case study about implementation of authentication protocols in the network

A Study of Authentication Protocols in Internet of Things

Ieee account.

• Change Username/Password
• Update Address

Purchase Details

• Payment Options
• Order History
• View Purchased Documents

Profile Information

• Communications Preferences
• Profession and Education
• Technical Interests
• US & Canada: +1 800 678 4333
• Worldwide: +1 732 981 0060
• Contact & Support
• About IEEE Xplore
• Accessibility
• Terms of Use
• Nondiscrimination Policy
• Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.

An official website of the United States government

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

• Publications
• Account settings

Preview improvements coming to the PMC website in October 2024. Learn More or Try it out now .

• Advanced Search
• Journal List
• Springer Nature - PMC COVID-19 Collection

Network Communication Encoding: A Study for Authentication Protocols

Tejaswini apte.

Symbiosis Institute of Computer Studies and Research (SICSR), Symbiosis International (Deemed University), 1st Floor, Atur Centre, Gokhale Cross Road, Model Colony, Pune, Maharashtra, 411016 India

Priti Kulkarni

The use of internet has increased significantly in the COVID-19 pandemic, and this has set the ground for various cyber-attacks, which are executed over the network during data transmission. This scenario is proven to be multifold for accessing the cloud remotely deployed in university premises. To provide secure authentication and compatibility over heterogeneous systems for cloud accessibility, every network communication applies an encoding scheme to standardize data transmission. With many wireless and ad-hoc networks where the nature of communication is difficult to monitor, the encoding scheme prevents malicious code injection during data transmission. The objective of this paper is to study encoding schemes available for data transmission and their application in terms of authentication protocols such as Kerberos and LDAP. Furthermore, it will also emphasize on the design of integration model of Kerberos and LDAP to Cloud and Shared Storage to evaluate the impact of ASN.1 vulnerability.

Introduction

The authentication protocols enable secure data transmission over the network. The objects in every network have an entry in Management Information Base (MIB), which is a set of network objects managed by Simple Network Management Protocol (SNMP) [ 1 ]. There were compatibility issues revealed in the literature during data transmission by SNMP with respect to incompatible data type encoding. To minimize the incompatibility during encoding, Abstract Syntax Notation One (ASN.1) defines a data structures used for serialization and deserialization in a cross platform deployment for example, cloud deployment [ 2 ]. Every network presentation layer is subject to use Abstract Syntax Notation One (ASN.1) to exchange data among various devices over the network. The presentation layer initially acts to define generic structure of data, which is later followed by concrete syntax according to local language of system. Next, the transfer mechanism defines the data representation along with encoding method. The layer then forwards encoding and decoding rules to application layer to translate the encoded data accordingly [ 3 ].

The role of ASN.1 allows the sending and receiving of data in a device-independent format, i.e., independent of architectural conventions of the sender and receiver or in cross platform deployment [ 4 ]. To support the cross platform encoding deployment or a respective application, ASN.1 uses three different methods for encoding based on type and length of values. The methods are (a) primitive definite-length method, (b) constructed definite-length method, and (c) constructed indefinite length method. The primitive method requires length to be known in advanced and implemented for simple types. The next method, constructed definite-length method, can be applied to simple and structured data types and also derived data types. It requires length of data or value to be known in advanced. Finally, the constructed indefinite length method applies to simple and complex data types. The length of the data types is not required to be known in advance [ 5 ]. In addition to these methods, ASN.1 follows certain rules for certificate generations, digital signatures, and preservation of encoding. The said rules are named as Basic Encoding Rules (BER), Distinguish Encoding Rules (DER), and Canonical Encoding Rules (CER), respectively. BER is a composition of Type, Length, and Value (TLV structure) which is responsible to generate certificate for successful handshake [ 6 ]. DER is accountable to provide encoding for the digital signature and cryptography. CER encoding focuses on preservation of encoding, this is required in security exchanges [ 7 ].

Many of the protocols such as Transport Layer Security (TLS), Kerberos, and Lightweight Directory Access Protocol (LDAP), etc. rely on ASN.1 BER, which is subsequently discussed in the section “ Literature Review ”. Every authentication protocol has an application, where the vulnerability is reported and a solution is suggested. The section “ Methodology ” narrates the process of evolving the ASN.1 in Kerberos and LDAP, along with the use case, i.e., cloud and respective shared storage. We have also presented Infrastructure model of cloud and shared storage in the section “ Methodology ”. Finally, the conclusion and future direction is presented in the last section.

Literature Review

Transport Layer Security (TLS) protocol provides certificate-based authentication to manage secure communication among two nodes. This protocol has handshake and record layer for establishing the sessions and exchanging the messages. The specific nodes maintain the status and state of reading and writing while communicating over the network. The handshake layer contains the security parameters, i.e., certificate information before the message can be transmitted. The message then divided into number of fragments. Each fragment is transmitted with the security parameters specified by handshake layer. It uses asymmetric key cryptography to generate public and private key pair to verify the identity during communication. The RFC5878 [ 8 ] documentation shows authorization extension to TLS handshake protocol. The extension is introduced in TLS handshake layer to enable TLS for exchanging authorization information between nodes before generation of any authentication certificate. The certificate generated during handshake is encoded with ASN.1. The error in implementation of such encoding builds a vulnerable platform to execute various attacks such as Denial of Service or Buffer overflow [ 9 ]. TLS performs baseline security layer to implement authentication protocols, which is outlined in subsequent paragraphs.

Kerberos is designed to authenticate the subject for a given object over the network. A requestor proves its identity by obtaining a ticket from Kerberos Server. A ticket is being granted to requestor in form of principal, which is a unique identity to assign to each ticket granted. To verify the identity, the principal identifiers are encoded in two parts realm and remainder. The realm specifies the domain along with the components required for principal as remainder. The said domain is responsible to authenticate the user for Kerberos and thereby for respective service. Kerberos principal obtains tickets for authentication and respective authorization. The tickets then contains the attributes of nodes, ticket lifetime, and the session key for the requestor for accessibility over network [ 10 , 11 ]. There was a lacuna during accessibility or transmission of messages over the network for interoperability. The independent encoding for multibyte quantities was considerable driver for the said lacuna, which was implemented in version 4 of Kerberos. As a result, the transmission among various nodes was constrained, where encoding order may not be understood by receiver. To enhance the transmission thereby interoperability, the standardization for encoding is implemented with ASN.1 BER in Kerberos version 5. Thus, the realm and each component of the remainder are encoded as separate ASN.1 General Strings [ 12 ]. ASN.1 encoding minimizes the validation, which was required to understand the semantics for the messages transmitted in diverge context for non-standard encoding [ 13 ]. For the heterogeneous deployment, Kerberos authentication monitors various devices compatibility for encoding and ASN.1 provides the standardization to shaft incompatibility, if any. Thus, ASN.1 enables orientation for processing Kerberos over TLS during “Hello Message” and the respective response [ 14 ]. Figure  1 illustrates the encoding implementation during communication among nodes.

Communication for authentication with Kerberos via ASN.1 over TLS

As depicted in Fig.  1 , Node A (Requestor) is requesting an authentication ticket from Node B (Kerberos Server) to access Server Node. Each request and response for ticket generation and subsequent accessibility to the Server Node imperatively use ASN.1 encoding to minimize the validity check during message transmission. As mentioned in aforesaid paragraph, ASN.1 provides standardize encoding, and hence supports for heterogeneous infrastructure deployment of Kerberos. Any irregularity in implementation of ASN.1 has large positive impact on introducing the vulnerabilities. The impact of these vulnerabilities are multiplied when Kerberos is deployed for Cloud. For the vulnerability CVE-2020-28196, i.e., unbounded recursion via ASN.1, a security fix is offered by SUSE SLES12 Security Update for OpenStack cloud deployment [ 15 ].

