A network-independent tool-based usable authentication system for Internet of Things devices

Changhun Jung, Jinchun Choi, Rhongho Jang, David Mohaisen, Dae Hun Nyang

Research output: Contribution to journalArticlepeer-review

1 Scopus citations

Abstract

In this paper, we introduce a hardware-based system with a protocol realization to authenticate Internet of Things (IoT) devices. DigitalSeal is a novel standalone network-independent authentication tool implemented using an Arduino UNO and various components. DigitalSeal ’s I/O elements read a barcode and display a barcode data and its corresponding HMAC, which are used for authentication. DigitalSeal can manage cryptographic keys securely and provide a data integrity in order to defend against Man-in-the-Middle (MitM) and Man-in-the-Browser (MitB) attacks. Moreover, DigitalSeal can be used in various applications, such as an authentication system or protocol, an online/offline transaction, a login session, and an IoT device authentication. Using DigitalSeal, we propose a new protocol for IoT device authentication, providing various security benefits and reducing the burden of key maintenance for a large number of IoT devices. Our authentication protocol realization with DigitalSeal provides a convenient method for securely managing password for multiple IoT devices, prevents unauthorized IoT devices from connecting to the user's gateway (an IoT home/enterprise network), and secures the communication between the IoT device and the gateway. Our system and associated protocol are both cost-effective and usable. According to our experiments, most users are able to obtain the authentication credential (the HMAC) within 3 seconds with more than 93% accuracy using DigitalSeal.

Original languageEnglish
Article number102338
JournalComputers and Security
Volume108
DOIs
StatePublished - Sep 2021

Keywords

  • Authentication system
  • DigitalSeal
  • Gateway security
  • Internet of Things (IoT)
  • IoT security

Fingerprint

Dive into the research topics of 'A network-independent tool-based usable authentication system for Internet of Things devices'. Together they form a unique fingerprint.

Cite this