Integrated security for data transfer and access control using authentication and cryptography technique for Internet of things

Abstract

The entire world is running behind the smart technology to accomplish the daily needs in a smart way such as smart farming, smart irrigation system, smart transportation system, smart medical management, handling of smart home appliances, smart security, etc. Smart technology is the soul property of internet services and accessing data from virtual servers, which raises the alarm of security vulnerability and threats. In recommended system we have focused on application layer security which are concerned with application interface and queue manager for service exchange. As application layer is the closest to end user and produces the big threat to the application platform it motivates us to recommend strong multilevel security system to identify the different activity of handlers and identify their roles to enroute of accessing confidential data services. Subsequently, our work is to assure that every user should have an authentication key with specific privileges to get the desired information. In focus, we see the security management by integrating the Kerberos authentication protocol with honey encryption technique to provide strong multilevel security system.

Keywords

Internet of things security authentication protocol honey encryption

1. Introduction

Presently the Internet has become ubiquitous and accessible to the entire urban area population and reachable to every corner of the globe. Since the origin of IOT technology, it appears so easy to join the electrical devices and home appliances to the internet and can be controlled from the remote location as per our demand. Internet of things is the new technology, which made it possible for heterogeneous devices on the common platform where all the devices and appliances are linked with each other virtually and sometimes physically. The Internet of things achieves a specific task that requires a high grade of intelligence with the help of smart technology. In 2013 the Global Standards projected Internet of Things (IOT-GSI) which defines the arts as the base of the information society. IOT is a collective approach where devices are built-up with microchips, Circuit and a combination of different registers and conductors to perform with sensing devices and actuators to perform smartly. It has become a symbolic smart object of the class cyber-physical systems, which produces the technology in all the major areas such as smart grids, smart city, smart garbage management, smart homes, smart medical, smart harvesting, etc.

2. Related work

By referring to the numerous journals related to database security and network security which expose several security threats to confidential data and transmission. Here Asim Majeed [1, 2] has discussed the application of signature-based authenticated technique and the successful test on IoT devices with the help of Burrows-Abadi-Needham logic for security and using of AVISP(Automated Validation of Internet Security Protocols and Applications) Fatima and Berrehilli [3, 4, 5, 6] focused on some time block chain technique that is also used along with RSA public-key cryptography to provide strong security mechanism and stopping the vulnerability using EBIOS methodology. Baldani and Huang has [6, 7, 8, 9] observed the several issues related to different type of attacks and threats which leads to measure damage different type of security mechanism is used such as bootstrap modeling, symmetric cryptography, authentication protocol, and smart radiofrequency devices RFID, but still we are lacking to provide sufficient security to secure our data and system from any type of security breach. Mangal, Mujahid, and Mama have explored [11, 12, 13] if see the different aspects of configuration and topology of network and device to evaluate the elasticity of different types of attacks and analysis of different type of threat vectors and capacity of authentication protocol and server for revealing the specific type of techniques. Maxima and Leila [14, 15] discussed the several security mechanisms RFID has introduced for summarizing the risk by analyzing the vulnerable objects and performing the risk prediction activity. Nicolas et al. [16, 17, 18] have discussed the individual node security by a host to host encryption but remains to fail due to easy of inefficient physical address accessibility along with homomorphism cryptography approach. Huh, Sabrina has [19, 20] discussed the different approaches to expose how to assure security and privacy over the network which carries sophisticated data using secure architecture ICN-IoT architecture to analyze the probable threats and provide toughness to encrypted secure data. Batool [21, 22] observe the operational activity of NFV and SFC in secure communication by implementing secure accessing and data analytical services. Tim abels, El-Maliki and Jerald [23, 24, 25] analyzed the monitoring system for a user by implanting authentication and activity management for all types of users using data mining tools and cryptography techniques. Wazir et al. [26, 27, 28] have focused that how honey encryption has proven its strength in wireless networks for providing password security and proven the appreciable result against brute force attack. Ari and Ansari [29, 30] have discussed the different applications of wireless network security and revealed the merit of honey encryption in the field of database security where password is very sensitive and difficult to manage for every transaction.

