Skip to main content
SpringerLink
Log in
Book cover

International Conference on Advances in Cyber Security

ACeS 2019: Advances in Cyber Security pp 18–32Cite as

A Study on Secured Authentication and Authorization in Internet of Things: Potential of Blockchain Technology

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1132))

Abstract

With the proliferation of Internet of Things (IoT) and its influence in various use case scenarios, it can be expected that IoT services will create a global reach. Smart cities, smart grids, smart industries, smart wearables etc. are some examples of IoT services today. Besides all the benefits that IoT provide, security issues of these services and data generated by IoT are of major concern. Traditional security practices of authentication and authorization have been initially designed for security needs of centralized client/server models which are good to deal with human-machine interaction over the Internet. In centralized systems, normally devices and users are trusted for being in the same application domain. Moreover, such systems can become a bottleneck for a number of queries at the same time; or may become a single point of failure causing unavailability of connected devices that are totally relying on a single trusted party. This paper explores the IoT security issues and concerns. Moreover, it provides a review of centralized and decentralized IoT security solutions in terms of authentication and authorization. Additionally, it discusses how Blockchain technology can be leveraged to provide IoT security.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Muzammal, S.M., Shah, M.A., Zhang, S.-J., Yang, H.-J.: Conceivable security risks and authentication techniques for smart devices: a comparative evaluation of security practices. Int. J. Autom. Comput. 13, (2016). https://doi.org/10.1007/s11633-016-1011-5

    Article  Google Scholar 

  2. Fernández-Caramés, T.M., Fraga-Lamas, P., Fernandez-Carames, T.M., Fraga-Lamas, P.: A review on the use of blockchain for the internet of things. IEEE Access 6, 32979–33001 (2018). https://doi.org/10.1109/ACCESS.2018.2842685

    Article  Google Scholar 

  3. Fremantle, P., Aziz, B., Kirkham, T.: Enhancing IoT security and privacy with distributed ledgers - a position paper. In: Proceedings of 2nd International Conference on Internet Things, Big Data Security, pp. 344–349 (2017). https://doi.org/10.5220/0006353903440349

  4. Muzammal, S.M., et al.: Counter measuring conceivable security threats on smart healthcare devices. IEEE Access (2018). https://doi.org/10.1109/access.2018.2826225

    Article  Google Scholar 

  5. Lomotey, R.K.: Enhancing privacy in wearable IoT through a provenance architecture (2018). https://doi.org/10.3390/mti2020018

    Article  Google Scholar 

  6. Muzammal, S.M., Shah, M.A.: ScreenStealer: addressing screenshot attacks on Android devices. In: 2016 22nd International Conference on Automation and Computing, ICAC 2016: Tackling the New Challenges in Automation and Computing (2016)

    Google Scholar 

  7. Gartner Says 6.4 Billion Connected “Things” Will Be in Use in 2016, Up 30 Percent From 2015. https://www.gartner.com/en/newsroom/press-releases/2017-02-07-gartner-says-8-billion-connected-things-will-be-in-use-in-2017-up-31-percent-from-2016

  8. Afshar, V.: Cisco: Enterprises Are Leading the Internet of Things Innovation. https://www.huffingtonpost.com/entry/cisco-enterprises-are-leading-the-internet-of-things_us_59a41fcee4b0a62d0987b0c6

  9. OWASP Internet of Things Project – OWASP. https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project

  10. Panarello, A., Tapas, N., Merlino, G., Longo, F., Puliafito, A.: Blockchain and IoT integration: a systematic survey (2018)

    Article  Google Scholar 

  11. IBM: IoT for Blockchain - IBM Watson IoT. https://www.ibm.com/internet-of-things/trending/blockchain

  12. Noor, M.B.M., Hassan, W.H.: Current research on Internet of Things (IoT) security: a survey. Comput. Netw. (2018). https://doi.org/10.1016/j.comnet.2018.11.025

    Article  Google Scholar 

  13. Trnka, M., Cerny, T., Stickney, N.: Survey of authentication and authorization for the internet of things. Secur. Commun. Netw. 2018 (2018). https://doi.org/10.1155/2018/4351603

