UCFL: User Categorization using Fuzzy Logic towards PUF based Two-Phase Authentication of Fog assisted IoT devices
Introduction
Internet of Things (IoT) has emerged the connectivity between the things from anywhere and at anytime. The term ‘things’ stands for sensors, actuators and electronic hardware devices. The connection between the things enables IoT to implement applications like smart home (Son et al., 2011), smart grid (Li et al., 2019), e-health (Mutlag and Ghani, 2019) and smart-surveillance system (Naranjo et al., 2019; Zheng et al., 2014). The resource constraint sensor nodes limit the IoT devices to consume less energy as much as possible at the time of communication and computation. In recent years, the communication between the IoT devices is rapidly increasing due to the need of the automation, which makes the IoT network vulnerable to the various security threats. In IoT, the major security issues are authentication, access control, privacy, trust and secure communication (Zhang et al., 2018). The most probable attacks in this type of network are sybil attack, rank attack, DoS, replay attack, eavesdropping and man-in-the-middle attack. The authors of very popular algorithm DTLS (Rescorla and Modadugu, 2012) have proposed an effective authentication scheme for IoT environment. This expensive and resource consuming scheme is modified in payload based encryption scheme (Jan et al., 2019), in which the authors have used four way handshake procedures for the authentication of devices. Basically pre-shared secret keys are used for this purpose. The con of this scheme is an intruder may get the data at the time of communication and can replay it to many clients or behave as a legitimate user. In order to get over this issue, establishing a well secure connection between the devices is very important. It becomes very significant to assure that the established connection is trusted. In Turkanovic's scheme (Farash et al., 2016) mutual authentication is provided to all the devices involved in the communication. It also furnishes the password protection, changing of password, node addition, and choosing any kind of password. In spite of all the advantages, it suffered from man-in-the middle attack and smart card stolen attack. The strong authentication algorithms need high capacity resources in terms of energy, memory and processing power, whereas in IoT devices resources are limited. Thus maintaining a trade-off between the resource consumption and quality of authentication is the main goal of the researchers.
In this paper, user categorization is done using fuzzy logic and a two phase authentication scheme, called UCFL, is proposed for the fog assisted IoT devices. The proposed scheme considers a three layer IoT framework to design the scheme as depicted in Fig. 1. The layers are - application layer, fog layer and data sensing layer.
The application layer consists of user devices that are embedded with a PUF chip. This chip acts as an identifying feature of that device (Maes, 2013). The way human being have various biometric identification such as finger print, retina, face and voice, similarly PUF acts as the finger print of the device. PUF are unclonable, unpredictable and unique, these properties make them desirable for the enforcement of security in IoT. It interacts in a unique way as it sends a challenge as input and generates an unpredictable response as output. A challenge and the corresponding response together is called as challenge response pairs (CRPs). The response generated by the device is used for authentication and key generation. When any user wants to fetch the details from sensor node it has to authenticate itself. The processing, computation and storage required for the authentication is shifted to the fog node due to the low power and resource constrained nature of the sensor nodes.
The authentication of users is not possible at sensor nodes due to their resource constraints. The increase in resource at sensor nodes will increase the deployment cost. Thus to make a balance between these two issue a less number of high capacity nodes, called fog nodes, are involved to perform the authentication of users. These nodes belong to fog layer, which acts as an intermediate layer between the user, cloud and data acquisition layer. It has enhanced the cloud computing concept to the edge of the network. Fog layer is used to authenticate the user and sensor nodes, provides the relevant details to them and update the details in the cloud layer. The data which is used frequently by the users are stored in the fog layer, rest of all the details are stored in the cloud. Extraction of data from the cloud layer increases the latency. Fog layer has reduced the computation time as computation and decision making is done at its end and it only extracts the relevant data from the cloud. Fog layer classifies the user as high, medium and low trusted users using the fuzzy based rule. On the basis of this classification, phase of authentication is decided for the user.
The data sensing layer consists of sensor nodes that are used to sense the event and send the data regarding sensed event to the fog layer. The user sends the request to the fog layer to extract any information from the sensor nodes.
The proposed scheme helps to reduce the response time, handshake duration, memory utilization and communication cost. It also ensures the prevention from the security threats like replay attack, DoS, Eavesdropping and Man-in-the middle attack.
