Professional Documents
Culture Documents
Television
distributed geographically and communicate with each other. Music Player
[8], [12], [13]. From these schemes (a-g), we infer that most from the IoT perspective. Our proposed OTP scheme, based
of the schemes are dependent on the particular type of IoT on IBE curve and Lamport’s OTP algorithm is described in
architecture and used at different layers of IoT protocol stack. Section III. Security analysis of proposed OTP protocol is de-
With regards to security, they are prone to attacks, most scribed in Section IV. In Section V, Results and comparison of
of these schemes need local key management and require our proposed OTP schemes against the existing OTP schemes
infrastructure for storing the keys, hence vulnerable to key are analysed. Finally the paper is concluded in Section VI.
thefts [4], [5].
II. R ELATED W ORK
CLOUD_A CENTRAL CLOUD_B
Gateway-i CLOUD Gateway-k As discussed earlier, the strengths and weaknesses of sev-
DEVICE-A1 DEVICE-B1
eral authentication schemes and their mitigations are proposed
request OTP(CLOUD_B
Gateway-k DEVICE-B1)
in [3]–[8]. OTP based on One Way Function (RSA) is proposed
by Bicakci et al. [16]. RSA based OTP and SecureID token
send generated OTP
algorithms were broken and attacks are reported worldwide
request information (OTP) [17]. It is shown that using number theoretic concepts such
validate OTP and send information as Chinese Remainder Theorem (CRT), Multiple Polynomial
Quadratic Sieve (MPQS), attacks such as Integer Factorization,
Discrete Logarithmic, Quantum Factoring, Forward, Fixed
Fig. 2: Inter Cloud OTP scheme in IoT Point, Partial Key Exposure, Square Root, etc., are possible
against RSA scheme. Yeh et al. proposed OTP based authen-
Thus we strongly argue that due to the larger deployment tication scheme based on challenge response model [16]. This
of the IoT devices and are connected to the Internet, relying scheme suffers from pre-play and impersonate attacks [16].
upon a single authentication scheme is a security risk, hence a Further, Linear Secret Sharing (LSS) based OTP generation is
two-factor authentication scheme is a requirement for enabling described in [18]. In [8], the author introduced the concept
security of IoT devices and applications. Here an application of OTP to envisage password authentication over insecure
or device requires an information from a remote device or need channel. S/Key OTP system is designed based on Lamport’s
to control a device, which is located elsewhere and does not OTP algorithm. Goyal et al. proposed an efficient OTP algo-
belong to same gateway/cloud and also uses different security rithm [19] to authenticate device for (t + 1)th time, it needs
protocol or scheme. In such scenarios, enabling authentication to submit the (t)th received OTP. But this scheme requires
is cumbersome. In such circumstances, an application/ device reinitialization.
can request the central cloud (cf. Fig. 2) to generate OTP Based on Lamport’s OTP algorithm, other OTP mecha-
and central cloud generates and distributes the OTP to both nisms based on HMAC (HOTP, TOTP) are discovered [12],
the application/device and remote device. In order to get [13]. Further, TOTP uses HMAC based OTP schemes with
authenticated, application/device submits its authentication in- MD5, SHA1, SHA256 AND SHA512 are depicted in [13].
formation along with the OTP to the remote device. The remote Though HMAC based authentication schemes are standardized
device validates the application/device request authenticity by by NIST, ANSI, IETF and are used in Secure Socket Layer
OTP validation along with the authentication information and (SSL), TLS, IPSec, etc., protocols, are prone to attacks such
process the requested information Thus use of OTP along as birthday, forgery, full key recovery and collision [20]–[22].
with the existing authentication scheme for enabling a two-
factor authentication is sufficient and necessary requirement To overcome this, OTP based on bilinear paring is dis-
to mitigate the aforementioned security risks/threats and also cussed in [23]. However, bilinear pairing based scheme is
handles weakness of OTP scheme such as replay and man computationally complex and practically deploying for authen-
in the middle attacks [3], [14], [15]. Hence, we discuss the ticating transactions may be infeasible. Hence we argue that
adaptability of a particular class of authentication schemes our proposed OTP generation technique which is based on the
such as OTP and SecureID token schemes for IoT devices principles of IBE-ECC which does not require storage of the
in Cloud. private information of the users/devices for generating OTP is
a feasible solution for authenticating IoT devices/applications
Based on the literature survey, most of the existing OTP and communications between them.
