Authentication Mechanism for Intrusion Detection and Prevention

INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 9, ISSUE 03, MARCH 2020 ISSN 2277-8616

Authentication Mechanism For Intrusion

Detection And Prevention In IOT Devices

P.Ananthi

Abstract— In recent real world scenario the IoT systems security is a more focused area of researchers. For activating IoT devices, communication between IoT devices and IoT server is significant. In this communication mutual authentication between IoT device and server is essential for security. Common security mechanism such as Single password-based authentication is exposed to side-channel and dictionary attacks. This paper presents Elliptic curve cryptography based mutual authentication mechanism which is using smaller keys between IoT server and devices. Initially generated key is shared between server and IoT devices then key verified after successful communication. This mechanism is implemented in Arduino device to prove the key mechanism is feasible for IoT communication.

Index Terms— Authentication Protocol, DoS attacks, Elliptic curve cryptography, Intrusion Detection, IoT Device Authentication, IoT Security, key generation. ——————————  —————————— 1 INTRODUCTION current authentication mechanisms, which are mostly based INTERNET-OF-THINGS (IoT) research is of vital focus to on single password-based mechanism, are vulnerable to side- academia and industry. Proliferating IoT networks and digital channel and dictionary attacks. This paper proposed a multi devices will provide smarter services and greater convenience key authentication mechanism using Elliptic curve to humans than in the past, thus creating a new era of cryptography, in this case if the secret key is retrieved by the technology. In the world of the Internet of Things (IoT), billions attacker, the attacker can not use the keys for communication of devices are connected to the Internet, which provides an because the key pair changed every communication and intruder an opportunity to manipulate the IoT system on a securely shared to the devices. Additionally the session key is large scale. Security issue is emphasized by the lack of generated based on identification number and combined with standards specifically designed for devices with limited random number generator. So that attacker can not applied for resources and heterogeneous technologies. In addition, these dictionary attack of brute force attack. In this paper section II devices, due to many vulnerabilities, represent a “fertile contains the system architecture for IoT devices. Section III ground” for existing cyber threats. In fact, at the end of 2016, describes the possible security attacks on IoT devices. The there were distributed denial of service (DDoS) attacks to the elliptic curve based authentication mechanism is explained in DNS provider such as PayPal, Twitter, VISA, etc. through a Section IV. Section V provides conclusion. botnet consisting of a large number of vulnerable IoT devices (such as printers, IP cameras, residential gateways, and baby 2 SYSTEM ARCHITECTURE monitors) that had been infected by the Mirai malware. Figure 1 illustrates a typical IoT system. The IoT architecture Authentication, authorization, privacy and data confidentiality consists of four stages. Stage1 consists of wireless sensors are some of the major security issues of IoT [3]. Attacks on IoT and actuators. Stage2 refers as data acquisition system, devices can happen at one or more layers such as Hardware stage3 considers the edge IT systems and stage 4 contains layer, Network layer and Cloud layer [6]. In the hardware layer, cloud data storage, analysis and management. IoT hardware is compromised by the attacker and gain access to the keys and other security credentials stored in IoT Stage 1. (wireless sensors and actuators) devices. The attacker can duplicate or virtual IoT device by The sensors used to receive the information from outside using the retrieved security credentials. The fake IoT device world and convert it into data for analysis. The data will be can send message to the server and retrieve some more processed further. The actuators are able to intervene the security information about the user from the server. MIRAI physical reality. This sensor and actuators are used to sense malware is one of the side channel attack which fetch the and adjust the physical control over the IoT devices. security parameter from the server without having physical connection. IoT devices have been attacked from outside of Stage 2. Sensor data acquisition systems the network and used as compromised to attack other The data from the first stage is in analogue form which is to be websites and internet services [10]. IoT device with a secured aggregated and converted into digital form for further process. authentication mechanism can avoid those critical issues. The Internet gateways appear in this stage, it will work through Wi- proposed authentication mechanisms securely identify the Fi, wired LANs. Data center uses digital form of data, so the server and the IoT device using public key infrastructure. This analogue data should be converted into digital form. The paper proposes a secure authentication protocol to essential activity of this stage is to process the huge amount of authenticate the IoT device and the server. Some of the information collected on the stage1 and compress it to the optimal size for further analysis. In short, Stage 2 makes data ______both digitalized and aggregated.

