Multi-level authentication protocol for enabling secure communication in IoT

: Internet of Things (IoT) is the domain of interest for the researchers at the present with the exponential growth in technology. Security in IoT is a prime factor, which highlights the need for authentication to tackle various attackers and hackers. Authentication is the process that uniquely identifies the incoming user and this paper develops an authentication protocol based on the chebyshev polynomial, hashing function, session password, and Encryption. The proposed authentication protocol is named as, proposed Elliptic, chebyshev, Session password, and Hash function (ECSH)-based multilevel authentication . For authenticating the incoming user, there are two phases, registration and authentication. In the registration phase, the user is registered with the server and Authentication center (AC), and the authentication follows, which is an eight-step criterion. The authentication is duly based on the scale factor of the user and server, session password, and verification messages. The authentication at the eight levels assures the security against various types of attacks and renders secure communication in IoT with minimal communication overhead and packet-loss. The performance of the method is analyzed using black-hole and Denial-of-service

secure routing, it engages in evaluating the routing and forwarding through the application of authentication schemes along with encryption, and facilitates the effective transmission of acknowledgements while packet transmission. Trust [16] refers to the degree of confidence a node have on the neighboring nodes, which is the concatenation of all reputation measures, an entity possess for another entity. It is trustworthy to note that the higher values of reputation specify trustworthiness. Legitimate nodes mainly focus on the trustworthy entities for accomplishing the communication tasks. There are many trust-based systems employed to establish secure routing, each of which are evaluated under specific ad hoc applications and is capable of fighting the security threats [17]. Thus, assuring security in IoT system forms the basic requirement in Trust Management Mechanism (TMM), which verifies the individual request of service based on the security policy. TMM possesses numerous components, like secure routing, authorization, authentication, and so on [15]. The rule-based security schemes never afford effective performance in the ever-changing traffic behaviours, as IoT interactions corresponds to higher complexity, which push the network to rise as the key point for establishing the security policies. On the other hand, network-based security mechanism offer effective security in the deployed IoT, enhances the Machine-to-Machine (M2M) communication, boost the diversity in the device hardware along with the interoperability constraints [14].
Authentication assures security in IoT through which a device/user verifies the data send from another device/user. Therefore, authentication forms the first initiative for faciliating a session once the IoT device is booted securely [4]. Authentication in IoT includes three entities: edge-device, end-device, and control center. In case of the IoT, end-devices perform under various tasks and contexts. For instance, in a smart home, the sensor or one particular thermal detector used may correspond to a home; a network specifically vehicular network, or a patrol car may correspond to a police station, and so on [7]. The authentication protocols are in such a way that they are resistive to malicious attacks and they are lightweight for deploying as end devices in WSN [18]. Routing protocol and Constrained application protocol (CoAP) for low-power and lossy networks (RPL) are available in the application and network layers in constrained IoT networks [19]. Some of the low-power applications include the physical and MAC layers as per the 802. 15.4 protocol. An authentication protocol based on the certificate is employed for the distributed IoT systems [18] [4]. However, the edge node carries the cryptographic credentials, which is exposed to the cloning attacks.
The primary intention of the research is to design and develop a multi-level authentication protocol to improve the performance of IoT network through secure framework. The overall procedure of the authentication approach is given as follows: The authentication is considered in each transmission for avoiding different attacks by proposing a mutual authentication approach during each transmission in IoT. The profile of every user is maintained at IoT server. The profile comprises of ID of the user and various attributes related to Anti-virus capabilities, IDS capabilities, and so on. Then, the information obtained from the last transmission is used to determine failure or success and stores in the threat profile. The profiles can be enhanced in a dynamic manner for each transmission of information, and the authentication is performed using these security attributes. Here, the mutual authentication is performed using Elliptic Curve Cryptography (ECC), chebyshev polynomial, session passwords, hashing operation, and so on, and is effectively integrated in the proposed authentication protocol to do the secure communication in IoT. The multi-level authentication is done based on the importance of the data request. Then, the various messages, and different levels of verification is carried out for authenticating IoT users for ensuing the security against various attacks. Through the secure authentication, the performance of the IoT network is improved by delivering the packets properly without any delay and drop.

The major contribution of the research is given as:
Proposed ECSH-multi-authentication protocol: The authentication of the IoT devices is enabled using the proposed ECSH-based multi-level authentication, which possess eight-level authentication steps. Whenever a new user enters the network for communication, the user is necessary to get registered with the authentication center and necessary to get authenticated in order to afford the security of the network.
The rest of the paper is structured as: the motivation in section 2 highlights the need for proposing a new method for affording security in the network. The proposed authentication scheme is deliberated in section 3 and the results of the method are presented in section 4.
Finally, the summary of the research is organized in section 5.

Motivation
In this section, the need for the research is presented through the survey of the existing methods with the merits and demerits of the methods. The section finally lists the challenges of the research.