    Article  Google Scholar 

  14. Jesus, E.F., Chicarino, V.R.L., De Albuquerque, C.V.N., Rocha, A.A.D.A.: A survey of how to use blockchain to secure internet of things and the stalker attack. Secur. Commun. Netw. 2018 (2018). https://doi.org/10.1155/2018/9675050

    Article  Google Scholar 

  15. Hilton, S.: Dyn Analysis Summary of Friday October 21 Attack—Dyn Blog (2016). https://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-attack/

  16. Ferrante, A.J.: Battening down for the rising tide of IoT risks. ISSA J. 15, 20–24 (2017)

    Google Scholar 

  17. CISCO: Cisco’s Talos Intelligence Group Blog: New VPNFilter malware targets at least 500K networking devices worldwide. https://blog.talosintelligence.com/2018/05/VPNFilter.html

  18. Khandelwal, S.: Internet-Connected Teddy Bear Leaks Millions of Voice Messages and Password. https://thehackernews.com/2017/02/iot-teddy-bear.html

  19. New IoT-malware grew three-fold in H1 2018—Kaspersky Lab. https://www.kaspersky.com/about/press-releases/2018_new-iot-malware-grew-three-fold-in-h1-2018

  20. Restuccia, F., D’Oro, S., Melodia, T.: Securing the internet of things in the age of machine learning and software-defined networking. IEEE Internet Things J. 5, 4829–4842 (2018). https://doi.org/10.1109/JIOT.2018.2846040

    Article  Google Scholar 

  21. Electricity Information Sharing and Analysis Center(E-ISAC): Analysis of the Cyber Attack on the Ukrainian Power Grid Table of Contents (2016)

    Google Scholar 

  22. Greenberg, A.: Hackers Remotely Kill a Jeep on the Highway—With Me in It—WIRED. https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

  23. Osborne, C.: Over a dozen vulnerabilities uncovered in BMW vehicles—ZDNet. https://www.zdnet.com/article/over-a-dozen-vulnerabilities-uncovered-in-bmw-vehicles/

  24. Kruse-brandao, J., Garcia, J.L., Edwards, M.: Baseline Security Recommendations for IoT (2017)

    Google Scholar 

  25. Krebs, B.: Study: Attack on KrebsOnSecurity Cost IoT Device Owners $323K—Krebs on Security. https://krebsonsecurity.com/2018/05/study-attack-on-krebsonsecurity-cost-iot-device-owners-323k/

  26. Grange, W.: Hajime worm battles Mirai for control of the Internet of Things. https://www.symantec.com/connect/blogs/hajime-worm-battles-mirai-control-internet-things

  27. Tony, B., Meg, J., Reyes, E.A.: Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S. (2018). https://www.latimes.com/local/lanow/la-me-ln-times-delivery-disruption-20181229-story.html

  28. Bilefsky, D.: Hackers Use New Tactic at Austrian Hotel: Locking the Doors. https://www.nytimes.com/2017/01/30/world/europe/hotel-austria-bitcoin-ransom.html

  29. Goodin, D.: BrickerBot, the permanent denial-of-service botnet, is back with a vengeance—Ars Technica. https://arstechnica.com/information-technology/2017/04/brickerbot-the-permanent-denial-of-service-botnet-is-back-with-a-vengeance/

  30. Bundesnetzagentur - News - Bundesnetzagentur withdraws dummy “Cayla” from circulation (2017). https://www.bundesnetzagentur.de/SharedDocs/Pressemitteilungen/DE/2017/14012017_cayla.html

  31. D’Orazio, C.J., Choo, K.K.R., Yang, L.T.: Data exfiltration from internet of things devices: IOS devices as case studies. IEEE Internet Things J. 4, 524–535 (2017). https://doi.org/10.1109/JIOT.2016.2569094

    Article  Google Scholar 

  32. Ouaddah, A., Mousannif, H., Abou Elkalam, A., Ait Ouahman, A.: Access control in the Internet of Things: big challenges and new opportunities. Comput. Netw. 112, 237–262 (2017). https://doi.org/10.1016/j.comnet.2016.11.007

