet of Things," in Computers and Communication (ISCC), Messina, Italy, 2016.

A. K. Ranjan and . M. Hussain, "Terminal Authentication in M2M Communications in the Context of Internet of Things," in Twelfth International Multi-Conference on Information Processing, 2016.

S. Kalra and S. K. Sood, "Secure authentication scheme for IoT and cloud servers," PervasiveandMobileComputing, vol. 24, pp. 210-223, December 2015.

C.-C. Chang, H.-L. Wu and C.-Y. Sun, "Noteson‘‘Secure authentication scheme for IoT and cloud servers’’," Pervasive and Mobile Computing, vol. 38, p. 275–278, July 2017.

L. Zhang, S. Tang and H. Luo, "Elliptic Curve Cryptography-Based Authentication with Identity Protection for Smart Grids," 23 March 2016.

F. N. Mohades and M. H. Y. Moghadam, "An ECC-Based Mutual Authentication Scheme with One Time Signature (OTS) in Advanced Metering Infrastructure," Amirkabir International Journal of Science & Research (Modeling, Identification, Simulation & Control) AIJ-MISC)) , vol. 46, no. 1, pp. 31- 44, 2014.

F. F. Moghaddam, S. G. Moghaddam and S. Rouzbeh, "A Scalable and Efficient User Authentication Scheme for Cloud Computing Environments," in Region 10 Symposium, 2014.

C. Powell, T. Aizawa and M. Munetomo, "Design of an SSO Authentication Infrastructure for Heterogeneous Inter-cloud Environments," in 3ed international conference on cloud networking (CloudNet), 2014.

N. Lincke, N. Kuntze and C. Rudolph, "Distributed Security Management for the IoT," in IFIP/IEEE International Symposium on Integrated Network Management (IM), Ottawa, 2015.

A. Tewari and B. B. Gupta, "A Robust Anonymity Preserving Authentication Protocol for IoT Devices," in IEEE International Conference on Consumer Electronics (ICCE), 2018.

A. Shamir, "Identity-based cryptosystems and signature schemes," In Advances in Cryptology CRYPTO ’84, of LNCS, vol. 196, pp. 47-53, 1984.

D. Boneh and M. Franklin, "Identity-Based Encryption from the Weil Pairing," SIAM J. of Computing,, vol. 32, no. 3, pp. 586-615, 2003.

D. He, N. Kumar, K.-K. R. Choo and W. Wu, "Efficient Hierarchical Identity-Based Signature With Batch Verification for Automatic Dependent Surveillance-Broadcast System," IEEE Transactions on Information Forensics and Security, vol. 12, no. 2, pp. 454 - 464, 2017.

Y. Zhang, . L. Yang and . S. Wang , "An Efficient Identity-Based Signature Scheme for Vehicular Communications," in Computational Intelligence and Security (CIS), Shenzhen, China, 2015.

X. Hu, . Y. Yang, Y. Liu, J. Wang and X. Xiong, "A Highly Efficient and Identity-Based Proxy Signature Scheme without Random Oracle," in Information Technology and Electronic Commerce, Dalian, China, 214.

L. Ma, "Two Efficient Identity Based Signature Schemes," in Emerging Intelligent Data and Web Technologies, Xi'an, China, 2013.

F. Li, D. Zhong and . T. Takagi, "Practical Identity-Based Signature for Wireless Sensor Networks," WIRELESS COMMUNICATIONS LETTERS, vol. 1, no. 6, pp. 637-640 , DECEMBER 2012.

. P. Gopal, . P. V. Reddy and T. Gowri, "New identity based signature scheme using bilinear pairings over elliptic curves," in Advance Computing Conference, Ghaziabad, India, 2013.

X. Fei, Y. Zhu and X. Luo, "Efficient Identity-Based Signature Scheme in the Standard Model," in Advanced Computer Theory and Engineering, Chengdu, China, 2010.

L. Bao-juan and S. Shao-bo , "Identity based Signatures Schemes," in Communication Software and Networks, Xi'an, China, 2011.

H. Li, Y. Dai, L. Tian and H. Yang, "Identity-Based Authentication for Cloud Computing," in IEEE International Conference on Cloud Computing, 2009.

L. Yan, C. Rong and G. Zhao, "Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography," in IEEE International Conference on Cloud Computing, 2009.

A. Qousini, "Role-Based Access Control Model for Privacy Preservation in Cloud Computing Environment," The University of Jordan, Amman, 2015.

C. Wang , "An Efficient Fuzzy Identity-based Signature Scheme with out Bilinear Pairings," in Computational Intelligence and Security, Kunming, China, 2014.

J. Baek , Y.-j. Byon, E. Hableel and M. Al-Qutayri , "An Authentication Framework for Automatic Dependent Surveillance-Broadcast Based on Online/Offline Identity-Based Signature," in P2P, Parallel, Grid, Cloud and Internet Computing, COMPIEGNE, France, France, 2013.

R. Yasmin, E. Ritter and G. Wang , "AnAuthenticationFrameworkforWirelessSensorNetworksusingIdentity-Based Signatures," in Computer and Information Technology , Bradford, UK, 2010.

S. H. Islam and . G. Biswas, "A pairing-free identity-based two-party authenticated key agreement protocol for secure and efficient communication," Journal of King Saud University - Computer and Information Sciences, vol. 29, no. 1, p. 63–73, January 2017.

T. Markmann, T. C. Schmidt and M. Wählisch, "Federated End-to-End Authentication for the Constrained Internet of Things Using IBC and ECC," in Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, London, United Kingdom, 2015.