The communicated information between IoT devices is vulnerable to various types of attack. Most of the encryption and authentication scheme in the resource constrained IoT are based on DTLS protocol (Granjal et al., 2012; Rescorla and Modadugu, 2012). DTLS consists of resource consuming and complex cipher that provides security to the IoT device, which makes the scheme expensive. In payload based encryption scheme (Jan et al., 2019), the authors have proposed a light weight authentication scheme for the IoT devices. In their model DTLS is replaced by the light weight features of CoAP ensuring the security of the objects which reduces the communication and computation cost. In (Jan et al., 2019), the authors have used four way handshake, i.e. Session connection, Server challenge, client response and challenge and Server response for the authentication of the participating devices. Pre-shared secret keys are used for the identity verification of the objects. These secret keys are only known to the legitimate devices that cannot be obtained by the attacker. Once the mutual authentication has been completed successfully, both the parties are authorised to use the secret key for exchange of data. The capture of that secret key by the intruder results in giving the opportunity to the attacker to communicate with the client and act as a legitimate server. It can also intercept the data in-transit between client and server and using the secret key can replay the data to all the clients in the network, which can lead to the resource exhaustion of the clients. Exhaustion of resource in turn increases the chance of DoS attack.
The above mentioned untouched issues motivate the authors of this paper to propose lightweight authentication scheme for IoT using PUF (Physical Unclonable Function). PUF acts as an identification for the object, its cloning is not possible and it is unpredictable. Thus it prevents various types of attack such as DoS, Replay, Man in the middle and False data injection attack. In the proposed scheme for authentication porpose PUF is used to generate unique serial number and CRPs, which are used to check the authenticity of the user. Every PUF are distinct, for the same challenge different PUF generates different responses. Furthermore two phase authentication scheme is proposed between the user and fog layer, in which user and fog devices authenticate each other. The avoidance of complex authentication and encryption algorithm makes the proposed scheme computationally cheap. In the proposed scheme the performance is improved with respect to handshake duration, memory consumption, average response time and computation cost by using the novel approach fuzzy based categorization of the users. In this categorization technique trust value of the user is calculated on the basis of experience, knowledge and recommendation. Mamdani if then fuzzy rules are used to categorize the users in three category- high, medium and low trusted user. The required phases of authentication is decided according to the category of the user. There are two phases of authentication. High trusted user does not need to undergo any phase of authentication, whereas medium trusted user needs to undergo first phase of authentication and low trusted user is authenticated by both the phases. Thus computational overhead of the scheme is reduced.
- •
Embed each user with PUF chip that serves as an identifying feature of that device.
- •
Build the cost effective model by employing sensors and fog nodes. Deployment of only sensors will not fulfill the purpose as they are low powered and resource constrained.
- •
Shift the pre-processing, authentication and storage process from the sensors to the nearby fog nodes to save the energy of sensor nodes and increase network lifetime.
- •
Determine the trust factor on the basis of experience, recommendation and knowledge using Mamdani if-then fuzzy rules.
- •
Classify the user as high, medium and low trusted user on the basis of trust factor.
- •
Decide the phases of authentication according to the classification of users that enables the proposed model energy and time efficient.
- •
Authentication is done in two phases. In first phase, authentication of the user is done using serial number and in second phase user is authenticated using the CRPs.
- •
Performance is evaluated by using Raspberry Pi as a user and a laptop as a fog device.
The rest of the paper is framed as – Section 2 deals with the state of art study in the related field, Section 3 describes the basic building blocks of the proposed scheme, Section 4 illustrates the proposed scheme, The formal and informal security analysis is incorporated in Section 5, the experimental results are discussed in Section 6 and finally Section 7 concludes the paper followed by references.
Section snippets
Related work
In this section, the state of the art study regarding the authentication and other security schemes for IoT devices, added with the use of PUF and the implication of fuzzy logic to categorize the user is discussed.
In IoT environment most important parameter of secure communication is authentication of participating devices. Payload based mutual authentication scheme (Jan et al., 2019) is proposed to authenticate the participating devices by using four way handshake process. This scheme uses
Basic building blocks of UCFL
This section describes the basic building blocks of the proposed scheme UCFL for better understanding of the readers. The three basic concepts that are prerequisite for understanding the proposed scheme are- Physical Unclonable Function (PUF), Fog computing and Fuzzy logic.
Proposed scheme - UCFL
The proposed model consists of three phases – enrolment phase, fuzzy based categorization phase and authentication phase, which is depicted in Fig. 2.
