Authentication of IoT device with the enhancement of One-time Password (OTP)

Authors

  • Sharon Chan Suet Yan Universiti Malaysia Sarawak
  • Alice Tang Su Wei
  • Jie Hui Bong
  • Quor Ling Teh
  • Shanmugapiriya Sivalingam
  • Shi Yee Khoo
  • Tahmid Mutashim Nafy

DOI:

https://doi.org/10.33736/jita.3841.2021

Keywords:

IoT, Multi-factor Authentication, One-Time Password (OTP), WSN, Biometric Information

Abstract

The Robust and Energy Efficient Authentication Protocol works for Industrial Internet of Things. The Internet of Things (IoT) is an arising innovation and expected to give answers for different modern fields. The IoT enable connection of physical devices all around the world to the internet by collecting and sharing critical and real-time data among each other. The increment of devices increases the computational cost during data transmission between devices and towards the internet. In this paper we proposed a solution that is a multi-factor authentication protocol to enhance the protocol proposed by Li et al. For Industrial IoT by adding One Time Password (OTP) after the biometric information of the user is checked by the Gateway Node (GWN) to be able to tackle additional network attack aside from those that are overcome by Li et al. scheme. Our contribution for this project is, we proposed the solution that a multi-factor authentication protocol to enhance the protocol proposed. For Industrial IoT by adding One Time Password (OTP) after the biometric information of the user is checked by the Gateway Node (GWN) to be able to tackle additional network attack aside from those that are overcome. The idea of adding OTP is inspired by where they scheme correlates to biometric of user as well. Our proposal is lower cost than the three protocols regarding authentication overhead and computational cost perspectives. Challenges and future directions of this paper examined the security shortcomings of a client confirmation convention for WSN, which is as proposed by Chang and Le. To address the normal security shortcomings of past protocols, we proposed a strong and energy effective three-factor authentication protocol for WSN.

References

Banerjee, S., Odelu, V., Das, A., Chattopadhyay, S., Rodrigues, J. J., Park, Y. (2019). Physically secure lightweight anonymous user authentication protocol for internet of things using physically unclonable functions. IEEE Access. 7, 85627-85644.
Barker, E. (2018). Recommendation for Key Management. NIST, Gaithersburg, MD, USA. Tech. Rep.
Belcic, I., Farrier, E. (2021). What is spoofing and how can you prevent it? Retrieved from https://www.avast.com/c-spoofing
Cao, J., Yu, P., Ma, M., Gao, W. (2019). Fast authentication and data transfer scheme for massive NB-IoT devices in 3GPP 5G network. IEEE Internet Thing J, 6(2), 1561-1575.
Cao, J., Yu, P., Xiang, X.Y., Ma, M., Li, H. (2019). Anti-Quantum fast authentication and data transmission scheme for massive devices in 5G NB-IoT system. IEEE Internet of Things Journal, 6(6), 9794-9805. https:/doi.org/10.1109/JIOT.2019.2931724
Christensson, P. (2018, April). NFC Definition. Retrieved from https://techterms.com
Digital Guide Ionos. (2020). One-time password (OTP)-more security online. Retrieved from https://www.ionos.com/digitalguide/server/security/what-is-a-one-time-password-otp/
Feng, Z. (2020). A Secure RFID Mutual Authentication Protocol for Healthcare Systems. Special Section on Lightweight Security and Provenance for Internet of Health Things, 8, 192192-192205.
Gope, P., Sikdar, B. (2019). Robust and Energy Efficient Authentication Protocol for Industrial Internet of Things. IEEE Internet of Things Journal, 6(1), 580-589.
Huang, Y., Huang, Z., Zhao, H., Lai, X. (2013). A new One-time Password Method. IERI Procedia, 4, 32-37
Imran, M.A., Mridha, M.F., Rahman, M. (2017). A Lightweight One Time Pad (OTP) and Biometric based Secure authentication scheme for IoT environment. Retrieved from https://www.researchgate.net/publication/320034057_A_Lightweight_One_Time_Pad_OTP_and_Biometric_based_Secure_Authentication_Scheme_for_IoT_Environment/stats
Ismail, K.A., Singh, M. M., Mustaffa, N., Keikhosrokiani, P., Zulkefi, Z. (2018). Security Strategies for Hindering Watering Hole Cyber Crime Attack. Procedia Computer Science, 127, 656-663.
Kaspersky. (2021). What is a Reply Attack? Retrieved from https://www.kaspersky.com/resource-center/definitions/replay-attack
Li, J., Zhang, N., Chen, J., Du, R. (2020). Secure and Lightweight Authentication with Key Agreement for Smart Wearable Systems. IEEE Internet of Things Journal, 7(8), 7334-7344.
Li, X. Peng, J.Y., Liao, J., Choo, K.K.R. (2018). Robust and Energy Efficient Authentication Protocol for Industrial Internet of Things. IEEE Internet of Things Journal, 5(3), 1606-1615.
Ranger, S. (2020, February). What is the IoT? Everything you need to know about the Internet of Things right now. Retrieved from https://www.zdnet.com/article/what-is-the-internet-of-things-everything-you-need-to-know-about-the-iot-right-now/
Safkhani, M. & Vasilakos, A. (2019). A new secure authentication protocol for telecare medicine information system and smart campus. IEEE Access,7, 23514-23526.
SearchSecurity (2021). Session Key. Retrieved from https://searchsecurity.techtarget.com/definition/session-key
Sethia, D., Gupta, D., Saran, H. (2018). NFC secure element-based mutual authentication and attestation for IoT access. IEEE Transactions on Consumer Electronics, 64(4), 470-479.
Varanasi,P. (2020, October). Learn About Internal and External Cyber Attacks & Ideas to be safe from them. CloudCodes. Retrieved from https://www.cloudcodes.com/blog/internal-external-cyber-attacks.html
Wang, D., He, D., Wang, P., Chu, C. (2015). Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment. IEEE Transactions on Dependable and Secure Computing, 12(4), 428-442. 10.1109/TDSC.2014.2355850.