Stage 3. Edge IT systems  Dr.P.Ananthi working as Assistant Professor, Kongu Engineering Stage 3 is closely linked to the previous phases of IoT system College, Perundurai 638060, Tamilnadu, India. architecture. The edge It systems are located nearly where E-mail : [email protected] the sensors and actuators are located and connected with them. That may be reside remote offices or other edge 5484 IJSTR©2020 www.ijstr.org INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 9, ISSUE 03, MARCH 2020 ISSN 2277-8616

locations. The edge IT systems perform data analysis and and devices. preprocessing the data for that. Edge IT systems perform enhanced data analytics and preprocessing which applied Side-channel Attacks machine learning and visualization technologies. The attacker uses the side channel information that is retrieved from encrypting devices. It is neither the plaintext Stage 4. Cloud analytics nor the cipher text, it contains information about consumption The significant processes on the fourth stage of IoT of power, the time required to perform the operation, faults architecture occur in data center or cloud. This permits in- frequency, etc. Attacker make use of these information to depth processing with follow up revision based on feedback. recover the encryption key. The IoT communication is The data from other sources can be forwarded to data center, deployed with clod architecture. Devices are communicated the IT system can analyze, manage and store the data through WAN. The single key based authentication used for securely. Stage 4 processing may take place on-premises, in IoT communication is vulnerable to key trapping attacks. The the cloud, or in a hybrid cloud system, but the type of key may retrieved by the attacks using side channel attacks processing executed in this stage remains the same, and dictionary attack. The fake devices can use the shared regardless of the platform. secret key and communicate with the server. In Elliptic curve base public key system private and public keys are used for secure communication. It uses mutual authentication between IoT server and IoT devices and additionally use session key for encrypting the message.

4 AUTHENTICATION MECHANISM This authentication mechanism applies elliptic curve cryptography for generating pair of public keys and private key at server side. Then the private key is distributed to IoT devices using hash mechanism. In this authentication environment, private and public keys are generated for every communication between IoT server and IoT devices. During Fig.1 IoT Sytem Architecture IoT communication many number of data exchanges are possible which is considered as separate session. For each session, a session key is generated and distributed between 3 SECURITY ATTACKS ON IOT IoT server and IoT devices. After a successful session, the session key is discarded and new key is generated. Denial of Service (DoS) The attacker attacks on network resources, services that lead Key Generation to denial of service to the legitimate user. There are two types Elliptic Curve Cryptography (ECC) is the efficient encryption of attacks, one is Denial of service attack such as one attacker method that provides stronger security. ECC uses small size of focuses the victim, another one is distributed denial of key with high level of security. Short key consumes less services, in this context attacker compromises number of computational power and also faster. An elliptical curve can systems for attack on specific victim. Both are powerful simply illustrated as a set of points defined by the following attacks, the effect of these attacks may reduce the network equation: capacity and legitimate user cannot access the network.

During the DoS attack IoT devices are denied to connect with 2 3 y = x + ax + b (1) server or to wait long time for response. 3 2 where 4a + 27b ≠0

Spoofing Based on the values given to a and b will determine the shape In spoofing attack, routing information is altered or replayed of the curve. Elliptical curve cryptography uses these curves during data exchange between nodes. The attacks are created over finite fields to create a secret that only the private key by spoofing of messages, creating routing looping between holder is able to unlock. nodes. Due this attack IoT devices suffer misguided routing or For any point G on the elliptic curve the set detection problem. The attacker sends the unreliable information to the receiver an steal the device credentials. { O, G, G+G, G+G+G, G+G+G+G, ... }is a cyclic subgroup of

the points that are solutions to the elliptic curve – hence Sybil Attack multiplying a point G by a scalar k, as in kG = Q, results in Which is a single node keeps the multiple identities and act as another solution Q. The number of integers to use to express multiple nodes. That creates the more than one location of points is a prime number p. The public key is a point in the adversary at a time. It affects the data integrity and utilization curve and the private key is a random number. The public key of resources. is obtained by multiplying the private key with the generator

point G in the curve. The authentication between IoT server Man in the Middle Attacks and IoT devices are ensured by using to generation private The attacker intercepts the communication between the IoT and public key pair for each device. devices and IoT server nodes. The IoT devices and IoT sever are not aware about the attacker as middle man. It leads to reveal the sensitive information exchanged between server 5485 IJSTR©2020 www.ijstr.org INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 9, ISSUE 03, MARCH 2020 ISSN 2277-8616

