Identification and authentication issues in IoT


1. Identification and authentication issues in IoT

The Internet of Things (IoT) allows everyday devices to identify and communicate with each other. IoT applications are extremely versatile, ranging from smart homes, smart cities to smart wearable devices, smart healthcare, and more. Therefore, a huge amount of devices will be connected to collect, perform analysis and make decisions without the need for human interaction. Security is a mandatory requirement in such circumstances, and in particular authentication and identification are among the most important issues given the damage that can result from malicious devices in an IoT system. The number of smart devices is growing exponentially, as is the number of threats facing IoT systems.

The requirements and limitations of connected devices raise multiple issues including connectivity issues for a large number of devices to communicate with each other and security concerns with the mission of protecting IoT networks from infiltrators and attackers. Traditional communication protocols are inefficient for IoT systems due to the limited nature of IoT resources. Cryptographic schemes are generally designed for high power, high processing, large memory devices. This led to the invention of lightweight authentication schemes more suited to IoT and Wireless sensor networks (WSN).


The main types of threats for an IoT The network can be categorized as Masquerade Attack, Man-in-the-Middle Attack, DoS Attack, Counterfeit Attack, Riddle Attack, Physical Attack, Routing Attack. The strategies of the attackers are extremely versatile, ranging from attempting to tamper with user identification, imitating an existing component in the system, spying on network traffic between devices, attempting to jam communication by flooding the network with packets, and eventually network penetration until an alternate route is generated to send or receive packets in a network.

2. Solutions


Authenticating each device is a difficult task to accomplish. Authentication is the process of validating the identities of users and devices before they can access the network or an information system. Radio Frequency Identification (RFID) can play an important role in identifying entities. It uses electromagnetic induction and the propagation of electromagnetic waves to distinguish various objects. Numerous security mechanisms have been designed and proposed, including cryptographic, password, biometric, token-based and multi-factor authentication.

Password authentication is common for device or user verification. A password is a combination of letters, numbers and special characters. Users must choose their own unique username and password which are reserved in the database. This data can be stored in an authentication server or even in the sensor memory. Only when a user provides the corresponding ID and password can they access the system and perform the desired actions.

In token-based authentication, a token is data generated by the server to identify a user or device. For software token-based authentication, a one-time password (OTP) is provided by the server and passed to the device or registered user and a copy of the ANP is kept in the database. The server then matches the OTP provided by the user with that of the database to authenticate the entity. On the other hand, for authentication based on hard tokens, a physical card or device containing information for verification is created.

Biometric authentication is based on the biological characteristic of human beings. For this technique, a scanner is needed to collect unique biological data from a user and compare it with database data that was previously collected during the registration process. There can be many ways to maintain data uniqueness. A system may use the fingerprint, face, iris, retina, hand, or voice authentication methods, or even a combination of these.

Alternatively, due to its versatility, MFA is gaining the most interest from researchers to make the authentication process safer and more efficient. Multi-factor authentication combines two or more ways of identifying the identity of the user or device.

3. Conclusion

The current concept of network and connectivity is still under development and may undergo major changes in the near future. The expansion of IoT and connected devices is inevitable, but security on IoT will need to be improved in order to ensure reliability and protection of users and systems. Authentication and identification remain major challenges because there are gateways to access a network.

4. References

The post office Identification and authentication issues in IoT appeared first on Speranza.

*** This is a Syndicated Security Bloggers Network blog by Blog IoT – Speranza written by Allen. Read the original post on:

Source link


Comments are closed.