J. ZHANG , W. BAI and Y. WANG, "Non-Interactive ID-Based Proxy Re-Signature Scheme for IoT Based on Mobile Edge Computing," IEEE Access, vol. 7, pp. 37865-37875, 2019.

A. Goel , G. Gupta , M. Bhushan and N. Nirwal, "Identity Management in Hybrid Cloud," in Green Computing and Internet of Things, Noida, India, 2015.

Y.-M. Tseng, T.-T. Tsai , S.-S. Huang and C.-P. Huang, "Identity-Based Encryption with Cloud Revocation Authority and Its Applications," IEEE Transactions on Cloud Computing, vol. PP, no. 99, 10 March 2016.

R. Rosli, Y. Yusoff and H. Hashim, "Performance Analysis of ID-Based Authentication On Zigbee Transceiver," in IEEE symposium on Wireless Technology and Applications (ISWTA), Bandung, Indonesia, 2012.

Y. Yussoff, H. Hashim and M. Baba, "Identity-based Trusted Authentication in Wireless Sensor Network," International Journal of Computer Science Issues (IJCSI), vol. 9, no. 3, p. 230, 2012.

V. L. Shivraj , M. A. Rajan , M. Singh and P. Balamuralidhar, "One Time Password Authentication Scheme based on Elliptic Curves for Internet of Things (IoT)," in The 5th IEEE National Symposium on Information Technology: Towards Smart World, Riyadh, Saudi Arabia, 2015.

R. Boussada, M. E. Elhdhili and L. A. Saidane, "Toward Privacy Preserving in IoT E-health Systems: A Key Escrow Identity-based Encryption Scheme," in 15th IEEE Annual Consumer Communications & Networking Conference (CCNC), 2018.

K. Xue, P. Hong and C. Ma, "A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture," Journal of Computer and System Sciences, vol. 80, no. 1, pp. 195-206, February 2014.

T.-H. Chen, H.-l. Yeh and W.-K. Shih, "An Advanced ECC Dynamic ID-Based Remote Mutual Authentication Scheme for Cloud Computing," in Fifth FTRA International Conference on Multimedia and Ubiquitous Engineering, 2011.

J.-L. Tsai and N.-W. Lo, "A Privacy-Aware Authentication Scheme for Distributed Mobile Cloud Computing Services," IEEE SYSTEMS JOURNAL, vol. 9, no. 3, pp. 805 - 815, 2015.

A. K. Das and B. Bruhadeshwar, "A Biometric-Based User Authentication Scheme for Heterogeneous Wireless Sensor Networks," in 27th International Conference on Advanced Information Networking and Applications Workshops, 2013.

M. Sarvabhatla and C. S. Vorugunti, "A Secure Biometric-Based User Authentication Scheme for Heterogeneous WSN," in Fourth International Conference of Emerging Applications of Information Technology, 2014.

H.-R. Tseng, R.-H. Jan and W. Yang, "A Robust Password-based Authentication Scheme for Heterogeneous Sensor Networks," Communications of IICM, vol. 11, no. 3, pp. 1-13, 2008.

A. Mnif, O. CheIkhrouhou and M. B. JEMAA, "An ID-based User Authentication Scheme for Wireless Sensor Networks using ECC," in International Conference on Microelectronics (ICM), Hammamet, 2011.

M. Sarvabhatla, L. Kodavali and C. vorugunti, "An Energy Efficient Temporal Credential Based Mutual Authentication Scheme for WSN," in 3rd International Conference on Eco-friendly Computing and Communication Systems, 2014.

X. Li, Y. Xiong and W. Wang, "An efficient and security dynamic identity based authentication protocol for multi-serverarchitectureusingsmartcards," Journal of Network and Computer Applications, vol. 35, no. 2, pp. 763-769, March 2012.

R. Amin, N. Kumar, G. Biswas, R. Iqbal and V. Chang, "A light weight authentication protocol for IoT-enabled devices in distributed Cloud Computing environment," Future Generation Computer Systems, pp. 1-27, 29 December 2016.

M. Turkanović, B. Brumen and M. Hölbl, "A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion," Ad Hoc Networks, vol. 20, pp. 96-112, September 2014.

F. Wu, . L. Xu, S. Kumari, . X. Li, J. Shen, . K.-K. R. Choo, . M. Wazid and . A. K. Das, "An efficient authentication and key agreement scheme for multi-gateway wireless sensor networks in IoT deployment," Journal of Network and Computer Applications, vol. 89, p. 72–85, July 2017.

J. Srinivas, S. Mukhopadhyay and . D. Mishra, "Secure and efficient user authentication scheme for multi-gateway wireless sensor networks," Ad Hoc Networks, vol. 54, p. 147–169, January 2017.

S. Park , N. Crespi, H. Park and S.-H. Kim, "IoT Routing Architecture with Autonomous Systems of Things," in IEEE World Forum on Internet of Things (WF-IoT), 2014.

M. I. Hussain, "Internet of Things: challenges and research opportunities," CSI Transactions on ICT, vol. 5, no. 1, p. 87–95, march 2017.

K. Nahrstedt, H. Li, P. Nguyen, S. Chang and L. Vu, "Internet of Mobile Things: Mobility-Driven Challenges, Designs and Implementations," in IEEE First International Conference on Internet-of-Things Design and Implementation, 2016.

J. Granjal, E. Monteiro and J. Sá Silva, "Security for the Internet of Things: A Survey of Existing Protocols and Open Research issues," IEEE Communications Surveys & Tutorials, vol. 17, no. 3, pp. 1294 - 1312, 2015.

Downloads

Published

2020-07-01

Issue

Section

Articles