Next, Lightweight Directory Access Protocol (LDAP) an authentication protocol, with major entities to validate the identity, domain and respective directory structure are Distinguish Name (DN), Domain Component(DC), and Organization Unit (OU), etc., respectively [ 16 ]. Initially, it was designed for direct mapping to string-based encoding of names and attribute values, while transmitting the messages over network. As a result, the scope of LDAP for ad-hoc development of syntaxes and required parsing was limited, which in turn has large impact on certificate generation by Public Key Infrastructure (PKI) for authentication. PKI, a mean to determine the certificate distribution and revocation list, follows ASN.1 standard. This limitation of LDAP was significantly impacting the certificate distribution and revocation process because of poor understanding of ASN.1 encoding standards. As a result, LDAP search was not recognizing ASN.1 types in the definition of the certificate. Generic String Encoding Rules (GSER) was introduced in LDAP to implement new string encoding to retain the structure of the ASN.1 type with existing encoding mechanism, provided that an LDAP server is ASN.1 aware. In 2004, IBM has initiated a project to enable LDAP aware of ASN.1 [ 17 , 18 ]. The current release of LDAP has extended itself to be aware of ASN.1 and, hence, support PKI certificate implementation process for authentication. LDAP message layer is responsible to manage synchronization of request and response. ASN.1 encoding is embedded into request and response control of nodes in the process of authentication [ 19 ]. The start TLS mechanism is an extension of request and response method provided by ASN.1 in LDAP [ 20 ]. In Fig.  2 , Node A is requesting the validation of authentication to LDAP protocol, and the said request is then forwarded to authentication server to generate certificate. For each communication, the ASN.1 BER is implemented over TLS for maintaining standardization in encoding during transmission.

Communication for authentication with LDAP via ASN.1 over TLS

Though the base support of TLS along with ASN.1 for data transmission was implemented, but there were vulnerabilities reported due to failure in maintaining the ASN.1 rules during implementation. The said vulnerability impacts file sharing capability of Samba Server. As authentication is proven a dominant factor to impact cyber-attacks, the successive section outlines the evolution of ASN.1 in the mentioned authentication protocols along with its application in cloud and shared storage.

Methodology

Every encoding communication standard has a large impact on authentication thereby privacy during network communication among nodes. Various research papers available in literature were scrutinized to visualize the outcome of ASN.1 in Kerberos and LDAP to examine the transmission of data over the network. Table ​ Table1 1 summarizes our findings.

Necessity of ASN.1 in Kerberos and LDAP

Table ​ Table1 1 presented is conferred the reason about introducing ASN.1 encoding platform for message transmission over the network. The vulnerability discussed in this direction is subject to impact Cisco and Apple-related products. The impact elements to Denial of Service attack due to ASN.1 decoder infinite condition [ 24 ]. Samba, a file sharing protocol over the network is designed to use LDAP protocol for authentication. For the LDAP packet size of 13,000 bytes, ASN.1 vulnerability is enough to crash Connectionless Light Weight Directory Access Protocol [ 23 ].

The vulnerability mentioned assorted to substantial impact while accessing cloud with the selected authentication protocols. Various approaches are suggested in a literature to integrate OpenStack Cloud with LDAP and Kerberos [ 25 , 26 ]. However, to this paper, writing the impact of ASN.1 vulnerability to the forenamed integration is required to be explored.

To integrate the relevant protocols with cloud and conceptualize the impact of ASN.1 vulnerability, we are proposing the infrastructure model presented in Fig.  3 . OpenStack cloud is deployed with keystone authentication service. This model catalyzes the integration of authentication protocols with keystone to spawn instances and access to shared storage. Authentication to spawn the instances is delivered via Kerberos and Shared storage is accessed by LDAP authentication service. Cloud Identity Service, i.e., keystone, must be extended to encapsulate Kerberos ticket and LDAP certificate to access server. The deployment environment is designed with Intel i7-8700 3.20 GHz (× 12 cores) processor with 32 GB RAM. OpenStack Yoga release is installed as a Single Node Installation using DevStack installation. The implementation details of respective model are in progress to understand the said impact.

Infrastructure model of Kerberos and LDAP for OpenStack

Conclusion and Future Work

We have examined the importance of encoding scheme for the authentication. The encoding scheme requires a careful design and implementation to minimize the attacks. ASN.1 BER encoding scheme is exercised as a standard practice to enable encoding during transmission over the network to validate the identity and thereby communication. The critical vulnerability Denial of Service attack is reported due to infinite loop or memory allocation in ASN.1 implementation in Kerberos and LDAP authentication protocols, respectively. These vulnerabilities may have severe impact while authenticating process when extended to cloud or shared file storage. As industry and educational institutes are moving towards the cloud deployment to access the infrastructure over the network, these vulnerabilities may result in larger potential impact while working online in continues mode.

As a future work, the proposed model portrayed in Fig.  3 can be implemented and tested for a small user base initially, which can be further extended to support large user base to access cloud. This will help to interpret the possible attack scenario in Kerberos and LDAP while deploying with cloud and shared storage.

Declarations

The authors declare that they have no conflict of interest.

“This article is part of the topical collection “Cyber Security and Privacy in Communication Networks” guest edited by Rajiv Misra, RK Shyamsunder, Alexiei Dingli, Natalie Denk, Omer Rana, Alexander Pfeiffer, Ashok Patel, and Nishtha Kesswani”.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Contributor Information

Tejaswini Apte, Email: [email protected] .

Priti Kulkarni, Email: moc.liamg@paitirp .

Networking: Implementation of Authentication Process Case Study

School wlan, user groups and their security requirements, protocol and application permissions, data classification plan.

Deploying a wireless local area network (WLAN) in a school environment can be an enormous asset in the learning process. However, such an environment presents unique challenges in ensuring the network’s security. This report will examine the probable user groups, their security requirements, and potential risks associated with a classroom WLAN, and propose security and authentication measures necessary to make the network secure.

Users in a school WLAN can be divided into three broad categories:

• Students. Generally do not require external access or access to restricted materials. Require very limited modification of resources on the network.
• Faculty members/teachers. May require external access or access to confidential internal materials, as well as modified access to resources.
• Other staff. This includes staff with responsibilities not necessarily involved in the teaching process, including those administrating the network. This group requires the most flexible security considerations as their needs can vary significantly, but generally, their requirements lie above those of the previous group.

It should also be noted that most users of a school WLAN can be expected to have limited computer literacy, preventing their use of complicated authentication systems. However, individual students can be capable of bypassing simpler security measures to engage in malicious activity.

Thus, a school WLAN should implement role-based access control with two primary groups with corresponding levels of access. Under this system, access is granted to users based on their assigned roles (Kizza, 2020). One, general access, for students, read-only permissions on data outside of specific circumstances (e. g. uploading assignments). Considering the ubiquity of Internet-enabled data plans, this group does not require Internet access for any purpose not already achieved by their devices. The second level should allow access to the school’s confidential data and a limited ability to modify it, as well as general access to the Internet. Finally, the requirements of the third group can be achieved by assigning individual roles with permissions elevated from the second level.

