Computer Science
Dublin Business School Internet of Things Authentication Mechanism Paper Review

Dublin Business School

Question Description

I’m studying and need help with a Computer Science question to help me learn.

I need to write a 4 pages review. the review only on the introduction, second and fourth part.

Unformatted Attachment Preview

SPECIAL SECTION ON EMERGING APPROACHES TO CYBER SECURITY Received August 26, 2019, accepted October 4, 2019, date of publication October 16, 2019, date of current version October 29, 2019. Digital Object Identifier 10.1109/ACCESS.2019.2947723 Review on Security of Internet of Things Authentication Mechanism TARAK NANDY 1 , (Member, IEEE), MOHD YAMANI IDNA BIN IDRIS 1,2 , RAFIDAH MD NOOR 1,2 , MISS LAIHA MAT KIAH1 , (Senior Member, IEEE), LAU SIAN LUN 3 , NOR BADRUL ANNUAR JUMA’AT 1 , (Senior Member, IEEE), ISMAIL AHMEDY 1 , NORJIHAN ABDUL GHANI 1 , AND SANANDA BHATTACHARYYA4 1 Faculty of Computer Science and Information Technology, University of Malaya, Kuala Lumpur 50603, Malaysia for Mobile Cloud Computing, Faculty of Computer Science and Information Technology, University of Malaya, Kuala Lumpur 50603, Malaysia of Science and Technology, Sunway University, Selangor 47500, Malaysia 4 Information Technology Department, Maldives Business School, Male’ 20175, Maldives 2 Centre 3 School Corresponding authors: Tarak Nandy (tarak@ieee.org) and Rafidah Md Noor (fidah@um.edu.my) This work was supported in RU Grants (Under Faculties) GPF009D-2018 in part by the Malaysia Research University Network (MRUN) Long Term Research Grant Scheme (LRGS) (LR003-2019 and LRGS MRUN/F2/01/2019/001) and partnership grant between the University of Malaya and Sunway University under Grant RK004-2017. ABSTRACT Internet of things (IoT) is considered as a collection of heterogeneous devices, such as sensors, Radio-frequency identification (RFID) and actuators, which form a huge network, enabling non-internet components in the network to produce a better world of services, like smart home, smart city, smart transportation, and smart industries. On the other hand, security and privacy are the most important aspects of the IoT network, which includes authentication, authorization, data protection, network security, and access control. Additionally, traditional network security cannot be directly used in IoT networks due to its limitations on computational capabilities and storage capacities. Furthermore, authentication is the mainstay of the IoT network, as all components undergo an authentication process before establishing communication. Therefore, securing authentication is essential. In this paper, we have focused on IoT security particularly on their authentication mechanisms. Consequently, we highlighted enormous attacks and technical methods on the IoT authentication mechanism. Additionally, we discussed existing security verification techniques and evaluation schemes of IoT authentication. Furthermore, analysis against current existing protocols have been discussed in all parts and provided some recommendation. Finally, the aim of our study is to help the future researcher by providing security issues, open challenges and future scopes in IoT authentication. INDEX TERMS Authentication, authentication protocols, Internet of Things, network attacks, security, wireless sensor network. I. INTRODUCTION It has been anticipated that all the things in the world are going to be internetworked [1]. At present, internet-based services, which is a global network, are connections of computers and computing devices. The idea behind the Internet of Things is to expand the internet by not only connecting internetworking devices but also the non-IP components, like television, light, fan, refrigerator, and air-conditioner. IoT is not based on only at home but also in businesses like manufacturing organizations, vehicular networks, industries, grid companies, health The associate editor coordinating the review of this manuscript and approving it for publication was Luis Javier Garcia Villalba 151054 . organization and so on. IoT is envisaged to be able to provide an advanced level of services to society and businesses. Therefore, all the things around the world will be fitted with embedded electronics and information technology so that it can produce valuable information based on the requirements and can work like important nodes of the network. Additionally, with the help of embedded electronics, embedded systems, embedded processors and embedded communication systems such small elements of environments can be connected to the network, depending on the applications and business requirements, to produce a huge internetworking environment, which is incomparable to the current network size. It is stated that more than 20.5 billion IoT devices will This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see http://creativecommons.org/licenses/by/4.0/ VOLUME 7, 2019 T. Nandy et al.: Review on Security of IoT Authentication Mechanism be connected by 2020 and over three trillion US dollars will be spent on only hardware of IoT [2]. IoT is one of the building blocks behind the concept of smart home [3] and smart cities [4]. In the colossal of IoT network, which is connected with huge numbers of sensors and other devices, identifying one component raises a fundamental challenge, because that can cause privacy issues, governance of the system, access control, and overall architecture. Security and privacy are the most important factors in an IoT network [5]–[7]. On the other hand, there are three security requirements: confidentiality, integrity, and availability. IoT needs to achieve these three requirements in order to fulfill security aspects. Moreover, the environment of IoT may differ from a centralized network to a de-centralized network, cloud to fog network. Therefore, security can be more tighten by enforcing detection techniques of unusual behavior or pattern of the network. This can be achieved in various ways, like a comparison header analyzer intrusion detection system (IDS) [8], based on a vector space representation using a Multilayer Perceptron (MLP) [9] or machine learning [10]–[12], deep learning [13]. Besides, authentication in the IoT network takes place mostly by three components, which are the sensor, user, and Gateway Nodes (GWN) or Authentication Server (AS). A user authenticates himself by sending messages among sensors and GWN whereas, sensors also authenticates itself by communicating with GWN. Furthermore, authentication takes place in both secure and insecure networks so they are prone to different attacks. Most of the authentication protocols maintain three phases: identification, authentication, and authorization. Before authenticating itself, users or sensors need to register