ISSN 2278 – 1447
Volume – 5, Issue-1, International Journal of Mathematical Sciences and Engineering (IJMSE), March 2016
Aggregated-Proof Based Hierarchical
Authentication Scheme for the Internet of Things
N.Suriya1,R.Monisha2, K.Prema3, J.Noorul Ameen 4
1,2,3
UG Students , 4Assistant Professor, Department of Computer Science and Engineering
4
EGS Pillay Engineering College, Nagapattinam, E-mail:[email protected]
ABSTRACT: The Internet of Things (Io T) is becoming an
backend management systems [2]. It becomes noteworthy
attractive
interconnections
to address the security issues for the ubiquitous things in
the physical, cyber, and social spaces. During the
the Io T. Recent studies have been worked on the general
interactions among the ubiquitous things, security issues
Io T ,including system models, service platforms,
through
system
paradigm to realize
become noteworthy, and it is significant to establish
infrastructure
enhanced solutions for security protection. In this work, we
architectures,
and
standardization.
Particularly, a Human-society inspired U2IoT architecture
focus on an existing U2IoT architecture (i.e., unities T and
(i.e., unit Io T and ubiquitous Io T) is proposed to achieve
ubiquitous Io T) to design an aggregated-proof based
hierarchical authentication scheme (APHA) for the layered
the physical cyber- Social convergence (as shown in Fig.
networks. Concretely, 1) the aggregated
are
1) [3]. In theU2IoT architecture, mankind neural system
established for multiple targets to achieve backward and
and social organization framework are introduced to
forward anonymous data transmission; 2)
directed
establish the single-application and multi-application Io T
descriptors homomorphism functions, and
frameworks. Multiple unit Io Ts compose a local Io T
Chebyshev chaotic maps are jointly applied for mutual
within a region, or an industrial Io T for an industry. The
path
proof
the
authentication; 3) different access authorities are assigned to
local Io Ts and industrial Io Ts are covered within a
achieve hierarchical access control. Meanwhile, the BAN
national Io T, and jointly form the ubiquitous Io T.
logic formal analysis is performed to prove that the proposed
Towards the Io T security, related works mainly refer to
APHA has no obvious security defects, and it is potentially
available for the U2IoTarchitecture and other Io T
the
security
architectures
applications.
countermeasures[4],
Keywords: U2IoT, BAN logic, APHA, Chebyshev Chaotic
communication and networking mechanisms [9], [10],
Maps.
[11], [12], [13], cryptography algorithms [14], [15], [16],
[5],
and
[6],
recommended
[7],
[8],
secure
[17], [18], [19], and application security solutions [20],
1. INTRODUCTION
[21], [22].
The Internet of Things (Io T) is emerging as an
physical
Current researches mainly refer to three aspects: system
perceptions, cyber interactions, and social correlations, in
security, network security, and application security._
which the physical objects, cyber entities, and social
System security mainly considers a whole Io T system to
attributes are required to achieve interconnections with the
identify the unique security and privacy challenges ,to
embedded intelligence [1]. During the interconnections,
design systemic security frameworks, and to provide
the Io T Is suffering from severe security challenges, and
security measures and guidelines. Network security
there are potential vulnerabilities due to the complicated
mainly focuses on wireless communication networks (e.g.,
networks referring to heterogeneous targets, sensors, and
wireless
attractive
system
paradigm
to
integrate
44
sensor
networks(WSN),
radio
frequency
ISSN 2278 – 1447
Volume – 5, Issue-1, International Journal of Mathematical Sciences and Engineering (IJMSE), March 2016
identification (RFID), and the Internet) to design key
(e.g., location). Consider in above security requirements,
distribution
protocols,
we design an aggregated proof based hierarchical
control
authentication scheme (APHA) for the unit Io T and
mechanisms, and secure routing protocols. Particularly,
ubiquitous Io T respectively, and the main contributions
authentication protocols are popular to address security
are as follows:
advanced
algorithms
signature
,authentication
algorithms,
access
and privacy issues in the Io T, and should be designed
a) Aggregated-proofs are established by wrapping
considering the things’ heterogeneity and hierarchy._
multiple
Application security serves for Io T applications (e.g.