3. Statements-3A: Authentication, authorization, authenticator with Kerberos framework

3.1 Authentication

Authentication is used by a server when the server needs to recognize precisely who is accessing their information or site. Authentication can be done on both sides (Sender and Receiver) during the authentication process. Authentication could be done in several ways such as digital systems, OTP, Passwords, Biometric, Retina, Thumb, Face detection. Certification does not decide which type of task the individual can exercise or which type of files the individual can access. So during authentication, any test can be done based on predefined methodologies.

3.2 Authorization

Authorization depends on the authentication process which tells about the client and nature along with the access privilege list. In some cases, there is no authorization a user may use a resource or approach a file on demand by giving some preliminary information. Generally, authorization is not used in dynamic communication.

3.3 Authenticators

The data which is uploaded to the authenticator side must be attached with a timestamp protocol to avoid the dictionary attack and suppress those attacks which use the replay mechanism at the receiver side.

Figure 1.

Integrated architecture of authentication and honey cryptography.

3.4 Taxonomy of Kerberos

Kerberos is an authentication protocol that primarily uses a hidden key cryptography approach. Kerberos uses three types of server names with authentication server which is authorized for each and every user through registration and validation process. After successful authentication, it addresses the request towards the ticket-granting server, which is liable to grant two types of keys namely session key and security key in order to access the real server.

Real server: Next to this final request will go to a real server that is responsible to maintain the desired data from where a client can access the data using security key and session key from the available realm of servers in a designated session. Such as Key Distribution center, Session Tickets keys, Mutual Authentication (Client/Server), Ticket-Granting Tickets, Real server as a service provider.

4. Proposed security framework

Overdue demand for communicating network and internet-based technology has delivered the vulnerability to our system and sophisticated data. Kerberos provides an atomic solution and gives more security at the real server by using a password protection algorithm through honey encryption. So the integrated approach of authentication server Kerberos and password protected encryption technique for real server data services is achieved.

From Fig. 1, this encryption technique is used for shielding the password of customer who participates in communication against security breaches. The reason behind the development of Honey encryption is that it produces probable and duplicates passwords which can be an attempt by a malicious user and misguide them for a given session, so honey encryption can stop the brute force attack completely and reduces the vulnerability.

Figure 2.

Workflow view of the authentication and cryptography process.

4.1 Logical description of authentication and Encryption technique

Procedure: Authentication Start()

1. if (User $=$ new_registration) then

2. User $=$ key_registration()

3. if (User Authentication all credentials given) then

4. Generate_UID()

5. store UID in Kerberos Server

6. else

7. Message "enter all the necessary credentials"

8. end if

9. end if

10. if (Service Request $=$ New Service()) then

11. Service_Authentication()

12. if (Service all Credentials given) then

13. Generate_SID()

14. Store UID in Kerberos Server

15. else

16. Message "Enter all the necessary Credentials"

17. end if

18. end if

19. Goto user Authentication Process()

20. Login With Registered Userkey

21. While (User Registration is sent from input with UID)

22. Encrypt UID with user and device credentials using public

key

23. While (Encrypted UID is received in Kerberos Server)

24. Begin Decryption of Encrypted Values by Private Key in

Kerberos Server

25. end while

26. end while

27. if (Decrypted UID $\|$ KDC in Kerberos Server)

28. Message "User is authenticated"

29. else

30. Message "Authentication Failed"

31. end if

32. Continue Authentication Validation Role based

33. if (user Activity $==$ is identified) //*Revoke privileged matrix

34. Compare the Actions that are generated by user

35. if (Actions $==$ Matched_predefined event())

