Systematic investigation and performance study of authentication and authorization techniques of Internet of Things

Abstract

At present, Internet of Things (IoT) finds valuable application in the field of smart cards, smart grid, and intelligent transportation. However, security is a major concern of these IoT networks and there is a possibility for the information drip in the network. Thus, the major concerns in IoT networks are secure authentication and data integrity such that authentication and authorization are the two major countermeasures in the security paradigm, which manages, controls, and communicates a device. Accordingly, a multi-level authentication was proposed based on the memory and machine attributes-based profiling and elliptic curve cryptography. Additionally, adaptive level of authorization was developed based on data importance and feedback. Thus, this paper deliberates a systematic study and investigation of the authentication and authorization protocol. For evaluating the robustness of the method, various attacks, such as Distributed Denial of Service (DDOS), Denial of Service (DOS), Man in Middle, Reply Attack, Server Spoofing attack, stolen verifier attack, and Impersonation attack, are considered. The simulation of the methods is done using these attacks, and the analysis is progressed based on detection rate and detection time. The comparative analysis reveals the effectiveness of the methods against various attacks, discussing the security and the detection time.

Keywords

IoT networks authentication authorization attack analysis security

1. Introduction

Internet of things (IoT) is the connection of the devices to the internet using the on/off switch and the examples of the IoT devices include cellphones, washing machine, wearable devices, and so on [1]. In general, IoT is based on 6 ‘C’s, such as Collaboration, Connectivity, Computing, Cognition, Content, and Context, and 6 ‘A’s include Any Time, Anywhere, Any Object, Any service, Any Human, and Any network. IoT impacts everything of human life mainly, in the field of communication, healthcare, environment, infrastructure, education, manufacture of day-to-day things, science and so on. The standard form of IoT is layered as perception layer, transport layer, and application layer [7, 2]. The main aim of IoT is that it assists out daily life through the usage of intelligent tools and applications for proceeding with our day-to-day life and lead regular activities of our life. The IoT domain is characterized as five major categories based on the application domain and the major categories are smart home, smart city, smart wearable, smart environment, and smart city. In the last few decades, there is a vast growth in the IoT domain with the help of the raising technologies, mainly in the areas of Radio Frequency Identification (RFID) and Wireless Sensor Network (WSN) [3].

There is a need for enhancing the confidentiality, security, and privacy of the data in order to settle the basic needs of IoT. The interaction of the smart devices with each other in the immediate living surrounding of humans requires a new security mechanism for Access Control and Authentication of data [2]. IoT specifies a revolutionary transformation of the internet conceptualization from a man-to-man communication tool into all-to-all communication model. Due to the above transformation, the IoT networks face a lot of challenges related to security. Thus, the security issues present to us the following factors, such as privacy, access control, authentication, and information collection and management as a major function to handle and manage [8]. Additionally, hackers are satisfied with the IoT environment in executing their unethical behaviors leading to the unethical network scope [9, 10]. Generally, the needs for IoT include the security requirements, such as Confidentiality, Integrity, Availability, authentication, and so on [5]. Thus, the need for a new international security vision is to follow standard requirements in order to degrade the inconsistent gaps, enhance data integrity and improve the standard security globally [11, 12, 4]. The applications of IoT includes: smart home, wearables, smart city, smart grids, industrial internet, and so on. Smart home is the highest IoT application on all measured channels. More than 60,000 people currently search for the term “Smart Home” each month. The IoT Analytics company database for Smart Home includes 256 companies and startups. Several companies are active in smart home than any other application in the field of IoT. There are a lot of wearable innovations, such as LookSee, Myo gesture control, and Sony Smart B Trainer are having the great attention. Smart city covers a large variety of use cases, from traffic management to environmental monitoring, urban security, waste management, and water distribution. A smart grid assures to utilize information about the behaviors of electricity suppliers and consumers in an automated fashion to enhance the economics of electricity, reliability, and efficiency. The industrial internet is also the special IoT applications.

The security mechanisms need to manage higher degree of heterogeneity and dynamic objects available in the environments. Thus, security mechanisms that find application in access control mechanisms in distributed systems are available [6].

Authorization or Access control is a process that determines whether or not the requesting user can access the required resources. Authorization includes either denying access or revoking access mainly, for any malicious access. Authentication is a process that identifies a user and in most cases, authorization is impossible without proper authentication [13]. Authentication of data and end devices is a significant success in IoT. It is well noted that a single compromised node turns as malicious node and is capable of affecting the whole system leading to disasters [4]. User authentication permits the legitimate user to access the resources and blocks the malicious attacker. Initially, authentication is done and access control is followed with authentication such that the restriction to the authenticated person is made from accessing the data he/she privileges. In order to assure secure communication, authentication must be mutual and attack resistant, and access control has to be dynamic and flexible [2]. Authentication in IoT paves way for the heterogeneous objects to authenticate for a trustable service [5]. Therefore, a well-defined framework is required for mutual authentication of heterogeneous things in IoT [3].

2. Description of the protocols taken for performance study

The section deliberates the protocols employed for the authentication and authorization of the IoT devices.