The TCP and IP protocols are necessary for the functioning of a network. DHCP is also required to automatically assign IP addresses to devices entering the network. As the network is likely to be used to distribute learning materials, which may include video and audio recordings, whose transmission is achieved by protocols such as UDP and RTSP. Therefore, these protocols may be allowed, depending on the implementation of the school’s distribution system. No additional protocols should be operating within the WLAN. As for applications, unless the school utilizes proprietary software, all necessary interactions within the network can be achieved through a general-purpose Web browser.

Personal Digital Assistants (PDAs) are not a device commonly in personal used today. Most of their functionality has been superseded by smartphones or digital tablets. Thus, resolving any additional security issues associated with them would likely not be cost-effective. Therefore, PDAs should generally not be allowed to access the school’s WLAN. However, it is possible for school-issued PDAs to be used in the education process. If that is the case, only such PDAs should be allowed.

Based on the descriptions above, a context-based data classification would be the most appropriate to this environment. The user accessing or modifying the data is the key attribute determining its sensitivity level, with the interface used to access or modify it as a secondary qualifier. Data can be divided into general (public), internal, and confidential sensitivity levels as follows (Khani, et al., 2018).

It can be safely assumed that students need no modify access to any data except their assignments, and no access to confidential data from within the WLAN. As such, the write and modify access is generally heavily restricted within the network.

Khani, P., Sharbaf, M., Beheshti, M., & Faraji, S. (2018). Campus network security: Threats, analysis and strategies. 2018 International Conference on Computational Science and Computational Intelligence (CSCI). Web.

Kizza, J. M. (2020). Guide to Computer Network Security (5 th ed.). Springer.

• Chicago (A-D)
• Chicago (N-B)

IvyPanda. (2022, September 27). Networking: Implementation of Authentication Process. https://ivypanda.com/essays/networking-implementation-of-authentication-process/

"Networking: Implementation of Authentication Process." IvyPanda , 27 Sept. 2022, ivypanda.com/essays/networking-implementation-of-authentication-process/.

IvyPanda . (2022) 'Networking: Implementation of Authentication Process'. 27 September.

IvyPanda . 2022. "Networking: Implementation of Authentication Process." September 27, 2022. https://ivypanda.com/essays/networking-implementation-of-authentication-process/.

1. IvyPanda . "Networking: Implementation of Authentication Process." September 27, 2022. https://ivypanda.com/essays/networking-implementation-of-authentication-process/.

Bibliography

IvyPanda . "Networking: Implementation of Authentication Process." September 27, 2022. https://ivypanda.com/essays/networking-implementation-of-authentication-process/.

• Business Information Security and File Permissions
• Mobile and PDA Technologies Use in Education
• WLAN Deployment on Open Area Construction Projects
• Pervasive Wireless Local Area Networks and Security
• Network Security for Mobile Devices
• Infrared Wireless Local Area Networks
• Networking Environments File System Security
• Detection and Prevention of Wireless Intrusion
• Strategic review for PDA Sim
• Wireless Local Area Network and Channel Fading
• WEP, WPA, and WPA2 Networks Comparison
• Working in Virtual Worlds
• Internet Resource Evaluation
• Bots and Their Role in Internet Regulation
• The Website Caters to Technology Enthusiasts

• school Campus Bookshelves
• menu_book Bookshelves
• perm_media Learning Objects
• login Login
• how_to_reg Request Instructor Account
• hub Instructor Commons
• Download Page (PDF)
• Download Full Book (PDF)
• Periodic Table
• Physics Constants
• Scientific Calculator
• Reference & Cite
• Tools expand_more
• Readability

selected template will load here

This action is not available.

5.11: Case Study - Transport Layer Security (TLS) for the Web

• Last updated
• Save as PDF
• Page ID 58759

• Jerome H. Saltzer & M. Frans Kaashoek
• Massachusetts Institute of Technology via MIT OpenCourseWare

The Transport Layer Security (TLS) protocol\(^*\) is a widely used security protocol to establish a secure channel (confidential and authenticated) over the Internet. The TLS protocol is at the time of this writing a proposed international standard. TLS is a version of the Socket Security Layer (SSL) protocol, defined by Netscape in 1999, so current literature frequently uses the name "SSL/TLS" protocol. The TLS protocol has some improvements over the last version (3) of the SSL protocol, and this case study describes the TLS protocol, version 1.2.

The TLS protocol allows client/service applications to communicate in the face of eavesdroppers and adversaries who would tamper with and forge messages. In the handshake phase, the TLS protocol negotiates, using public-key cryptography, shared-secret keys for message authentication and confidentiality. After the handshake, messages are encrypted and authenticated using the shared-secret keys. This case study describes how TLS sets up a secure channel, its evolution from SSL, and how it authenticates principals.

\(^*\) Tim Dierks and Eric Rescorla. The Transport Layer Security (TLS) protocol Version 1.2. RFC 4346 . November 2007.

The TLS Handshake

The TSL protocol consists of several protocols, including the record protocol which specifies the format of messages between clients and services, the alert protocol to communicate errors, the change cipher protocol to apply a cipher suite to messages sent using the record layer protocol, and several handshaking protocols. We describe the handshake protocol for the case where an anonymous user is browsing a Web site and requires service authentication and a secure channel to that service.

Figure \(\PageIndex{1}\) shows the handshake protocol for establishing a connection from a client to a server. The CLIENTHELLO message announces to the service the version of the protocol that the client is running (SSL 2.0, SSL 3.0, TLS 1.0, etc.), a random sequence number, and a prioritized set of ciphers and compression methods that the client is willing to use. The session_id in the CLIENTHELLO message is null if the client hasn't connected to the service before.

Figure \(\PageIndex{1}\): Typical TLS exchange of handshake protocol messages.

The service responds to the CLIENTHELLO message with 3 messages. It first replies with a SERVERHELLO message, announcing the version of the protocol that will be used (the lower of the one suggested by the client and the highest one supported by the service), a random number, a session identifier, and the cipher suite and compression method selected from the ones offered by the client.

To authenticate the service to the client, the service sends a SERVERCERTIFICATE message. This message contains a chain of certificates, ordered with the service's certificate first followed by any certificate authority certificates proceeding sequentially upward. Usually the list contains just two certificates: a certificate for the public key of the service and a certificate for the public key of the certification authority. (We will discuss certificates in more detail in Section 5.11.3 below.)

After the service sends its certificates, it sends a SERVERHELLODONE message to indicate that it is done with the first part of the handshake. After receiving this message and after satisfactorily verifying the authenticity of the service, the client generates a 48-byte   pre_master_secret . TLS supports multiple public-key systems, and depending on the choice of the client and service, the pre_master_secret is communicated to the service in slightly different ways.

In practice, TLS typically uses a public-key system, in which the client encrypts the pre_master_secret with the public key of the service found in the certificate, and sends the result to the service in the CLIENTKEYEXCHANGE message. The pre_master_secret thus can be decrypted by any entity that knows the private key that corresponds to the public key in the certificate that the service presented. The security of this scheme therefore depends on the client carefully verifying that the certificate is valid and that it corresponds to the desired service. This point is explored in more detail in Section 5.11.3, below.

The pre_master_secret is used to compute the master_secret using the service and client nonce (" + " denotes concatenation):

master_secret ← PRF ( pre_master_secret , “master secret”, random client + random server )

PRF is a pseudorandom function, which takes as input a secret, a label, and a seed. As output it generates pseudorandom bytes. TLS assigns the first 48 bytes of the PRF output to the master_secret. The TLS version 1.2 uses a PRF function that is based on the HMAC construction and the SHA-256 hash function (see  Section 5.9  for the HMAC construction and the SHA family of hash functions).

