当前位置: X-MOL 学术Comput. Netw. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Lightweight and secure authentication scheme for IoT network based on publish–subscribe fog computing model
Computer Networks ( IF 5.6 ) Pub Date : 2021-09-13 , DOI: 10.1016/j.comnet.2021.108465
Sanaz Amanlou 1 , Mohammad Kamrul Hasan 1 , Khairul Azmi Abu Bakar 1
Affiliation  

The Internet of Things (IoT) has converged with Cloud computing to provide comprehensive services to users in different places. However, with the exponential growth of smart devices connected to the Internet, Cloud computing has severe challenges, especially for applications that require low-latency and real-time processing. Therefore, the Fog computing paradigm emerged that is more compatible with the IoT, in which events are processed near where they occurred for practical and quick response time. Authentication is an essential issue for fog computing security since fog gateways and IoT devices are subject to many attacks. The main problem to provide authentication between IoT devices is that they have limited resources and computational processing. On the one hand, certificate-based authentication algorithms are secure, but they are heavy for IoT devices. On the other hand, Pre-shared authentication algorithms such as PSK are suitable for low-resource devices, but are not widely used due to their low security. Therefore, this paper proposes to use the Elliptic Curve Diffie–Hellman Ephemeral (ECDHE) key exchange algorithm along with the Pre-Shared Key (PSK) as a lightweight and secure authentication scheme between the fog gateway and IoT device based on the Message Queuing Telemetry Transport (MQTT) publish–subscribe protocol in a distributed fog computing architecture. The proposed ECDHE-PSK authentication scheme uses Ephemeral Pre-shared key instead of heavy certificates that is very lightweight and also provides Perfect Forward Secrecy (PFS) feature to enhance security in comparison with the static PSK algorithm. To evaluate the resource consumption and security resistance of the proposed scheme it was implemented on the real test environment and then was compared with two state-of-the-art certificate-based authentication schemes and a static PSK-based scheme. The comprehensive performance and security evaluations showed that in the distributed publish–subscribe fog computing architecture the proposed ECDHE-PSK is almost as light as the PSK algorithm while has all security features of certificate-based algorithms.



中文翻译:

基于发布订阅雾计算模型的物联网网络轻量级安全认证方案

物联网(IoT)与云计算融合,为异地用户提供全方位服务。然而,随着连接到互联网的智能设备呈指数级增长,云计算面临着严峻的挑战,特别是对于需要低延迟和实时处理的应用程序。因此,出现了与物联网更兼容的雾计算范式,其中事件在它们发生的地方附近进行处理,以获得实用且快速的响应时间。身份验证是雾计算安全的一个基本问题,因为雾网关和物联网设备会受到许多攻击。在 IoT 设备之间提供身份验证的主要问题是它们的资源和计算处理有限。一方面,基于证书的认证算法是安全的,但它们对于物联网设备来说很重。另一方面,PSK等预共享认证算法适用于资源较少的设备,但由于安全性低而没有得到广泛应用。因此,本文提出使用椭圆曲线 Diffie-Hellman Ephemeral (ECDHE) 密钥交换算法和预共享密钥 (PSK) 作为基于消息队列遥测的雾网关和物联网设备之间的轻量级安全认证方案分布式雾计算架构中的传输 (MQTT) 发布订阅协议。与静态 PSK 算法相比,所提出的 ECDHE-PSK 身份验证方案使用临时预共享密钥代替重量级证书,该证书非常轻巧,并且还提供完美前向保密 (PFS) 功能以增强安全性。为了评估所提出方案的资源消耗和安全阻力,它在真实的测试环境中实现,然后与两种最先进的基于证书的认证方案和基于静态 PSK 的方案进行了比较。综合性能和安全评估表明,在分布式发布订阅雾计算架构中,所提出的ECDHE-PSK几乎与PSK算法一样轻,同时具有基于证书算法的所有安全特性。

更新日期:2021-09-21
down
wechat
bug