Detection of common IoT authentication attacks and design of a lightweight authentication and key management protocol

Abstract

The Internet of Things (IoT) has grown rapidly over several years. IoT establishes connections between devices and the Internet. Thing could be everything and every kind of object. Things are smart as they are able to connect to the Internet and make decisions automatically. IoT devices are widely used and there are numerous IoT devices worldwide. As devices are deployed in diverse settings, such as daily life, smart homes, smart cars, and smart agriculture, they offer various benefits. However, while IoT devices are helpful, the spread of devices causes several concerns. Management is crucial for IoT devices and numerous devices cannot be managed easily. Besides the management of devices, IoT devices are vulnerable due to their characteristics. One of the characteristics is that the IoT devices are resource-constraint. They generally have limited CPU, memory, and storage. As implementing comprehensive security mechanisms is expensive, users do not prefer to use them. Additionally, authentication and key exchange protocols are generally deficient. All of the mentioned issues make IoT devices vulnerable. While a vulnerable device could be easily captured by attackers, a group of devices could be also captured. Botnets, also known as robot networks, pose a threat to IoT devices as they infect and capture them. Thus, botnets compose a large-scale attack on Information Systems. There are numerous attacks on IoT devices. Thus, IoT devices need to implement robust security mechanisms. In this thesis, IoT devices mentioned are resource-constrained, include weak security mechanisms, establish continuous Internet connectivity, and perform specific functions. Even if these devices may include personal data, it is assumed that a breach of this data does not constitute a problem. For instance, a weather sensor data breach is not a significant concern for users. Besides these concerns, the mentioned devices transmit small data such as temperature, humidity, and commands. This thesis begins with a test environment setup to monitor attacks and attackers to understand attacker behavior and features. The test environment is installed on the WalT platform, a reproducible and reusable computer management environment. On this platform, a honeypot mechanism is installed for monitoring. It is aimed to provide comprehensive support to propose a suitable and effective security mechanism. Honeypot helps to present the attackers, who send malicious requests, attack types, and ease of attack. Upon analyzing the honeypot data, it becomes evident that weak authentication introduces vulnerabilities, leading to authentication attacks. Against detected attacks, a lightweight One-Time Password (OTP) authentication and key exchange protocol that is available from long-range or close-range areas, easy-to-use for users, and computationally low-cost protocol is proposed. The proposed authentication protocol includes a key exchange and presents a hierarchic management model. The hierarchic model provides easy management, cost-effective key exchange, and independence between devices. The proposed protocol has another crucial feature: all session data and session keys (ephemeral keys) are updated in every session. Every session is independent of each other. All session data and ephemeral keys are computed using only primitive cryptographic functions such as XOR operation and hash functions. Thus, the protocol is cost-effective and lightweight protocol. The protocol begins with registrations of servers and devices. Firstly, all servers are registered to their upper-level server. The registered servers start the authentication phase to register devices. Thus, device registration is completed with authenticated servers. The communication can be in two directions: device-to-server and server-to-device. The protocol is initiated by both participants separately. Devices and servers verify several values during the authentication. They generate ephemeral keys at the end of the authentication and messages are encrypted with these ephemeral keys. The protocol is guaranteed with the AVISPA model checker in a formal way. This thesis also presents an informal security analysis of the protocol. Security analysis shows that the protocol is robust against attacks like replay, theft, and DOS. Performance analysis is also presented of the proposed protocol. Devices compute only 1 XOR operation and 11 hash computations. Every authentication protocol has specific features, requirements, and goals when looking at the literature studies. The proposed protocol has the following features: Lightweight and cost-effective authentication, key exchange, and message transfer protocol. It consumes low power due to its primitive computations. There is no need to use extra hardware (i.e. smart card, RFID tag) for the protocol. It is possible to authenticate devices both remotely and nearby. Users can communicate with a single device or a group of devices. In this thesis, the goals are achieved; attackers are monitored with a honeypot, the security issues of the IoT devices are revealed, and a lightweight authentication and key exchange protocol is proposed with a well-suited management model.