It is important that the master_secret be dependent both on the pre_master_secret and the random values supplied by the service and client. For example, if the random number of the service were omitted from the protocol, an adversary could replay a recorded conversation without the service being able to tell that the conversation was old.

After the master_secret is computed, the pre_master_secret should be deleted from memory, since it is no longer needed and continuing to store it would just create an unnecessary security risk.

After sending the encrypted pre_master_secret , the client sends a CHANGECIPHERSPEC message. This message\(^*\) specifies that all future message from the client will use the ciphers specified as the encrypting and authentication ciphers.

The keys for message encrypting and authentication ciphers are computed using the master_secret , random client , and random server (which both the client and the service now have). Using this information a key block is computed:

key_block ← PRF ( master_secret , “key expansion”, random server + random client )

until enough output has been produced to provide the following keys:

client_write_MAC_secret [CipherSpec.hash_size] server_write_MAC_secret [CipherSpec.hash_size] client_write_key [CipherSpec.key_material] server_write_key [CipherSpec.key_material] client_write_IV [CipherSpec.IV_size] server_write_IV [CipherSpec.IV_size]

The first 4 variables are the keys for authentication and confidentiality, one for each direction. The last 2 variables are the initialization vectors, one for each direction, for ciphers using CBC mode (see Section 5.9 ). These variables together are the state necessary for the client and the service to communicate securely.

Now the client sends a FINISHED message to announce that it is done with the handshake. The FINISHED message contains at least 12\(^{**}\) bytes of the following output:

PRF ( master_secret , finish_label , HASH ( handshake_messages ))

The FINISHED message is a verifier of the protocol sequence so far (the value of all messages starting at the CLIENTHELLO message, but not including the FINISHED message). The client use the value "client finished" for finish_label . HASH is the same hash function used for the PRF , SHA-256. If the service verifies the hash, the service and client agree on the protocol sequence and the master_secret . TLS encrypts and authenticated the FINISHED message using the cipher suite that the client and service agreed on in the HELLO messages.

After the service receives the client's FINISHED message, it sends a CHANGECIPHERSPEC message, informing the client that all subsequent messages from service to client will be encrypted and authenticated with the specified ciphers. (The client and service can use different ciphers for their traffic.) Like the client, the service concludes the handshake with a FINISHED message, but uses the value "server finished" for finish_label . After both finish messages have been received and checked out correctly, the client and service have a secure (that is, encrypted and authenticated) channel over which they can carry on the remainder of their conversation.

\(^*\) The TLS standard considers CHANGECIPHERSPEC not part of the handshake protocol, but part of the Change Cipher Spec protocol, even though the handshake protocol uses it.

\(^{**}\) Clients may specify in the HELLO message that they prefer more bytes.

Evolution of TLS

The TLS handshake protocol is more complicated than some of the other protocols that we described in this chapter. In a large part, this complexity is due to all the options TLS supports. It allows a wide range of ciphers and key sizes. Service and client authentication are optional. Also, it supports different versions of the protocol. To support all these options, the TLS protocol needs a number of additional protocol messages. This makes reasoning about TLS difficult, since depending on the client and service constraints, the protocol has a different set of message exchanges, different ciphers, and different key sizes. Partly because of these features the predecessors of TLS 1.2, the earlier SSL protocols, were vulnerable to new attacks, such as cipher suite substitution and version rollback attacks.

In version 2 of SSL, the adversary could edit the CLIENTHELLO message undetected, convincing the service to use a weak cipher, for example one that is vulnerable to brute-force attacks. SSL Version 3 and TLS protect against this attack because the FINISHED message computes a MAC over all message values.

Version 3 of SSL accepts connection requests from version 2 of SSL. This opens a version-rollback attack, in which an adversary convinces the service to use version 2 of the protocol, which has a number of well-documented vulnerabilities, such as the cipher substitution attack. Version 3 appears to be carefully designed to withstand such attacks, but the specification doesn't forbid implementations of version 2 to resume connections that were started with version 3 of the protocol. The security implications of this design are unclear.

One curious aspect of version 3 of the SSL protocol is that the computation for the MAC of the FINISHED messages does not include the CHANGECIPHER messages. As pointed out by Wagner and Schneier, an adversary can intercept the CHANGECIPHER message and delete it, so that the service and client don't update their current cipher suite. Since messages during the handshake are not encrypted and authenticated, this can open a security hole. Wagner and Schneier describe an attack that exploits this observation [Suggestions for Further Reading  5.5.6 ]. Currently, widely used implementations of SSL 3.0 protect against this attack by accepting a FINISHED message only after receiving a CHANGECIPHER message.

TLS is the international standard version of SSL 3.0, but also improves over SSL 3.0. For example, it mandates that a FINISHED message must follow immediately after a CHANGECIPHER message. It also replaces ad-hoc ways of computing hash functions in various parts of the SSL protocol (e.g., in the FINISHED message and master_secret ) with a single way, using the PRF function. TLS 1.1 has a number of small security improvements over 1.0. TLS 1.2 improves over TLS 1.1 by replacing an MD5/SHA-1 implementation of PRF with one specified in the cipher suite in the HELLO messages, preferable based on SHA-256. This allows TLS to evolve more easily when ciphers are becoming suspect (e.g., SHA-1).

Authenticating Services with TLS

TLS can be used for many client/service applications, but its main use is for secure Web transactions. In this case, a Web browser uses TLS to set up a message-authenticated, confidential communication connection with a Web service. HTTP requests and responses are sent over this secure connection. Since users typically visit Web sites and perform monetary transactions at these sites, it is important for users to authenticate the service. If users don't authenticate the service, the service might be one run by an adversary who can now record private information (e.g., credit card numbers) and supply fake information. Therefore, a key problem TLS addresses is service authentication. 

The main challenge for a client is to convince itself that the service's public key is authentic. If a user visits a Web site, say amazon.com, then a user wants to make sure that the Web site the user connects to is indeed owned by Amazon.com, Inc. The basic idea is for Amazon to sign its name with its private key. Then, the client can verify the signed name using Amazon's public key. This approach reduces the problem to securely distributing the public key for Amazon. If it is done insecurely, an adversary can convince the client that the adversary has the public key of Amazon, but substitute the adversary's own public key and sign Amazon's name with the adversary's private key. This problem is an instance of the key-distribution problem, discussed in  Section 5.6 .

TLS relies on well-known certification authorities for key distribution. An organization owning a Web site buys a certificate from one or more certification authorities. Each authority runs a certification check to validate that the organization is the one it claims to be. For example, a certification authority might ask Amazon, Inc. for articles of incorporation to prove that it is the entity it claims to be. After the certification authority has verified the identity of the organization, it issues a certificate. The certificate contains the public key of the organization and the name of the organization, signed with the private key of the certificate authority. (The service sends the certificates in step 3 of the handshake protocol, described in Section 5.11.1 above.)

The client verifies the certificate as follows. First, it obtains in a secure way the public key of certification authorities that it is willing to trust. Typically a number of public keys come along with the distribution of a Web browser. Second, after receiving the service certificates, it uses the public keys of the authorities to verify one of the certificates. If one of the certificates verifies correctly, the client can be confident about the name of the organization owning the service. Whether a user can trust the organization that goes by that name is a different question and one that the user must resolve using psychological means.

