Article Preview
TopIntroduction
The Internet of Things (IoT) interconnects numerous devices known as things through the public Internet. Both physical and virtual objects are involved in IoT environment where each object has its unique identity. This identity is used to differentiate things and identifies them; it can be an IP address or a device ID (Haque, Haque, Kumar et al, 2021). Generally, IoT devices are constrained smart objects, their purpose in a network is to gather from their nearby surroundings, then send it to processing units without any human involvements. Capabilities limited other forms of vulnerabilities can be caused via the internet of things. Many security threats take advantage of these vulnerabilities (Nashwan, 2021). Smart objects like actuators and sensors are in different IoT applications and interconnected to Internet via gateways (Haque, Zeba, Haque et al, 2021). A generic architecture of an IoT network is illustrated in Figure 1.
Figure 1.
A generic IoT network architecture
In literature, security protocols needed to protect security are divided according to the security aspects. Among the most common security aspects we mention are key management (Khelf et al., n.d.), Authentication (El-Hajj et al., 2019), Access control (Sandhu & Samarati, 1994) and privacy (Aqeel-ur-Rehman et al., n.d.).
In the IoT environment, it is quite important to extend smart things lifetime, hence they can be damaged, physically captured or drained out of battery. Thus, the deployment of these devices is very important. Furthermore, deployed smart devices are not always considered genuine, in some cases, in the network malicious smart devices can be implemented by an adversary (Yildirim et al., 2021). Therefore, the control of access of these devices into the IoT network is primordial. The device access control (DAC) mechanism in IoT is performed according to two man phases: Authentication (Auth) and Key Agreement (KA).
The authentication of a device means that each device must prove its legitimacy by authenticating itself to its neighbor smart devices (Sun et al., 2021). Regarding key agreement, smart devices which are joining the network recently must assure the transmission of sensitive data security by the establishment of shared secret keys (SSK) with neighbors.
In this paper, we focused on the DAC mechanism, which is considered one of the main vital security protocols that is indispensable for protecting IoT environment. Thus, we propose a lightweight authentication and key agreement protocol for IoT devices, which is proficient in communication and computation. The proposed protocol aims to provide improved security features for DAC. The proposed protocol aims to control smart device access to the network and secure exchanged information between them.
The core contributions conducted in this work are as follows:
- •
We propose a device access control and key agreement protocol for IoT devices based on certificate and lightweight cryptography (ECC).
- •
We present an informal security analysis to prove the resistance of the proposed protocol against well-known attacks in IoT networks such as replay attack, MITM, device impersonation attack and malicious device deployment attack.
- •
We present a formal security analysis using AVISPA tool to validate the security of the proposed protocol.
- •
We conduct an implementation of the proposed protocol using NS2 simulator to evaluate the impact of the proposed protocol on several network parameters such as End to end delay, throughput, and packet loss.
The rest of this paper is organized as follow. In section 2 related works on DAC mechanism is discussed in “Literature survey”. Section 3 describes the proposed protocol and its functioning. Security analysis of the proposed scheme is presented in section 4. Section 5 demonstrates an evaluation of the proposed protocol performances. Finally, the conclusion is discussed in section 6.