2.1 Authentication

Authentication of users or devices is essential for secure communication in a network. Following are the authentication methods employed in the study:

2.1.1 Jog and Murugan [14]: Proposed authentication method for the security of Internet of Things using attribute-based profiling and ECC-based authentication

The authentication protocol [14] was developed using Elliptic Curve Cryptography (ECC) and profile table-based security protocol for mutual and multi-level authentication for enabling security in IoTs. Initially, IoT device and server register with the Authorization Centre (AC) for authentication. After user registration, the authentication was preceded through forwarding five different messages through the public channel followed with seven level of verification. Additionally, hashing function and ECC enhanced the robustness of the developed security protocol. The protocol used two security attributes, such as memory and machine-related attributes to establish the profile table that contains the results of encryption that avoids storage resilience of the protocol. The security was enhanced through data confidentiality, multi-level authentication data integrity, and mutual authentication.

2.1.2 Hu et al. [16]

An authentication protocol [16] for security introduces two mechanisms for mutual authentication and for updating the key alternatively. The mutual scheme exhibits asymmetric features both for platform and terminal nodes. In general, platform possesses higher computation ability than the terminal nodes such that the ability to attack is less. Thus, the methods aim at authenticating the terminal nodes and platform each other.

2.1.3 Ning et al. [19]

Ning et al. [19] developed a method, Aggregated-Proof based Hierarchical Authentication (APHA) scheme for the Unit and Ubiquitous IoT (U2IoT) architecture. The developed APHA protocol possesses two sub-protocols to offer bottom-up security protection. The developed method offered data confidentiality and data integrity using the directed path descriptor and homomorphism-based Chebyshev chaotic map that maintains trust relationships through the lightweight mechanisms.

2.2 Authorization

The authorization protocols employed in the study are explained as follows:

2.2.1 Jog and Murugan [15]: Data importance and feedback based adaptive level of authorization for the security of Internet of Things

The authorization scheme proposed protocol developed by Jog and Murugan uses the adaptive level of authorization depending on the feedback and importance of the data for ensuring the security in IoT. The method is performed in two phases: request phase and authorization phase. The adaptive level of authorization depends on the data size that defines the significance of the data. The request message from the IoT device is forwarded along with the identity and the private keys, which are forwarded to the IoT server. Upon receiving the request message, the server verifies the request for the authentication of the IoT devices. The behavior of the server and IoT device is organized in the log file and the performance between the IoT devices is maintained in the feedback table and these files are organized in the IoT server. The above steps describe the verification based on the private key, log file and feedback in the proposed security protocol developed by Jog and Murugan. For authorization, the authority centre provides the channel key to the IoT server and devices. Finally, the feedback based adaptive level of authorization is progressed using the communication channel key.

2.2.2 Hunmen et al. [17]

Hunmen et al. [17] developed an authorization method that discusses three major ideas. The method discusses the impact of public-key cryptography for the implementation of Datagram TLS (DTLS) protocol based on the memory requirements. Additionally, delegation architecture was used to assure the secure communication of the memory-constrained devices across the independent network domains such that the expensive of establishing the connection is relieved. Finally, the authorization using the delegation architecture is assured for a constrained network domain. The feasibility of DTLS-protected communication between the memory-constrained devices is enhanced thorough minimal transmission and less computation overheads.

Table 1
Simulation parameters

Simulation Parameters
Simulation tool	DPWSim
Simulation run time	3600 seconds
Simulation coverage area	70 m $\times$ 70 m
Interference range	100 m
Total number of nodes	10–70
Root node (sink)	1
Attack nodes	10%
Network protocol	IP based
Routing protocol	RPL

2.2.3 Moosavi et al. [18]

Moosavi et al. [18] developed a Secure and Efficient Authentication and Authorization architecture, termed as SEA, for IoT network that uses the features of distributed smart e-health gateways for releasing the burden of medical sensor nodes so as to enable a secure communication. The method targets the health care applications and it blocks the malicious activities entering the network domain.

3. Experimental set up

The section depicts the experimental analysis of the methods against various IoT network attacks.

3.1 Evaluation metrics

The metrics employed for analyzing the performance of the proposed authentication and authorization protocol developed by Jog and Murugan, are detection rate and detection time. The detection rate of the effective method should be maximal, whereas the detection time of the effective method should be minimal.

3.2 Simulation set up

The simulation of the proposed protocol developed by Jog and Murugan, is implemented in DPWSim simulation tool and the performance of the method is analyzed against various attacks given in Section 3.3. Table 1 shows the simulation parameters of the proposed work.

3.3 Attacks considered

The section demonstrates the various attacks considered for analyzing the effectiveness of the authentication and authorization methods.

3.3.1 DOS attack

DOS attack delays the service to the user because of the network failure due to the network traffic causing dissatisfaction of the legitimate users. It is a cyber-attack in which the performer looks to create a machine or network resource engaged to its intended users in the short term or indefinitely disturbing services of a host connected to the Internet. It is accomplished by flooding the targeted machine or resource with excessive requests in an attempt to overload systems and avoid some or all legitimate requests from being fulfilled.

3.3.2 DDOS attack

Distributed Denial of Service (DDoS) is caused by multiple sources, leading to traffic that cannot be differentiated between the legitimate users and the attackers. In DDoS attack, the incoming traffic flooding the victim initiates from a lot of diverse sources. This effectively makes it not possible to prevent the attack simply by blocking a single source.

3.3.3 Impersonation attack

An attack, in which an adversary effectively presumes the identity of one of the legitimate parties in the system or in a communication protocol. The impersonation attacks occur when the attacker disguises itself as the legitimate party in a system representing the identity of the legitimate user.

3.3.4 Server spoofing attack

A spoofing attack is a situation, where a person or program successfully impersonates as another by fabricating data, to get an illegitimate advantage. The spoofing attack is the cause of impersonating the legitimate user giving up the sensitive information from any IoT network.