schemes such as Hash based OTP (HOTP), Time Synchronized
OTP (TOTP), HMAC-MD5, HMAC-SHA1, HMAC-SHA256,
III. P ROPOSED OTP S CHEME BASED ON I DENTITY
HMAC-SHA512 and Lamports OTP are described in general BASED E LLIPTIC C URVE
and not specific to IoT. Hence as part of our work, we evaluate
the suitability of these schemes for IoT through analytical Identity based cryptography is a public key cryptosystem
analysis and propose efficient lightweight OTP scheme based introduced by Shamir [24]. Further, elliptic curve based pair-
on Identity Based Elliptic Curve Cryptography (IBE-ECC) and ing was developed by Boneh and Franklin [25]. We adapt
evaluate the performance of OTP scheme over some of the lightweight IBE-ECC to design a novel OTP scheme, which is
existing OTP schemes and extend the Lamports OTP scheme a suitable candidate for authenticating IoT devices and appli-
by using IBE-ECC technique. cations. To envisage this, PKG performs the job of the OTP
generator and validator at IoT cloud platform (cf. Fig.1). In
The paper is organized as follows. Section II describes a
the following subsections, we propose a novel OTP generation
related work on existing OTP techniques and their limitations
scheme using IBE-ECC.
4000
Android Mobile Device
V. R ESULTS AND D ISCUSSION
Server
3000 The primary goal of this paper is to analyse both math-
Time (ms)
9
x 10
8 cations. To authenticate and perform communication between
Bicakci et al.
ECC−Lamport them, a robust, scalable and efficient authentication scheme is
Time (ns) 6
required. Thus proposed OTP schemes are scalable and with
a smaller key size, greater security can be achieved along
4
with two-factor authentication. Further due to heterogeneity of
2
devices and applications, IoT requires heterogeneous authenti-
cation schemes. By tuning the key sizes in our proposed OTP
0
64 128 160 256 512
schemes, this is achievable. Hence we argued and shown that,
Size of Prime Number (bits) OTP based on IBE-ECC is the right candidate for enabling
authentication in IoT.
Fig. 4: Performance of Bicakci et al.’s and Lamport’s OTP
based on IBE-ECC 1000
HMAC−MD5
6
x 10 HMAC−SHA1
12 800
HMAC−SHA256
HOTP
Time (ms)
TOTP HMAC−SHA512
10 600
Chefranov’s
Yeh et al.
Time (ns)
8
Lamport 400
Goyal et al.
6
200
4
0
2 100 200 300 400 500 600 700 800 900 1000
Number of Requests Served
0
HMAC_MD5 HMAC_SHA1 HMAC_SHA256 HMAC_SHA512
Hash Algorithms Fig. 6: Load testing: HMAC-OTP on Server
Fig. 5: Performance of hash-OTP generation algorithms
5
x 10
3
64 bit Prime Number
Fig. 4 describes the OTP generation time based on Bicakci 2.5 128 bit Prime Number
160 bit Prime Number
et al. and our proposed IBE-ECC Lamport algorithm (100 Time (ms) 2 256 bit Prime Number
successive OTPs are generated and the time taken to compute 512 bit Prime Number
the 100th OTP is plotted) for various OTP sizes (cf. Table-II).
1.5
1
The computation times are averaged with various time instance
and device/application ids. From the figure it is expected 0.5
al. algorithms. Further computation time of TOTP algorithm 64 bit Prime Number
128 bit Prime Number
is more in comparison with HOTP algorithm and less in 6 160 bit Prime Number
Time (ms)
comparison with ECC based OTP algorithm. Figures. 6-10 256 bit Prime Number
512 bit Prime Number
4
describe the load test analysis of various OTP generation
algorithms at server. Results are tabulated based on time taken 2
to compute number of simultaneous OTPs generated.