Downloads

Published

2021-11-30

How to Cite

Chan Suet Yan, S., Tang Su Wei, A., Bong, J. H., Teh, Q. L., Sivalingam, S., Khoo, S. Y., & Nafy, T. M. (2021). Authentication of IoT device with the enhancement of One-time Password (OTP). Journal of IT in Asia, 9(1), 29–40. https://doi.org/10.33736/jita.3841.2021

Issue

Vol. 9 No. 1 (2021)

Section

Articles

License

Copyright Transfer Statement for Journal

1) In signing this statement, the author(s) grant UNIMAS Publisher an exclusive license to publish their original research papers. The author(s) also grant UNIMAS Publisher permission to reproduce, recreate, translate, extract or summarize, and to distribute and display in any forms, formats, and media. The author(s) can reuse their papers in their future printed work without first requiring permission from UNIMAS Publisher, provided that the author(s) acknowledge and reference publication in the Journal.

2) For open access articles, the author(s) agree that their articles published under UNIMAS Publisher are distributed under the terms of the CC-BY-NC-SA (Creative Commons Attribution-Non Commercial-Share Alike 4.0 International License) which permits unrestricted use, distribution, and reproduction in any medium, for non-commercial purposes, provided the original work of the author(s) is properly cited.

3) For subscription articles, the author(s) agree that UNIMAS Publisher holds copyright, or an exclusive license to publish. Readers or users may view, download, print, and copy the content, for academic purposes, subject to the following conditions of use: (a) any reuse of materials is subject to permission from UNIMAS Publisher; (b) archived materials may only be used for academic research; (c) archived materials may not be used for commercial purposes, which include but not limited to monetary compensation by means of sale, resale, license, transfer of copyright, loan, etc.; and (d) archived materials may not be re-published in any part, either in print or online.

4) The author(s) is/are responsible to ensure his or her or their submitted work is original and does not infringe any existing copyright, trademark, patent, statutory right, or propriety right of others. Corresponding author(s) has (have) obtained permission from all co-authors prior to submission to the journal. Upon submission of the manuscript, the author(s) agree that no similar work has been or will be submitted or published elsewhere in any language. If submitted manuscript includes materials from others, the authors have obtained the permission from the copyright owners.

5) In signing this statement, the author(s) declare(s) that the researches in which they have conducted are in compliance with the current laws of the respective country and UNIMAS Journal Publication Ethics Policy. Any experimentation or research involving human or the use of animal samples must obtain approval from Human or Animal Ethics Committee in their respective institutions. The author(s) agree and understand that UNIMAS Publisher is not responsible for any compensational claims or failure caused by the author(s) in fulfilling the above-mentioned requirements. The author(s) must accept the responsibility for releasing their materials upon request by Chief Editor or UNIMAS Publisher.

6) The author(s) should have participated sufficiently in the work and ensured the appropriateness of the content of the article. The author(s) should also agree that he or she has no commercial attachments (e.g. patent or license arrangement, equity interest, consultancies, etc.) that might pose any conflict of interest with the submitted manuscript. The author(s) also agree to make any relevant materials and data available upon request by the editor or UNIMAS Publisher.