Authentication protocol for resource constrained devices in the internet of things
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (2.67 MB, 125 trang )
VIETNAM NATIONAL UNIVERSITY
HO CHI MINH CITY UNIVERSITY OF TECHNOLOGY
--------------------
PHAM DUC MINH CHAU
AUTHENTICATION PROTOCOL
FOR RESOURCE CONSTRAINED DEVICES
IN THE INTERNET OF THINGS
Majors: Computer Science
ID: 60480101
MASTER THESIS
Ho Chi Minh City, December 2019
THE WORK IS DONE AT HO CHI MINH CITY UNIVERSITY OF
TECHNOLOGY – VNU – HCM
Scientific supervisor: Assoc. Prof. Dang Tran Khanh .........................
..............................................................................................................
The reviewer 1: Dr. Phan Trong Nhan .................................................
..............................................................................................................
The reviewer 2: Assoc. Prof. Nguyen Tuan Dang ...............................
..............................................................................................................
This master thesis is defended at Ho Chi Minh City University of
Technology – VNU – HCM on 30th December 2019.
The master thesis assessment committee includes:
1. Assoc. Prof. Nguyen Thanh Binh .....................................................
2. Dr. Le Hong Trang ...........................................................................
3. Dr. Phan Trong Nhan .......................................................................
4. Assoc. Prof. Nguyen Tuan Dang ......................................................
5. Assoc. Prof. Huynh Trung Hieu .......................................................
Confirmation of the Chairman of the assessment committee and the
Head of the specialized management department after the thesis has
been corrected (if any).
CHAIRMAN OF THE
ASSESSMENT COMMITTEE
HEAD OF FACULTY OF
COMPUTER SCIENCE AND ENGINEERING
ii
VNU – HO CHI MINH CITY
HO CHI MINH CITY UNIVERSITY
OF TECHNOLOGY
SOCIALIST REPUBLIC OF VIETNAM
Independence – Freedom – Happiness
MASTER THESIS
Student name: PHAM DUC MINH CHAU ................................... Student ID: 1770316
Date of birth: 12-07-1994 ............................................ Place of birth: Ho Chi Minh City
Major: Computer Science ............................................................... Major ID: 60480101
I. THESIS TITLE: Authentication Protocol for Resource Constrained Devices in
the Internet of Things
II. TASKS AND CONTENTS: Proposing an authentication protocol for resourceconstrained devices in the Internet of Things which also offers privacy-preserving.
III. DATE OF THE THESIS ASSIGNMENT: 11/02/2019
IV. DATE OF THE THESIS COMPLETION: 08/12/2019
V. SUPERVISOR: Assoc. Prof. Dang Tran Khanh
Ho Chi Minh City, … December 2019
SUPERVISOR
(Sign and full name)
HEAD OF DEPARTMENT
(Sign and full name)
DEAN OF FACULTY OF
COMPUTER SCIENCE AND ENGINEERING
(Sign and full name)
iii
Acknowledgement
I would like to express my gratitude to my supervisor Assoc. Prof. Dang Tran Khanh
for the continuous support of my Master study and related research. I am thankful
for his patience, advice and all the opportunities he has given me during the last two
years.
I would like to thank my fellow master students and my co-workers at work for their
help, cooperation and our friendships as well, which have encouraged and got me
through certain difficult stages.
Last but not least, I would like to thank my friends and my families, to my parents and
my sister for unconditionally supporting me throughout the course and life in general.
Pham Duc Minh Chau
iv
Abstract
By utilizing the potential of the Internet connectivity, the Internet of Things (IoT) is
now becoming a popular trend in the technology industry. Its greatest benefit comes
from highly heterogeneous interconnected devices and systems, covering every shape,
size, and functionality. Being considered as the future of the Internet, IoT development
comes with urgent requirements about the provision of security and privacy as the
number of deployed IoT devices rapidly increases. Among those, authenticity is the
major requirement for the IoT. On the other hand, one of the most important features
required for the IoT is the support for resource-constrained devices. In fact, a large
proportion of involved devices in the IoT has low energy power and computational
capability. Therefore, proposed solutions requiring complex computations and high
energy consumption cannot be applied to the IoT in practice.