36. Message "Activity Recognition is successful"

37. else

38. Message "Activity Recognition is Invalid"

39. end if

40. Goto Requesting $K_{\text{tgs}}$ server()

41. if (user session key $==$ Grant()) then

42. Generate session key()

43. if (user $==$ Authentication Exchange) then

44. Message "Session Key is provided by using Ticket Granting

server"

45. Return (Session Key $==$ count $++$ )

46. else

47. (session key == 0)

48. end if

49. Continue Communication With Real server with Honey

Encrypted Data

50. Req_ticket $==$ Real Server

51. Grant server key $=$ (session key $+$ security key) $=$ user

52. if (Ticket Granting service sends the Tkts to user)

53. Message "Connection Established from server to user"

54. Apply honey encryption technique on packets and release();

55. end if

56. End_Process()

4.2 Collaboration diagram of integrated security system

From the Fig. 2 user is first interacting with the security server which is inbuilt with three different types of sever AS, TGS, RS.

4.2.1 Communication process between client, authentications server TG-server, real server

1. C $\to$ As(ID ${}_{\rm c}$ $\|$ ID ${}_{\text{tgs}}$ )

2. As $\to$ C(E(Kc.Ticket ${}_{\text{tgs}}$ )

3. C $\to$ TGS(IDc $\|$ IDv $\|$ Ticket ${}_{\text{tgs}}$ )

4. TGS $\to$ C(Ticket ${}_{\rm v}$ )

5. C $\to$ V(IDc $\|$ Ticket ${}_{\rm v}$ )

6. Ticket ${}_{\text{tgs}}=$ E(K ${}_{\text{tgs}}$ [ID ${}_{\rm c}$ $\|$ AD ${}_{\rm c}$ $\|$ ID ${}_{\text{tgs}}$ $\|$ TS ${}_{1}$ $\|$ LT ${}_{1}$ ])

7. Ticket ${}_{\rm v}=$ E(K ${}_{\rm v}$ [ID ${}_{\rm c}$ $\|$ AD ${}_{\rm c}$ $\|$ ID ${}_{\rm v}$ $\|$ TS ${}_{2}$ $\|$ LT ${}_{2}$ ])

$=$ E(K ${}_{\rm v}$ [K ${}_{c,v}$ $\|$ ID ${}_{\rm c}$ $\|$ AD ${}_{\rm c}$ $\|$ ID ${}_{\rm v}$ $\|$ TS ${}_{4}$ $\|$ LT ${}_{4}$ ])

8. Authentication ${}_{\rm c}=$ E(Kc, tgs, [IDc $\|$ ADc $\|$ TS3]

9. C $\to$ V Ticket ${}_{\rm v}\|$ Authentication ${}_{\rm c}$

10. V $\to$ C $=$ E(K ${}_{\rm c,v}$ [TS ${}_{5}+1$ ]) /*shows mutual authentication

11. Ticket ${}_{\rm v}=$ E(K ${}_{\rm v}$ [K ${}_{\rm c,v}$ $\|$ ID ${}_{\rm c}$ $\|$ AD ${}_{\rm c}$ $\|$ ID ${}_{\rm v}$ $\|$ TS ${}_{4}$ $\|$ LT ${}_{4}$ ]) $+$

HENC ${}_{\rm H,E}$ (K,M)[S $\leftarrow$ $encode(M)

12. R $\leftarrow$ ${0,1} ${}^{2}$ , K ${}^{1}$ $\leftarrow$ H(R $\|$ K), P $\leftarrow$ E $\|$ for i $=$ 1 to [s $\|$ n].C ${}_{2}$ P

$\leftarrow$ P $\|$ E(K ${}^{1}$ , 2 ${}^{1}$ )

