The Internet of Things Security and Privacy: Current Schemes, Challenges and Future Prospects
Source: By:Author(s)
DOI: https://doi.org/10.30564/jcsr.v4i3.4925
Abstract:The Internet of Things devices and users exchange massive amount of data. Some of these exchanged messages are highly sensitive as they involve organizational, military or patient personally identifiable information. Therefore, many schemes and protocols have been put forward to protect the transmitted messages. The techniques deployed in these schemes may include blockchain, public key infrastructure, elliptic curve cryptography, physically unclonable function and radio frequency identification. In this paper, a review is provided of these schemes including their strengths and weaknesses. Based on the obtained results, it is clear that majority of these protocols have numerous security, performance and privacy issues.
References:[1] Mbarek, B., Ge, M., Pitner, T., 2020. An efficient mutual authentication scheme for internet of things. Internet of things. 9, 100160. [2] Luo, H., Wen, G., Su, J., et al., 2018. SLAP: Succinct and Lightweight Authentication Protocol for low-cost RFID system. Wireless Networks. 24(1), 69-78. [3] Nyangaresi, V.O., 2022. A Formally Validated Authentication Algorithm for Secure Message Forwarding in Smart Home Networks. SN Computer Science. 3(5), 1-16. [4] Mamdouh, M., Awad, A.I., Khalaf, A.A., et al., 2021. Authentication and Identity Management of IoHT Devices: Achievements, Challenges, and Future Directions. Computers & Security. 111, 102491. [5] Rodrigues, J.J., Segundo, D.B.D.R., Junqueira, H.A., et al., 2018. Enabling technologies for the internet of health things. IEEE Access. 6, 13129-13141. [6] Hassan, W.H., 2019. Current research on Internet of Things (IoT) security: A survey. Computer networks. 148, 283-294. [7] Lee, I., 2019. The Internet of Things for enterprises: An ecosystem, architecture, and IoT service business model. Internet of Things. 7, 100078. [8] Li, M., Sun, Y., Lu, H., et al., 2019. Deep reinforcement learning for partially observable data poisoning attack in crowdsensing systems. IEEE Internet of Things Journal. 7(7), 6266-6278. [9] Bangui, H., Ge, M., Buhnova, B., 2018. Exploring Big Data Clustering Algorithms for Internet of Things Applications. IoTBDS, Springer. pp. 269-276. [10] Nyangaresi, V.O., Alsamhi, S.H., 2021. Towards secure traffic signaling in smart grids. 2021 3rd Global Power, Energy and Communication Conference (GPECOM) (pp. 196-201). IEEE. [11] Wang, L., Ali, Y., Nazir, S., et al., 2020. ISA evaluation framework for security of internet of health things system using AHP-TOPSIS methods. IEEE Access. 8, 152316-152332. [12] Zou, S., Xi, J., Wang, S., et al., 2019. Reportcoin: A novel blockchain-based incentive anonymous reporting system. IEEE access. 7, 65544-65559. [13] El-Hajj, M., Fadlallah, A., Chamoun, M., et al., 2019. A survey of internet of things (IoT) authentication schemes. Sensors. 19(5), 1141. [14] Kou, L., Shi, Y., Zhang, L., et al., 2019. A lightweight three-factor user authentication protocol for the information perception of IoT. CMC-Computers, Materials & Continua. 58(2), 545-565. [15] Nyangaresi, V.O., Petrovic, N., 2021. Efficient PUF based authentication protocol for internet of drones. 2021 International Telecommunications Conference (ITC-Egypt) (pp. 1-4). IEEE. [16] Zhao, B., Zhao, P., Fan, P., 2020. ePUF: A lightweight double identity verification in IoT. Tsinghua Science and Technology. 25(5), 625-635. [17] Braeken, A., 2018. PUF based authentication protocol for IoT. Symmetry. 10(8), 352. [18] Xu, H., Ding, J., Li, P., et al., 2018. A lightweight RFID mutual authentication protocol based on physical unclonable function. Sensors. 18(3), 760. [19] Nyangaresi, V.O., Abd-Elnaby, M., Eid, M.M., et al., 2022. Trusted authority based session key agreement and authentication algorithm for smart grid networks. Transactions on Emerging Telecommunications Technologies. pp. e4528. [20] Ding, S., Cao, J., Li, C., et al., 2019. A novel attribute-based access control scheme using blockchain for IoT. IEEE Access. 7, 38431-38441. [21] Yang, Q., Lu, R., Rong, C., et al., 2019. Guest editorial the convergence of blockchain and IoT: Opportunities, challenges and solutions. IEEE Internet of Things Journal. 6(3), 4556-4560. [22] Singh, M., 2020. Blockchain technology for data management in Industry 4.0. Blockchain Technology for Industry 4.0 (pp. 59-72). Springer, Singapore. [23] Jabbar, R., Kharbeche, M., Al-Khalifa, K., et al., 2020. Blockchain for the internet of vehicles: A decentralized IoT solution for vehicles communication using ethereum. Sensors. 20(14), 3928. [24] Nyangaresi, V.O., Ogundoyin, S.O., 2021. Certificate Based Authentication Scheme for Smart Homes. 2021 3rd Global Power, Energy and Communication Conference (GPECOM) (pp. 202-207). IEEE. [25] El Beqqal, M., Azizi, M., 2017. Classification of major security attacks against RFID systems. 