2015 IEEE International Conference on Consumer Electronics (ICCE)

DAoT: Dynamic and Energy-aware Authentication for Smart Home Appliances in Internet of Things

Young-Pil Kim Seehwan Yoo Chuck Yoo Dept. of computer science and Dept. of mobile systems and engineering Dept. of computer science and engineering Dankook University engineering Korea University Yongin, South Korea Korea University, Seoul, South Korea 136713 Email: [email protected] Seoul, South Korea, 136701 Email: [email protected] Telephone: +82-2-3290-3639

Abstract-The Internet of Things (loT) is beneficial to indi­ we also consider energy issues and resource constraints. viduals, business, and society because it creates a wide range Thus, the "loT-accommodating authentication" is required of value-added services by interconnecting diverse devices and to solve MITM attacks and to adapt resource requirements information objects. However, as loT devices have resource con­ of diverse devices. Until now, many individual authentication straints to employ powerful security mechanisms, they are vul­ nerable to sophisticated security attacks such as the main-in-the­ mechanisms are proposed, but, to the best of our knowledge, middle (MITM) attack. Therefore, an intelligent authentication there is no known adaptive authentication system for loT yet. mechanism that considers both resource constraints and security is required. In this paper, we suggest a dynamic and energy­ Reference aware authentication scheme for the Internet of Things (DAoT). Energy cost Auth. Policy

DAoT uses a feedback control scheme to dynamically select an cost selector Auth. energy-efficient authentication policy. With DAoT, loT devices with limited resources can be safely interconnected because DAoT finds and adopts the best cost-effective authentication mechanism.

I. INTRODUCTION

Recently, Internet of Things (loT) is one of big issues in information technology (IT) academy and industry area. Smart devices and information objects can be interconnected by loT; Fig. 1. The feedback control scheme of DAoT thus, various value-added services can be created. Also, IT trend research institutes forecast that billions of devices will II. OUR APPROACH be connected in 2020, and the economic effects will be huge (trillion dollars). In spite of these benefits, the realization We suggest an adaptive authentication framework for select­ of loT is not easy because there are security and privacy ing loT-accommodating authentication policy dynamically. We challenges [2][4]. consider the following aspects: These challenges are accelerated in two points of view: - energy efficiency management complexity and easy access by attackers. First, - smart appliances constraints & lifecycle loT assumes device diversity including resource constrained - verifying device identification devices, and the constrained devices cannot support powerful We call our solution "DAoT"(Dynamic and energy-aware but heavy security functionality. Also, loT should consider Authentication scheme for Internet of Things). interoperability of higher level services including security services; thus, different security mechanisms which require A. Overall architecture various secret information are mixed in the same network. DAoT reflects three design goals: adaptiveness, energy­ These diversity issues make loT security management com­ awareness, and authentication. plex. Second, attackers in loT easily access the network 1) Adaptiveness: Adaptiveness is required because security because many devices support wireless access; thus, loT is state of devices in loT can change dynamically. This means vulnerable to man-in-the-middle (MITM) attack. Smart home that verifying target devices should be dynamic and adaptive appliances area which is one of major targets of IoT is sensitive because the devices can join or leave loT freely. Whenever to privacy problems [3] and energy budget [1][5]. Devices in changing the joining state of device, the current security state home appliance can collect private data such as life patterns needs to be verified. That is, authentication of devices can easily, and energy cost of smart home appliances directly occur dynamically. A feedback control scheme is useful to affects distribution and feasibility of products. Generally, the adapt dynamic behaviors with low complexity [6]. Fig. 1 authentication mechanisms can solve MITM attacks; however, shows dynamic selection logic for determining authentication

978-1-4799-7543-3/15/$31.00 ©2015 IEEE 196 2015 IEEE International Conference on Consumer Electronics (ICCE)