13. C ${}_{2}$ $\leftarrow$ P[1 $\ldots$ $|$ S $|$ ] $\oplus$ S

14. return (R, C ${}_{2})$

15. C $\leftarrow$ D(HDEC ${}_{\rm H,E}$ (K, (R, C ${}_{2}))$ )

16. [K ${}^{1}\leftarrow$ H(R $\|$ K),

17. P $\leftarrow$ E $\|$ for i $=$ 1 to [ $|$ S $|$ /n]

18. P $\leftarrow$ P $\|$ E(K ${}^{1}$ , 2 ${}^{1})$

19. C ${}_{2}$ $\leftarrow$ P[1 $\ldots$ $|$ S $|$ ] $\oplus$ S

20. S $\leftarrow$ C ${}_{2}\oplus$ [1 $\ldots$ $|$ S $|$ ]

21. M $\leftarrow$ Decode(S)

22. C $\leftarrow$ return(M)

Description 1. Authentication server is having a major role compared to others due to different operations involved in the first phase itself such as validation of input followed by authenticated and relevant data acquisition.

Description 2. After the successful data acquition next work is to conduct classification process subsequently to send the corresponding privilege to access ticket-granting server which is used to allocate token key session key and security key.

Description 3. And at last real server which provides the secure and safe data to user. The real server is a service server where the actual data is stored in an encrypted format with a honey encryption technique to protect the data packets from a password/brute force attack during a transaction.

4.2.2 Layer wise authentication process

Layer-1: Login_Validation()

1. User Login – Start

2. Let $U_{i}$ ( $u_{1},u_{2},u_{3},\ldots,U_{n-1}$ ) is a Participated user

3. $U_{id}$ $-$ $>$ $U_{ser}$ Identity

4. Defined User be- $U_{ser}$ , Key be $K_{i}$ , Session key be $Sk_{i}$ ,

5. Database be DB, Real server $R_{S}$

6. User id – Registration() to $A_{s}$

7. Pwd ${}_{k}$ – Key generation (Key distribution center)

Where, key $=K\{i_{1},i_{2},i_{3},i_{4},\ldots,i_{n-1}\}$

8. Authentication Process()

9. User_id As $\{U_{id},k_{i}\}$

10. Create new login()

11. if (login_attempt count() $>$ 0) then

12. else if New User_ID, password $==$ Prototype user Id, Password

13. Find( ${A}_{best}$ (Test) occurs between [ $A_{best}$ (Full centroid)] Min-

Max) Then

14. User Grant Access with Privilege()

15. else

16. Attempt count $\geqslant$ min_attempt()

17. else if(Attempt count $\geqslant$ Max_attempt()) Then,

18. User $==$ Un-Authentic()

19. End procedure()

Layer-2: Key_Validation()

Here validation process will occur before granting the ticket to every client who has been authorized by an Authentication server.

20. Starts user validation at Ticket granting server

21. Validate_As $(U_{id},n(g))=(i_{1},i_{2},i_{3},i_{4},\ldots,i_{n-1})$

22. For all user id, Uid $=$ ‘V’

23. Therefore there will be an existence of

24. TGS $\to$ $U_{i\{{Ski,Tgs{\_}t}\}}$

25. Where $S_{ki}=$ Session key Tgs $=$ Ticket Granting Server with

timestamp.

26. $U_{i}$ $\to$ Real server (Uid $\|$ Real server key) / * User received the

real (server key)

27. Continue with step (4) followed by $U_{i}$

28. Real server ( $R_{2}$ T (H(R ${}_{2}$ ))) $\|$ * $U_{i}$ is given privilege to enter

into real server to interpret with money encryption.

29. Real server ( $R_{s}$ ) $\to$ $E_{T}$ (P (T).X) Where Kn(g) $\to$ $R_{s}(i)\oplus I=$

$t_{1}+t_{2}\ldots t_{n-1}$

30. $U_{i}\leftarrow R_{s}P_{i}\oplus k_{1}\oplus T,PK_{ST}$

Layer-3: Begin_Cryptography()

31. Algorithm for Data Confidentiality using Honey Encryption

32. RS_H(E) Process()

33. $U_{i}\leftarrow$ R ${}_{\rm s}$ [Grant(D ${}_{\rm p}+$ $S_{\rm k})$ ]

34. $U_{i}\leftarrow$ D ${}_{\rm p}+$ Sec ${}_{\rm k}$ _H(E)

35. Where,

36. H(F) $\leftarrow$ nc (K1m)

37. CT $\leftarrow$ Se1 Se

38. Ui $\to$ D(CTH(F))

39. Next,

40. H(F) $\leftarrow$ Decy (K1R(n),CT)

41. M $\leftarrow$ decode (Se)

42. Ui $\leftarrow$ receive (M)

43. Ui $\to$ Close Trans()

44. End

5. AVISPA framework

Experimental demonstration is projected using the AVISPA (SPAN) tool that is used to validate the internet security protocol automatically which uses high-level protocol specification language HLPSL. After simulation with the AVISPA tool, we can conclude the existing protocol strength and make enhancement to provide more security.

Figure 3.

AVISPA architecture.

5.1 Architecture of AVISPA tool

From Fig. 3 is showing the working architecture of the tool which is internally separated and integrated for different specific purposes. The HLPSL can implement as expressive and role-based modular language which is used for several cryptographic functions, algebraic operators with their algebraic and security.

5.2 Translator HLPSL – IF

Translator IF is used to trigger automatic input to the AVISPA backend tools. IF specifications are automatically inputted to the back-ends of the AVISPA Tool.

5.3 Intermediate format-IF

This IF is used to describe a protocol in terms of rules rewriting which describes an infinite state, transition rule, infinite-state transition along with the initial state and property which is related to state-based safety property.

5.3.1 On-the-fly model-checker OFMC

This module is powerful due to the integration of several number of symbolic and constrained based technique which is correct and declared itself as complete to guessing different attacks on inferior passwords.

5.3.2 CL-based attack searcher CL-AtSe

CL-AtSe created on a modular approach and openly extended for crypto operators and algebraic properties.

5.3.3 SAT-based model-checker SATMC

SATMC module is used to construct a proposition with procedural cryptography.

5.3.4 Tree-automata-based protocol analyzer TA4SP

These Protocols perform their tasks on the back-end triggered verification process on unbounded protocol verification using resembling knowledge of the intruder by observing regular tree and rewriting semantics.

6. AVISPA simulation process

With the reference to validate the entire validation is performed to check the performance of the existing protocol is done with AVISPA tool using HLPSL language:

Step 1: Step 1:
Run the Oracle VM Virtual Box environment to set up the supporting platform for the SPAN.
Step 2:
Click on Start button to initiate the process followed by SPAN application environment.
Step 3:
Start writing HLPSL code or dump the code from different sources in a source code editor and run the program after saving the file with.hlpsl extension.
Step 4:
From SPAN 1.6 protocol verification we can analyze the validity of the existing tool and can process the additional or integrate with the new protocol to enhance the strengthening of the existing system with a new hybrid mechanism.
Step 5:
From this tool, we can find out SAFE/UNSAFE mode after running the validation module OFMC and provide remedies with new techniques.
Step 6:
After successful validation of existing protocol and enhanced protocol we exit from the SPAN and the same code can be used in the future for a different purpose.

Finally by integrating the three-level authentication and cryptography process is showing the reinforced security system instead of a single system.
7. Conclusion and future work

From the above setup and algorithm with Visual representation, it is clear that we can control and monitor malicious user activity and restrict the access control. In this paper, we have discussed the integrated impact of authentication and cryptography mechanism for handling multiple security challenges in Internet of things base application. In this regard, we have implemented a Kerberos authentication protocol with a honey encryption algorithm using AVISPA (Automated Validation of Internet Security Protocol and Application) which is showing the safe result and in summary, our proposed work is appropriate for real-time application in Internet of things scenario. Our future work is to develop a protocol that can support the multilayer security technique on a single platform to handle heterogeneous types of diverse attacks and other security challenges related to Internet of things.

References

Majeed

, Internet of things (IoT): A verification framework, IEEE (2017).

Zahra

B.F.

et al., Risk analysis in the internet of things using EBIOS, IEEE (2017).

Dorsemaine

et al., A new threat assessment method for integration an IoT infrastructure in an information system, IEEE (2017).

Stergiou

et al., Architecture for security monitoring in IoT environments, conference, IEEE (2017).

Midi

et al., A system for knowledge-driven adaptable intrusion detection for the internet of things, IEEE (2017).

Baldini

Fourneret

Neisse

Legeard

and Le Gall

, Security certification and labelling in internet of things.

Huang

, Private and secured medical data transmission and analysis for wireless sensing healthcare system, IEEE Transactions on Industrial Informatics. doi: 10.1109/TII.2017.2687618.

Nakagawa

and Shimojo

, Agent platform mechanism with the transparent cloud computing framework for improving IoT security, IEEE (2017).

Zouari

Hamdi

and Kim

, A privacy-preserving homomorphic encryption scheme for the internet of things, IEEE (2017).

10.

Metongnon

, Eugene et al., Efficient probing of heterogeneous IoT networks, IFIP (2017).

11.

Sain

Kang

and Lee

H.J.

, Survey on security in internet of things: State of the artistic production and challenges, ICACT (2017).

12.

Mohsin

et al., IoTSAT: A formal framework for security analysis of the internet of things (IoT), IEEE (2016).

13.

Abderrahim

M.B.

Elhdhili

M.H.

and Sudan

, TMCoI-SIOT: A trust management system based on communities of cyberspace for the Social Internet of Things, IEEE (2017).

14.

Nawi

et al., Internet of Things (IoT): Taxonomy of security attacks, IEEE (2016).

15.

M. Abderrahim

et al., CTMS-SIOT: A context-based trust management system for the social internet of things, IEEE (2017).

16.

Sklavos

et al., Cryptography and Security in the Internet of Things (IoT): Models, schemes, and implementations, IEEE (2016).

17.

Massonet

Deru

Levin

and Villari

, End-to-end security architecture for federated cloud and IoT networks, IEEE (2017).

18.

Challa

Wazid

Md.

Das

A.K.

and Kumar

, Secure signature-based authenticated key establishment scheme for future IOT applications. doi: 10.1109/ACCESS.2017.2676119, IEEE.

19.

Kim

et al., Managing IoT devices use blockchain platform, ICACT (2017).

20.

Sicari

et al., A secure ICN-IoT architecture, IEEE (2017).

21.

Batool

et al., Internet of things data analytics for user authentication and activity recognition, IEEE (2017).

22.

Abels

Khanna

and Midkiff

, Future proof IoT: Composable semantics, security, QoS and reliability, IEEE (2017).

23.

El-Maliki

et al., Efficient security adaptation framework for internet of things, IEEE (2016).

24.

Jerald

and Rabara

, Algorithmic approach to security architecture for integrated IoT smart services environment, IEEE (2016).

25.

Khan

W.Z.

et al., Mobile RFID in the internet of things: Security attacks, privacy risks, and countermeasures, IEEE (2016).

26.

Gracy

P.L.

and Venkatesan

, A honey encryption-based efficient security mechanism for wireless sensor networks, IJPAM (2018).

27.

Noorunnisa

N.S.

et al., Review on honey encryption technique, IJSR (2018).

28.

Juels

and Ristenpart

, Honey encryption: Security beyond the brute-force bound, 2014.

29.

Sahu

and Ansari

M.S.

, Securing messages from brute force attack by combined approach of honey encryption and blowfish, IRJET (2017).

30.

Murty

and Mulchandani

, Improving security of honey encryption in database: Implementation, ICSESD (2017).