TLS uses certificates that are standardized by the ISO X.509 standard. Some of the fields in Version 3 of X.509 certificates are shown below (the standard specifies them in a different order):

structure certificate      version     serial_number     signature_cipher_identifier     issuer_signature     issuer_name     subject_name     subject_public_key_cipher_identifier     subject_public_key     validity_period

The version field specifies the version of the certificate (it would be 3 in this example). The serial_number field contains a nonce assigned by the issuing certification authority and is different for every certificate. The signature_cipher_identifier field identifies the algorithm used by the authority to sign this certificate. This information allows a client of the certification authority to know which of several standard algorithms to use to verify the issuer_signature field, which contains the value of the certificate's signature. If the signature checks out, the recipient can believe that the information in the certificate is authentic. The issuer_name field specifies the real-world name of the certificate authority. The subject_name field specifies the real-world name for the principal. The two other subject fields specify the public-key cipher the principal wants to use (say RSA), and the principal's public key.

The validity_period field specifies the time for which this signature is valid (the start and expiry dates and times). The validity_period field provides a weak method for key revocation. If Amazon obtains a certificate and the certificate is valid for 12 months (a typical number), and if the next day an adversary compromises the private key of amazon.com, then the adversary can impersonate Amazon for the next 12 months. To counter this problem a certification authority maintains a certification revocation list, which contains compromised certificates (identified by the certificate's serial number). Anyone can download the certificate revocation list to check if a certificate is on this blacklist. Unfortunately, revocation lists are not in widespread use today. Good certificate revocation procedures are an open research problem.

The crucial security step for establishing a principal's identity is the certification process executed by the certification authority. If the authority issues certificates without checking out the identity of the organization owning the service, the certificate doesn't improve security. In that case, Lucifer could ask the certification authority to create a certificate for Amazon.com, Inc. If the authority doesn't check Lucifer's identity, Lucifer will obtain a certificate for Amazon, Inc. that binds the name Amazon, Inc. to Lucifer's public key, allowing Lucifer to impersonate Amazon, Inc. Thus, it is important that the certification authority do a careful job of certifying the principal's identity. A typical certification procedure includes paying money to the authority, and sending by surface mail the articles of incorporation (or equivalent) of the organization. The authority will run a partly manual check to validate the provided information before issuing the certificate.

Certification authorities face an inherent conflict between good security and convenience. The procedure must be thorough enough that the certificate means something. On the other hand, the certification procedure must be convenient enough that organizations are able or willing to obtain a certificate. If it is expensive in time and money to obtain a certificate, organizations might opt to go for an insecure solution (i.e., not authenticating their identity with TLS). In practice, certification authorities have a hard time striking the appropriate balance and therefore specialize for a particular market. For example, Verisign, a well-known certification authority, is mostly used by commercial organizations. Private parties who want to obtain a certificate from Verisign for their personal Web sites are likely to find Verisign's certification procedure impractical.

Ford and Baum provide a nice discussion of the current practice for secure electronic commerce using certificate authorities, certificates, etc., and the legal status of certificates \(^*\).

\(^*\) Warwick Ford and Michael S. Baum. Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption . Prentice Hall, second edition, 2000. ISBN: 978–0–13–027276–8. 640 pages.

Although the title implies more generality, this book is about public key infrastructure: certificate authorities, certificates, and their legal status in practice. The authors are a technologist (Ford) and a lawyer (Baum). The book provides thorough coverage and is a good way to learn a lot about the subject. Because the status of this topic changes rapidly, however, it should be considered a snapshot rather than the latest word.

User Authentication

User authentication can, in principle, be handled in the same way as server authentication. The user could obtain a certificate from an authority testifying to the user's identity. When the server asks for it, the user could provide the certificate and the server could verify the certificate (and thus the user's identity according to a certification authority) by using the public key of the authority that issued the certificate. Extensions of the TLS handshake protocol support this form of user authentication.

In practice, and in particular in the Web, user authentication doesn't rely on user certificates. Some organizations run a certificate authority and use it to authenticate members of their organization. However, often it is too much trouble for a user to obtain a certificate, so few Web users are willing to obtain one. Instead, many servers authenticate users based on the IP address of the client machine or based on a shared passphrase. Both methods are currently implemented insecurely.

Using the IP address for authentication is insecure because it is easy for an adversary to spoof an IP address. Thus, when the server checks whether a user on a machine with a particular IP address has access, the server has no guarantees. Typically, this method is used inside an organization that puts all its machines behind a firewall. The firewall attempts to keep adversaries out of the organization's network by monitoring all network traffic that is coming from the Internet and blocking bad traffic (e.g., a packet that is coming from outside the firewall but an internal IP address).

Passphrase authentication is better. In this case, the user sets up an account on the service and protects it with a passphrase that only the user and the service know. Later when the user visits the service again, the server puts up a login page and asks the user to provide the passphrase. If the passphrase is valid, the server assumes that the user is the principal who created the account.

To avoid having the user to type the password on each request, services can exploit a Web mechanism called cookies . A service sends a cookie, a service-specific piece of information, to the user's Web browser, which stores it for use in later requests to the service. The service sends the cookie by including in a response a SET_COOKIE directive containing data to be stored in the cookie. The browser stores the cookie in memory. (In practice, there may be many cookies, so they are named, but for this description, assume that there is only one and no name is needed.) On subsequent calls (i.e., GET or POST ) to the service that installed the cookie, the browser sends the installed cookie along with the other arguments to GET or POST .

Web services can use cookies for user authentication as follows. When the user logs in, the service creates a cookie that contains information to authenticate the user later and sends it to the user's browser, which stores it for use in future requests to this service. Every subsequent request from that browser will include a copy of the cookie, and the service can use the information stored in the cookie to learn which user issued this request. If the cookie is missing (for example, the user is using a different browser), the service will return an error to the browser and ask the user to login again. The security of this scheme depends on how careful the service is in constructing the authenticating cookie. One possibility is to create a nonce for a session and sign the nonce with a MAC. Kevin Fu et al. describe some ways to get it wrong and recommend a secure approach\(^*\).  Problem Set 28  explores some of the issues in protecting and authenticating cookies.

Websites use cookies in many ways. For example, many sites use cookies to track the browsing patterns of returning visitors. Users who want to protect their privacy must disable cookie tracking in their browser.

\(^*\) K. Fu, E. Sit, K. Smith, and N. Feamster, Dos and don'ts of client authentication on the Web, Proceedings of the tenth USENIX Security Symposium , Washington, August 2001.

Authentication in Internet of Things, protocols, attacks, and open issues: a systematic literature review

• Published: 12 January 2024

Cite this article

• Elham Ebrahimpour 1 &
• Shahram Babaie 1  

334 Accesses

Explore all metrics

Internet of Things (IoT) as an emerging technology is based on the idea that smart things can connect to the Internet and exchange the collected data in a peer-to-peer paradigm. Due to its inherent features, IoT can be utilized in real-world scenarios and its expansion can improve human well-being. Internet of things is applied quite closely to humans and transmits serious information such as healthcare information, financial data, and private information through an insecure communication platform. Since almost all tasks are performed with minimal human intervention, and adversary may deploy its nodes among other legitimate elements of IoT, providing an effective mutual authentication is vital. In this Systematic Literature Review, authentication of IoT and its literature are reviewed systematically. In particular, it has endeavored that the collected literature covers the papers conducted from 2018 to 2022. Moreover, this study seeks to provide a comprehensive answer to six important Research Questions in the context of authentication of IoT that often engage the minds of scholars. It is hoped that this survey will be an effective guide for future research by addressing the relevant challenges, analyzing open issues, and providing future research directions.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price includes VAT (Russian Federation)

Instant access to the full article PDF.