3.3.5 Stolen verifier attack

In this type of attack, the verification data is stolen by the intruder from the server. An opponent pilfers verification data from the server in the current or past authentication sessions. Here, the verification data does not contain secret keys utilized with XOR operation or an encryption function. An opponent creates communication data by the stolen data and sends them to the server. If it succeeds, an opponent masquerades as a legal user from the next authentication session.

3.3.6 Reply attack

The reply attack is one that causes the repetition of the significant data as a sign of fraudulent or malicious attacks. An opponent acquires the communication data among the server and the user in the precedent authentication sessions. In the current authentication session, an opponent changes every or a particular part of the communication data with the acquired data. If it be successful, an opponent masquerades as a legal user from the next authentication session.

3.3.7 Man in the middle attack

In case of Man-In-The-Middle (MITM) attack, the attacker relays and changes the communication between two users, who are communicating with the aim of direct communication between them. In this attack, the attacker surreptitiously transmits and probably modifies the communication among two parties who trust they are honestly communicating with each other.

Figure 1.

Analysis in the absence of network attacks based on (a) Detection rate using authentication methods. (b) Detection rate using authorization methods. (c) Detection time using authentication methods. (d) Detection time using authorization methods.

4. Performance study and analysis

The section presents the performance analysis of the IoT authentication and authorization methods based on various attacks.

4.1 In the absence of the network attacks

The section demonstrates the analysis of the performance of the authentication and the authorization methods in the absence of the network attacks. In the absence of the network attacks, the detection rate and the detection time are analyzed for all the comparative methods. Figure 1 shows the comparative analysis based on the authentication and authorization methods in the absence of the network attacks.

Figure 1a shows the analysis of the authentication methods with respect to the detection rate. The detection rate is compared based on the number of devices and the analysis includes 10, 20, 30, 40, 50, 60, and 70 devices. In the absence of the attacks, the methods presented by Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] obtained the detection rates of 0.91, 0.82, and 0.79, respectively, when the number of devices used is 10. The detection rates of the authentication methods decrease with the increase in the number of devices. When 70 devices are employed for the analysis, the methods presented by Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] acquired the detection rates of 0.85, 0.85, and 0.64, respectively. It is clear from the discussion that the proposed authentication method developed by Jog and Murugan [14], acquired a better detection rate in the absence of the network attack. It is evident that the proposed authentication method acquired a better value of the detection rate when compared with the methods developed by Hu et al. [16], and Ning et al. [19].

Figure 1b shows the analysis of the authorization methods with respect to the detection rate. The detection rate is compared based on the number of devices and the analysis includes 10, 20, 30, 40, 50, 60, and 70 devices. In the absence of the attacks, the methods presented by Jog and Murugan [15], Hunmen et al. [17], and Moosavi et al. [18] obtained the detection rates of 0.97, 0.96, and 0.88, respectively, when the number of devices used is 10. The detection rates of the authorization methods decrease with the increase in the number of devices. When 70 devices are employed for the analysis, the methods presented by Jog and Murugan [15], Hunmen et al. [17], and Moosavi et al. [18] acquired the detection rate of 0.9, 0.77, and 0.65, respectively. It is clear from the discussion that the proposed authorization method acquired a better detection rate in the absence of the network attack. It is evident that the method proposed by Jog and Murugan [15] acquired a better value of the detection rate when compared with the methods developed by Hunmen et al. [17], and Moosavi et al. [18]

Figure 2.

Analysis in the presence of DDOS attacks based on (a) Detection rate using authentication methods. (b) Detection rate using authorization methods. (c) Detection time using authentication methods. (d) Detection time using authorization methods.

Figure 1c depicts the analysis of the authentication methods with respect to the detection time in seconds. The detection time is compared based on the number of devices and the analysis includes 10, 20, 30, 40, 50, 60, and 70 devices. In the absence of the attacks, the authentication methods presented by Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] obtained the detection time of 0.295 secs, 0.643 secs, and 0.647 secs, respectively, when the number of devices used is 10. The detection time of the authentication methods increase with the increase in the number of devices. When 70 devices are employed for the analysis, the methods presented by Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] acquired the detection time of 0.376 secs, 0.721 secs, and 0.547 secs, respectively. It is clear from the discussion that the detection time of the proposed method by Jog and Murugan [14] is less in the absence of the network attack. Thus, it is concluded that the proposed method by Jog and Murugan [14] acquired very less detection rate when compared with the methods developed by Hu et al. [16], and Ning et al. [19].

Figure 1d depicts the analysis of the authorization methods with respect to the detection time in seconds. The detection time is compared based on the number of devices and the analysis includes 10, 20, 30, 40, 50, 60, and 70 devices. In the absence of the attacks, the authorization methods presented by Jog and Murugan [15], Hunmen et al. [17], and Moosavi et al. [18] obtained the detection time of 0.404 secs, 0.958 secs, and 0.872 secs, respectively when the number of devices used is 10. The detection time of the authorization methods increase with the increase in the number of devices. When 70 devices are employed for the analysis, the methods presented by Jog and Murugan [15], Hunmen et al. [17], and Moosavi et al. [18] acquired the detection time of 0.367 secs, 0.649 secs, and 0.57 secs, respectively. It is clear from the discussion that the detection time of the proposed method is less in the absence of the network attack. Thus, it is concluded that the proposed method by Jog and Murugan [15] acquired very less detection rate when compared with the methods developed by Hunmen et al. [17], and Moosavi et al. [18].

