IoT Authentication Platform

IoT devices are being deployed in industries such as precision agriculture, health monitoring, smart cities and smart homes. It is expected that by 2020 there will be over 26 billion IoT devices. However, HP Study reveals that 70% of IoT devices are vulnerable to attacks. OWASP also listed the top ten security problems of IoT devices, among which are insufficient authentication, lack of transport encryption and insecure network services.

The IoT device manufacturers and platform providers cannot solve the authentication and encryption problems since the current cryptographic schemes are not well-suited for resource-constrained IoT devices that might be deployed in a large number or in public and potentially hostile environments. As a result, passwords are generally used to protect IoT devices, leading to insufficient authentication and unencrypted traffic. These compromised IoT devices can be used in Distributed Denial of Service (DDoS) attacks on other Internet services, as demonstrated by the Mirai malware.

DSS has developed a lightweight public-key encryption scheme over which a multi-level authentication protocol is designed for mutually authenticating small IoT devices. This protocol has been evaluated with the Contiki operating system on small devices with ultra-low power microcontroller (8MHz), limited memory (10KB) and low-speed network (802.15.4). Based on this authentication protocol, DSS also developed a device mashup platform that allows non-professional users to build personalised IoT applications. Compared with other IoT device authentication methods, our work has the following main features:

  • Our lightweight encryption scheme can generate very short ciphertexts, which can thus be efficiently processed (encryption and decryption) by low-power microcontrollers and communicated by low-speed networks.
  • Our authentication protocol is multi-level; depending on the sensitivity of messages in IoT applications, IoT devices can choose a suitable authentication level for balancing efficiency and security. According the DSS’ knowledge, there are no other IoT authentication methods that can support multi-level authentication with fine granularity (e.g., each level has 8-bits security increased with the next lower level).
  • Our device mashup platform allows non-professional users to build their personalised IoT applications, allowing application-specific traffic monitoring. We are also working another IoT secure communication scheme that is attack-resistant and efficient for large-scale IoT networks.

 

  • The IoT Authentication platform is submitted to the CSIRO ON Cyber program. This work is ongoing and can bring potential collaborations with IoT device manufacturers and platform providers.
  • The authentication platform is developed in a project co-funded by Boeing.
  • The device mashup application including authentication platform is currently supported by NSW Government project.
  • Dongxi Liu, Nan Li, Surya Nepal. “Asymmetric Cryptography and Authentication”, Australia Provisional Patent Application No.: 2017901941, 2017.
  • Nan Li, Dongxi Liu, Surya Nepal. “Lightweight mutual authentication for IoT and its applications”, IEEE Transaction on Sustainable Computing, 2017. http://ieeexplore.ieee.org/ document/7953561/.
  • Dongxi Liu, Nan Li, Jongkil Kim and Surya Nepal. “Compact-LWE: Enabling Practically Lightweight Public Key Encryption for Leveled IoT Device Authentication”. IACR Cryptology ePrint Archive: 685 (2017). https://eprint.iacr.org/2017/685.pdf.