Rent this article via DeepDyve

Institutional subscriptions

Similar content being viewed by others

Security, Privacy and Risks Within Smart Cities: Literature Review and Development of a Smart City Interaction Framework

Elvira Ismagilova, Laurie Hughes, … Yogesh K. Dwivedi

Cybersecurity, Data Privacy and Blockchain: A Review

Vinden Wylde, Nisha Rawindaran, … Jon Platts

Role of Artificial Intelligence in the Internet of Things (IoT) cybersecurity

Murat Kuzlu, Corinne Fair & Ozgur Guler

Data availability

Not applicable.

Navas, R.E., Cuppens, F., Boulahia Cuppens, N., Toutain, L., Papadopoulos, G.Z.: MTD, Where Art Thou? A systematic review of moving target defense techniques for IoT. IEEE Internet Things J. 8 (10), 7818–7832 (2021). https://doi.org/10.1109/JIOT.2020.3040358

Article   Google Scholar  

Kumar, V., Malik, N., Singla, J., Jhanjhi, N.Z., Amsaad, F.: Light weight authentication scheme for smart home IoT devices. Dep. Comput. Sci. Eng. 6 (3), 37 (2022). https://doi.org/10.3390/cryptography6030037

Tange, K., De Donno, M., Fafoutis, X., Dragoni, N.: A systematic survey of industrial internet of things security: requirements and fog computing opportunities. IEEE Commun. Surv. Tutorials 22 (4), 2489–2520 (2020). https://doi.org/10.1109/COMST.2020.3011208

Alsahlani, A.Y.F., Popa, A.: LMAAS-IoT: lightweight multi-factor authentication and authorization scheme for real-time data access in iot cloud-based environment. J. Netw. Comput. Appl. 192 , 103177 (2021). https://doi.org/10.1016/J.JNCA.2021.103177

Chang, Z., Meng, Y., Liu, W., Zhu, H., Wang, L.: WiCapose: multi-modal fusion based transparent authentication in mobile environments. J. Inf. Secur. Appl. 66 , 103130 (2022). https://doi.org/10.1016/J.JISA.2022.103130

Nandy, T., et al.: Review on security of internet of things authentication mechanism. IEEE Access 7 , 151054–151089 (2019). https://doi.org/10.1109/ACCESS.2019.2947723

Ahmim, I., Ghoualmi-Zine, N., Ahmim, A., Ahmim, M.: Security analysis on ‘Three-factor authentication protocol using physical unclonable function for IoV.’ Int. J. Inf. Secur. 21 (5), 1019–1026 (2022). https://doi.org/10.1007/s10207-022-00595-6

Ghasemi, F., Babaie, S.: A lightweight secure authentication approach based on stream ciphering for RFID-based Internet of Things. Comput. Electr. Eng. 102 , 108288 (2022). https://doi.org/10.1016/j.compeleceng.2022.108288

Sahoo, S.S., et al.: A three-factor-based authentication scheme of 5G wireless sensor networks for IoT system. IEEE Internet Things J. 10 (17), 15087–15099 (2023). https://doi.org/10.1109/JIOT.2023.3264565

Lien, C.W., Vhaduri, S.: Challenges and opportunities of biometric user authentication in the age of IoT: a survey. CM Comput. Surv. 56 (1), 1–37 (2023). https://doi.org/10.1145/3603705

Abkenar, F.S., Ramezani, P., Iranmanesh, S., Murali, S., Chulerttiyawong, D., Wan, X., Jamalipour, A., Raad, R.: A survey on mobility of edge computing networks in IoT: state- of -the-art, architectures, and challenges. IEEE Commun. Surv. Tutorials 24 (4), 2329–2365 (2022)

Al-Awami, S.H., Al-Aty, M.M., Al-Najar, M.F.: Comparison of IoT architectures based on the seven essential characteristics, (2023)

Lombardi, M., Pascale, F., Santaniello, D.: Internet of things: a general overview between architectures, protocols and applications. Inf. 12 (2), 1–21 (2021). https://doi.org/10.3390/info12020087

Gharamaleki, M.M., Babaie, S.: A new distributed fault detection method for wireless sensor networks. IEEE Syst. J. 14 (4), 4883–4890 (2020). https://doi.org/10.1109/JSYST.2020.2976827

Najafi, Z., Babaie, S.: A lightweight hierarchical key management approach for internet of things. J. Inf. Secur. Appl. 75 , 103485 (2023). https://doi.org/10.1016/J.JISA.2023.103485

Afrashteh, M., Babaie, S.: A route segmented broadcast protocol based on RFID for emergency message dissemination in vehicular Ad-hoc Networks. IEEE Trans. Veh. Technol. (2020). https://doi.org/10.1109/TVT.2020.3041754

Almulhim, M., Islam, N., Zaman, N.: A lightweight and secure authentication scheme for IoT based e-health applications. Int. J. Comput. Sci. Netw. Secur. 19 (1), 107–120 (2019)

Google Scholar  

Su, Y., Zhang, X., Qin, J., Ma, J.: Efficient and flexible multiauthority attribute-based authentication for IoT devices. IEEE Internet things J. 10 (15), 13945–13958 (2023)

Al-Naji, F.H., Zagrouba, R.: A survey on continuous authentication methods in Internet of Things environment. Comput. Commun. 163 (June), 109–133 (2020). https://doi.org/10.1016/j.comcom.2020.09.006

Alshawish, I., Al-Haj, A.: An efficient mutual authentication scheme for IoT systems. J. Supercomput. 78 (14), 16056–16087 (2022). https://doi.org/10.1007/s11227-022-04520-5

Masud, M., Gaba, G.S., Kumar, P., Gurtov, A.: A user-centric privacy-preserving authentication protocol for IoT-Am I environments. Comput. Commun. 196 , 45–54 (2022). https://doi.org/10.1016/J.COMCOM.2022.09.021

Shiri, A., Babaie, S., Hasan-Zadeh, J.: New active caching method to guarantee desired communication reliability in wireless sensor networks. J. Basic Appl. Sci. Res. 2 (5), 4880–4885 (2012)

Deebak, B.D., Al-Turjman, F., Aloqaily, M., Alfandi, O.: An authentic-based privacy preservation protocol for smart e-healthcare systems in IoT. IEEE Access 7 , 135632–135649 (2019). https://doi.org/10.1109/ACCESS.2019.2941575

Wazid, M., Das, A.K., Odelu, V., Kumar, N., Conti, M., Jo, M.: Design of secure user authenticated key management protocol for generic IoT networks. IEEE Internet Things J. 5 (1), 269–282 (2018). https://doi.org/10.1109/JIOT.2017.2780232

Ramzan, M., Habib, M., Khan, S.A.: Secure and efficient privacy protection system for medical records. Sustain. Comput. Inform. Syst. 35 , 100717 (2022). https://doi.org/10.1016/J.SUSCOM.2022.100717

Hajian, R., Erfani, S.H., Kumari, S.: A lightweight authentication and key agreement protocol for heterogeneous IoT with special attention to sensing devices and gateway. J. Supercomput. 78 (15), 16678–16720 (2022). https://doi.org/10.1007/s11227-022-04464-w

Seddiqi, H., Babaie, S.: A new protection-based approach for link failure management of software-defined networks. IEEE Trans. Netw. Sci. Eng. (2021). https://doi.org/10.1109/TNSE.2021.3110315

