Timestamp Based OTP and Enhanced RSA Key Exchange Scheme with SIT Encryption to Secure IoT Devices
Keywords:Device Encryption, Lightweight RSA, Time-based Authentication,, IoT, Security
The Internet of Things (IoT) has become an emerging technology and is expected to connect billions of more devices to the internet in the near future. With time, more and more devices like wearables, intelligent home systems, and industrial automation devices are getting connected to the internet. IoT devices primarily transfer data using wireless communication networks, introducing more vulnerabilities like man-in-the-middle-attacks and eavesdropping. These security concerns are customary for any device communicating over the internet because of its intrinsic open nature. These problems are usually subdued by conventional cryptographic algorithms used in typical systems that are power-hungry and computationally intensive, making them infeasible to be used in IoT devices since they run on low-powered chips, limiting performance, memory, and bandwidth. Hence, there is a requirement to adopt lightweight cryptographic algorithms that can abate the security issues while using low computational resources, which is the constraint in the given scenario. Hence, we propose an end-to-end secured IoT system that ensures the system’s integrity is never compromised using lightweight cryptographic algorithms. We propose a three-module system, where the first module handles user authentication using a time-based one-time password, the second secures communication using lightweight enhanced RSA, and the third performs data encryption using Feistel-based enhanced SIT. This kind of system is designed to deal with security challenges in IoT devices, ensuring adequate data security while reducing the computational footprint using lightweight cryptography.
H. Suo, J. Wan, C. Zou and J. Liu. Security in the internet of things: a review. In Proceedings of the International conference on computer science and electronics engineering, IEEE, 3: 648–651, 2012.
A. M. Mohamad Al-Aboosi, S. Kamil, S. N. H. Sheikh Abdullah and K. A. Zainol Ariffin. Lightweight Cryptography for Resource Constraint Devices: Challenges and Recommendation. In Proceedings of the 3rd International Cyber Resilience Conference(CRC), IEEE, 1–6, 2021.
S. Misra, M. Maheswaran, S. Hashmi. Security challenges and approaches in internet of things. Cham: Springer International Publishing, 2017.
I. K. Dutta, B. Ghosh and M. Bayoumi. Lightweight cryptography for internet of insecure things: A survey. In Proceedings of the 9th Annual Computing and Communication Workshop and Conference(CCWC), IEEE, 0475–0481, 2019.
P. Shah, M. Arora and K. Adhvaryu. Lightweight Cryptography Algorithms in IoT-A Study. In Proceedings of the Fourth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC), IEEE, 332–336, 2020.
S. A. Kumar, T. Vealey and H. Srivastava. Security in internet of things: Challenges, solutions and future directions. In Proceedings of the 49th Hawaii International Conference on System Sciences (HICSS), IEEE, 5772–5781, 2016.
N. A. Gunathilake, A. Al-Dubai and W. J. Buchana. Recent Advances and Trends in Lightweight Cryptography for IoT Security. In Proceedings of the 16th International Conference on Network and Service Management(CNSM), IEEE, 1–5, 2020.
M. Katagi and S. Moriai. “Lightweight cryptography for the internet of things.” Sony Corporation, 7–10, 2008.
T. Eisenbarth, S. Kumar, C. Paar, A. Poschmann and L. Uhsadel. A survey of lightweight-cryptography implementations. IEEE Design & Test of Computers, 24(6):522–-533, 2007.
D. M’Raihi, David, S. Machani, M. Pei, and J. Rydell. Totp: Time-based one-time password algorithm, Internet Engineering Task Force, RFC: 6238, 2011.
M’Raihi, David, M. Bellare, F. Hoornaert, D. Naccache, and O. Ranen. Hotp: An hmac-based one-time password algorithm. In The Internet Society, Network Working Group. RFC4226, 2005.
M. L. T. Uymatiao and W. E. S. Yu. Time-based OTP authentication via secure tunnel (TOAST): A mobile TOTP scheme using TLS seed exchange and encrypted offline keystore. In Proceedings of the 4th IEEE International Conference on Information Science and Technology, IEEE, 225–229, 2014.