TABLE I

LISTS OF COMPONENTS USED IN EVALUATION OF AUTHENTICATION COST 30 ������������ro����� Operations Cryptographic primitives/protocols �Keymanage L-_e_--"Too=la=IEn=erg",-y_--,ISSJ Handshake+MAC KE DH,MQV, LUCDIF, XTR-DH 25 I MAC VMAC,HMAC, GMAC, CMAC, CBC-MAC,DMAC, Two-Track-MAC 20 Handshake DTLS,HIP I � 15 u method using feedback control scheme in DAoT. DAoT selects e>>- � 0 1 a suitable authentication method as the reference energy cost W based on the resource power of target device. 5 2) Energy-awareness: DAoT decides the authentication policy as the energy cost of authentication method. This 2 3 5 20 requires evaluation of energy costs. DAoT uses estimated 1 4 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Policy No. energy cost and reference energy cost. An estimated energy Auth. cost means the result from energy model, and we use the energy model of [5], in which unit costs are described based Fig. 2. Energy costs of authentication policies on processor cycles for two types of loT devices (MicaZ and TelosB). A reference energy cost means the maximum limits of energy cost as the device constraints. the gap of energy costs between the maximum and minimum DAoT focuses on authentication of iden­ 3) Authentication: case is huge (734%). This cost gap indicates an ideal amount tification of loT device for accessing loT network. The authen­ of energy cost savings by DAoT, and even if the state of ticity of loT device can be achieved by verifying the secure devices changes, DAoT can adjust the cost gap in stabilized information such as device identification provided by the target state by feedback control scheme. device. From previous authentication studies [2][3][4], we find key operations for authentication: key establishment (KE), IV. CONCLUSION message authentication code (MAC) and handshake. The KE We suggest a dynamic and energy-aware authentication operation securely derives confidential keys for cryptographic scheme for Internet of Things (DAoT). loT devices can join mechanisms. The MAC verifies secret information related to safely even if they have constrained resources because DAoT authenticity using key and cryptographic mechanisms. The finds and applies best-cost-fit authentication mechanism. By handshake operation provides a secure protocol for exchanging numerical results, we show that the beneficial potentiality of secret values for authentication between authentication client DAoT. As the future work, we are currently developing a real­ and server. world prototype of DAoT for targeting smart home appliances.

III. EVALUATION ACKNOWLEDG MENT

To evaluate the energy cost of authentication, we calculate This work was supported by the National Research Foun­ total cycles of KE, MAC, and handshake operation. To obtain dation of Korea(NRF) grant funded by the Korea govern­ the cycles, we use a cryptest benchmark program (crypto++) to ment(MEST) (No.2010-0029180). measure cycles of commonly used cryptographic mechanisms. REFERENCES The Table I shows the used cryptographic library functions. [l] Oh, H., Bahn, H., & Chae, K. J. (2005). An energy-efficient sensor We assume that two types of resource constrained loT routing scheme for home automation networks. Consumer Electronics, devices (MicaZ and TelosB) are mixed, and 6LoWPAN net­ IEEE Transactions on,51 (3), 836-839. work is used. We use the energy cost model in [5], and the [2] Saied, Y B., Olivereau, A., Zeghlache, D., & Laurent, M. (2014). model describes unit energy cost based on average energy Lightweight collaborative key establishment scheme for the Internet of Things. Computer Networks, 64, 273-295. consumption (Joule metric) per cycle for determining energy [3] Denning,T., Kohno, T., & Levy, H. M. (2013). Computer security and cost of cryptographic and communication operation. Using the modern home. Communications of the ACM, 56(1), 94-103. [4] Kothmayr,T., Schmitt,C, Hu,w., Brunig,M., & Carle,G. (2013). DTLS the model, we calculate the energy cost with total cycles based security and two-way authentication for the Internet of Things. Ad of KE, MAC and handshake operations corresponding an Hoc Networks, 11(8),2710-2723. authentication method. We define an authentication policy as [5] De Meulenaer, G., Gosset, F., Standaert, O. X., & Pereira, O. (2008, October). On the energy cost of communication and cryptography in the combination of specific cryptographic methods in Table I. wireless sensor networks. In Networking and Communications, 2008. Then, we compare energy costs for test authentication policies. WIMOB'08. IEEE International Conference on Wireless and Mobile The results are in the following Fig. 2. The results show that Computing,(pp. 580-585). IEEE. [6] Hellerstein,J. L.,Diao, Y, Parekh,S., & Tilbury,D. M. (2004). Feedback KE cost is more important because most of KE costs are control of computing systems. John Wiley & Sons. bigger than handshake and MAC cost. Also, we can infer that adaptation of authentication mechanisms is required because

197