in the network and during the login procedure authentication takes place. As during registration, login, and authentication, several communications happen among components so data privacy must be considered. To focus on these issues, several protocols have chosen different mechanisms to authenticate users. FIGURE 1 provides the flow of the authentication process, where, in most cases, users are not available to GWN to send its information for authentication. Therefore, remotely deployed sensor node helps them to authenticate in the IoT network. Additionally, different authentication protocols use different techniques like RFID, biometric or alphanumeric password for authenticating a user [14]. In addition, the designing phase of authentication protocols always considers the lightweight manner with respect to computation and storage because sensor nodes are computationally challenged and have minimum storage capacities. Authentication is one of the major parts of the security of IoT networks. As per the IoT network design is a concern, components can communicate with each other and can share data among themselves. If there is no filter, then important credentials can be stolen by network attacks and that can cause harm to the system or users. Authentication works on this situation to validate the identity of legitimate users and devices in a network. A myriad of authentication protocols are VOLUME 7, 2019 FIGURE 1. Authentication model of IoT network. designed over the last few decades but none of these provides complete protection to the networks. Protocol designers are sometimes unaware of new threats in IoT networks. This motivates the authors of this paper to review on authentication, which is very important for future authentication protocol developer. Moreover, the authentication mechanism needs to be improved by comparing the existing authentication protocols. Therefore, the contributors to this paper include all the aspects of authentication protocols of IoT. A. CONTRIBUTION OF RESEARCH The main contribution of this work is to produce a comprehensive idea to the researcher about IoT authentication security and its peripherals. To formulate the idea, this research presented a well-developed taxonomy of attacks and a classification of technical methods used in IoT authentication systems. Additionally, network attacks have conversed against current IoT authentication protocols that can mitigate various threats. In addition, this paper elaborates on important evaluation techniques needed for authentication and compares it with existing protocols. Furthermore, this research extended to consider enormous security verification techniques, which are most important for the authentication mechanism. Additionally, this research produces important challenges and open issues that need to consider for future research proposals on designing an authentication mechanism. The rest of the paper is formatted in the following manner (See FIGURE 2). In section II, this paper shows the classification of attacks and existing protocols to protect the IoT network from several attacks. Different technical methods of 151055 T. Nandy et al.: Review on Security of IoT Authentication Mechanism FIGURE 2. Organization of the document. TABLE 1. Description of authentication model of iot network. the IoT authentication mechanism is provided in section III. After that in section IV, security verification techniques have been discussed followed by IoT authentication evaluation techniques in section V. Furthermore, open challenges and future directions based on IoT authentication are discussed in section VI. Lastly, this discussion has been concluded by pointing out important issues in the current phenomenon in section VII. 151056 II. TAXONOMY OF ATTACK ON AUTHENTICATION IN IoT NETWORK Attackers target network to gain access over it and get valuable information to sell over a black market [15] or fulfill their requirements. Among all the network attacks, this paper will concentrate on a range of attacks related to IoT authentications. FIGURE 3 illustrates the wellformulated taxonomy of attacks on IoT authentications. VOLUME 7, 2019 T. Nandy et al.: Review on Security of IoT Authentication Mechanism FIGURE 3. Taxonomy of attacks on IoT authentication. Furthermore, TABLE 3 demonstrates the description of every major attack as per as authentication is a concern in IoT networks. As per the document, the classification of all the attacks is clustered in seven major categories, which are masquerade attack, man-in-the-middle attack, DoS attack, forging attack, guessing attack, physical attack, routing attack. Firstly, the masquerade attack distinguishes itself from other attacks on fake identity aspects; on which attacker counterfeit identification of legitimate users. Forging attacks can be differentiated by its nature, where an attacker tries to imitate the existing component or system. Man-in-the-Middle (MitM), on the other hand, snoop network traffic between two communicators. In a DoS attack, the adversary floods the network with packets to jam communication and penetrate the network. Instead of imitating the existing components or flooding the network, adversaries predict and try to explore the possibilities of getting confidential authentication credentials of legal users in guessing attacks. Guessing attack has shown to be dangerous, but further exploitation on the network happens when an attacker tries to get access to the IoT network through physical components. This exploitation is typically called a physical attack. Lastly, a routing attack is to create a fake route to send or receive packets in an IoT network. Moreover, all the above categories of attacks in VOLUME 7, 2019 IoT authentications are elaborately described in the following sections using the counterpart of the existing protection mechanism. A. MASQUERADE ATTACK IoT authentication is based on identity and if the identity is compromised, then the network can be vulnerable. In the masquerade attack, the adversary uses fake identification to authorize himself as a genuine user in the network. If the IoT network is not properly protected, it can be attacked by masquerade attacks, which can be prepared using stolen identification like a user id or password or detecting user’s behavior tracking. This type of attack in the IoT network is very common but it depends on the level of authorization a network has managed to attain. As such, masquerade attackers can have a full smorgasbord of cybercrime opportunities if they have gained the highest access authority to a business organization. FIGURE 3 elaborates a full range of possible masquerade attacks in IoT network based on authentication security. Impersonation attack is a sophisticated attack in IoT, where the adversary intercepts the authentication request of the previous session of another user and uses that information 151057 T. Nandy et al.: Review on Security of IoT Authentication Mechanism TABLE 2. Acronyms and its definition. TABLE 3. Description of attacks on IoT authentication. to authenticate itself. In contrast, Tu, et al. [16] proposed a novel techniques to handle the impersonation attack in fog computing using Q-learning algorithm. FIGURE 4 shows the before and after impersonation attack in the IoT network. 