Babaie, S.: Biometric authentication: an efficient option for Internet of Things applications during the COVID-19 pandemic. Acta Sci. Comput. Sci. 2 (10), 1–2 (2020)

Ebrahimpour, E., Babaie, S.: A Lightweight authentication approach based on linear feedback shift register and majority function for internet of things. Peer-to-Peer Netw Appl (2023). https://doi.org/10.1007/s12083-023-01498-6

Roy, P.K., Sahu, P., Bhattacharya, A.: FastHand: a fast handover authentication protocol for densely deployed small-cell networks. J. Netw. Comput. Appl. 205 , 103435 (2022). https://doi.org/10.1016/J.JNCA.2022.103435

Abdussami, M., Amin, R., Vollala, S.: LASSI: a lightweight authenticated key agreement protocol for fog-enabled IoT deployment. Int. J. Inf. Secur. 21 (6), 1373–1387 (2022). https://doi.org/10.1007/s10207-022-00619-1

Yin, X., Wang, S., Zhu, Y., Hu, J., Member, S.: A novel length-flexible lightweight cancelable fingerprint template for privacy-preserving authentication systems in resource-constrained IoT applications. IEEE Internet Things J. 10 (1), 877–892 (2023). https://doi.org/10.1109/JIOT.2022.3204246

Sadhukhan, D., Ray, S., Biswas, G.P., Khan, M.K., Dasgupta, M.: A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography. J. Supercomput. 77 (2), 1114–1151 (2021). https://doi.org/10.1007/s11227-020-03318-7

Ryu, R., Yeom, S., Kim, S.H., Herbert, D.: Continuous multimodal biometric authentication schemes: a systematic review. IEEE Access 9 , 34541–34557 (2021). https://doi.org/10.1109/ACCESS.2021.3061589

Hameed, K., Garg, S., Amin, M.B., Kang, B.: A formally verified blockchain-based decentralised authentication scheme for the internet of things. J. Supercomput. 77 (12), 14461–14501 (2021). https://doi.org/10.1007/s11227-021-03841-1

Kitchenham, B.: Procedures for performing systematic reviews, (2004). 10.1.1.122.3308

Gope, P., Sikdar, B.: Lightweight and privacy-preserving two-factor authentication scheme for IoT devices. IEEE Internet Things J. 6 (1), 580–589 (2019). https://doi.org/10.1109/JIOT.2018.2846299

Das, A.K., Wazid, M., Kumar, N., Vasilakos, A.V., Rodrigues, J.J.P.C.: Biometrics-based privacy-preserving user authentication scheme for cloud-based industrial internet of things deployment. IEEE Internet Things J. 5 (6), 4900–4913 (2018). https://doi.org/10.1109/JIOT.2018.2877690

Liu, Z., Guo, C., Wang, B.: A physically secure, lightweight three-factor and anonymous user authentication protocol for iot. IEEE Access 8 , 195914–195928 (2020). https://doi.org/10.1109/ACCESS.2020.3034219

Liu, W., Wang, X., Peng, W.: Secure remote multi-factor authentication scheme based on chaotic map zero-knowledge proof for crowdsourcing internet of things. IEEE Access 8 , 8754–8767 (2020). https://doi.org/10.1109/ACCESS.2019.2962912

Wu, F., Li, X., Xu, L., Vijayakumar, P., Kumar, N.: A novel three-factor authentication protocol for wireless sensor networks with IoT notion. IEEE Syst. J. 15 (1), 1120–1129 (2021). https://doi.org/10.1109/JSYST.2020.2981049

Li, S., Zhang, T., Yu, B., He, K.: A provably secure and practical PUF-based end-to-end mutual authentication and key exchange protocol for IoT. IEEE Sens. J. 21 (4), 5487–5501 (2021). https://doi.org/10.1109/JSEN.2020.3028872

Aman, M.N., Basheer, M.H., Sikdar, B.: Two-factor authentication for IoT with location information. IEEE Internet Things J. 6 (2), 3335–3351 (2019). https://doi.org/10.1109/JIOT.2018.2882610

Liang, Y., Samtani, S., Guo, B., Yu, Z.: Behavioral biometrics for continuous authentication in the Internet-of-Things era: an artificial intelligence perspective. IEEE Internet Things J. 7 (9), 9128–9143 (2020). https://doi.org/10.1109/JIOT.2020.3004077

Mandal, S., Bera, B., Sutrala, A.K., Das, A.K., Choo, K.K.R., Park, Y.H.: Certificateless-signcryption-based three-factor user access control scheme for IoT environment. IEEE Internet Things J. 7 (4), 3184–3197 (2020). https://doi.org/10.1109/JIOT.2020.2966242

Li, W., Wang, P.: Two-factor authentication in industrial Internet-of-Things: attacks, evaluation and new construction. Futur. Gener. Comput. Syst. 101 , 694–708 (2019). https://doi.org/10.1016/j.future.2019.06.020

Vijayakumar, P., Obaidat, M.S., Azees, M., Islam, S.H., Kumar, N.: Efficient and secure anonymous authentication with location privacy for IoT-based WBANs. IEEE Trans. Ind. Inform. 16 (4), 2603–2611 (2020). https://doi.org/10.1109/TII.2019.2925071

Li, X., Peng, J., Niu, J., Wu, F., Liao, J., Choo, K.K.R.: A robust and energy efficient authentication protocol for industrial internet of things. IEEE Internet Things J. 5 (3), 1606–1615 (2018). https://doi.org/10.1109/JIOT.2017.2787800

Ghani, A., Mansoor, K., Mehmood, S., Chaudhry, S.A., Rahman, A.U., Najmus Saqib, M.: Security and key management in IoT-based wireless sensor networks: An authentication protocol using symmetric key. Int. J. Commun. Syst. (2019). https://doi.org/10.1002/dac.4139

Aghili, S.F., Mala, H., Shojafar, M., Peris-Lopez, P.: LACO: lightweight three-factor authentication, access control and ownership transfer scheme for E-health systems in IoT. Futur. Gener. Comput. Syst. 96 , 410–424 (2019). https://doi.org/10.1016/j.future.2019.02.020

Rao, V., Prema, K.V.: Light-weight hashing method for user authentication in Internet-of-Things. Ad Hoc Netw. 89 , 97–106 (2019). https://doi.org/10.1016/j.adhoc.2019.03.003

Lara, E., Aguilar, L., Sanchez, M.A., García, J.A.: Lightweight authentication protocol for M2M communications of resource-constrained devices in industrial internet of things. Sensors (Switzerland) (2020). https://doi.org/10.3390/s20020501

Li, J., et al.: A fast and scalable authentication scheme in IOT for smart living. Futur. Gener. Comput. Syst. 117 , 125–137 (2021). https://doi.org/10.1016/j.future.2020.11.006

Jabbari, A., Mohasefi, J.B.: A secure and LoRaWAN compatible user authentication protocol for critical applications in the IoT environment. IEEE Trans. Ind. Inform 18 (1), 56–65 (2022). https://doi.org/10.1109/TII.2021.3075440

Turkanović, M., Brumen, B., Hölbl, M.: A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion. Ad Hoc Netw. 20 , 96–112 (2014). https://doi.org/10.1016/j.adhoc.2014.03.009

Malik, M., Dutta, M.: L-ECQV : lightweight ECQV implicit certificates for authentication in the Internet of Things. IEEE Access 11 (March), 35517–35540 (2023). https://doi.org/10.1109/ACCESS.2023.3261666