4.2 In the presence of the network attacks

The section demonstrates the analysis based on the network attacks and the methods of authentication and authorization are employed for the comparative analysis so as to prove the effectiveness of the proposed method in compared with the existing methods. Figure 2 shows the comparative analysis of the authentication and authorization techniques of IoT applications.

4.2.1 DDOS attacks

Figure 2 demonstrates the analysis of the authentication and authorization methods in the presence of DDOS attacks. Figure 2a represents the comparative analysis of the authentication methods based on the detection rate in the presence of DDOS. The analysis of the detection rate is performed with respect to the number of devices. In the presence of DDOS attacks with ten devices, the detection rates of the methods, by Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] are 0.8, 0.64, and 0.5, respectively. From Fig. 2a, it is experienced that the detection rates of the authentication methods decrease upon increasing the number of devices. With 70 devices for the analysis, the methods presented by Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] acquired the detection rate of 0.88, 0.72, and 0.58, respectively. It is clear from the discussion that the proposed method by by Jog and Murugan, acquired a better detection rate in the presence of the DDOS attack. It is evident that by Jog and Murugan, acquired a better value of the detection rate when compared with the methods developed by Hu et al. [16], and Ning et al. [19].

Figure 2b shows the analysis of the authorization methods with respect to the detection rate. The detection rate is compared based on number of devices and the analysis includes 10, 20, 30, 40, 50, 60, and 70 devices. In the presence of the DDOS attacks, the methods presented by Jog and Murugan [15], Hunmen et al. [17], and Moosavi et al. [18] obtained the detection rate of 0.89, 0.86, and 0.74, respectively, when the number of devices used is 10. The detection rates of the authorization methods decrease with the increase in the number of devices. When 70 devices are employed for the analysis, the methods presented by Jog and Murugan [15], Hunmen et al. [17], and Moosavi et al. [18] acquired the detection rate of 0.86, 0.76, and 0.56, respectively. It is clear from the discussion that the proposed method by Jog and Murugan, acquired a better detection rate in the presence of the DDOS attack. It is evident that the proposed method acquired a better value of the detection rate when compared with the methods developed by Hunmen et al. [17], and Moosavi et al. [18].

Figure 2c depicts the analysis of the authentication methods with respect to the detection time in seconds. The detection time is compared based on the number of devices and the analysis includes 10, 20, 30, 40, 50, 60, and 70 devices. In the presence of DDOS attacks, the authentication methods presented by Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] obtained the detection time of 0.472 secs, 0.743 secs, and 0.806 secs, respectively, when the number of devices used is 10. The detection time of the authentication methods increase with the increase in the number of devices. When 70 devices are employed for the analysis, the methods presented by by Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] acquired the detection time of 0.315 secs, 1.032 secs, and 0.718 secs, respectively. It is clear from the discussion that the detection time of the proposed method by Jog and Murugan, is less in the presence of the DDOS attack. Thus, it is concluded that the proposed method by by Jog and Murugan [15] acquired very less detection rate when compared with the methods developed by Hu et al. [16], and Ning et al. [19].

Figure 3.

Analysis in the presence of DOS attacks (a) Detection rate using authentication methods. (b) Detection rate using authorization methods. (c) Detection time using authentication methods. (d) Detection time using authorization methods.

Figure 2d depicts the analysis of the authorization methods with respect to the detection time in seconds. The detection time is compared based on the number of devices and the analysis includes 10, 20, 30, 40, 50, 60, and 70 devices. In the presence of DDOS attacks, the authorization methods presented by Jog and Murugan [15], Hunmen et al. [17], and Moosavi et al. [18] obtained the detection time of 0.336 secs, 0.897 secs, and 0.916 secs, respectively, when the number of devices used is 10. The detection time of the authorization methods increase with the increase in the number of devices. When 70 devices are employed for the analysis, the methods presented by Jog and Murugan [15], Hunmen et al. [17], and Moosavi et al. [18] acquired the detection time of 0.362 secs, 1 secs, and 0.902 secs, respectively. It is clear from the discussion that the detection time of the proposed method, is less in the presence of the DDOS attack. Thus, it is concluded that the proposed method acquired very less detection rate when compared with the methods developed by Hunmen et al. [17], and Moosavi et al. [18].

4.2.2 DOS attacks

Figure 3 demonstrates the analysis of the authentication and authorization methods in the presence of DOS attacks. Figure 3a represents the comparative analysis of the authentication methods using detection rate in the presence of DOS. The detection rate is analyzed based on the number of devices available in the IoT network. With 10 devices in the network, the detection rates of the authentication methods by Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] are 0.85, 0.85, and 0.76, respectively. It is clear from Fig. 3a that the detection rate of the authentication methods decreases with increasing number of devices in the IoT environment. However, the graph confirms that the proposed method by Jog and Murugan, acquired a better detection rate when compared with the existing methods.

Figure 4.

Analysis in the presence of Man-in-the middle attacks based on (a) Detection rate using authentication methods. (b) Detection rate using authorization methods. (c) Detection time using authentication methods. (d) Detection time using authorization methods.