    Article  Google Scholar 

  33. Sharma, A.: Blockchain for Authentication—Benefits, and Challenges. https://hackernoon.com/blockchain-for-authentication-benefits-and-challenges-94a93f034f40

  34. Gope, P., Hwang, T.: BSN-Care: a secure IoT-based modern healthcare system using body sensor network. IEEE Sens. J. 16, 1368–1376 (2016). https://doi.org/10.1109/JSEN.2015.2502401

    Article  Google Scholar 

  35. Chan, A.: Proactive security strategies to stave off growing cyber-attacks in IoT and credential abuse – CSO—The Resource for Data Security Executives. https://www.cso.com.au/article/648557/proactive-security-strategies-stave-off-growing-cyber-attacks-iot-credential-abuse/

  36. Burgess, M.: Austrian hotel Romantik Seehotel Jaegerwirt was hit by a cyberattack—WIRED UK. https://www.wired.co.uk/article/austria-hotel-ransomware-true-doors-lock-hackers

  37. Farash, M.S., Turkanović, M., Kumari, S., Hölbl, M.: An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment. Ad Hoc Netw. 36, 152–176 (2016). https://doi.org/10.1016/J.ADHOC.2015.05.014

    Article  Google Scholar 

  38. Peris-Lopez, P., González-Manzano, L., Camara, C., de Fuentes, J.M.: Effect of attacker characterization in ECG-based continuous authentication mechanisms for Internet of Things. Future Gener. Comput. Syst. 81, 67–77 (2018). https://doi.org/10.1016/j.future.2017.11.037

    Article  Google Scholar 

  39. Li, F., Hong, J., Omala, A.A.: Efficient certificateless access control for industrial Internet of Things. Future Gener. Comput. Syst. 76, 285–292 (2017). https://doi.org/10.1016/j.future.2016.12.036

    Article  Google Scholar 

  40. Kim, H., Lee, E.A.: Authentication and authorization for the internet of things. IT Prof. 19, 27–33 (2017). https://doi.org/10.1039/b904090k

    Article  Google Scholar 

  41. Ngu, A.H.H., Gutierrez, M., Metsis, V., Nepal, S., Sheng, M.Z.: IoT middleware: a survey on issues and enabling technologies. IEEE Internet Things J. (2016). https://doi.org/10.1109/jiot.2016.2615180

  42. Madsen, P.: Standardized Identity Protocols and the Internet of Things (2015)

    Google Scholar 

  43. Ourad, A.Z., Belgacem, B., Salah, K.: Using blockchain for IOT access control and authentication management. In: Georgakopoulos, D., Zhang, L.-J. (eds.) ICIOT 2018. LNCS, vol. 10972, pp. 150–164. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-94370-1_11

    Chapter  Google Scholar 

  44. Tao, M., Ota, K., Dong, M., Qian, Z.: AccessAuth: capacity-aware security access authentication in federated-IoT-enabled V2G networks. J. Parallel Distrib. Comput. 118, 107–117 (2018). https://doi.org/10.1016/j.jpdc.2017.09.004

    Article  Google Scholar 

  45. Vijayakumar, P., Chang, V., Jegatha Deborah, L., Balusamy, B., Shynu, P.G.: Computationally efficient privacy preserving anonymous mutual and batch authentication schemes for vehicular ad hoc networks. Future Gener. Comput. Syst. 78, 943–955 (2018). https://doi.org/10.1016/j.future.2016.11.024

    Article  Google Scholar 

  46. Sicari, S., Rizzardi, A., Grieco, L.A., Piro, G., Coen-Porisini, A.: A policy enforcement framework for Internet of Things applications in the smart health. Smart Health 3–4, 39–74 (2017). https://doi.org/10.1016/J.SMHL.2017.06.001

    Article  Google Scholar 

  47. Lee, S.-H., Huang, K.-W., Yang, C.-S.: TBAS: token-based authorization service architecture in Internet of things scenarios. Int. J. Distrib. Sens. Netw. 13 (2017). https://doi.org/10.1177/1550147717718496