In this thesis, I propose a mutual privacy-preserving authentication protocol
based on the elliptic curve cryptography (ECC) to achieve efficiency in resource consumption and protect the privacy of involved devices. The proposed model is a holistic
extension of previously related works, in which distributed network architecture, as
well as secure communications between devices, are enabled. The correctness of the
proposed scheme is formally proved with BAN-logic. In addition, I provide an informal security analysis in which I will present its resilience to different attacks. A
performance analysis is also conducted in the scope of this thesis, which proves the
efficiency in resource consumption of the proposed protocols compared to the base
related scheme.
v
Tóm tắt luận văn
Bằng việc tận dụng tiềm năng kết nối của các thiết bị thông qua Internet, Mạng lưới
vạn vật kết nối (Internet of Things - IoT) đang là một xu thế phát triển phổ biến trong
lĩnh vực công nghệ. Lợi ích to lớn của nó đến từ sự kết nối chặt chẽ thiết bị và hệ thống
vô cùng đa dạng về mặt chủng loại, hình dáng, kích thước cũng như chức năng. Được
xem như là tương lai của Internet, sự phát triển của IoT đi đôi với những thách thức
cũng như yêu cầu cấp bách về khả năng cũng cấp sự bảo mật và riêng tư khi mà số
lượng các thiết bị IoT được cài đặt trong thực tế khơng ngừng tăng lên nhanh chóng.
Trong số đó, tính xác thực là một trong những yêu cầu nền tảng cho sự bảo mật trong
IoT. Xác thực là một vấn đề khơng mới và đã có nhiều giải pháp được đề xuất dành
cho vấn đề này. Tuy nhiên, chúng ta cần biết rằng một yêu cầu quan trọng đối với các
giải pháp dành cho IoT là việc hỗ trợ các thiết bị có nguồn tài nguyên giới hạn. Trên
thực tế, một tỷ lệ lớn các thiết bị trong IoT có nguồn năng lượng cũng như khả năng
tính tốn thấp. Do đó, các giải pháp đề xuất địi hỏi tính tốn quá phức tạp và tiêu tốn
nhiều năng lượng cũng như tài nguyên sẽ không thể áp dụng vào thực tiễn.
Trong luận văn này, tôi sẽ đề xuất một cơ chế xác thực lẫn nhau có bảo vệ tính
riêng tư dựa trên mã hóa đường cong Elliptic (Elliptic curve cryptography - ECC) để
đạt được hiệu quả về mặt tiêu thụ tàì nguyên cũng như đồng thời bảo vệ tính riêng tư
của các thiết bị liên quan. Mơ hình đề xuất là sự kế thừa và mở rộng từ các cơng trình
liên quan khác, trong đó kiến trúc mạng phân tán cũng như sự giao tiếp an toàn giữa
các thiết bị cuối được kích hoạt. Tính đúng đắn cũng như bảo mật của giao thức đề
xuất được chứng minh với BAN-logic. Ngoài ra, luận văn cũng bao gồm phân tích về
khả năng chống chọi của giải pháp đối với các loại tấn cơng bảo mật phổ biến trong
thực tế. Phân tích về mặt hiệu năng tiêu thụ tài nguyên của được tiến hành trong phạm
vi luận văn để chứng minh sự hiệu quả của giao thức được đề xuất so sánh với mơ
hình nền tảng trước đó.
vi
Declaration of authorship
I declare that the work presented herein is my own original work and has not been
published or submitted elsewhere for any degree programme, diploma or other qualifications. Any literature data or work done by others and cited within this thesis has
been completely listed in the reference section.