targets’
messages
for
anonymous
data
transmission, which realizes that individual information
,multimedia, smart home, and smart grid), and resolves
cannot be revealed during both backward and forward
practical problems with particular scenario requirements.
communication channels,
However, the existing security solutions mainly provide
security approaches for a general Io T, and there is little
b) Directed path descriptors are defined based on
authentication scheme particularly designed for theU2Io T
Homomorphism functions to establish correlation during
architecture. It becomes necessary to establish an
the cross-layer interactions chebyshev chaotic maps are
Authentication scheme to realize its security protection. In
applied to describe the mapping relationships between the
this work, the main purpose is to provide bottom-up
shared secrets and the path for mutual authentication.
safeguard for the U2Io T architecture to realize .Towards
the U2IoT architecture; a reasonable authentication
c) Diverse access authorities on the group identifiers and
scheme should satisfy the following requirements.
pseudonyms are assigned to different entities for
achieving the hierarchical access control through the
and
layered networks The remainder of the paper is organized
availability):The exchanged messages between any two
as follows. Section 2 reviews the related work in the Io T
legal entities should be protected against illegal access and
security .Section 3 presents the layered system model, and
modification The communication channels should be
introduces the proposed authentication scheme. Section 4
reliable for the legal entities.
introduces the BAN logic based formal analysis. Finally,
1) Data
CIA (i.e.,
confidentiality,
integrity,
Section 5 draws a conclusion.
2) Hierarchical access control: Diverse Access authorities
2. EXISTING SYSTEM
are assigned to different entities to provide Hierarchical
interactions. An unauthorized entity Cannot access data
Top of Form
exceeding its permission.
Three-tier architecture is a client-server architecture in
3) Forward Security: Attackers cannot correlate any two
which the functional process logic, data access,
communications, Sessions, and also cannot derive the
computer data storage and user interface are developed
previous interrogations According to the ongoing session.
and maintained as independent modules on separate
platforms. Three-tier architecture is a software design
4) Mutual Authentication: The untreated entities should
pattern and well-established software architecture.
pass each Other’s verification so that only the legal entity
Three-tier architecture allows any one of the three tiers
can access the networks for data acquisition.
to be upgraded or replaced independently. The user
5) Privacy preservation: The sensors cannot correlate or
interface is implemented on a desktop PC and uses a
disclose an individual target’s private information
standard graphical user interface with different
45
ISSN 2278 – 1447
Volume – 5, Issue-1, International Journal of Mathematical Sciences and Engineering (IJMSE), March 2016
modules running on the application server. The
code he needs to contact the admin and reset the
relational database management system on the
security question and color Code.
database server contains the computer data storage
logic. The middle tiers are usually multi tiered.
3. PROPOSED SYSTEM
The proposed system works the principle of primary
authentification
of 128-bit octet asynchronous OTC
generation of code with four digits that is highly secured
and never repeated in any OTC for any user again. The
third tier of security is a combination of color codes of
multiband RGB pixel variants that template is changing
4. SYSTEM SECURITY
dynamically for every color password selected.
In this system in addition to password validation the
Roman et al. [4] pointed out that the traditional
user has been given an option of choosing color-codes
security mechanisms may not be competent for the
appearing in front of the screen. The color codes are then
heterogeneous networks; therefore improved mechanisms
validated against the already stored ones which makes the
should be designed according to the Io T infrastructures.
system highly secured one. The user has also been given
Particularly, the authors introduced cryptology based
the option of changing his password/color code based on
guidance to address the security challenges, referring to
the need
the identity management, trust governance frameworks,
fault
tolerance,
Cryptography
protocol,
identity
ownership, and privacy preservation.