Figure 3b shows the analysis of the authorization methods with respect to the detection rate in the presence of DOS attacks. The detection rate is compared based on the number of devices and the analysis includes 10, 20, 30, 40, 50, 60, and 70 devices. In the presence of the DOS attacks, the methods presented by Jog and Murugan [15], Hunmen et al. [17], and Moosavi et al. [18] obtained the detection rate of 0.88, 0.85, and 0.84, respectively, when the number of devices used is 10. The detection rates of the authorization methods decrease with the increase in the number of devices. When 70 devices are employed for the analysis, the methods presented by Jog and Murugan [15], Hunmen et al. [17], and Moosavi et al. [18] acquired the detection rate of 0.96, 0.79, and 0.65, respectively. It is clear from the discussion that the proposed method, acquired a better detection rate in the presence of the DOS attack. It is evident that the proposed method by Jog and Murugan [15] acquired a better value of the detection rate when compared with the methods developed by Hunmen et al. [17], and Moosavi et al. [18].

Figure 3c depicts the analysis of the authentication methods with respect to the detection time in seconds in the presence of DOS attacks. The detection time is compared based on the number of devices and the analysis includes 10, 20, 30, 40, 50, 60, and 70 devices. In the presence of DOS attacks, the authentication methods presented by Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] obtained the detection time of 0.466 secs, 0.763 secs, and 0.77 secs, respectively, when the number of devices used is 10. The detection time of the authentication methods increase with the increase in the number of devices. When 70 devices are employed for the analysis, the methods presented by Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] acquired the detection time of 0.423 secs, 0.903 secs, and 0.989 secs, respectively. It is clear from the discussion that the detection time of the proposed method by Jog and Murugan, is less in the presence of the DOS attack. Thus, it is concluded that the proposed method by Jog and Murugan [15] acquired very less detection rate when compared with the methods developed by Hu et al. [16], and Ning et al. [19].

Figure 5.

Analysis in the presence of Reply attacks based on (a) Detection rate using authentication methods. (b) Detection rate using authorization methods. (c) Detection time using authentication methods. (d) Detection time using authorization methods.

Figure 3d depicts the analysis of the authorization methods with respect to the detection time in seconds in the presence of DOS attacks. The detection time is compared based on the number of devices and the analysis includes 10, 20, 30, 40, 50, 60, and 70 devices. In the presence of DOS attacks, the authorization methods presented by Jog and Murugan [15], Hunmen et al. [17], and Moosavi et al. [18] obtained the detection time of 0.494 secs, 0.829 secs, and 0.643 secs, respectively when the number of devices used is 10. The detection time of the authorization methods increase with the increase in the number of devices. When 70 devices are employed for the analysis, the methods presented by Jog and Murugan [15], Hunmen et al. [17], and Moosavi et al. [18] acquired the detection time of 0.395 secs, 0.742 secs, and 0.91 secs, respectively. It is clear from the discussion that the detection time of the proposed method, is less in the presence of the DOS attack. Thus, it is concluded that the method proposed acquired very less detection rate when compared with the methods developed by Hunmen et al. [17], and Moosavi et al. [18].

Figure 6.

Analysis in the presence of server spoofing attacks based on (a) Detection rate using authentication methods. (b) Detection rate using authorization methods. (c) Detection time using authentication methods. (d) Detection time using authorization methods.

4.3 Man in the middle attack

The section deliberates the analysis in the presence of the man-in-the middle attack and the analysis is progressed based on the detection rate and detection time. Figure 4 shows the comparative analysis in the presence of the man-in-the middle attack.

Figure 4a depicts the analysis of the authentication methods based on the detection rate in the presence of man-in-the middle attack. The analysis is progressed with respect to the number of the devices available in the IoT network. Initially, when the number of devices is 10, the Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] acquired the detection rate of 0.86, 0.7, and 0.57, respectively, making it clearer that the proposed method by Jog and Murugan, acquired better detection rate compared with the existing methods, Hu et al. [16], and Ning et al. [19].

Figure 4b depicts the analysis of the authorization methods based on the detection rate in the presence of man-in-the middle attack. The analysis is progressed with respect to the number of the devices available in the IoT network. Initially, when the number of devices is 20, the methods, Jog and Murugan [15], Hunmen et al. [17], and Moosavi et al. [18] acquired the detection rate of 0.81, 0.79, and 0.7, respectively, making it clearer that the proposed method, acquired better detection rate compared with the existing methods Hunmen et al. [17], and Moosavi et al. [18].

The analysis of the detection time of the authentication and the authorization methods is demonstrated in Fig. 4c and d, respectively. The analysis is progressed in the presence of the man-in-the middle attack and based on the number of the IoT devices available in the environment. It is understood that the proposed method of authentication and authorization, acquires minimum detection time when compared with the existing methods. The detection time of the authentication method developed by Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] is 0.534 secs, 0.692 secs, and 0.565 secs, respectively, when the number of devices is 60. Similarly, the detection time of authorization methods developed by Jog and Murugan [15], Hunmen et al. [17], and Moosavi et al. [18] is 0.288 secs, 0.718 secs, and 0.683 secs, respectively, when the number of devices is 60. Thus, it is clear that the proposed method, acquired minimum time when compared with the existing methods.

Figure 7.

Analysis in the presence of stolen verifier attacks based on (a) Detection rate using authentication methods. (b) Detection rate using authorization methods. (c) Detection time using authentication methods. (d) Detection time using authorization methods.

4.4 Reply attack

Figure 5 shows the analysis of the authentication and authorization methods based on the evaluation metrics in the presence of the reply attack. Figure 5a and c show the analysis of the authentication methods based on the metrics, such as detection rate and detection time. The detection time of the methods, Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] is 0.91, 0.79, and 0.51, respectively, when the number of devices used is 10 such that the detection rate decreases with increasing number of devices. Thus, when the number of devices used is 70, the detection rates of Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] on using 10 devices are 0.81, 0.62, and 0.58, respectively. Similarly, the detection time of Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] is 0.432 secs, 0.707 secs, and 0.901 secs, respectively. With the increase in the number of devices, the detection time of the methods increases. However, the method proposed by Jog and Murugan [14] reported a very less detection rate when compared with the existing methods.