Pham Duc Minh Chau
vii
Contents
Acknowledgement
iv
Abstract
v
Tóm tắt luận văn
vi
Declaration of authorship
vii
List of acronyms
xiii
1
2
Introduction
1
1.1
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1
1.2
Major purposes of the thesis . . . . . . . . . . . . . . . . . . . . . . .
2
1.3
Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3
1.3.1
Scientific contributions . . . . . . . . . . . . . . . . . . . . .
3
1.3.2
Practical contributions . . . . . . . . . . . . . . . . . . . . . .
4
1.4
Research scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4
1.5
Thesis outline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5
Backgrounds
6
2.1
6
Internet of Things overview . . . . . . . . . . . . . . . . . . . . . . . .
viii
2.1.1
IoT properties . . . . . . . . . . . . . . . . . . . . . . . . . . .
7
2.1.2
Cloud computing with the IoT . . . . . . . . . . . . . . . . . .
8
2.1.3
Fog computing with the IoT . . . . . . . . . . . . . . . . . . .
10
Public key cryptography . . . . . . . . . . . . . . . . . . . . . . . . .
12
2.2.1
Public-key encryption . . . . . . . . . . . . . . . . . . . . . .
13
2.2.2
Public-key digital signature . . . . . . . . . . . . . . . . . . .
14
2.3
Elliptic curve cryptography . . . . . . . . . . . . . . . . . . . . . . . .
15
2.4
BAN-logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16
2.4.1
BAN-logic overview . . . . . . . . . . . . . . . . . . . . . . .
16
2.4.2
Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
17
2.4.3
Typical protocol goals . . . . . . . . . . . . . . . . . . . . . .
18
2.4.4
Protocol analysis with BAN-logic . . . . . . . . . . . . . . . .
20
2.2
3
Related works
21
3.1
Authentication protocol taxonomy . . . . . . . . . . . . . . . . . . . .
21
3.1.1
Symmetric key schemes . . . . . . . . . . . . . . . . . . . . .
21
3.1.2
Asymmetric key schemes . . . . . . . . . . . . . . . . . . . .
22
Authentication using ECC . . . . . . . . . . . . . . . . . . . . . . . .
23
3.2
4
Proposed scheme
26
4.1
Network architecture . . . . . . . . . . . . . . . . . . . . . . . . . . .
26
4.2
Security and privacy requirements . . . . . . . . . . . . . . . . . . . .
27
4.3
Authentication scheme . . . . . . . . . . . . . . . . . . . . . . . . . .
29
4.3.1
29
Registration phase . . . . . . . . . . . . . . . . . . . . . . . .
ix
5
30
4.3.3
D2D Authentication Phase . . . . . . . . . . . . . . . . . . . .
33
37
5.1
Formal analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
37
5.1.1
Subnetwork joining authentication . . . . . . . . . . . . . . .
37
5.1.2
D2D authentication . . . . . . . . . . . . . . . . . . . . . . . .
43
Informal analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
47
5.2.1
Security properties . . . . . . . . . . . . . . . . . . . . . . . .
47
5.2.2
Resilience to attacks . . . . . . . . . . . . . . . . . . . . . . .
49
Performance analysis
53
6.1
Computational cost . . . . . . . . . . . . . . . . . . . . . . . . . . . .
53
6.1.1
Computational energy cost . . . . . . . . . . . . . . . . . . . .
55
6.1.2
Processing time . . . . . . . . . . . . . . . . . . . . . . . . . .
58
Communication overhead . . . . . . . . . . . . . . . . . . . . . . . . .
58
6.2
7
Subnetwork joining phase . . . . . . . . . . . . . . . . . . . .
Security analysis
5.2
6
4.3.2
Conclusions
60
References
61
Autobiography
xiv
List of published articles
xv
Appendix
xvi
x
List of Figures
1.1
The global market of IoT devices estimations by years. . . . . . . . . .
2
1.2
The network architecure considered in the scope of this thesis. . . . .
5
2.1
Different application domains of the Internet of Things [10]. . . . . .