Alwarafy, A., Al-Thelaya, K.A., Abdallah, M., Schneider, J., Hamdi, M.: A survey on security and privacy issues in edge-computing-assisted Internet of Things. IEEE Internet Things J. 8 (6), 4004–4022 (2021). https://doi.org/10.1109/JIOT.2020.3015432

Navas, R.E., Cuppens, F., Boulahia Cuppens, N., Toutain, L., Papadopoulos, G.Z.: Physical resilience to insider attacks in IoT networks: Independent cryptographically secure sequences for DSSS anti-jamming. Comput. Netw. (2021). https://doi.org/10.1016/j.comnet.2020.107751

Il Bae, W., Kwak, J.: Smart card-based secure authentication protocol in multi-server IoT environment. Multimed Tools Appl. (2017). https://doi.org/10.1007/s11042-017-5548-2

Quamara M., Gupta, B.B., Yamaguchi, S.: An end-to-end security framework for smart healthcare information sharing against botnet-based cyber-attacks, In: Dig. Tech. Pap.: IEEE Int. Conf. Consum. Electron., vol. 2021-Janua, pp. 1–4, (2021). https://doi.org/10.1109/ICCE50685.2021.9427753 .

Xu, Z., Xu, C., Liang, W., Xu, J., Chen, H.: A lightweight mutual authentication and key agreement scheme for medical internet of things. IEEE Access 7 , 53922–53931 (2019). https://doi.org/10.1109/ACCESS.2019.2912870

Aghili, S.F., Mala, H., Kaliyar, P., Conti, M.: SecLAP: secure and lightweight RFID authentication protocol for Medical IoT. Futur. Gener. Comput. Syst. 101 , 621–634 (2019). https://doi.org/10.1016/j.future.2019.07.004

Amin, R., Kumar, N., Biswas, G.P., Iqbal, R., Chang, V.: A light weight authentication protocol for IoT-enabled devices in distributed cloud computing environment. Futur. Gener. Comput. Syst. 78 , 1005–1019 (2018). https://doi.org/10.1016/j.future.2016.12.028

Yang, S.K., Shiue, Y.M., Su, Z.Y., Liu, I.H., Liu, C.G.: An authentication information exchange scheme in WSN for IoT applications. IEEE Access 8 , 9728–9738 (2020). https://doi.org/10.1109/ACCESS.2020.2964815

Burakgazi Bilgen, M., Abul, O., Bicakci, K.: Authentication-enabled attribute-based access control for smart homes. Int. J. Inf. Secur. 22 (2), 479–495 (2023). https://doi.org/10.1007/s10207-022-00639-x

Thakare, A., Kim, Y.G.: Secure and efficient authentication scheme in IoT environments, In: Dep. Comput. Inf. Secur. Converg. Eng. Intell. Drone, Sejong Univ. Seoul 05006, Korea, 11 (3), (2021)

Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols, In: 1st ACM Conf. Comput. Commun. Secur., pp. 62–73, (1993)

Garg, S., Kaur, K., Kaddoum, G., Choo, K.K.R.: Toward secure and provable authentication for internet of things: realizing industry 4.0. IEEE Internet Things J. 7 (5), 4598–4606 (2020). https://doi.org/10.1109/JIOT.2019.2942271

Li, D., et al.: Blockchain-based authentication for IIoT devices with PUF. J. Syst. Archit. 130 , 102638 (2022). https://doi.org/10.1016/J.SYSARC.2022.102638

Qureshi, M.A., Munir, A.: PUF-IPA: a PUF-based identity preserving protocol for Internet of Things authentication, In: 2020 IEEE 17th Annu. Consum. Commun. Netw. Conf. CCNC 2020, (2020). https://doi.org/10.1109/CCNC46108.2020.9045264

Huszti, A., Kovács, S., Oláh, N.: Scalable, password-based and threshold authentication for smart homes. Int. J. Inf. Secur. 21 (4), 707–723 (2022). https://doi.org/10.1007/s10207-022-00578-7

Lohachab, A., Karambir: ECC based inter-device authentication and authorization scheme using MQTT for IoT networks. J. Inf. Secur. Appl. 46 , 1–12 (2019). https://doi.org/10.1016/j.jisa.2019.02.005

Jangirala, S., Das, A.K., Vasilakos, A.V.: Designing secure lightweight blockchain-Enabled RFID-based authentication protocol for supply chains in 5G mobile edge computing environment. IEEE Trans. Ind. Inform. 16 (11), 7081–7093 (2020). https://doi.org/10.1109/TII.2019.2942389

Atiewi, S., et al.: Scalable and secure big data IoT system based on multifactor authentication and lightweight cryptography. IEEE Access 8 , 113498–113511 (2020). https://doi.org/10.1109/ACCESS.2020.3002815

Haseeb, K., Almogren, A., Din, I.U., Islam, N., Altameem, A.: SASC: secure and authentication-based sensor cloud architecture for intelligent internet of things. Sensors (Switzerland) (2020). https://doi.org/10.3390/s20092468

Azrour, M., Mabrouki, J., Guezzaz, A., Farhaoui, Y.: New enhanced authentication protocol for Internet of Things. Big Data Min. Anal. 4 (1), 1–9 (2021). https://doi.org/10.26599/BDMA.2020.9020010

Dammak, M., Boudia, O.R.M., Messous, M.A., Senouci, S.M., Gransart, C.: Token-based lightweight authentication to secure IoT networks. In: 2019 16th IEEE Annu. Consum. Commun. Netw. Conf. CCNC 2019, (2019). https://doi.org/10.1109/CCNC.2019.8651825 .

Sun, J., Khan, F., Li, J., Alshehri, M.D., Alturki, R., Wedyan, M.: Mutual authentication scheme for the device-to-server communication in the internet of medical things. IEEE Internet Things J. 8 (21), 15663–15671 (2021). https://doi.org/10.1109/JIOT.2021.3078702

Zhou, H., Lv, K., Huang, L., Ma, X.: Quantum network: security assessment and key management. IEEE/ACM Trans. Netw. 30 (3), 1328–1339 (2022). https://doi.org/10.1109/TNET.2021.3136943

Download references

Funding information is not applicable/no funding was received.

Author information

Authors and affiliations.

Department of Computer Engineering, Tabriz Branch, Islamic Azad University, Tabriz, Iran

Elham Ebrahimpour & Shahram Babaie

You can also search for this author in PubMed   Google Scholar

Contributions

SB contributed to conceptualization, methodology, validation, and writing—review and editing, and supervision. EE involved in searching, writing—original draft, and simulation.

Corresponding author

Correspondence to Shahram Babaie .

Ethics declarations

Conflict of interest.

All authors have participated in (a) conception and design, or analysis and interpretation of the data; (b) drafting the article or revising it critically for important intellectual content; and (c) approval of the final version. This manuscript has not been submitted to, nor is under review at, another journal or other publishing venue.

Ethical approval

Additional information, publisher's note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Ebrahimpour, E., Babaie, S. Authentication in Internet of Things, protocols, attacks, and open issues: a systematic literature review. Int. J. Inf. Secur. (2024). https://doi.org/10.1007/s10207-023-00806-8

Download citation

Accepted : 17 December 2023

Published : 12 January 2024

DOI : https://doi.org/10.1007/s10207-023-00806-8

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Internet of Things
• Authentication
• Systematic review
• Smart applications

Advertisement

• Find a journal
• Publish with us
• Track your research