5. NETWORK SECURITY
Hence et al. [9] identified the security challenges for
the user-oriented RFID systems in the Io T, and the major
challenges (e.g., privacy, ownership, data integrity,
application
 Double the level of authentication while making
integrity, and security standardization)
should be enhanced to
transactions.
achieve universal security. Yan
and When [10] applied a mobile RFID security protocol to
 Even if the user forgets the password he will be
guarantee the mobile RFID networks, and a trust third
given an option of answering some question. If
party (TTP)
he answered correct he can change the color-
introduced to construct a secure session key. Toumi et al.
combinations again that will be updated into the
[11] focused on the integration of RFID tags into IP
database.
networks, and proposed a HIP address translation scheme.
 Not all the time the user can change his
The
based
key
scheme provides
management
protocol
Is
address translation services
credentials, there are some limit. If more than
between
three times the user changes the password/color
sand IP addresses, which presents a prototype of the cross-
the tag identifier
layer Io T networks. Chang and Chen [12] reviewed the
46
ISSN 2278 – 1447
trust-based
Volume – 5, Issue-1, International Journal of Mathematical Sciences and Engineering (IJMSE), March 2016
mechanisms
(eg.cryptographic
and
PID0iDC into Hash functions for verifying DCa and iDC.
authentication) in WSNs. Raze et al. [ 13 ] presented
Note that the One-way values apply pseudo-random
Lithe, which is
numbers, which can Ensure that attackers cannot derive
an integration of datagram transport
layer security (DTLS ) and constrained
protocol
(CoAP)
to
application
the private values for Data corruption.
protect the transmission of
FORMAL ANALYSIS WITH THE BAN LOGIC
sensitive information in the Io T.
6. ARCHITECTURE
In this section, Burrows-Abadi-Needham (i.e., BAN)
logic [26] is applied to analyze the design correctness for
evaluation
method
to
detect
subtle
defects
for
authentication scheme. The formal analysis Focuses on
belief and freshness, involving the following steps:
message formalization, initial assumptions declaration,
anticipant goals declaration, and logic verification. Table
3 shows formal notations in the BAN logic.
8. APPLICATION SECURITY
Figno.1 U2 Io t Architecture
Zhou and Chao [20] established media-aware traffic
security architecture for the Io T, and the architecture is
7. SECURITY PROPERTIES
based on the current traffic classification to enable the
3.4.1 Data Confidentiality and Data Integrity
heterogeneous Multimedia services becoming available in
real-time mode. Concretely, key management, batch
Data confidentiality is mainly achieved by the Chebyshev
rekeying, authentication, watermarking, and distributed
Chaotic maps, in which the polynomials {T lTj
secret sharing are introduced in to the security
; T lSb
architecture. Realizes data confidentiality and data
; T lDCa
integrity by the directed path descript for security proof,
;
and it is a rigorous.
T liDC ; T lnDC } are defined to represent the
9. CONCLUSION
relationships of the group identifiers, pseudonyms and
directed path Descriptors. During the maps, the directed
In this paper, we have proposed an aggregated-proof
path descriptors are wrapped by the homomorphism
based Hierarchical authentication scheme for thU2IoT
function Fð:Þ. Besides, the pseudo-random numbers (i.e.,
architecture. In the APHA, two sub-protocols are
rTj; rSb; rDCa ; riDC) are applied to obtain the degree of
respectively designed for the unit Io T and ubiquitous Io T
the Chebyshev Polynomials {T x; T y; T u; T v} for
to provide bottom-security protection. The proposed
enhancing session Randomization. Data integrity is
scheme and homomorphism based Chebyshev chaotic
realized by the one-way hash and HMAC functions. In the
maps, establishes trust relationships
unit Io T, {MTj;MSb; VTj; V j DCa} are transmitted in
mechanisms and applies dynamically hashed values to
the terms of Hð:Þ and Hpjb aj ð:Þ for identify declaration
achieve session freshness. It indicates that APHA is
And verification. In the ubiquitous Io T, {MDCa; UiDC}
suitable for the U2IoT architecture.
are Respectively challenged to wrap PID0DCa and
47
via the lightweight
ISSN 2278 – 1447
Volume – 5, Issue-1, International Journal of Mathematical Sciences and Engineering (IJMSE), March 2016
REFERENCES
[1] B. Guo, D. Zhang, Z. Yu, Y. Liang, Z. Wang, and X. Zhou, ―From
The internet of things to embedded intelligence,‖ World Wide Web
J., vol. 16, no. 4, pp. 399–420, 2013.