Enrolment phase is a provisioning phase. It is an offline phase during which PUF embedded circuit connects directly to the fog nodes. PUF embedded circuit generates a serial number which acts as an identifying feature of the device and sends it to the fog node. In reply the fog node sends the challenge to the PUF embedded circuit which in turn
Resilience of UCFL against various attacks
There is a never ending race between the developer and the adversary, where adversaries do not leave any stone unturned to eavesdrop the confidential information and use them accordingly. On the other hand developers always try to preserve the security of the system and protect the confidential information. An attacker always try to get access to the data by behaving like a legitimate user and try to read, delete, modify and inject false data. In this section, possible types of attacks are
Experimental results
In this section the experimental results of the proposed scheme is evaluated.
Conclusion
In this paper, a lightweight two phase authentication scheme have been developed to check the authenticity of the participating user. It uses handshake process between the user and the fog devices to check whether requesting party is legitimate user or malicious user. PUF is used to generate unique serial number. CRPs and serial numbers are used for checking the authenticity of the user. Fuzzy logic is used to categorize the user, which reduces the number of handshakes. Our scheme provides
Authorship statement
All persons who meet authorship criteria are listed as authors, and all authors certify that they have participated sufficiently in the work to take public responsibility for the content, including participation in the concept, design, analysis, writing, or revision of the manuscript. Furthermore, each author certifies that this material or similar material has not been and will not be submitted to or published in any other publication before its appearance in the Hong Kong Journal of
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Acknowledgements
All persons who have made substantial contributions to the work reported in the manuscript (e.g., technical help, writing and editing assistance, general support), but who do not meet the criteria for authorship, are named in the Acknowledgements and have given us their written permission to be named. If we have not included an Acknowledgements, then that indicates that we have not received substantial contributions from non-authors.
Ayan Kumar Das has received Ph.D. degree in the department of Computer Science and Engineering, University of Calcutta and received Master of Technology from West Bengal University of Technology in the department of Software Engineering. He is presently serving as an Assistant Professor in the department of Computer Science and Engineering, Birla Institute of Technology, Mesra. He was an Assistant Professor in the department of Information Technology, Calcutta Institute of Engineering and
References (71)
- et al.
SecTrust-RPL: A secure trust-aware RPL routing protocol for Internet of Things
Future Generation Computer Systems
(2019) - et al.
"Quantum-based predictive fog scheduler for IoT applications
Computers in Industry
(2019) "A framework to enhance security of physically unclonable functions using chaotic circuits
Physics Letters A
(2018)- et al.
A dynamic password-based user authentication scheme for hierarchical wireless sensor networks
Journal of Network and Computer Applications
(2012) - et al.
A Real-Time Intrusion Detection System for Wormhole Attack in the RPL based Internet of Things
Procedia Manufacturing
(2019) - et al.
"An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment
Ad Hoc Networks
(2016) - et al.
A transient current based double line transmission system protection using fuzzy-wavelet approach in the presence of UPFC
International Journal of Electrical Power & Energy Systems
(2015) - et al.
APPA: An anonymous and privacy preserving data aggregation scheme for fog-enhanced IoT
Journal of Network and Computer Applications
(2019) - et al.
A payload-based mutual authentication scheme for Internet of Things
Future Generation Computer Systems
(2019) - et al.