Literature Survey
The review of the eight existing methods is given in this section. Jie Yuan and Xiaoyong Li [1] modelled a reliable and lightweight trust strategy, which enhanced the efficiency of the system and minimized the global convergence time. The drawback of the method was that the method failed to implement various other IoT computing systems. Mohammad Wazid et al. [2] developed a User Authenticated Key Management Protocol (UAKMP) that rendered higher security with minimal computational cost. The method failed considering the cluster heads, sensing nodes, and the Gateway Node (GWN) in the environment. Yanbing Liu et al. [3] developed a data transfer security model Middlebox-Guard (M-G) based on the Software-Defined Networking (SDN), which rendered high security performance. The method never used the sequences with loops for proper policy traversal, both under overload and failure conditions. Muhammad Naveed Aman et al. [4] used the mutual authentication and key exchange protocol that rendered minimal energy and energy requirements with high communication overhead. However, the method suffered from minimal storage space. Amjad Ali Alamr et al. [5] developed the authentication protocol using the Elliptic Curve cryptography(ECC), which seemed to be highly efficient and required minimal time. The method failed considering the reader to authenticate the tag to avoid cloned tag. Xiong Li et al. [6] used the Anonymity authentication protocol in the industrial IoT, which minimized the computational efficiency. The method suffered from unknown key share attack and stolen smart card attack. Zhiwei Wang [7] developed an authentication protocol, which was Efficient and feasible and it was effective, which was difficult to choose an appropriate tradeoff between security and privacy. Ruhul Amin et al. [8] developed a Light Weight Authentication Protocol, which was better in terms of computation, storage, and communication cost. The method failed to use password verifier table to update password and identity to legal user.

Challenges
The challenges of the research are given below:


The main challenge in IoT is regarding the dynamic dataflow as the total users and volume of dataflow varies over time. However, most of the existing dataflow control methods assume themselves as a stable network. Thus, such methods are not actively considered for network security. When data streams are crowded in the IoT, the entire network may be paralyzed [3].
 WSNs contribute much in the Industrial Internet of Things (IIoT), and employed widely in industrial fields for collecting the data to monitor an area. However, the openness of wireless channel along with the resource-constrained nature of the sensor nodes raises a question regarding the acceptance guarantee in the nodes, how to prevail the system of permitting only the valid user to access the data, which is a hectic challenge in IoT [6].


The other two basic challenges in IoT security include heterogeneity and scalability.
On the contrary, the traditional devices are resource-constrained [20].
 Edge computing services in IoT suffer from a serious challenge of how to afford trustworthiness of IoT devices [1].


In [3], network latency is minimized using the SDN-based data transfer security model and Middlebox-Guard (M-G). Even the security performance of the methods was found to be better, but SDN is susceptible to new network attacks, causing the malfunctioning of the IoT device.

Proposed ECSH Authentication Protocol For Secure Communication In Iot
Authentication is the basic mechanism in IoT that assures the recognition of the user through enabling the secure communication throughout its lifetime, which insists that the unexpected Hashing function  XOR function .
Concatenation representation

Registration phase
As the initiation of the authentication protocol, the IoT devices and the servers are necessarily to be registered for which initially all the IoT devices are registered with the IoT servers, which is registered with the AC. In other words, any new device approaching to communicate in IoT is necessarily to be registered under the AC, which indicates the secure communication in IoT. The devices that are not registered ever continues communication in IoT. Thus, there are two entities playing a prominent role during registration, which includes the IoT servers and AC. Therefore, in the registration phase, there are two phases Server registration and device registration. Figure 1 depicts the registration phase in IoT.

IoT device registration: The registration of the IoT device is continued between the
IoT device and the IoT server in which initially, the IoT device forwards the identity u U and password u W of the IoT device to the server such that the server saves the user name and password of the IoT device as,  u U and  u W . Thus, it is well known that the identity of the IoT device is available in the server, which is employed for computing the messages a F and b F .
The intermediate message a F is computed using the public key and private key of the server, which are applied to the hashing function individually and concatenated, followed with the modulo operation with the random number as is shown in equation (1). Likewise, the intermediate message b F is computed using the message a F and random number as in equation (2) and (3).
Likewise, the verification message c C F is computed in the server simultaneously and the verification messages of the IoT device and the IoT server is matched. If both the verification messages are same then, the registration of the IoT device with the server terminates. Once the registration of the device with the server is successful, the authentication progresses.
Thus, once the registration terminates, the private key of the user and the chebyshov polynomial based user factor is derived in the server, which is forwarded to the user and saved in the user-side. The private key is generated through concatenating the hashing function of the private key of the server and verification message c F followed with the modulo operation with the user factor, which is given as the 4 th degree polynomial.
The private key of the device generated in the server is saved in the device along with the user factor for the further processes associated with the authentication.