Figure 8.

Analysis in the presence of Impersonation attacks based on (a) Detection rate using authentication methods. (b) Detection rate using authorization methods. (c) Detection time using authentication methods. (d) Detection time using authorization methods

Figure 5b and d demonstrate the analysis of the authorization methods based on the detection time and detection rate. When the detection rate is found to be increasing, the detection time decreases with the increasing number of devices. Additionally, the analysis demonstrates that the proposed method by Jog and Murugan [14] acquired better results when compared with the existing methods. When the number of devices used is 50, the detection rate and detection time of the methods Jog and Murugan [15], Hunmen et al. [17], and Moosavi et al. [18] are 0.89 and 0.357 secs, 0.82 and 0.769 secs, and 0.77 and 0.573 secs, respectively. The numerical interpretation reveals that the proposed method, acquired maximum detection rate and minimum detection time when compared with the existing methods.

4.5 Server spoofing attack

The section demonstrates the analysis based on the performance metrics in the presence of the server spoofing attacks using Fig. 6. Figure 6a and c show the analysis of the authentication methods based on the metrics, detection rate and detection time. The detection time of the methods, Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] is 0.87, 0.81, and 0.6, respectively, when the number of devices used is 10 such that the detection rate decreases with increasing number of devices. Thus, when the number of devices used is 70, the detection rates of Jog and Murugan [14] and Ning et al. [19] are 0.95, 0.87, and 0.77, respectively. Similarly, when the number of IoT devices is 10, the detection time of the methods, Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] is 0.403 secs, 0.805 secs, and 0.599 secs, respectively. With the increase in the number of devices, the detection time of the methods increases. However, the method proposed by Jog and Murugan [14] reported a less detection rate when compared with the existing methods.

Figure 6b and d demonstrate the analysis of the authorization methods based on the detection time and the detection rate. The detection rate is found increasing with the increasing number of devices and the detection time decreases with the increasing number of devices. Additionally, the analysis demonstrates that the proposed method by Jog and Murugan [15] acquired better results when compared with the existing methods. When the number of devices used is 50, the detection rate and detection time of the methods Jog and Murugan [15], Hunmen et al. [17], and Moosavi et al. [18] are 0.83 and 0.358 secs, 0.81 and 0.612 secs, and 0.76 and 0.737 secs, respectively. The numerical interpretation reveals that the proposed method, acquired maximum detection rate and minimum detection time when compared with the existing methods.

4.6 Stolen verifier attack

The section deliberates the analysis in the presence of the stolen verifier attack and the analysis is progressed based on the detection rate and detection time. Figure 7 shows the comparative analysis in the presence of the stolen verifier attack.

Figure 7a depicts the analysis of the authentication methods based on the detection rate in the presence of stolen verifier attack. The analysis is progressed with respect to the number of the devices available in the IoT network. Initially, when the number of devices is 10, the methods, Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] acquired the detection rate of 0.8, 0.8, and 0.71, respectively, making it clearer that the proposed method by, acquired better detection rate compared with the existing methods, Hu et al. [16], and Ning et al. [19].

Figure 7b depicts the analysis of the authorization methods based on the detection rate in the presence of stolen verifier attack. The analysis is progressed with respect to the number of the devices available in the IoT network. Initially, when the number of devices is 20, the methods Jog and Murugan [15], Hunmen et al. [17], and Moosavi et al. [18] acquired the detection rate of 0.75, 0.65, and 0.63, respectively making it clearer that the proposed method, acquired better detection rate compared with the existing methods of Hunmen et al. [17], and Moosavi et al. [18].

The analysis of the detection time of the authentication and authorization methods is demonstrated in Figure 7c and d, respectively. The analysis is progressed in the presence of the stolen verifier attacks, based on the number of the IoT devices available in the environment. It is understood that the proposed method of authentication and authorization, acquires minimum detection time when compared with the existing methods. The detection time of the authentication method developed by Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] is 0.468 secs, 0.793 secs, and 0.99 secs, respectively, when the number of devices is 60. Similarly, the detection time of authorization methods, Jog and Murugan [15], Hunmen et al. [17], and Moosavi et al. [18] is 0.308 secs, 0.509 secs, and 0.751 secs, respectively, when the number of devices is 60. Thus, it is clear that the proposed method, acquired minimum time when compared with the existing methods.

4.7 Impersonation attack

The section demonstrates the analysis based on the performance metrics in the presence of the impersonation attacks using Fig. 8. Figure 8a and c show the analysis of the authentication methods based on the metrics, such as detection rate and detection time. The detection time of the methods, Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] is 0.86, 0.85, and 0.85, respectively, when the number of devices used is 10 such that the detection rate decreases with increasing number of devices. Thus, when the number of devices used is 70, the detection rate of Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] is 0.83, 0.76, and 0.58, respectively. Similarly, when the number of IoT devices is 10, the detection time of Jog and Murugan [14], Hu et al. [16], and Ning et al. [19] is 0.351 secs, 0.573 secs, and 0.869 secs, respectively. With the increase in the number of devices, the detection time of the methods increases. However, the proposed method by Jog and Murugan [14] reported a very less detection rate when compared with the existing methods.