151058 User impersonation allows an attacker to steal the information of an actual user to get into the system for unusual activities. A user impersonation attack can be done in several ways. It is practical that an actual user may be leaked server’s private VOLUME 7, 2019 T. Nandy et al.: Review on Security of IoT Authentication Mechanism TABLE 4. Description of different types of masquerade attacks. FIGURE 4. (a) Before and (b) after - The impersonation attack, AP: Access point. MU: Mobile user. information to the attacker. The legal user also can act like an attacker. Amin et al. [17] explained in their protocol on how to protect the IoT network from user impersonation attack during authentication. Furthermore, a plethora of protocols have been designed to protect IoT networks from attackers during authentication, but many of them are designed to protect specific kinds of attacks. Therefore, all of these protocols are open for many other attacks; sensor impersonation is one of them. During the process of authentication, users, sensors, GWNs or servers, exchange messages among themselves to come on a mutual goal. In this situation, an attacker can sense the network, get information sent by the sensor and modify the data to act as a legal sensor. Hence, the improved scheme like Jiang et al. et al. [18] protocol, can resist sensor node impersonation attack. In such cases, IoT users deserve to be anonymized as their activities can be tracked and the pattern of the user’s behavior can be predicted. An attacker can predict users’ position and their network using capabilities if the authentication protocols are weak. In the same way, a central problem in sensor network security is that sensors are susceptible to physical capture attacks. Once a sensor is compromised, the adversary can easily launch clone attacks by replicating the compromised node, distributing the clones throughout the network, and starting a variety of insider attacks. Attackers can clone to the smart VOLUME 7, 2019 card, tags to get more opportunities to explore the network. Authentication protocols suffer from the challenges to protect cloning attack from either a high computation or storage overhead or poor detection accuracy. Wallrabenstein [19] proposed IoT Device Authentication using Physical Un-cloneable Functions. On the other hand, an identity theft attack is one of the tricky methods to get the identity of an authorized user in various unauthorized ways, such as data breaches, unsecured websites, social networks, phishing, public computers, and skimming. Authentication protocols are victimized by identity theft attacks in almost all the IoT sectors, including IoV, IIoT, and MIoT. Researchers have introduced several different techniques [20], [50] to counterpart the attack. In addition, In a network, a genuine user can behave as an attacker. An authorized user can also act like another legal user by using his/ her credentials. Therefore, an internal user who has authorized access to the system and the network launches an insider attack. Therefore, data protection by using anonymization techniques to hide personal information from the published dataset is essential. However, attackers can use a composition attack to merge or overlap the same kind of dataset from a different body. Ganta et al. [51] discussed composition attack in auxiliary information and Baig et al. [52] show how to prevent composition attack in non-interactive data publishing setting by combining sampling and generation. Furthermore, an intruder can steal verification data form the authentication server in the current or past authentication sessions. Then the adversary tries to get into the server using the compromised data. An advanced three-way authentication technique for IoT is designed by Cui, et al. [53] to prevent various attacks, among them stolen-verifier attack is one of the most challenging. Additionally, the proliferation of software and technology growth allows users to provide the specific function of their activities, household device management or personal assistance. That third-party software can be hacked and user’s activity can be monitored and used against them. Besides, IoT infrastructures are more prone to welcome these threats. Viana et al. [54] introduced 151059 T. Nandy et al.: Review on Security of IoT Authentication Mechanism conflict management in Systems of Systems (SoSs). The paper presented a framework for managing unpredictability in the system. In addition, many authentication protocols use the session key to protect from network attacks like a replay attack, but this session key can be compromised and used against the system to be a masquerade. However, as the authentication process needs many communication and message passing among nodes, the attacker can get a message and process among themselves and pass it back to the sender bypassing the actual node. This type of attack is called a node by-passing attack. IoT authentication schemes are in jeopardy of node by-passing attacks by GWN by-passing attacks, base station by-passing attack or sensor by-passing attack. Sarvabhatla and Vorugunti [21] designed a secure biometricbased user authentication scheme, which provides base station by-passing attack protection. Chang et al. [22] proposed two-factor authentication that can protect GWN by-passing attack whereas, authentication protocol for an IoT-enabled LTE network by Saxena et al. [23], gives protection towards secret key by-passing attack. The details about the IoT authentication protocols to protect against masquerade attacks are tabulated in TABLE 5. B. MAN-IN-THE-MIDDLE ATTACK In Man in the middle attack, an attacker secretly taps a network and absorbs communication data between two parties who trust that they are directly connected and communicating with each other. In this scenario, the attacker can drop, modifies, and alters the communication data as well as can predict network and security patterns. Additionally, they use legitimate users’ data to establish new communication in t ...
Purchase answer to see full attachment
Student has agreed that all tutoring, explanations, and answers provided by the tutor will be used to help in the learning process and in accordance with Studypool's honor code & terms of service.

