Читать книгу The New Advanced Society - Группа авторов - Страница 62

Many efforts have been made by research community to efficiently handle the security related matters of IoT ecosystem. The authors of the chapter on Open Web Application Security Project (OWASP) [3] have listed and described most prominent 10 vulnerabilities associated with architecture of IoT. These features include important features like interfaces of entities related to the IoT architecture which are known as not secured, aspects like physical security of the system, inappropriately configured security configuration matters, insecure associated software and firmware.

In 2017 WAVE [4] was proposed. As best known to us, this was a novel and first approach using blockchain based and decentralized authorization in IoT environment. This made use of fine grained access control policies in conjunction with having smart contracts for event triggering functionality. However, functioning of blockchain nodes on constrained IoT devices was a troublesome matter. Hence to address this some trusted gateways were put to use for the devices in order to perform interaction to the blockchain network.

Several methods have been proposed by various researchers which require a detailed analysis for judging their efficiency and applicability along with related pros and cons. In the subsequent paras we are deliberation on prominent methods proposed since 2017 and also summarize their central ideas with a comparison among them.

Depending on the ad hoc nature of the IoT devices of the ecosystem for their access control, a requirement was felt for distributed IoT. Accordingly, capability-based access control (CBAC) proposed by Hussein et al. [5] proved to be well suited for the IoT environment compared to traditionally known access control models (Table 3.1).

Table 3.1 Comparison of access control method for IoT.

Proposal year	Elementary method	Type of encryption	Key generation method	Access control	Mutual authentication	Anonymity of data	Integrity of data	Reference
2017	Decentralized	Symmetric	XOR Operation Based	Y	Y	N	Y	[5][6]
2018	Centralized	Asymmetric	Random No Generation & Hash Function	Y	N	Y	Y	[7][8]
2018	Centralized	Asymmetric	Elliptic curve cryptography	Y	Y	N	Y	[9]
2018	Centralized	Asymmetric	Fuzzy Extractor Gen Algorithm	Y	Y	N	Y	[10]
2018	Decentralized	Asymmetric	Elliptic curve cryptography	Y	Y	N	Y	[11]
2019	Centralized	Symmetric	Physical Unclonable Function And Fuzzy Extractor	Y	Y	Y	Y	[12]

A computationally light weight authentication mechanism has been proposed by Aman et al. [6]. There is no need of any central server for storage mechanism of secret keys. This is based on Physical Unclonable Functions (PUFs) mechanism. Though it may be difficult to impersonate physical properties of the associated IoT devices but swapping of such devices with a malicious one could not be ruled out. The main drawback of the system was that, the mechanism required storing corresponding authentication credential details centrally. Accordingly, PUF based credentials kept is always a potential location for single point of failure.

In Vijaykumar et al. [7] introduced comparatively an updated authentication mechanism with respect to IoT devices. Better maintenance of privacy was achieved by using minimal information regarding used devices. This method used short group signatures and RSA algorithm. In order to have secured communication and associated generation and also distribution of encryption keys this is found to be a suitable mechanism. Anonymity feature for the signature holder’s identity is provisioned by short group signature mechanism. Prominent drawback of this mechanism is that it needed secret key to be stored in all associated devices for anonymizing identity. Limited storage availability with IoT devices was not in favor of this method. Above all this scheme needed very higher number of message exchange for authentication, thereby introducing unnecessary latency.

In Gong et al. [8] made use of remote validation mechanism for identifying node trust as well as for monitoring their behavior. This proposal consists of a model for measurement of trust where behavior of the sensing node data for transmission is considered. Hashing operation is used to prepare a threshold. Its storage was unable to address single point of failure. Observed drawback in a real time environment was pertaining to remote authentication deployment was unable to validate trust level of a node. Similarly, the mechanism could not provide tracking information regarding the associated nodes. Subsequently in order to generate trust threshold, a hash operation is performed and then the hash-value is stored at local server. The aforesaid means is found to be insecure with respect to vulnerability relating to single point of failure. High time and space complexity for processing resultantly makes it unsuitable for resource limited IoT devices.

In [9] the authors have proposed a specific mechanism which was intended for group authentication. Devices were required to be pre authenticated before being deployed in the system. This mechanism comprised of three aspects, namely the device, the group leader and subscriber server. It is mandatory for the device to be pre-registered and also pre-authenticated with the subscriber server for participating in the IoT network. The main drawback was single point of failure as the server was storing all credential and also desired authentication data regarding various groups of IoT devices.

The authors in [10] proposed blockchain technology for handling security issues in IoT. A decentralized authentication method was followed for IoT devices. It had a prominent drawback in terms of interoperability between different interconnected systems. There is a prominent drawback with this system that the devices of one could not be able to communicate with other system devices. Accordingly, this was not very useful for seamless integration between systems where there was requirement to communicate between IoT devices belonging to different systems.

In Feng et al. [11], emphasized regarding remote use of a concept of attestation mechanism for IoT as well as Cyber-Physical Systems. IoT devices being resources constraint, were not able to meet the requirements of complex computations. Accordingly basing upon physical behavior of devices a software based remote authentication method was proposed. This needed storage of hardware properties and other related details of IoT devices on a local server. Whenever a device needs an authentication, corresponding hardware signature of device is matched with the details available at the local server. Further it was observed to be less efficient involving resource constrained devices.

Authors in [12] proposed a two-factor authentication mechanism for IoT devices which was easier for processing. It incorporated authentication details of IoT device along with physical properties of the devices. Along with device identification it was found useful for eliminating any type of physical attack on the device. To name a few, it could be impersonation attack or even side channel attack. Apart from processing latency delay, prominent drawback of this mechanism was dependent on storage of a centralized server.