0
From these experimental results, though our proposed OTP 100 200 300 400 500 600 700 800 900 1000
generation based on IBE-ECC and IBE-ECC Lamport takes Number of Requests Served
more time when compared to other schemes, security with
a 160 bit OTP size, our proposed scheme offers equivalent Fig. 8: Load testing: Proposed scheme based on IBE-ECC-
(almost) security of 1024 bit RSA. Note that from the experi- Lamport-OTP on server
mental results, time complexity of our proposed scheme (with
a 160 bit OTP size) is approximately similar to that of other 5000
OTP schemes (cf. Figures 3, 4 Vs 5 and Figures 7-8 Vs 6, 10). HMAC−MD5
HMAC−SHA1
In addition to this, our proposed OTP generation algorithms 4000
HMAC−SHA256
Time (ms)
1200 [7] C. Schmitt and B. Stiller, “Two-way authentication for iot,” in IETF,
HMAC−MD5
1000 HMAC−SHA1 ser. ACE Working Group ’14. IETF, 2014, pp. 1–19.
HMAC−SHA256 [8] L. Leslie, “Password authentication with insecure communication,” in
Time (ms)
800 HMAC−SHA512 Communications of the ACM, ser. J.UCS ’12. New York, NY, USA:
600 ACM, 2012, pp. 770–772.
400
[9] G. Zhao, X. Si, J. Wang, X. Long, and T. Hu, “A novel mutual au-
thentication scheme for internet of things,” in Modelling, Identification
200 and Control (ICMIC), Proceedings of 2011 International Conference
0 on, June 2011, pp. 563–566.
100 200 300 400 500 600 700 800 900 1000
Number of Requests Served [10] V. Cakulev, G. Sundaram, and I. Broustis, “Ibake: Identity-based au-
thenticated key exchange,” in RFC 6539, ser. Informational ’12. IETF,
2012, pp. 1–13.
Fig. 10: Load testing: TOTP-Lamport-OTP on server
[11] M. Parikshit N, A. Bayu, P. Neeli R, and P. Ramjee, “Novel threshold
cryptography-based group authentication (tcga) scheme for the internet
VI. C ONCLUSION AND F UTURE W ORK of things (iot),” in 7th IEEE ANTS. IEEE, 2013, pp. 1–6.
In this paper we have reviewed the existing OTP schemes [12] D. M’Raihi, S. Machani, and J. Rydell, “Hotp: An hmac-based one-
time password algorithm,” in IETF RFC 4226, ser. Network Working
used for end-to-end authentication in IoT and have proposed a Group ’05. IETF, 2005, pp. 1–37.
lightweight, robust and scalable OTP scheme by using the prin- [13] D. M’Raihi, M. Bellare, F. Hoornaert, D. Naccache, and O. Ranen,
ciples of IBE-ECC. Since we do not store the keys, key size is “Totp:time-based one-time password algorithm,” in IETF RFC 6238,
small and do not depend on the previous keys (memory less), ser. Informational ’11. IETF, 2011, pp. 1–16.
our scheme requires lesser resources for operation as compared [14] K. Mijin, L. Byunghee, K. Seungjoo, and W. Dongho, “Weaknesses
to the existing schemes such as HOTP, TOTP, Bicakci et al., and improvements of a one-time password,” in International Journal of
Yeh et al., Lamport’s hash based algorithm and Chefranov Future Generation Communication and Networking, 2009, pp. 29–38.
and Goyal et al, etc. We have implemented the proposed [15] Y. Huang, Z. Huang, H. Zhao, and X. Lai, “A new one-time password
method,” vol. 4. Elsevier, 2013, pp. 32–37.
scheme as well as the above existing schemes in a laboratory
[16] E. Mohamed Hamdy, K. Muhammad Khurram, and A. Khaled, “One-
environment and have analysed our scheme analytically as well time password system with infinite nested hash chains,” in Communica-
as experimentally. Through experimental, as well as analytical tions in Computer and Information Science, ser. Security Technology,
results we have demonstrated that our proposed scheme with Disaster Recovery and Business Continuity Book Chapter’05. Springer,
a smaller key size and lesser infrastructure performs on par 2005, pp. 161–170.
with the existing OTP schemes, without compromising the [17] D. Boneh, “Twenty years of attacks on the rsa cryptosystem,” in Notices
security level. Since our scheme requires less resources and of the AMS, ser. AMS’99. AMS, 1999, pp. 1–16.
the key size is smaller as compared to the existing schemes, it [18] M. Christopher, “One-time password scheme via secret sharing tech-
niques,” in Master of Science Thesis. University of New Orleans,
can be viewed as a prominent candidate for large and diverse 2011, pp. 1–50.
