Abstract
In the information technology era, authentication systems have been developed that use multi-factor authentication to ensure the authorisation of users and administrators. There are many schemes based on factors such as smart cards, biometrics, and token devices. Although these schemes are generally strong, they suffer from several drawbacks such as malicious attacks, factors that may be lost/stolen, and a need for extra hardware/software. In this paper, we propose a strong authentication scheme for an IoT environment to authenticate the owners of devices. Our work supports a negotiation service using an anonymous QR image as a second factor to check the authority of an administrator. The proposed scheme has good security features such as mutual authentication, a secure index file, anonymity of the user’s identity and password, a secure session key, and perfect forward secrecy. Additionally, our work can resist well-known attacks such as the man in the middle, insider, and spoofing attacks, among others. In the real world, we apply our scheme using a mobile phone (Samsung Galaxy S5 model SM-900H) and server (Intel Xeon E3 – 1220LV2 3.5GHZ 4GB RAM). Based on its accuracy and performance standards, we obtain good results in the login and authentication phases. Moreover, the computational cost of our work is comparable to that of related works.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Ammar, M., Russello, G., Crispo, B.: Internet of Things: a survey on the security of IoT FRAMEWORKS. J. Inf. Secur. Appl. 38, 8–27 (2018)
Wazid, M., Das, A.K., Hussain, R., Succi, G., Rodrigues, J.J.: Authentication in cloud-driven IoT-based big data environment: survey and outlook. J. Syst. Arch. 97, 185–196 (2019)
Alshahrani, M., Traore, I.: Secure mutual authentication and automated access control for IoT smart home using cumulative keyed-hash chain. J. Inf. Secur. Appl. 45, 156–175 (2019)
Wazid, M., Das, A.K., Bhat, V., Vasilakos, A.V.: LAM-CIoT: lightweight authentication mechanism in cloud-based IoT environment. J. Netw. Comput. Appl. 150, 102496 (2020)
Meneghello, F., Calore, M., Zucchetto, D., Polese, M., Zanella, A.: IoT: Internet of Threats? a survey of practical security vulnerabilities in real IoT devices. IEEE Internet Things J. 6(5), 8182–8201 (2019)
Nandy, T., Idris, M.Y.I.B., Noor, R.M., Kiah, M.L.M., Lun, L.S., Juma’at, N.B.A., Bhattacharyya, S.: Review on security of Internet of Things authentication mechanism. IEEE Access 7, 151054–151089 (2019)
Henze, M., Hermerschmidt, L., Kerpen, D., Häußling, R., Rumpe, B., Wehrle, K.: A comprehensive approach to privacy in the cloud-based Internet of Things. Fut. Gener. Comput. Syst. 56, 701–718 (2016)
Lee, J.K., Ryu, S.R., Yoo, K.Y.: Fingerprint-based remote user authentication scheme using smart cards. Electron. Lett. 38(12), 554–555 (2002)
Lin, C.H., Lai, Y.Y.: A flexible biometrics remote user authentication scheme. Comput. Stand. Inter. 27(1), 19–23 (2004)
Khan, M.K., Zhang, J.: Improving the security of ‘a flexible biometrics remote user authentication scheme.’ Comput. Stand. Inter. 29(1), 82–85 (2007)
Chen, L., Wei, F., Ma, C.: A secure user authentication scheme against smart-card loss attack for wireless sensor networks using symmetric key techniques. Int. J. Distrib. Sens. Netw. 11(4), 704502 (2015)
Huang, X., Xiang, Y., Chonka, A., Zhou, J., Deng, R.H.: A generic framework for three-factor authentication: preserving security and privacy in distributed systems. IEEE Trans. Parallel Distrib. Syst. 22(8), 1390–1397 (2010)
Ndibanje, B., Lee, H.J., Lee, S.G.: Security analysis and improvements of authentication and access control in the internet of things. Sensors 14(8), 14786–14805 (2014)
Liu, J., Xiao, Y., Chen, C.P.: Authentication and access control in the internet of things. In 2012 32nd International Conference on Distributed Computing Systems Workshops, pp. 588–592. IEEE (2012)
Yao, X., Chen, Z., Tian, Y.: A lightweight attribute-based encryption scheme for the Internet of Things. Fut. Gener. Comput. Syst. 49, 104–112 (2015)
Turkanović, M., Brumen, B., Hölbl, M.: A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion. Ad Hoc Netw. 20, 96–112 (2014)
Kalra, S., Sood, S.K.: Secure authentication scheme for IoT and cloud servers. Perv. Mob. Comput.ing 24, 210–223 (2015)
Cirani, S., Picone, M.: Effective authorization for the Web of Things. In 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT), pp. 316–320. IEEE (2015).
Pinto A., Costa R.: Hash-chain based authentication for IoT devices and REST web-services. In: Lindgren, H., et al. (eds.) Ambient Intelligence- Software and Applications – 7th International Symposium on Ambient Intelligence (ISAmI 2016). ISAmI 2016. Advances in Intelligent Systems and Computing, vol 476, pp. 189–196. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40114-0_21
Cirani, S., Picone, M., Gonizzi, P., Veltri, L., Ferrari, G.: IoT-oas: an oauth-based authorization service architecture for secure services in IoT scenarios. IEEE Sens. J. 15(2), 1224–1234 (2014)
Shahzad, M., Singh, M.P.: Continuous authentication and authorization for the internet of things. IEEE Internet Comput. 21(2), 86–90 (2017)
Wiseman, S., Soto Mino, G., Cox, A. L., Gould, S. J., Moore, J., Needham, C.: Use your words: designing one-time pairing codes to improve user experience. In Proceedings of the 2016, May CHI Conference on Human Factors in Computing Systems, pp. 1385–1389 (2016)
Ouaddah, A., Elkalam, A.A., Ouahman, A.A.: Towards a novel privacy-preserving access control model based on blockchain technology in IoT. In: Rocha, Á., Serrhini, M., Felgueiras, C. (eds.) Europe and MENA Cooperation Advances in Information and Communication Technologies. Advances in Intelligent Systems and Computing, vol 520, pp. 523–533. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-46568-5_53
An, Y. Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards. J. Biomed. Biotechnol. (2012)
He, D., Gao, Y., Chan, S., Chen, C., Bu, J.: An enhanced two-factor user authentication scheme in wireless sensor networks. Ad Hoc Sens. Wirel. Netw. 10(4), 361–371 (2010)
Xue, K., Ma, C., Hong, P., Ding, R.: A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. J. Netw. Comput. Appl. 36(1), 316–323 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Aldarwish, A.J.Y., Yassin, A.A., Rashid, A.M., Yaseen, A.A., Alasadi, H., Alkadhmawee, A.A. (2021). Multi-factor Authentication for an Administrator's Devices in an IoT Environment. In: Anbar, M., Abdullah, N., Manickam, S. (eds) Advances in Cyber Security. ACeS 2020. Communications in Computer and Information Science, vol 1347. Springer, Singapore. https://doi.org/10.1007/978-981-33-6835-4_3
Download citation
DOI: https://doi.org/10.1007/978-981-33-6835-4_3
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-33-6834-7
Online ISBN: 978-981-33-6835-4
eBook Packages: Computer ScienceComputer Science (R0)