A Quantum Safe User Authentication Protocol for the Internet of Things
##plugins.themes.academic_pro.article.main##
Abstract
The forthcoming of the Internet of Things has opened the gates for numerous applications in several domains. Unfortunately, it also has brought along with it several security challenges. IoT devices, being compact in size, has several constraints. Therefore, it becomes a challenging task to define security protocols suitable for such constrained devices. Also, the significant strides made towards the development of Quantum computers pose a huge threat to traditionally used cryptosystems. It is known that a sufficiently large Quantum Computer running Shor’s Algorithm can solve the integer factorization problem and the discrete logarithm problem. Thus, in our research, we provide an authentication protocol that utilizes Gate Way Node for high-end processing and suggest the usage of NTRU cryptosystem as the cipher suite. We suggest our authentication protocol in terms of cloud computing, as the number of IoT devices would be immense and cloud computing is better suited for processing and storing such large volumes of data. We also suggest the use of One Time Password, for adding another layer of security on top of the public-key cryptosystem. We analyze our authentication protocol and find that it is safe.
##plugins.themes.academic_pro.article.details##
This work is licensed under a Creative Commons Attribution 4.0 International License.
How to Cite
Kumar Sekhar Roy, & Hemanta Kumar Kalita. (2019). A Quantum Safe User Authentication Protocol for the Internet of Things. International Journal of Next-Generation Computing, 10(3), 178–192. https://doi.org/10.47164/ijngc.v10i3.164
References
- Ajtai, M. 1996. Generating hard instances of lattice problems. In Proceedings of the twentyeighth annual ACM symposium on Theory of computing. ACM, 99-108.
- Amin, R., Kumar, N., Biswas, G., Iqbal, R., and Chang, V. 2018. A light weight authentication protocol for iot-enabled devices in distributed cloud computing environment. Future Generation Computer Systems 78, 1005-1019.
- Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cu´ ellar, J., Drielsma, P. H., Heam, P.-C. ´ , Kouchnarenko, O., Mantovani, J., et al. 2005. The avispa tool for the automated validation of internet security protocols and applications. In International conference on computer aided verification. Springer, 281-285.
- Ashton, K. et al. 2009. That internet of things thing. RFID journal 22, 7, 97-114.
- Bernstein, D. J., Chuengsatiansup, C., Lange, T., and van Vredendaal, C. 2017. Ntru prime: reducing attack surface at low cost. In International Conference on Selected Areas in Cryptography. Springer, 235-260.
- Chuang, M.-C. and Chen, M. C. 2014. An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Systems with Applications 41, 4, 1411-1418.
- Coppersmith, D. and Shamir, A. 1997. Lattice attacks on ntru. In International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 52-61.
- Eldefrawy, M. H., Khan, M. K., and Alghathbar, K. 2010. One-time password system with infinite nested hash chains. In Security Technology, Disaster Recovery and Business Continuity. Springer, 161-170.
- Grassi, P. A., Perlner, R. A., Newton, E. M., Regenscheid, A. R., Burr, W. E., Richer, J. P., Lefkovitz, N. B., Danker, J. M., and Theofanos, M. F. 2017. Digital identity guidelines: Authentication and lifecycle management [including updates as of 12-01-2017]. Tech. rep.
- Haller, N. 1995. The s/key one-time password system.
- Hoffstein, J., Pipher, J., and Silverman, J. H. 1998. Ntru: A ring-based public key cryptosystem. In International Algorithmic Number Theory Symposium. Springer, 267-288.
- Howgrave-Graham, N. 2007. A hybrid lattice-reduction and meet-in-the-middle attack against ntru. In Annual International Cryptology Conference. Springer, 150-169.
- Howgrave-Graham, N., Silverman, J. H., and Whyte, W. 2003. A meet-in-the-middle attack on an ntru private key. Tech. rep., Technical report, NTRU Cryptosystems, June 2003. Report.
- Lamport, L. 1981. Password authentication with insecure communication. Communications of the ACM 24, 11, 770-772.
- Miceli, C. 2011. One time password scheme via secret sharing techniques.
- M’Raihi, D., Bellare, M., Hoornaert, F., Naccache, D., and Ranen, O. 2005. Hotp: An hmac-based one-time password algorithm. Tech. rep.
- M’Raihi, D., Machani, S., Pei, M., and Rydell, J. 2011. Totp: Time-based one-time password algorithm. Tech. rep.
- M’Raihi, D., Rydell, J., Bajaj, S., Machani, S., and Naccache, D. 2011. Ocra: Oath challenge-response algorithm. Tech. rep.
- Selvarajan, B. 2007. Simple two-factor authentication. US Patent App. 11/267,148.
- Shivraj, V., Rajan, M., Singh, M., and Balamuralidhar, P. 2015. One time password authentication scheme based on elliptic curves for internet of things (iot). In 2015 5th National Symposium on Information Technology: Towards New Smart World (NSITNSW). IEEE, 1-6.
- Shor, P. W. 1999. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM review 41, 2, 303-332.
- Von Oheimb, D. 2005. The high-level protocol specification language hlpsl developed in the eu project avispa. In Proceedings of APPSEM 2005 workshop. 1-17.
- Yang, D. and Yang, B. 2010. A biometric password-based multi-server authentication scheme with smart card. In 2010 International Conference On Computer Design and Applications. Vol. 5. IEEE, V5{554.
- Yoon, E.-J. and Yoo, K.-Y. 2013. Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. The Journal of supercomputing 63, 1, 235-255.
- Zhu, Q., Wang, R., Chen, Q., Liu, Y., and Qin, W. 2010. Iot gateway: Bridgingwireless sensor networks into internet of things. In 2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing. Ieee, 347-352.