Secure Device Authentication and Access Control for the Internet of Things Environment
Natarajan, S. (2024). Secure Device Authentication and Access Control for the Internet of Things Environment. (Unpublished Doctoral thesis, City, University of London)
Abstract
The Internet of Things (IoT) has turned out to be one of the most prominent paradigms for several applications like smart home, smart health care, smart city, smart grid, smart transportation, smart farming, and so on. However, almost every single application experiences various and diverse security threats. Thus, security in IoT is crucial and has become a key area of study. Authentication and access control, primarily, are anticipated to address some of the security issues in IoT. In this connection, three novel research works are presented in this dissertation.
The first work relates to the need for a secure authentication and access control scheme for the devices in IoT environment. With the widespread use of IoT in various applications and several security vulnerabilities reported in them, the security requirements have become an integral part of an IoT system. Authentication and access control are the two principal security requirements for ensuring authorized and restricted accesses to limited and essential resources in IoT. The built-in authentication mechanism in IoT devices is not reliable, because several security vulnerabilities are revealed in the firmware implementation of authentication protocols in IoT. On the other hand, the current extrinsic authentication approaches for IoT are vulnerable to some security attacks prevalent in IoT. Moreover, the recent access control approaches for IoT have limitations in context awareness and security. To overcome these limitations, a new secure unified authentication and access control system for IoT, called SUACC-IoT is devised. The proposed system is based around the notion of capability, where capability is considered as a token containing the access rights
for authorized entities in the network. In the system, the capability token is used to ensure authorized and controlled access to limited resources in IoT. The system uses only lightweight Elliptic Curve Diffie-Hellman Ephemeral (ECDHE), symmetric key encryption and decryption, message authentication code, and cryptographic hash primitives. SUACCIoT is proven to be secure against probabilistic polynomial-time (PPT) adversaries and various attacks prevalent in IoT. The experimental results demonstrate that the proposed protocol’s maximum CPU usage is 29.35%, maximum memory usage is 2.79% and computational overhead is 744.5 ms which are quite acceptable. Additionally, in SUACC-IoT, a reasonable communication cost of 872 bits is incurred for the longest message exchanged.
The second research work relates to the need for a scalable and secure device access control approach for burgeoning IoT devices. The growth of IoT devices is so rapid that several billions of such devices would be in use in a span of four-year period. Essential security mechanisms need to be put in place to curb several security attacks prevalent in IoT. Access control is an important security mechanism that ensures legitimate and controlled access to critical and limited resources in IoT. The current access control schemes for IoT could not handle burgeoning number of IoT devices, while meeting the necessary level of security. Consequently, a new scalable and secure access control scheme for IoT is proposed. With blockchain as the root-of-trust, the scheme performs access control for the IoT devices without having the resource-constrained IoT devices to be part of the blockchain network and to possess substantial amount of blockchain data. Blockchain’s tamper-proof property makes it an ideal candidate to be chosen as the root-of-trust. The scheme is secure against various security attacks prevalent in IoT. A proof-of-concept implementation for the scheme is developed and deployed in Ethereum Mainnet. The transaction costs of the different operations in the scheme are fairly below USD 3. Furthermore, scalability of the scheme in different scenarios is investigated.
The third research work is related to the requirement of continuous authentication approach to mitigate complex and advanced attacks emerging in specific zero-trust IoT environments such as the Internet of Flying Things (IoFT) environment. In recent times, Unmanned Aerial Vehicles (UAVs) are attracting the attention of wider community since several challenging tasks can be achieved by them. During COVID-19 crisis, the civilian use of UAVs is well perceived and leveraged to offer various civilian services. On the other side, the UAV network generally is affected by diverse security threats. Various approaches have been proposed to counteract these threats. However, they have limitations in curbing complex attack vectors that are emerging in the UAV network such as jamming and spoofing. Furthermore, they neglect the unbalanced and non-independent and identically distributed (non-IID) nature of data which are common in UAV network due to high mobility of UAVs spanning different flying zones. The recent federated learning technique addresses unbalanced and non-IID data properties. Thus, a federated learning-based continuous authentication approach to detect malicious jamming and spoofing attacks in civilian UAVs is proposed. The approach is designed to use the flight data in the civilian UAV and UAV’s local model for on-device attack detection. The approach introduces UAV group prioritization based on relational measures and integration for better federated learning. Furthermore, it supports dynamic UAV addition in the network to provide seamless UAV-based civilian services. The approach is evaluated using UAV attack dataset. The experimental results demonstrate that the approach detects jamming and spoofing attacks with decent accuracy of 86%.
Publication Type: | Thesis (Doctoral) |
---|---|
Subjects: | Q Science > Q Science (General) T Technology > T Technology (General) |
Departments: | School of Science & Technology School of Science & Technology > School of Science & Technology Doctoral Theses Doctoral Theses |
This document is not freely accessible until 30 April 2027 due to copyright restrictions.
To request a copy, please use the button below.
Request a copyExport
Downloads
Downloads per month over past year