IoT systems such as Smart City, Smart Home and Smart
[19] V. Goyal, A. Abraham, S. Sanyal, and S. Han, “The n/r one time
Infrastructure deployments. As part of our future work, we password system,” in Proceedings of International Conference on
are in the process of deploying our proposed scheme on a real Information Technology: Coding and Computing, ser. ITCC’05. IEEE,
IoT platform such that real-time performance evaluation can 2005, pp. 733–738.
be obtained. [20] X. Wang, H. Yu, W. Wang, H. Zhang, and T. Zhan, “Cryptanaly-
sis on hmac/nmac-md5 and md5-mac,” in Advances in cryptology-
R EFERENCES EUROCRYPT 2009. Springer, 2009, pp. 121–133.
[21] K. Jongsung, B. Alex, P. Bart, and H. Seokhie, “On the security of
[1] J. Antonio J, L. Latif, and S. Antonio, “The internet of everything hmac and nmac based on haval, md4, md5, sha-0 and sha-1,” in SCN
through ipv6: An analysis of challenges, solutions and opportunities,” 2006. LNCS, Springer-Verlag, 2006, pp. 1–18.
in Journal of Wireless Mobile Networks, Ubiquitous Computing, and
Dependable Applications, ser. JoWUA ’13. Innovative Information [22] F. P.A., L. G, and N. P.Q, “Full key-recovery attacks on hmac/nmac-
Science & Technology Research Group, 2013, pp. 97–118. md4 and nmac-md5,” in CRYPTO ’07. Springer, Dec 2007, pp. 1–18.
[2] G.-M. Oscar, K. Sandeep S, H. Sye, Loong Keoh Rene, and S. Rene, [23] L. Yunjin and K. Howon, “Insider attack-resistant otp (one-time pass-
“Security considerations in the ip-based internet of things,” in IETF word) based on bilinear maps,” in International Journal of Computer
Draft-garcia-core-security-06, ser. Internet Draft ’14. IETF, 2014, pp. and Communication Engineering, 2013, pp. 304–308.
1–45. [24] A. Shamir, “Identity-based cryptosystems and signature schemes,” in
[3] A. Hiltgen, T. Kramp, and T. Weigold, “Secure internet banking Proceedings of CRYPTO 84 on Advances in Cryptology. New York,
authentication,” in IEEE Security and Privacy, 2006, pp. 21–29. NY, USA: Springer-Verlag New York, Inc., 1985, pp. 47–53.
[4] M. Parikshit N, A. Bayu, P. Neeli R, and P. Ramjee, “Identity authen- [25] D. Boneh and M. Franklin, “Identity-based encryption from the weil
tication and capability based access control (iacac) for the internet of pairing,” in CRYPTO 2001, ser. LNCS’01. Springer, 2001, pp. 213–
things,” in Journal of River Publications. River Publishers, 2013, pp. 229.
1–40. [26] B. S. Adiga, M. A. Rajan, R. Shastry, V. L. Shivraj, and P. Balamuralid-
[5] L. Chen-Xu, L. Yun, Z. Zhen-Jiang, and C. Zi-Yao, “The novel authenti- har, “Lightweight ibe scheme for wireless sensor nodes,” in Advanced
cation scheme based on theory of quadratic residues for wireless sensor Networks and Telecommuncations Systems (ANTS). IEEE, Dec 2013,
networks,” in International Journal of Distributed Sensor Networks. pp. 1–6.
Hindawi, 2013. [27] D. Boneh, “The decision diffie-hellman problem,” in Third Algorithmic
[6] N. Huansheng and L. Hong, “Directed path based authentication scheme Number Theory Symposium, ser. LNCS’98. Springer, 1998, pp. 48–63.
for the internet of things,” in Journal of Universal Computer Science,
2012, pp. 1112–11 131.