[2] R. H. Weber, ―Internet of things—New security and privacy
Challenges,‖ Compute. Law Security Rev., vol. 26, no. 1, pp. 23–30,
2010.
[3] H. Ning and Z. Wang, ―Future internet of things architecture: Like
Mankind neural system or social organization framework?‖ IEEE
Common. Lett. vol. 15, no. 4, pp. 461–463, Apr. 2011.
[4] R. Roman, P. Najera, and J. Lopez, ―Securing the internet of Things,
Compute‖ vol. 44, no. 9, pp. 51–58, 2011.
[5] K. Lampropoulos and S. Denazis, ―Identity management directions in
future internet,‖ IEEE Commun. Mag., vol. 49, no. 12,pp. 74–83,
Dec. 2011
[6] T. Heer, O. Garcia-Morchon, R. Hummen, S. L. Keoh, S. S. Kumar,
and K. Wehrle, ―Security challenges in the IP-based internet
ofThings,‖ Wireless Pers. Commun., vol. 61, no. 3, pp. 527–542,
2011.
[7] F. V. Meca, J. H. Ziegeldorf, P. M. Sanchez, O. G. Morchon, S. S.
Kumar, and S. L. Keoh, ―HIP security architecture for the IPbasedInternet of things,‖ in Proc. 27th Int. Conf. Adv. Inform. Netw.
Appl.Workshops, 2013, pp. 1331–1336.
[8] H. Ning, H. Liu, and L. T. Yang, ―Cyberentity security in the internet
of things,‖ Comput., vol. 46, no. 4, pp. 46–53, 2013.
[9] G. P. Hancke, K. Markantonakis, and K. E. Mayes, ―Security
challenges for user-oriented RFID applications within the ―internet
of things‖,‖ J. Internet Technol., vol. 11, no. 3, pp. 307–313, 2010.
[10] T. Yan and Q. Wen, ―Building the internet of things using a mobile
RFID security protocol based on information technology,‖ Adv. In
tell. Soft Compute., vol. 104, pp. 143–149, 2011.
[11] K. Toumi, M. Ayari, L. A. Saidane, M. Bouet, and G.
Pujolle,―HAT: HIP address translation protocol for hybrid RFID/IP
internetof things communication,‖ in Proc. Int. Conf. Commun.
WirelessEnviron. Ubiquitous Syst.: New Challenges, 2010, pp. 1–7.
[12] K. Chang and J. Chen, ―A survey of trust management in
WSNs,internet of things and future internet,‖ KSII Trans. Internet
Inform.Syst., vol. 6, no. 1, pp. 5–23, 2012.
[13] S. Raza, H. Shafagh, K. Hewage, R. Hummen, and T. Voigt,―Lithe:
Lightweight secure CoAP for the internet of things,‖ IEEE Sens. J.,
vol. 13, no. 10, pp. 3711–3720, Oct. 2013.
[14] X. Yao, X. Han, X. Du, and X. Zhou, ―A lightweight multicast
Authentication mechanism for small scale Io T applications,‖ IEEE
Sens. J., vol. 13, no. 10, pp. 3693–3701, Oct. 2013.
[15] R. Roman, C. Alcaraz, J. Lopez, and N. Sklavos, ―Key management
Systems for sensor networks in the context of the internet of
Things,‖ Compute. Elect. Eng., vol. 37, no. 2, pp. 147–159, 2011.
48