Figure 8b and d demonstrates the analysis of the authorization methods based on the detection time and detection rate. The detection rate is found to be increasing with increasing number of devices and the detection time decreases with the increasing number of devices. Additionally, the analysis demonstrates that the proposed acquired better results when compared with the existing methods. When the number of devices used is 50, the detection rate and detection time of the methods Jog and Murugan [15], Hunmen et al. [17], and Moosavi et al. [18] are 0.89 and 0.299 secs, 0.87 and 0.994 secs, and 0.63 and 0.674 secs, respectively. The numerical interpretation reveals that the proposed method, acquired maximum detection rate and minimum detection time when compared with the existing methods.

4.8 Discussion

The section demonstrates the comparative discussion of the authentication and authorization methods and the analysis is given based on the detection rate and detection time. The section discusses the theoretical and experimental analysis based upon various discussion factors.

Table 2
Comparative analysis for the authentication scheme

Security issues	Ning	Hu	Jog and
	et al.	et al.	Murugan
	[19]	[16]	[14]
Provides mutual authentication	Yes	Yes	Yes
Provides multi-level authentication	Yes	Yes	Yes
Requires identity-verification table	Yes	Yes	Yes
Server spoofing attack resistance	Yes	Yes	Yes
Stolen verifier attack resistance	No	Yes	Yes
Privileged insider attack resistance	Yes	Yes	Yes
Password guessing attack resistance	Yes	Yes	Yes
Provides strong user anonymity	Yes	Yes	Yes
Known session-specific temporary	No	Yes	Yes
information attack resistance
Impersonation attack resistance	Yes	Yes	Yes
Reply attack resistance	Yes	Yes	Yes
Man-in-the-middle attack resistance	Yes	Yes	Yes
Provision for revocation and	Yes	Yes	Yes
re-registration
Free from denial of service attack	No	Yes	Yes
Profile table-stolen resistance	No	No	Yes
Key resilience	No	No	Yes
Reconnaissance attack resistance	No	No	Yes
Free from theft attack	No	No	Yes

Table 3

Comparative analysis for the proposed authorization scheme

Security issues	Hunmen	Moosavi	Jog and
	et al.	et al.	Murugan
	[17]	[18]	[15]
Provides mutual authentication	Yes	Yes	Yes
Provides multi-level authentication	Yes	Yes	Yes
Requires identity-verification table	Yes	Yes	Yes
Server spoofing attack resistance	Yes	Yes	Yes
Stolen verifier attack resistance	No	Yes	Yes
Privileged insider attack resistance	Yes	Yes	Yes
Password guessing attack resistance	Yes	Yes	Yes
Provides strong user anonymity	Yes	Yes	Yes
Known session-specific temporary	No	Yes	Yes
information attack resistance
Impersonation attack resistance	Yes	Yes	Yes
Reply attack resistance	Yes	Yes	Yes
Man-in-the-middle attack resistance	Yes	Yes	Yes
Provision for revocation and	Yes	Yes	Yes
re-registration
Free from denial of service attack	No	Yes	Yes
Profile table-stolen resistance	No	No	Yes
Key resilience	No	No	Yes
Reconnaissance attack resistance	No	No	Yes
Free from theft attack	No	No	Yes

Table 4

Authentication methods

Performance metrics		Jog and Murugan [14]	Hu et al. [16]	Ning et al. [19]
Absence of IoT network attacks	Detection rate	0.91	0.85	0.79
	Detection time (secs)	0.295	0.522	0.538
Presence of IoT network attacks	Detection rate	0.90	0.88	0.81
	Detection time (secs)	0.277	0.525	0.52

Table 5

Authorization methods

Performance metrics		Jog and Murugan [15]	Hunmen et al. [17]	Moosavi et al. [18]
Absence of IoT network attacks	Detection rate	0.98	0.96	0.94
	Detection time (secs)	0.287	0.624	0.568
Presence of IoT network attacks	Detection rate	0.96	0.96	0.94
	Detection time (secs)	0.264	0.509	0.507

4.8.1 Theoretical summary

The theoretical analysis of the authentication and the authorization methods is deliberated in Tables 2 and 3. The comparative analysis of the authentication scheme is presented in Table 2. The analysis involves the authentication methods, such as Ning et al. [19], Hu et al. [16], and Proposed method by Jog and Murugan [14], and the analysis deliberates the various advantages of the proposed method by Jog and Murugan, compared with the existing methods. The analysis is progressed with respect to the various attacks and the proposed method by Jog and Murugan, is capable of providing resistance to various network attacks.

Similarly, the comparison of the authorization methods is discussed in Table 3. The Adaptive level of authorization, offered better mutual authentication and resistance to various attacks, such as DoS attack, Profile table-stolen attacks, Key resilience, Reconnaissance attack, and theft attacks, which the existing methods failed to offer.

4.8.2 Experimental summary

The experimental analysis of the authentication and the authorization methods is depicted in Tables 4 and 5, respectively. The experimental analysis is progressed based on the metrics, such as detection rate and detection time in the presence and absence of the attacks. Table 4 depicts the analysis using the authentication protocols and it is reported that the proposed method by Jog and Murugan, acquired higher detection rate of 0.91 in the absence of the network attack and 0.90 in the presence of the network attack. Moreover, the detection time of the proposed authentication method is less compared with the existing Hu et al. [16] and Ning et al. [19].