    Article  Google Scholar 

  48. Symantec Security Response: Latest Intelligence for September 2017—Symantec Connect Community. https://www.symantec.com/connect/blogs/latest-intelligence-june-2017

  49. Ouaddah, A., Elkalam, A.A., Ouahman, A.A.: Towards a novel privacy-preserving access control model based on blockchain technology in IoT. In: Rocha, Á., Serrhini, M., Felgueiras, C. (eds.) Europe and MENA Cooperation Advances in Information and Communication Technologies. Advances in Intelligent Systems and Computing, vol. 520, pp. 523–533. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-46568-5_53

    Chapter  Google Scholar 

  50. Ethereum.org: Ethereum Project. https://www.ethereum.org/

  51. Hammi, M.T., Bellot, P., Serhrouchni, A.: BCTrust: a decentralized authentication blockchain-based mechanism. In: IEEE Wireless Communications and Networking Conference WCNC, 1–6 April 2018 (2018). https://doi.org/10.1109/wcnc.2018.8376948

  52. ethdocs: Ethereum Homestead Documentation—Ethereum Homestead 0.1 documentation. http://www.ethdocs.org/en/latest/index.html

  53. Novo, O.: Blockchain meets IoT: an architecture for scalable access management in IoT. IEEE Internet Things J. 5, 1184–1195 (2018). https://doi.org/10.1109/JIOT.2018.2812239

    Article  Google Scholar 

  54. Hammi, M.T., Hammi, B., Bellot, P., Serhrouchni, A., Tahar Hammi, M.: Bubbles of trust: a decentralized blockchain-based authentication system for IoT. Comput. Secur. (2018). https://doi.org/10.1016/j.cose.2018.06.004

    Article  Google Scholar 

  55. Dorri, A., Kanhere, S.S., Jurdak, R., Gauravaram, P.: Blockchain for IoT security and privacy: the case study of a smart home. In: 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 618–623 (2017). https://doi.org/10.1109/percomw.2017.7917634

  56. Di, D., Maesa, F.: Blockchain based access control services. In: IEEE International Symposium on Recent Advances on Blockchain and Its Applications (BlockchainApp), 2018 IEEE International Conference on Blockchain (2018)

    Google Scholar 

  57. Ramachandran, A., Kantarcioglu, D.M.: Using Blockchain and smart contracts for secure data provenance management (2017)

    Google Scholar 

  58. Zhang, Y., Kasahara, S., Shen, Y., Jiang, X., Wan, J.: Smart contract-based access control for the internet of things, 1–11 (2018). https://doi.org/10.1109/jiot.2018.2847705

    Article  Google Scholar 

  59. Singh, K.J., Kapoor, D.S.: Create your own internet of things: a survey of IoT platforms. IEEE Consum. Electron. Mag. 6, 57–68 (2017). https://doi.org/10.1109/MCE.2016.2640718

    Article  Google Scholar 

  60. Christidis, K., Devetsikiotis, M.: Blockchains and smart contracts for the internet of things. IEEE Access 4, 2292–2303 (2016). https://doi.org/10.1109/ACCESS.2016.2566339

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Taylor’s University, Subang Jaya, Malaysia

    Syeda Mariam Muzammal & Raja Kumar Murugesan

Authors
  1. Syeda Mariam Muzammal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Raja Kumar Murugesan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Raja Kumar Murugesan .

Editor information

Editors and Affiliations

  1. Universiti Sains Malaysia, Penang, Malaysia

    Mohammed Anbar

  2. Universiti Sains Malaysia, Penang, Malaysia

    Nibras Abdullah

  3. Universiti Sains Malaysia, George Town, Malaysia

    Selvakumar Manickam

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Muzammal, S.M., Murugesan, R.K. (2020). A Study on Secured Authentication and Authorization in Internet of Things: Potential of Blockchain Technology. In: Anbar, M., Abdullah, N., Manickam, S. (eds) Advances in Cyber Security. ACeS 2019. Communications in Computer and Information Science, vol 1132. Springer, Singapore. https://doi.org/10.1007/978-981-15-2693-0_2

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-2693-0_2

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-2692-3

  • Online ISBN: 978-981-15-2693-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation