Designing Lightweight Authentication Schemes for IoT Applications

Abstract

In the Internet-driven world, not only computers but things also get connected. It also allows the things such as light, cars, and many more to share information over a publicly accessible channel. Validation of the participating entities with each other is the foremost step to establish secure communication. Authentication refers to verifying the claimed identity by or for a system. The level of security in the validation mechanism depends on the type and number of factors involved. Authentication followed by key exchange protocols allows only the authenticated entities to negotiate upon a secret key without revealing any information to the eavesdropper. Due to the resource-constrained nature of IoT devices and vulnerability to physical attacks by an attacker, designing a lightweight authentication scheme for IoT systems is a challenging research area in recent years.
This thesis contributes to the designing of authentication schemes for the various types of IoT applications. The schemes are formally verified using the cryptographic verification tool Proverif. Security features comparison and informal security analysis of the schemes are done to ensure their security strength compared to existing schemes. The communication and computation cost analysis describe the scheme’s suitability for light-weight devices and IoT applications.
The first contribution presents an Elliptic Curve Cryptography (ECC) based authentication and key agreement scheme for a single gateway IoT system. Here, all the participating entities are verified, and data are transmitted to or from the designated entities. Single Gateway Authentication Scheme (SGAS) supports interoperability allowing sensors and gateway of two different manufacturers to authenticate each other. The formal verification of the SGAS and its informal security analysis proves it to be resilient against attacks. It maintains a low computation cost for IoT devices compared to existing authentication schemes.
The second contribution presents a Multi Gateway Authentication Scheme (MGAS) for IoT systems. It is suitable for application that requires connectivity of a large number of IoT devices. The throughput comparison of the single and multi gateway IoT system with different parameters using NS2 proves the multi gateway system to be efficient for large-scale applications. The scheme is verified using the Proverif tool, and an informal security analysis demonstrates it to resist various attacks. The performance comparison with the existing schemes proves MGAS to be appropriate for resource-constrained IoT devices.
The third contribution contributes to designing an authentication scheme for a multi Vi controller-based IoT architecture for the smart farming system. The existing single gateway architecture resists the connectivity of IoT devices to the gateway capacity. The controller-based architecture introduces a controller layer between the gateway and IoT devices to support connecting more IoT devices. It overcomes the incapability of managing massive peer-to-peer communication, high computation, and set up cost. The throughput comparison using NS2 with different parameters between the multi-controller and the single gateway IoT system shows the multi-controller to be efficient and scalable compared to a single gateway IoT system. Further, the scheme is verified using Proverif. The security features and their performance is compared with the existing schemes. The comparison outcomes conferred the proposed scheme is secure and suitable for resource-constrained IoT systems.