Final Answer

Attached.

1

Running head: INTERNET OF THINGS

Review of Security of Internet of Things Authentication Mechanism
Name
Institution
Date of submission

INTERNET OF THINGS

2

The article focuses on the internet of things (IoT) networks and specifically on the
authentication mechanisms. The IoT devices create a massive system using actuators,
sensors, and RFID. These devices enhance services such as transport, management of homes,
and small industries more manageable. With time and growth in technology, it is assumed
that almost everything will be internet-worked. As of right now, only computers and other
electronic devices are networked, but this will progress to other components such as
refrigerators, TVs, air conditioners, and even fans. IoT is also present in firms such as health
organizations, vehicle networks, and industries. In these industries, IOT also serves the
purpose, which is better services to its clients. Installing these devices comes with an added
cost since more hardware will be required to enable the interconnections.
One challenge posed by the installation is security and privacy terms. People require
IoT systems that have the following characteristics; integrity, confidentiality, and availability.
The research gives a powerful introduction explaining the IoT devices, where they are used,
people's expectations on them, and then relate all this to the research topic. The research
topic, in this case, is based on the authentication process. The process takes place in; user,
sensor, and authentication servers’ components. The authentication can be used insecure and
insecure, and hence both face different levels and different types of attack risks.
The process of authentication undergoes three significant steps which are; identific...

DoctorDickens (9453)
Duke University

Anonymous
I was on a very tight deadline but thanks to Studypool I was able to deliver my assignment on time.

Anonymous
The tutor was pretty knowledgeable, efficient and polite. Great service!

Anonymous
I did not know how to approach this question, Studypool helped me a lot.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4