7
2.2
A two layered architecture in which End/IoT devices strongly depending on the Cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9
2.3
Three-Layer Architecture of Fog Computing [15]. . . . . . . . . . . .
10
2.4
Encryption/Decryption in Public-key cryptosystems. . . . . . . . . . .
13
2.5
Using a Digital Signature to Validate Data Integrity . . . . . . . . . .
14
4.1
The network architecture for the proposed authentication protocol. . .
27
4.2
The registration phase between a device and the trusted server through
a secure channel of the proposed scheme. . . . . . . . . . . . . . . . .
4.3
The authentication process when a device joins a subnetwork with the
verification from the trusted server of the proposed scheme. . . . . . .
4.4
31
34
The D2D authentication phase between two device with the verification of their gateway of the proposed scheme. . . . . . . . . . . . . . .
xi
36
List of Tables
2.1
RSA and EC key sizes for equivalent security levels and corresponding bitlengths for EC parameter n and RSA modulus n [21] . . . . . .
15
4.1
Descriptions of the notations used in this thesis. . . . . . . . . . . . .
30
5.1
Comparisons with previous schemes . . . . . . . . . . . . . . . . . . .
52
6.1
Computational cost comparison between the proposed scheme and
the base-scheme. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
54
6.2
Summary of energy consumption per operation. . . . . . . . . . . . .
56
6.3
Data length of values used in both the proposed scheme and the basescheme. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
57
6.4
Energy consumption comparisons. . . . . . . . . . . . . . . . . . . . .
57
6.5
Processing time of devices in seconds. . . . . . . . . . . . . . . . . . .
58
6.6
Transmission length of each entity in the proposed protocol and in the
base scheme in the joining phase. . . . . . . . . . . . . . . . . . . . .
xii
59
List of acronyms
Acronym
Meaning
IoT
Internet of Things
ECC
Elliptic Curve Cryptography
TLS
Transport Layer Security
DTLS
Data Transport Layer Security
UDP
User Datagram Protocol
TCP
Transmission Control Protocol
TPM
Trusted Platform Module
ECDH
Elliptic-curve Diffie–Hellman
ECDHP
Elliptic-curve Diffie–Hellman Problem
ECDLP
Elliptic Curve Discrete Logarithm Problem
ECDDHP
Elliptic-curve Decision Diffie–Hellman Problem
EC
Elliptic Curve
D2D
Device-to-Device
xiii
Chapter 1
Introduction
1.1
Overview
The Internet of Things (IoT), which was first introduced by Kevin Ashton [3] in 1999,
has opened new opportunities for the research community to study its wide variety of
aspects in the area of wireless communications and networking in the past few years.
By utilizing the potential of Internet connectivity, the IoT is now becoming a popular
trend in the technology industry. Its greatest benefit comes from highly heterogeneous interconnected devices and systems, covering every shape, size, and functionality. As shown in Figure 1.1, it is forecasted that around 75.4 billions of devices will
be connected to the Internet by 2025 [1]. These objects in the IoT have capabilities
of communicating and interacting with each other to exchange their data, providing
monitoring of the environment around to enable and giving responses to changes in
the system’s environment. Such capabilities are promising in totally changing human
lifestyle, making it safer, more convenient and comfortable. This motivation has attracted and encouraged many researchers to participate in designing and inventing
novel solutions and applications for the IoT.
IoT development also comes with urgent requirements about the provision of
security and privacy as the number of deployed IoT devices rapidly increases. Gartner
reports that 20% of organizations suffer at least one IoT security attack in the last three
years [2]. Prior technology trends, e.g., cloud computing and big data, seem to have
quite similar security requirements with the IoT. Nonetheless, the IoT unique nature
introduces new challenges to security requirements, which are much different from
1
Figure 1.1: The global market of IoT devices estimations by years.
previous technology trends. For example, big data solutions are not required to deal
with an uncontrolled environment and constrained resources, while cloud computing
hardly deals with the mobility of devices and physical accessibility of sensors [3].
