Internet of Things (IoT) refers to a network of devices connected through the internet that helps to collect data, analyze its content, and take necessary actions based on the analyzed data, without any human interaction. The trend towards the usage of IoT applications in our daily life is increasing drastically. As per the statistics, it is expected that by 2025, 75 billion devices will make use of Internet connectivity [1]. The application of IoT ranges from smart environments (home and city) to e-health and transportation systems.
The information collected by the IoT devices mostly includes the personal habitual data, medical data of a patient, traffic related information, etc. This information is transmitted over a public channel for further processing and to take necessary actions. In the absence of a security setup, the collected data can be easily acquired and modified by the adversaries. An adversary can easily find the identity of a legal source of information that is being sent over the public channel. Using this identity it can masquerade as an authorized source to provide false information and thereby malfunction the IoT system. Moreover, an adversary can initiate various attacks like impersonation attack, modification attack, masquerade attack, replay attack, eavesdropping attack, etc., in the absence of security schemes over a public communication channel in IoT environments [6], [24].
Many works were proposed to secure communication in IoT [12], [21], [26], [19], [4], [22]. But existing schemes use heavy operations like Elliptic- Curve Cryptography (ECC), bilinear pairing, modular exponentiation, which are generally the most computationally expensive cryptographic operations. Therefore, such kinds of schemes are not suitable for resource constrained environments like IoT. Thus, it becomes essential to design security schemes which should provide protection against possible attacks, and also meet the resource requirements of IoT environments. In this paper, we propose an efficient, secure two-party based authentication and data transmission scheme which achieves significantly lower energy consumption, low storage cost, low communication cost and computational cost as compared to other existing schemes.The main contributions of the paper are as follows:
- Development of a generic lightweight authentication and data transmission framework that addresses the security issues related with smart IoT devices and also meets the resource requirements of IoT environments. This scheme can be easily adaptable to various IoT environments like Smart Homes, Smart Grid, Smart Cities, etc.
- We present lightweight authentication and data transmission schemes for the
IoT devices involved in the above framework. The proposed schemes use the uniqueness of PUF technology to uniquely identify each IoT device in the proposed framework. The scheme encourages the usage of LoRaWAN for secure data transmission, which helps to develop a separate communication channel for the framework.
- Security and performance analyses conducted using simulation-based experiments reveal that our proposed scheme outperforms state-of-the-art approaches. Our scheme achieves significantly lower energy consumption (57% to 86%), storage cost (42% to 61%), communication cost (53% to 73%) and computational cost (57% to 86%) as compared to other existing schemes.
The rest of this paper is organized as follows. Section 2 discusses a short review on related works. Section 3 covers the preliminaries required for the scheme. The proposed system model is described in Section 5. The security analysis of the proposed scheme is detailed in Section 6. Section 8 analyses the performance of the scheme. Finally, we conclude the paper in Section 9.