Table 5 deliberates the analysis using the authorization methods proposed by Jog and Murugan [15], Hunmen et al. [17], and Moosavi et al. [18]. The proposed method by Jog and Murugan, outperformed the existing methods with a greater detection rate and less detection time proving that the proposed authorization method by Jog and Murugan, is effective compared with the existing methods.

5. Conclusion

The study discusses the effectiveness of the authentication and authorization protocols through the effective analysis based on the various IoT network attacks. The study demonstrates the need for the effective authentication and authorization method in order to assure security to IoT networks such that the communication between the devices in the IoT environment is better. The users authenticate with the other users effectively and securely that is followed with authorization. The simulation of the authentication and the authorization protocols is progressed in the presence and absence of the IoT network attacks. The network attacks employed for analysis includes the Distributed Denial of Service (DDOS), Denial of Service (DOS), Man in the Middle attack, Reply Attack, Server Spoofing attack, stolen verifier attack, and Impersonation attack. The methods are analyzed in the presence of the attacks based on the metrics, such as detection rate and detection time. The better detection rate of 0.98 and 0.91 is experienced by the authorization and authentication methods Adaptive level of authorization and ECC-based multi-level authentication. At the same time, Adaptive level of authorization and ECC-based multi-level authentication, acquired a minimum detection time when compared with the other existing methods. In future, we consider more attacks, such as Forgery attack, Theft attack, Theft DoS attack, and so on to prove the effectiveness of the proposed method.

References

Kinikar

and Terdal

, Implementation of open authentication protocol for IoT based application, in: Proceedings of the International Conference on Inventive Computation Technologies (ICICT), 2016, pp. 1–4.

Patel

D.R.

and Navik

A.P.

, Energy efficient integrated authentication and access control mechanisms for Internet of Things, in: Proceedings of the International Conference on Internet of Things and Applications (IOTA), 2016, pp. 304–309.

Bate

K.O.

Kumar

and Khatri

S.K.

, Framework for authentication and access control in IoT, in: Proceedings of the 2nd International Conference on Telecommunication and Networks (TEL-NET), 2017, pp. 1–6.

El-hajj

Chamoun

Fadlallah

and Serhrouchni

, Taxonomy of authentication techniques in Internet of Things (IoT), in: Proceedings of the 2017 IEEE 15th Student Conference on Research and Development (SCOReD), 2017, pp. 67–71.

El-hajj

Chamoun

Fadlallah

and Serhrouchni

, Analysis of authentication techniques in Internet of Things (IoT), in: Proceedings of the 1st Cyber Security in Networking Conference (CSNet), 2017, pp. 1–3.

Bernabe

J.B.

Ramos

J.L.H.

and Gomez

A.F.S.

, TACIoT: Multidimensional trust-aware access control system for the Internet of Things, Soft Computing 20 (2016), 1763–1779.

Gao

Guo

Cui

Hao

and Shi

, A communication protocol of RFID systems in internet of things, International Journal of Security and Its Applications 6 (2012), 91–102.

Zhao

L.K.

, A survey on the Internet of Things security, Computational Intelligence and Security 9 (2013), 663–667.

Granjal

Monteiro

and Silva

J.S.

, Security for the internet of things: A survey of existing protocols and open research issues, IEEE Communications Surveys and Tutorials 17 (2015), 1294–1312.

10.

Sathyadevan

Vejesh

Doss

and Pan

, Portguard – an authentication tool for securing ports in an IoT gateway, in: 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), 2017, pp. 624–629.

11.

Santos

G.L.

Guimarães

V.T.

Rodrigues

G.C.

Granville

L.Z.

and Tarouco

L.M.R.

, A DTLS-based security architecture for the Internet of Things, in: Proceedings of the Computers and Communication (ISCC), Larnaca, Cyprus, 2015, pp. 809–815.

12.

Mahmoud

Yousuf

Aloul

and Zualkernan

, Internet of Things (IoT) security: Current status, challenges and prospective measures, in: Proceedings of the 10𝑡ℎ International Conference for Internet Technology and Secured Transactions, London, 2015.

13.

Nastase

, Security in the Internet of Things: A survey on application layer protocols, in: Proceedings of the IEEE 21st International Conference on Control Systems and Computer Science (CSCS), Bucharest, Romania, 2017, pp. 659–666.

14.

Jog

V.V.

and Murugan

T.S.

, Memory and machine attributes-based profiling and elliptic curve cryptography-based multi-level authentication for the security of Internet of Things, International Journal of Intelligent Computing and Cybernetics 10 (2017), 241–256.

15.

Jog

V.V.

and Murugan

T.S.

, Data importance and feedback based adaptive level of authorization for the security of Internet of Things, Communicated.

16.

Wang

Zhao

and Long

, An improved mutual authentication and key update scheme for multi-hop relay in Internet of Things, in: Proceedings of 7th IEEE Conference on Industrial Electronics and Applications (ICIEA), 2017, pp. 1024–1029.

17.

Hummen

Shafagh

Razaz

and Voigt

, Delegation-based authentication and authorization for the IP-based Internet of Things, in: Proceedings of IEEE International Conference on Sensing, Communication, and Networking, 2014, pp. 284–292.

18.

Moosavi

S.R.

Gia

T.N.

and Rahmani

, SEA: A secure and efficient authentication and authorization architecture for IoT-based healthcare using smart gateways, Procedia Computer Science 52 (2015), 452–459.

19.

Ning

Liu

and Yang

L.T.

, Aggregated-proof based hierarchical authentication scheme for the Internet of Things, IEEE Transactions on Parallel and Distributed Systems 26 (2015), 657–667.