Abstract
IoT devices are slowly turning out to be an essential part of our everyday lives. These devices perform one operation, and they specialize in doing so. When communicating with these devices, we need to set up a secured key preventing unauthorized communications. We have been using the plug-and-play model for electronic devices for decades. These IoT devices fall into the same realm. The plug–pair–play connection model follows the same principle so that the user does not feel the added pressure of remembering a complex password or rely on a default credential. It helps to generate a secret that is only known to the device and its user. We used elliptic curve cryptography to circumvent the resource limitations on the device. The model establishes a zero-trust pattern where all requests and responses are validated and verified before being processed. This paper provides a unique way to set up a secret key for each user and device pair without much user interaction. The model sets the path to end-to-end secured communication.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Adame, T., Bel, A., Bellalta, B.: Increasing lpwan scalability by means of concurrent multiband iot technologies: an industry 4.0 use case. IEEE. Access 7, 46990–47010 (2019)
Atwady, Y., Hammoudeh, M.: A survey on authentication techniques for the internet of things. In: Proceedings of the International Conference on Future Networks and Distributed Systems, ICFNDS ’17, New York, NY, USA. Association for Computing Machinery (2017)
Bertino, E., Islam, N.: Botnets and internet of things security. IEEE Computer 50(2), 76–79 (2017)
S. Bhattarai and Y. Wang. End-to-end trust and security for internet of things applications. Computer, 51(4), 20–27, 2018
Columbus, L.: 2018 roundup of internet of things forecasts and market estimates. shorturl.at/qMPTU, 2019. Accessed 21 Jan 2020
Fomichev, M., Maass, M., Almon, L., Molina, A., Hollick, M.: Perils of zero-interaction security in the internet of things. In: Proceedings of ACM Interactive Mobile Wearable Ubiquitous Technology, vol. 3(1) (2019)
Gao, M., Wang, Q., Arafin, M.T., Lyu, Y., Qu, G.: Approximate computing for low power and security in the internet of things. IEEE Computer 50(6), 27–34 (2017)
Goasduff, L.: Gartner says 5.8 billion enterprise and automotive IoT endpoints will be in use in 2020. shorturl.at/jlosS, 2019. Accessed 21 January 2020
Hilton, S.: Dyn analysis summary of Friday October 21 attack. https://bit.ly/39mqJl6, 2016. Accessed 28 January (2020)
Huth, C., Zibuschka, J., Duplys, P., Guneysu, T.: Securing systems on the internet of things via physical properties of devices and communications. In: 2015 Annual IEEE Systems Conference (SysCon) Proceedings, pp. 8–13 (2015)
Neshenko, N., Bou-Harb, E., Crichigno, J., Kaddoum, G., Ghani, N.: Demystifying IoT security: An exhaustive survey on iot vulnerabilities and a first empirical look on internet-scale IoT exploitations. IEEE Communications Surveys Tutorials 21(3), 2702–2733 (2019)
Nieminen, J., Gomez, C., Isomaki, M., Savolainen, T., Patil, B., Shelby, Z., Xi, M., Oller, J.: Networking solutions for connecting Bluetooth low energy enabled machines to the internet of things. IEEE Networks 28(6), 83–90 (Nov 2014)
Pazos, N., Muller, M., Aeberli, M., Ouerhani, N.: Connectopen: automatic integration of IoT devices. In: 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT), pp. 640–644 (2015)
Puliafito, C., Mingozzi, E., Longo, F., Puliafito, A., Rana, O.: Fog computing for the internet of things: A survey. ACM Transactions on Internet Technology 19(2), 1-41 (2019)
Ronen, E., Shamir, A.: Extended functionality attacks on IoT devices: the case of smart lights. In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 3–12 (2016)
Sharma, S.K., Wang, X.: Toward massive machine type communications in ultra-dense cellular iot networks: Current issues and machine learning-assisted solutions. IEEE Communications Surveys Tutorials 22(1), 426–471 (2020)
Trappe, W., Howard, R., Moore, R.S.: Low-energy security: Limits and opportunities in the internet of things. IEEE Security & Privacy 13(1), 14–21 (Jan 2015)
Uslaner, E.M.: Trust online, trust offline. Communications of the ACM 47(4), 28–29 (April 2004)
van Oorschot, P.C., Smith, S.W.: The internet of things: Security challenges. IEEE Security & Privacy 17(5), 7–9 (2019)
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Animals performed
This research does not contain any studies with human participants or animals performed by any of the authors.
Informed consent
Informed consent was obtained from all individual participants included in the study. (The authors were the only individuals who participated in the study.)
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Bhattacharjya, S., Saiedian, H. Establishing and validating secured keys for IoT devices: using P3 connection model on a cloud-based architecture. Int. J. Inf. Secur. 21, 427–436 (2022). https://doi.org/10.1007/s10207-021-00562-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-021-00562-7