2017 International Conference on Wireless Technologies, Embedded and Intelligent Systems (WITS) (pp. 1-6). IEEE. [26] Khattab, A., Jeddi, Z., Amini, E., et al., 2017. RFID security threats and basic solutions. RFID Security (pp. 27-41). Springer, Cham. [27] Jia, X., Hu, N., Su, S., et al., 2020. IRBA: an identity-based cross-domain authentication scheme for the internet of things. Electronics. 9(4), 634. [28] Cheng, X., Zhang, Z., Chen, F., et al., 2019. Secure identity authentication of community medical internet of things. IEEE Access. 7, 115966-115977. [29] Nyangaresi, V.O., 2021. Provably Secure Protocol for 5G HetNets. 2021 IEEE International Conference on Microwaves, Antennas, Communications and Electronic Systems (COMCAS) (pp. 17-22). IEEE. [30] Cao, B., Li, Y., Zhang, L., et al., 2019. When Internet of Things meets blockchain: Challenges in distributed consensus. IEEE Network. 33(6), 133-139. [31] Hammi, M.T., Hammi, B., Bellot, P., et al., 2018.Bubbles of Trust: A decentralized blockchain-based authentication system for IoT. Computers & Security. 78, 126-142. [32] Zhang, Y., Ren, F., Wu, A., et al., 2019. Certificateless multi-party authenticated encryption for NB-IoT terminals in 5G networks. IEEE Access. 7, 114721- 114730. [33] Nyangaresi, V.O., Ahmad, M., Alkhayyat, A., et al., 2022. Artificial neural network and symmetric key cryptography based verification protocol for 5G enabled Internet of Things. Expert Systems. pp. e13126. [34] Ali, G., Ahmad, N., Cao, Y., et al., 2020. xDBAuth: Blockchain based cross domain authentication and authorization framework for Internet of Things. IEEE Access. 8, 58800-58816. [35] Jiang, X., Liu, M., Yang, C., et al., 2019. A blockchain-based authentication protocol for WLAN mesh security access. Computers Materials & Continua. 58(1), 45-59. [36] Jesus, E.F., Chicarino, V.R., De Albuquerque, C.V., et al., 2018. A survey of how to use blockchain to secure internet of things and the stalker attack. Security and Communication Networks. [37] Dittmann, G., Jelitto, J., 2019. A blockchain proxy for lightweight iot devices. 2019 Crypto valley conference on blockchain technology (CVCBT) (pp. 82- 85). IEEE. [38] Nyangaresi, V.O., 2022. Terminal independent security token derivation scheme for ultra-dense IoT networks. Array. 15, 100210. [39] Das, A.K., Wazid, M., Yannam, A.R., et al., 2019. Provably secure ECC-based device access control and key agreement protocol for IoT environment. IEEE Access. 7, 55382-55397. [40] Al-Jaroodi, J., Mohamed, N., Abukhousa, E., 2020. Health 4.0: on the way to realizing the healthcare of the future. IEEE Access. 8, 211189-211210. [41] Yuan, C., Zhang, W., Wang, X., 2017. EIMAKP: Heterogeneous cross-domain authenticated key agreement protocols in the EIM system. Arabian Journal for Science and Engineering. 42(8), 3275-3287. [42] Naija, Y., Beroulle, V., Machhout, M., 2018. Security enhancements of a mutual authentication protocol used in a HF full-fledged RFID tag. Journal of Electronic Testing. 34(3), 291-304. [43] Nyangaresi, V.O., Mohammad, Z., 2023. Session Key Agreement Protocol for Secure D2D Communication. The Fifth International Conference on Safety and Security with IoT (pp. 81-99). Springer, Cham. [44] Tian, Q., Lin, Y., Guo, X., et al., 2020. An identity authentication method of a MIoT device based on radio frequency (RF) fingerprint technology. Sensors. 20(4), 1213. [45] Yao, Y., Xingwei, W., Xiaoguang, S., 2011. A cross heterogeneous domain authentication model based on PKI. 2011 Fourth International Symposium on Parallel Architectures, Algorithms and Programming (pp. 325-329). IEEE. [46] Omar, A.S., Basir, O., 2018. Identity management in IoT networks using blockchain and smart contracts. 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (pp. 994-1000). IEEE. [47] Poulter, A.J., Ossont, S.J., Cox, S.J., 2020. Enabling the secure use of Dynamic Identity for the Internet of Things—using the Secure Remote Update Protocol (SRUP). Future Internet. 12(8), 138. [48] Nyangaresi, V.O., Moundounga, A.R.A., 2021. September. Secure Data Exchange Scheme for Smart Grids. 2021 IEEE 6th International Forum on Research and Technology for Society and Industry (RTSI) (pp. 312-316). IEEE. [49] Shen, J., Gui, Z., Ji, S., et al., 2018. Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks. Journal of Network and Computer Applications. 106, 117-123. [50] Alzahrani, B.A., Chaudhry, S.A., Barnawi, A., et al., 2020. An anonymous device to device authentication protocol using ECC and self certified public keys usable in Internet of Things based autonomous devices. Electronics. 9(3), 520. [51] Nyangaresi, V.O., Morsy, M.A., 2021, September. Towards Privacy Preservation in Internet of Drones. 2021 IEEE 6th International Forum on Research and Technology for Society and Industry (RTSI) (pp. 306-311). IEEE. [52] Rathee, P., 2020. Introduction to blockchain and IoT. In Advanced Applications of Blockchain Technology (pp. 1-14). Springer, Singapore. [53] Wan, Z., Xu, Z., Liu, S., et al., 2020. An internet of things roaming authentication protocol based on heterogeneous fusion mechanism. IEEE Access. 8, 17663-17672.