Fog-assisted IoT-enabled scalable network infrastructure for wildfire surveillance
Journal of Network and Computer Applications
(2019)
Low Power AES Using 8-Bit and 32-Bit Datapath Optimization for Small Internet-of-Things (IoT)
Journal of Signal Processing Systems
Fuzzy Logic based Smart Irrigation System using Internet of Things
Journal of Cleaner Production
"Cloud and IoT based disease prediction and diagnosis system for healthcare using Fuzzy neural classifier
Future Generation Computer Systems
Publicly verifiable privacy-preserving aggregation and its application in IoT
Journal of Network and Computer Applications
A provably secure and anonymous message authentication scheme for smart grids
Journal of Parallel and Distributed Computing
Arunkumar, Mazin Abed Mohamed, and Othman Mohd. "Enabling technologies for fog computing in healthcare IoT systems
Future Generation Computer Systems
FOCAN: A Fog-supported smart city network architecture for management of applications in the Internet of Everything environments
Journal of Parallel and Distributed Computing
REATO: REActing TO Denial of Service attacks in the Internet of Things
Computer Networks
Survey and comparison of message authentication solutions on wireless sensor networks
Ad Hoc Networks
A novel dice similarity measure for IFSs and its applications in pattern and face recognition
Expert Systems with Applications
SIoT: Securing Internet of Things through distributed systems analysis
Future Generation Computer Systems
A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion
Ad Hoc Networks
Anonymous and secure aggregation scheme in fog-based public cloud computing
Future Generation Computer Systems
"Encryption-free Authentication and Integrity Protection in Body Area Networks through Physical Unclonable Functions
Smart Health
Fuzzy logic based dynamic decision-making system for intelligent navigation strategy within inland traffic separation schemes
Ocean Engineering
Inherent operational characteristics aided fuzzy logic controller for a variable speed direct expansion air conditioning system for simultaneous indoor air temperature and humidity control
Energy and Buildings
Security and trust issues in Fog computing: A survey
Future Generation Computer Systems
Auction-based adaptive sensor activation algorithm for target tracking in wireless sensor networks
Future Generation Computer Systems
CCA-secure ABE with outsourced decryption for fog computing
Future Generation Computer Systems
Password-based authenticated key exchange in the three-party setting
International Workshop on Public Key Cryptography
Advanced encryption standard (AES) algorithm to encrypt and decrypt data
Cryptography and Network Security
"A fuzzy security protocol for trust management in the internet of things (Fuzzy-IoT)
Computing
PUF based authentication protocol for IoT
Symmetry
Building PUF based authentication and key exchange protocol for IoT without explicit CRPs in verifier database
IEEE Transactions on Dependable and Secure Computing
Evolution-fuzzy rule based system with parameterized consequences
International Journal of Applied Mathematics and Computer Science
Cited by (25)
A privacy preserving four-factor authentication protocol for internet of medical things
2024, Computers and SecurityEnergy-efficient fuzzy data offloading for IoMT
2022, Computer NetworksCitation Excerpt :In [20,21,23,29,39], the authors have proposed cluster-based approach to explain energy consumption, latency and network lifetime as the broader areas for load balancing solutions in which more research is still needed. The literature review [33,43–47,63] on fuzzy logic based task scheduling and event classification mechanisms shows that fuzzy logic provides accurate load balancing by categorization of the data or task in a cloud-fog environment. Most of the scheduling techniques consider priority based scheduling approach, where the lower priority tasks have to wait for a long time in the waiting queue.
Smart h-Chain: A blockchain based healthcare framework with insurance fraud detection
2024, Transactions on Emerging Telecommunications TechnologiesAn IoT and blockchain based logistics application of UAV
2024, Multimedia Tools and ApplicationsA novel method using LSTM-RNN to generate smart contracts code templates for improved usability
2023, Multimedia Tools and Applications
Ayan Kumar Das has received Ph.D. degree in the department of Computer Science and Engineering, University of Calcutta and received Master of Technology from West Bengal University of Technology in the department of Software Engineering. He is presently serving as an Assistant Professor in the department of Computer Science and Engineering, Birla Institute of Technology, Mesra. He was an Assistant Professor in the department of Information Technology, Calcutta Institute of Engineering and Management. His-area of research is Wireless Sensor Network, Internet of Things and Cloud Computing
Sidra Kalam is pursuing her M.Tech in Computer Science and Engineering from Birla Institute of Technology, Mersa, Patna Campus, India. She has completed her B.Tech from SRM University, Chennai, India. Her research interests include security in Wireless Sensor Network, Soft computing, Internet of Things and Machine Learning.
Nausheen Sahar is pursuing her M.Tech in Computer Science and Engineering from Birla Institute of Technology, Mesra, Patna Campus, India. She has completed her B.Tech from Jodhpur Institute of Engineering and Technology, Jodhpur, India. Her research interest include security in Wireless Sensor Network, Cloud Computing and Fog computing
Ditipriya Sinha has received PhD degree in the Department of Computer Science and Technology, Indian Institute of Engineering Science and Technology (IIEST), Shibpur and Master of Technology from West Bengal University of Technology in the department of Software Engineering. She is the silver medallist during MTech. She is presently serving as an Assistant Professor in the department of Computer Science and Engineering, National Institute of Technology Patna. She was an Assistant Professor in the department of Computer Science and Engineering, Birla Institute of Technology, Mesra. Her area of research is Mobile Ad-hoc Network, Wireless Sensor Network, Blockchain, Cyber Security and Scheduling algorithms