Server registration:
Prior to the registration of the device with the server, it is essential that the server is registered under the AC. For registering the server, the identity of the server is forwarded to the AC, which is stored in the AC for the generation of the intermediate of the server s P is generated in the AC, which is forwarded to the server and stored. Along with the generation of the private key of the server, the chebyshev polynomial dependent scale factor is generated in the AC and stored in IoT server.
The private key of the server is computed through concatenating the hashing function of private key of the IoT AC and verification message f F followed with the modulo operation with the server factor that is a third-order polynomial. The calculations follow: where, 3 y specifies the third chebyshev polynomial of second kind.
The intermediate message is computed using the public key and private key of the AC as, where, k P refers to the public key and U P indicates the private key used. s P is the private key of server and A P is the private key of IoT.
The equations from (14)- (19) specify the computation steps of the verification messages in the IoT AC. In short, the IoT device registers itself with the registered IoT server, which is the initiation of the secure communication without any delay or drop.

Authentication phase in IoT:
Once the IoT device registration terminates, the authentication is performed to continue the communication. The authentication protocol developed in this section carries multiple levels of confirmation based on the session password, ECC, and the private keys of server and device. Thus, there are eight level of authentication, which symbolizes the protection against various attacks.

Authentication level-1 and level-2:
The first and second level of authentication occurs in the server between the user and the server for which the intermediate message and the factor c x , are computed in the IoT device as, It is well known from the equation (20) ECC enables decoding only by the trusted individuals and it is a factor for enabling security in IoT through the private keys and more importantly, the key size rendered is less.
Once the intermediate message and the factor are same, the authentication level-1 terminates.
Likewise, the chebyshev polynomial dependent user factor is computed in server and compared with the user factor at the IoT device for marking the termination of level-2 authentication in the server.

 
All the above steps specify the authentication levels for verifying the user against various attacks. By doing so, the security for the user communication is assured. Figure 2 demonstrates the eight levels of authentication.

RPL routing in IoT
Once the IoT device is registered and authenticated, it commits itself in the communication for which the RPL strategy is used. The communication delay and the packet loss associated with the communication is reduced through enabling higher throughput/bit rates. The computational complexity is less with minimal message overhead.

Results and Discussion
The results and discussion of the methods is deliberated in this section and the end of the section reveals the comparative analysis of the methods in order to prove the effectiveness of the proposed authentication scheme to assure security in IoT.

Experimental setup
The implementation of the multilevel authentication approach is done in MATLAB and the performance is evaluated using different attacks with QoS and security parameters.

Experimental analysis
The analysis section demonstrates the simulation environment at round_0 and round_50.

Performance metrics
The performance of the IoT network against security attacks is evaluated based on the detection rate, whereas the performance of the IoT network is determined based on the performance parameters, QoS, Packet Delivery Ratio (PDR) and delay. The detection rate defines the rate at which the security attacks are determined using the methods and it should be higher for the effective method and is represented in %. The QoS and PDR of the methods should be greater for higher performance and is represented in %, whereas the delay of the effective method should be minimal and is represented in ms.

Competing methods
The effectiveness of the proposed ECSH multilevel authentication protocol is compared with the existing methods, Reliable and Lightweight Trust strategy (RLT) [1], User authenticated key management protocol (UAKMP) [2], and SDN-based data transfer security model, Middlebox-Guard (M-GILP) [3].

Comparative analysis
The comparative analysis of the methods are demonstrated in this section and the analysis is performed using 50 nodes and 100 nodes, respectively Figure 4 shows the analysis using 50 IoT nodes and black hole attack is considered for the analysis.  Figure 5 shows the analysis using 50 IoT nodes and DOS attack is considered for the analysis.   Figure 6 shows the analysis using 100 IoT nodes and black hole attack is considered for the analysis.  Figure 7 shows the analysis using 100 IoT nodes and DOS attack is considered for the analysis.

Conclusion
The proposed ECSH multilevel authentication protocol assures secure communication in IoT through the application of Encryption, Chebyshav, hashing function, and session passwords.
The security of the IoT communication is enabled through the effective registration and authentication phases based on the security and performance factors. The analysis of the methods based on the performance metrics is performed using 50 and 100 nodes in the presence of 50 and 100 nodes. It is evident from the analysis that the proposed ECSH multilevel authentication protocol outperformed the existing methods with a minimal delay, maximal PDR, detection rate, and QOS. The minimal delay of 135.922 ms is acquired by the proposed ECSH multilevel authentication protocol when the DOS attack is available with a total of 100 nodes. On the other hand, the maximal detection rate, PDR, and QOS is acquired by the proposed ECSH multilevel authentication protocol when the simulation environment possesses 50 nodes with DOS attacks, which is 15.2%, 35.7895%, and 26.4623%, respectively. The future extension of the research is based on any of the enhanced protocols that further lower the delay and enhance the performance.

Declarations
Funding: None

Availability of data and material: None
Code availability: None