The security requirements for IoT systems depend on their domains of applications. They include the needs of confidentiality, integrity, and authenticity. Among
those, authenticity is the major requirement for the IoT [4], which provides the proof
that a connection is established with an authenticated entity. Authentication is an important factor in which each connected object’s identity is required to be verified before they can securely communicate as well as access various IoT resources. Besides,
privacy is considered to be one of the most dominant challenges in the IoT [5]. Highly
interconnected objects in the IoT produce a huge amount of transmitted data. These
data may contain different kinds of information directly involved users’ daily lives
through their devices so that IoT applications can provide corresponding services.
The involvement of users’ behaviors, preferences as well as private data has raised the
concern about the risk of leakage of privacy, which becomes a huge obstacle when
putting IoT applications into use. For such reasons, effective and efficient authentication protocols and privacy-preserving techniques (like anonymity) to protect users’
private information are essential to provide the security of every IoT system.
1.2
Major purposes of the thesis
With the provided overview of opportunities as well as security challenges in the IoT,
this thesis aims to study an authentication protocol for resource-constrained devices
2
in such systems. In details, the main purposes of this thesis include:
• Researching the nature and characteristics of the IoT environment as well
as its devices: The research needs to show the features that differentiate the IoT
from other traditional systems, especially the resource constraints of devices.
• Proposing an authentication protocol for devices in IoT which guarantees
privacy-preserving: IoT systems have a massive number of devices connected
and exchanging data with each other in an uncontrolled and untrusted environment. In addition, such devices may vary in their categories, size, shape and
functionality. Hence, a common authentications protocol which provides secure
communication needs to be something that can be used across the devices. Authentication protocols are supposed to guarantee one entity connects and transmits/receives data to/from legitimate devices. Moreover, authentication steps often have the risk of exposing sensitive information of participants. Thus, the protocol studied in this research also concerns protecting ones’ private information
from being exposed during the authentication stages.
• Proposing an authentication protocol applicable to resource-constrained de-
vices: As previously stated, the limitation in resources of IoT devices is an important characteristic not to be ignored when studying solutions for IoT systems
because this will decides their feasibility in practice. Therefore, the proposed
solution needs to be suitable for resource-constrained devices.
• Evaluating the proposed protocol in terms of security and efficiency in resource-
consuming to assess its feasibility to resource-constrained devices.
1.3
Contributions
1.3.1
Scientific contributions
• The thesis contributes a new authentication solution for devices in a resource-
constrained environment with privacy-preserving.
• This work simultaneously proposes a way to apply the elliptic curve cryptogra-
phy into designing a protocol that helps entities mutually authenticate each other.
3
• From an existing protocol that originally only supports the authentication be-
tween devices and the cloud servers, this research extends and improves it so that
it can provide secure communication for direct connections of device-to-device,
as well as enables the distributed architecture which enhances the efficiency of
resource consumption of edge devices.
1.3.2
Practical contributions
• This research contributes a new authentication solution that can be used for low-
powered devices with limited computational capabilities, especially in the IoT
environment.
• The research also raises and addresses not only the security but also the privacy
aspects of devices in the IoT.
1.4
Research scope
In fact, IoT has a very large context that includes many different kinds of systems.
Therefore, in the scope of this thesis, I only focus on the devices having resource
constraints in the IoT. So from now on anytime a device is mentioned in this thesis,
it refers to the low-powered one with very limited resources. The research also only
focuses on one of the most popular distributed network architecture widely deployed
in many IoT system described in Figure 1.2. The objects in this model are generalized
into only three entities:
• Devices: Edge nodes with limited resources that account for the largest propor-
tion of the systems. Devices can directly communicate with gateways and with
each other.
• Gateways: The intermediary between devices and servers, each of which controls
a subnetwork including a number of devices.
• Centralized servers: The central controller and storage of the whole system which
resides on clouds.
The advantages of this model are all the complex computations and large-size
4
Figure 1.2: The network architecure considered in the scope of this thesis.
data can be handled by gateways or servers so that it can lower the burden on the end
devices and help them save their resources.
1.5
Thesis outline
The rest of the thesis is organized as follows:
• Chapter 2 provides the backgrounds including a thorough study about the IoT
and the cryptographic materials that will be used in later chapters.
• Chapter 3 outlines some related works that have been presented in the same
field of authentication solutions.
• Chapter 4 is where I propose the authentication protocol to be used for the
resource-constrained IoT devices which also protects the private information.
• Chapter 5 presents the security analysis where I prove the correctness as well as
the security of the newly proposed protocol.
• Chapter 6 is the performance analysis in which I will analyze the efficiency of
resource consumption of the proposed protocol compared with the base scheme.
• Chapter 7 concludes the work in this thesis, discusses and re-emphasizes the
contributions as well as proposes the future works.
5
Chapter 2
Backgrounds
2.1
Internet of Things overview
IoT refers to a set of technologies and scenarios which has no formally single definition yet. An understandable view of IoT is as a network of everyday things connected
via the Internet. “Things”, obviously the major part composing every IoT system, are
not only referred to one or two particular kinds of devices, but also aimed to all of
which can connect and communicate with each other. IoT devices can range from
tiny ones such as sensors, actuators, RFID tags [6] to medium ones such as smartphones, kitchen appliances and even large ones like backend or cloud servers, literally
“anything” that includes the technological components to enable the Thing to connect
to the Internet through a wired or wireless network. IoT users can be a human, or
machine, or a combination [7].
These “things” in the IoT are becoming more and more familiar with our daily
activities. Single-function embedded devices have been developed into smart things,
such as smartphones, laptops, coffee machines, refrigerators, Google Home, Apple
watches, etc. In other words, any device can be integrated into the IoT by equipping
it with an Internet connection and sensors. IoT devices collect environmental information of their surroundings and send it to some central data servers where it is processed, manipulated, transformed and used to perform multiple tasks [8]. In the end,
governments, organizations, and individuals enjoy these benefits of IoT. Applications
of the IoT are available in many aspects of life thanks to its adoption by a wide range
of industries [9], as shown in Figure 2.1.
6
Figure 2.1: Different application domains of the Internet of Things [10].
The most common example of IoT applications in our daily lives is in the form
of wearables (smartphones, smartwatches, health monitors, etc.) and smart homes,
which improve entertainment, network connectivity and the quality of life by automatically adjusting customers’ home environment or allowing them control appliances
and lights remotely. In agriculture, monitoring and management of micro-climate
conditions with IoT technologies help to increase production. IoT devices can sense
soil moisture and nutrients for better controlling irrigation and fertilizer systems. IoT
applications in healthcare via wearables let hospitals remotely and real-time monitor
their patients’ health that can provide timely response to emergencies like strokes or
heart attacks. In manufacturing, a manufacturer can track a product from its start in
the factory to its placement in the destination store by RFID and GPS technology.
The gathered information can be used to calculate the traveling time, condition, and
environmental conditions of a product. Especially in transportation, GPS is being utilized to plot faster and more efficient routes for vehicles thus reducing moving and
delivery times. Above are only a few of many applications of the IoT in our real world
but enough to show its currently huge potential as well as its rapid development in the
near future.
2.1.1
IoT properties
Unlike traditional systems such as enterprise applications, cloud computing or Big
Data, IoT systems are uniquely identified by several properties. These properties also
raise the challenges that we need to deal with when working in the field. Related IoT
research [3] identified four distinguishing properties of IoT in terms of security and
privacy challenges, which are: the uncontrolled environment, the heterogeneity, the
7
need for scalability and the resource constraints of IoT devices.
• Uncontrolled environment: The uncontrolled environment of IoT is caused by
the main fact that things can travel to unreliable surroundings possibly without
supervision. In other words, this property composes three sub-properties which
are: mobility, physical accessibility and trust.
• Mobility: Connectivity in networks of IoT systems are not expected to be stable
or always available.
• Physical accessibility: More often than not, sensors in IoT remains unprotected
and can be publicly accessed by outsiders, e.g., traffic control cameras and weather
sensors.
• Trust: It is unlikely to achieve a priori trusted relationships for the huge number
of devices and users. Therefore, it is essential to have mechanisms that automatically validate and manage the trust of things, services and users in IoT systems.
• Heterogeneity: IoT has to integrate a wide range of devices from many differ-
ent manufacturers so their version compatibility and interoperability need to be
guaranteed.
• Scalability: The vast amount of IoT interconnected things requires highly scal-
able protocols.
• Resource Constraints: A large proportion of involved devices in the IoT has low
energy power and computational capability. Therefore, proposed solutions requiring complex computations and high energy consumption cannot be applied
to the IoT in practice.
2.1.2
Cloud computing with the IoT
The rapid development of IoT generates a vast amount of data requiring massive computing power, resources, storage and bandwidth. However, the resource constraints of
IoT devices like small size, limited storage, low processing capacity result in the lack
of many important features such as scalability, reliability and efficiency that are required for IoT environments. Besides, the large amount of data has complicated the
processing, computing load on devices and control systems, as well as put heavy
8
pressure on the network traffic and the Internet infrastructure. This is where cloud
computing comes into play. The advancement of Cloud Computing gave enterprises
virtually unlimited computing power and storage, which can address these issues for
IoT systems. The integration of cloud computing and IoT enables centralized data
storage and management, powerful data processing capabilities, scalable resources
allocation and rapid application deployment with minimal cost [11].
IoT architecture based on Cloud Computing often comprises two layers, as described in Figure 2.2. The top layer includes the centralized data storage, processing
and control layer which allows access to large-scale data from devices and objects in
the bottom layer. The bottom layer has billions of IoT devices connected with each
other and the cloud. The sensed data from the IoT devices are sent to a central server
or a cloud by using communication infrastructure [4]. In other words, in this architecture devices completely depend on their cloud servers for any tasks such as computing, storing, accessing applications, guaranteeing security and so on. Any actions of
nodes in the same networks are involved with the administration of their server. This
model is widely applied in practice, especially in IoT systems due to the fact that such
systems have considerable diversity in their devices with very different resource capabilities and other features. Thus, focusing on servers as the centralized management
systems without the need of paying too much attention on the device end’s details
make this model easier to be employed and justified.
Figure 2.2: A two layered architecture in which End/IoT devices strongly depending on the Cloud
Despite the benefits achieved when cloud computing is integrated into IoT are
attractive, this architecture nevertheless puts too much workload on the servers as
well as possibly breaks down the whole system when these servers become out of
usage. It can severely suffer when attackers flood a huge number of physical objects
into the network at an unexpected scale. Also, this centralization of resources largely
separates IoT devices and the cloud, which results in the increment of the average
9
network latency [12]. Furthermore, integration with cloud computing does not offer
the ability for IoT devices and end-users to use delay-sensitive applications such as
smart traffic lights because of communication delay.
2.1.3
Fog computing with the IoT
Fog computing, introduced by Cisco in 2012, is defined as “an extension of the cloud
computing Paradigm to the edge of the network that provides computation, storage,
and networking services between end devices and traditional cloud servers” [13]. Fog
computing provides an intermediary layer between the cloud infrastructure and its
connected IoT devices, allowing it to analyze and process data closer to where it is
coming from. The general architecture of fog computing is described in Figure 2.3,
namely, Cloud-Fog-Device framework and Fog-Device framework. This framework
consists of three distinct layers: the device layer, the fog layer and the cloud layer. Because the fog layer is more physically closer to the device layer, it provides more efficient connections between devices and analytics endpoints with lower latency. Overall, it can reduce the bandwidth needed compared to the scenario when data have to be
sent all the way back to a centralized center for storing and processing as in traditional
cloud computing systems. Communications between layers can be achieved with the
use of various wired communication technologies such as Ethernet, optical fiber, or
wireless ones like Bluetooth, ZigBee, LTE, etc or both [14].
Figure 2.3: Three-Layer Architecture of Fog Computing [15].
10
The fog layer consists of network equipment, such as routers, bridges, gateways,
switches, base stations and local servers. These devices are distributed between the
IoT devices and the cloud servers in the Cloud-Fog-Device framework. This layer
has certain computing and storage power to reduce the processing load on resourceconstrained IoT devices. The difference from traditional communications via the Internet as in Cloud computing is that some low-range, real-time and latency-sensitive
communication protocols can be applied for the connection between layers, especially
between the fog and the IoT device layer. Compared with cloud computing, fog computing has five distinguished features: location awareness, geographic distribution,
low latency, large-scale IoT applications support and decentralization [16].
∗∗∗
Above are the two most popular models of an IoT eco-system in which all machines
directly are connected and controlled by centralized servers/gateways in the networks.
These servers or gateways are often deployed with powerful storage and computing
resources so that they can handle complicated processes and computations for their
client nodes. The sensed data from the IoT devices are sent to a central server or a
cloud by using communication infrastructure [17]. In other words, in this model client
nodes completely depend on their servers for any tasks such as computing, storing,
accessing the Internet and applications, guaranteeing security and so on. Any actions
of nodes in the same networks are involved with the administration of their server.
This model is widely applied in practice, especially in IoT systems since such systems
have considerable diversity in their devices with very different resource capabilities
and other features. Thus, focusing on servers as the centralized management systems
without the need for paying too much attention to the device end’s details make this
model easier to be employed and justified. On the other hand, it nevertheless puts too
much workload on the servers as well as possibly breaks down the whole system when
these servers become out of usage. This model can severely suffer when attackers
flood a huge number of physical objects into the network at an unexpected scale.
To restrain the dependence on servers, scientists thought about the Device-toDevice (D2D) communication [18, 19, 20]. Unlike Human-to-Human (H2H) communications, there is no human interaction in D2D. Hence, devices must be designed for
self-establishing connections and authentications with others. There are two kinds of
11
D2D: Standalone D2D and Network-Assisted D2D. These two structures differ by the
existence of a helping infrastructure to organize communication and resource utilization. In Network-Assisted D2D, a gateway is required for the operation, and devices
are connected by cellular networks. This requires a high capacity and energy efficiency mobile networks, which is not affordable in some countries and areas. About
Standalone D2D, devices initiate requests for communicating with nearby devices by
short-range connection mechanisms such as Bluetooth. One device will send signals
to express its connection request with other devices. Consequently, devices will need
to authenticate not only with the servers but also among themselves. This will be useful in case there is no connection from devices to servers, i.e. power blackout and
servers do not have the backup power resource. In this case, the IoT systems still work
because most of the embedded devices have the battery within and will be unaffected
by a local area power outage. So, they can continue their connection with others without interruption. As a result, one device needs to itself verify that it is connecting to
legit devices without servers. The list of things in the network system then has to be
stored and well managed by each node, which will be a problem for small devices.
Because most of the smart devices are designed for specific tasks, they have very
limited resources in the term of memory, energy, and CPU, which means they cannot
run the complex algorithms for registration or authentication or store too much data.
It is clear that authentications in the two models above are having themselves many
advantages and also weaknesses, raising the motivations of finding a better way to
retain their good characteristics while avoiding their outages.
2.2
Public key cryptography
Cryptography aims to provide authentication and privacy of communication between
two entities, which can be achieved by the popular adoption of symmetric cryptography. However, the requirement of having a shared key, which is securely exchanged
beforehand for each pair of communicating entities makes this type of cryptography inconvenient to some applications. Such inconvenience also comes from its difficulty to obtain signatures with non-repudiation. For those reasons, Merkle, Diffie and
Hellman in mid-1970s proposed the idea of public-key cryptography, also called the
asymmetric cryptography. This scheme involves a pair of private-public keys so that
12
