Secure and Lightweight Authentication Protocols for Devices in Internet of Things

Abstract

The Internet of Things (IoT) has become an intriguing trend worldwide as it allows any smart device with an IP address to participate in a highly immersive and connected environment that integrates physical, digital and social aspects of the user’s lives. The perpetual growth of IoT devices is resulting in less attention on the security side allowing attackers to find easy ways to exploit the devices. Hence, security is one of the important and challenging research areas in IoT. Furthermore, the resource-constrained nature of these devices results in poor performance when the traditional security protocols are used. In this thesis, we propose secure and lightweight authentication protocols for devices in IoT. A centralized network model is considered where the devices in the perception layer are mutually authenticated with the gateway of the system. A mutual authentication mechanism which uses symmetric key negotiation using Elliptic Curve Diffie-Hellman(ECDH) in the registration part of the protocol to protect the credentials of the devices and at the same time it minimizes the computation cost on the devices. At the end of the authentication, key agreement based on the symmetric key cryptography is established between the sensor devices and the gateway. Further, Elliptic Curve Integrated Encryption Scheme (ECIES) method is used to avoid the possibility of man-in-the-middle attack(MITM) in the registration phase of the previous protocol. An informal security verification of the protocols is presented which proves that they are resilient against perception layer attacks. The performance evaluation based on the metrics such as execution time, communication cost, computation cost of the protocol has been performed after the protocol is simulated in the Cooja simulator under Contiki OS environment. Further, the comparison results with the existing protocols show that the proposed system is lightweight as it provides low computation cost and better execution time.