D. Kumar, A. Agrawal and P. Goyal. Efficiently improving the security of OTP. In Proceedings of the International Conference on Advances in Computer Engineering and Applications, IEEE, 912–915, 2015.
V. L. Shivraj, M. A. Rajan, M. Singh and P. Balamuralidhar. One time password authentication scheme based on elliptic curves for Internet of Things (IoT). In Proceedings of the 5th National Symposium on Information Technology: Towards New Smart World, IEEE, 1–6, 2015.
K. S. Roy and H. K. Kalita. A survey on authentication schemes in IoT. In Proceedings of the International Conference on Information Technology(ICIT), IEEE, 202–207, 2017.
M. Abd Zaid, Mustafa, and S. Hassan. Lightweight RSA Algorithm Using Three Prime Numbers. Journal of Engineering and Applied Sciences, 14(5): 9032–9035, 2019.
J. Sahu, V. Singh, V. Sahu, and A. Chopra. An enhanced version of RSA to increase the security. Journal of Network Communication and Emerging Technologies, 7(4), 1–4, 2017.
T. K. Goyal and V. Sahula. Lightweight security algorithm for low power IoT devices. In Proceedings of the International Conference on Advances in Computing, Communications and Informatics (ICACCI), IEEE, 1725–1729, 2016.
V.G. Kumar Kiran, S.J. Mascarenhas, S. Kumar, J. Pais Viven Rakesh. Design and implementation of Tiny encryption algorithm. International Journal of Engineering Research and Applications, 5(6): 94–97, 2015.
R. Beaulieu, D. Shors, J. Smith, S. Treatman-Clark, B. Weeks, and L. Wingers. SIMON and SPECK: Block Ciphers for the Internet of Things. NIST Lightweight Cryptography Workshop., 1–15, 2015.
M. Usman, I. Ahmed, M.I. Aslam, S. Khan, and U.A. Shah. SIT: a lightweight encryption algorithm for secure internet of things. International Journal of Advanced Computer Science and Applications, 8(1): 1–10, 2017.
F. Thabit, S. Alhomdy, A. H. Al-Ahdal and S. Jagtap. A new lightweight cryptographic algorithm for enhancing data security in cloud computing. Global Transitions Proceedings, 2(1):91–99, 2021.
C. A. Lara-Nino, A. Diaz-Perez and M. Morales-Sandoval. Elliptic Curve Lightweight Cryptography: A Survey. IEEE Access, 6: 72514–72550, 2018.
S. Kumari, M. Karuppiah, A. K. Das, X. Li, F. Wu & N. Kumar. A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers. The Journal of Supercomputing, 74(12), 6428–6453, 2018.
A. Karati, S. H. Islam & M. Karuppiah. Provably secure and lightweight certificateless signature scheme for IIoT environments. IEEE Transactions on Industrial Informatics, 14(8), 3701–3711, 2018.
S. Basu, M. Karuppiah, K. Selvakumar, K. C. Li, S. H. Islam, M. M. Hassan & M. Z. A. Bhuiyan. An intelligent/cognitive model of task scheduling for IoT applications in cloud computing environment. Future Generation Computer Systems, 88, 254–261, 2018.
P. Punithavathi, S. Geetha, M. Karuppiah, S. H. Islam, M. M. Hassan & K. K. R. Choo. A lightweight machine learning-based authentication framework for smart IoT devices. Information Sciences, 484, 255–268, 2019.
M. Naeem, S. A. Chaudhry, K. Mahmood, M. Karuppiah & S. Kumari. A scalable and secure RFID mutual authentication protocol using ECC for Internet of Things. International Journal of Communication Systems, 33(13), e3906, 2020.
M. Karuppiah, A. K. Das, X. Li, S. Kumari, F. Wu, S. A. Chaudhry & R. Niranchana. Secure remote user mutual authentication scheme with key agreement for cloud environment. Mobile Networks and Applications, 24(3), 1046–1062, 2019.
How to Cite
Copyright (c) 2023 Journal of Cyber Security and Mobility
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.