Abstract
The Internet of Things (IoT) is the driver of security and system control science and creativity for the elderly. Another protection challenge that needs to be addressed is the bootstraping. The newly installed computer completes a series of operations during the startup process so that it can access the network as a dependent member. One of the methods currently offered by the IETF EAP Method Update (EMU) Working Group (WG) is the use of the Extensible Authentication Protocol (EAP) to enforce the validation mechanism of IoT devices in a more efficient and scalable way. The EAP-Nimble out-of-band (EAP-NOOB) operates without pre-configuration and allows for security to be improved by out-of-band networks. in this paper we explain the process of combining the EAP-NOOB method with the third-party authentication scheme of Kerberos to provide mutual authentication in the IoT environment. Compared with other methods, the advantage of this method is that it does not require any modification to the access point, so it is easy to deploy at a reasonable cost. Provide security analysis to highlight the robustness of the proposed new protocol.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Winter, S., Salowey, J.: Update to the Extensible Authentication Protocol (EAP) Applicability Statement for Application Bridging for Federated Access Beyond Web (ABFAB), RFC 7057, December 2013. https://www.rfc-editor.org/rfc/rfc7057
Gross, G., de Laat, C., Spence, D., Gommans, L.H., Vollbrecht, J.: Generic AAA Architecture, RFC 2903, August 2000. https://rfc-editor.org/rfc/rfc2903.txt
Aura, T., Sethi, M.: Nimble out-of-band authentication for EAP (EAP-NOOB), Internet Engineering Task Force Internet-Draft draft-aura-eap-noob-08 (2020)
Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos network authentication service (V5), RFC 4120 (Proposed Standard), July 2005. http://www.ietf.org/rfc/rfc4119.txt
Amendment to IEEE Std 802.11. wireless LAN medium access control (MAC) and physical layer (PHY) specifications - Amendment 6: Medium access control (MAC) security enhancements, IEEE Standards (2004)
Pawlowski, M.P., Jara, A.J., Ogorzalek, M.J.: EAP for IoT: more efficient transport of authentication data - TEPANOM case study. In: 2015 IEEE 29th International Conference on Advanced Information Networking and Applications Workshops (2015)
Garcia-Carrillo, D., Marin-Lopez, R.: Multihop bootstrapping with EAP through CoAP intermediaries for IoT. IEEE Internet Things J. 5, 4003–4017 (2018)
Arifin, A.S., Suryanegara, M., Firdaus, T.S., Asvial, M.: IoT-based maritime application: an experiment of ship radius detection (2017). https://doi.org/10.1145/3175684.3175729
Zrelli, S., Shinoda, Y.: EAP-Kerberos: leveraging the Kerberos credential caching mechanism for faster re-authentications in wireless access networks. Center for Information Science Japan Advanced Institute of Science and Technology Ishikawa, Japan (2016)
Pawlowski, M.P., Jara, A.J., Ogorzalek, M.J.: Compact extensible authentication protocol for the Internet of Things: enabling scalable and efficient security commissioning (2015)
Kolluru, K.K., Paniagua, C., van Deventer, J., Eliasson, J., Delsing, J., DeLong, R.J.: An AAA solution for securing industrial IoT devices using next generation access control (2018)
DeKok, A., Lior, A.: Remote Authentication Dial In User Service (RADIUS) Protocol Extensions, RFC 6929, April 2013. https://doi.org/10.17487/RFC6929
Garcia-Carrillo, D., Marin-Lopez, R., Kandasamy, A., Pelov, A.: A CoAP-based network access authentication service for low-power wide area networks: LO-CoAP-EAP. Sensors 17(11), 2646 (2017). http://www.mdpi.com/1424-8220/17/11/2646
Cao, Z., He, B., Shi, Y., Wu, Q., Zorn, G.: EAP Extensions for the EAP Re-authentication Protocol (ERP), RFC 6696 (Proposed Standard), July 2012. https://datatracker.ietf.org/doc/rfc6696/
802.11r: IEEE Standard for Information technology, Telecommunications and information exchange between systems, Local and metropolitan area networks - Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 2: Fast Basic Service Set (BSS) Transition, IEEE Standards (2008). http://dx.doi.org/10.1109
Pritikin, M., Richardson, M., Behringer, M., Bjarnason, S., Watsen, K.: Bootstrapping Remote Secure Key Infrastructures (BRSKI), Internet-Draft draft-ietf-anima-bootstrapping-keyinfra-16, June 2018
Dwivedi, A.D., et al.: A decentralized privacy-preserving healthcare blockchain for IoT. Sensors 19(2), 326 (2019)
Malina, L., et al.: A secure publish/subscribe protocol for internet of things. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, pp. 1–10, 26 August 2019
hostapd: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator, July 2010. http://hostap.epitest.fi/hostapd/
Linux WPA/WPA2/IEEE 802.1X Supplicant, July 2010. http://hostap.epitest.fi/wpasupplicant
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Kharouf, W., Abid, M. (2020). EAP-NOOB-KRB for Mutual Authentication in IoT Environment. In: Jemili, I., Mosbah, M. (eds) Distributed Computing for Emerging Smart Networks. DiCES-N 2020. Communications in Computer and Information Science, vol 1348. Springer, Cham. https://doi.org/10.1007/978-3-030-65810-6_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-65810-6_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-65809-0
Online ISBN: 978-3-030-65810-6
eBook Packages: Computer ScienceComputer Science (R0)