Procedure 1. Device sends the request for communication to the Session key Generation server with its unique identification number (16 bits). 2. After validating the id server generates the key pair for Choose random number , r specify the bits as (r1,r2,….r16) device. (PRdi, PUdi). 3. This key pair is forwarded to the requested device. Device identification number 16 bits (id1, id2,…id16) 4. The device would send initiative message with its id. 5. The server creates 16 bit session key s for that session S= r1 ⊕ id1, r2 ⊕ id2,…. r16⊕ id16 by XORing the random number bits with device id. 6. The session key is encrypted with the public key of This session key will be generated for every session. Session device then forwarded. E(s,PUdi) key is attached with time stamp t for validity. After the time 7. Device using its private key for decryption and obtain the span session key is automatically discarded. session key then starts data transfer using session key. D(s, PRdi) During communication, after every session new session key is generated using random number generator and identification Message number of device. For single there may be n number of Communication messages from device to server and vice sessions, so many number of session keys are required for versa shown in fig.2. N Devices are connected to the server every communication. After successful communication the identification number for devices d1,d2….dn. Server generates public, private key pair is changed for each device. private key and public key pair {PR, PU} for each device for communication. The keys are shared with respective devices and nonce is created for unique transfer. The key generation 5 CONCLUSION for each device and session key for data transfer prevents In this paper elliptic curve based authentication mechanism is unauthorized access of IoT devices. proposed to secure IoT server and IoT devices. This mechanism is used to detect and prevent the side channel Device Server : {iddi, request} attacks and DoS attacks on IoT devices. The generated secret Server Device: {iddi, PRdi, PUdi, N1} key values for device authentication are altered after every Device  Server: {iddi, E(M, PRdi),N2} successful communication between the server and the IoT Server  Device: {iddi, E(S,PUdi),N1} device. By using this secured key generation mechanism, IoT environment is protected from various attacks and reliable communication is possible. Server Device REFERENCES [1] Raza, S., Shafagh, H., Hewage, K., Hummen, R., & Voigt, T. “Lithe: Lightweight secure CoAP for the internet {iddi, request} of things” IEEE Sensors Journal, 2013. 13(10), 3711- 3720.

[2] Weize Yu and Selçuk Köse, “A Lightweight Masked AES {iddi, PRdi, PUdi, N1} Implementation for Securing IoT Against CPA Attacks”,

IEEE Transactions on Circuits And System, 2017.

[3] Kalra, S., & Sood, S. K, “Secure authentication scheme {id , E(M, PR ),N2} di di for IoT and cloud servers”, Pervasive and Mobile

Computing, 2015. 24, 210-223.

[4] Anam Sajid, Haider Abbas, & Kashif Saleem, “Cloud- {id , E(S,PU ),N1} di di Assisted IoT-Based SCADA Systems Security”, special

section on the plethora of research in internet of things

(IoT), IEEE , 2016, 4, 1375-1384. Data transfer [5] Danger, J. L., Guilley, S., Hoogvorst, P., Murdica, C., &

Naccache, D, “A synthesis of side-channel attacks on

elliptic curve cryptography in smart- cards” Journal of Cryptographic Engineering, 2013, 3(4), 241-265. [6] Shachar Siboni et al., “Security Testbed for Internet-of- Things Devices”, IEEE Transactions on Reliability,2019, vol. 68, No. 1, pp. 23-44. [7] Francesca Meneghello et al., “IoT: Internet of Threats? A Fig. 2 Message flow among server and device Survey of Practical Security Vulnerabilities in Real IoT Devices”, IEEE Internet of Things Journal,2019, Vol. 6, No. 5, pp.8082 – 8199. iddi – device identification (Unique) PR – Private key for device generated by server [8] Hajoon Ko, Jiong Jin, and Sye Loong Keoh, “Secure di Service Virtualization in IoT by Dynamic Service PUdi – Public key for device generated by server N1, N2 – Nonce for communication Dependency Verification”, IEEE Internet of Things S – Session key Journal, 2016,vol. 3, no. 6, pp. 1006-1014. [9] Nataliia Neshenko et.al., “Demystifying IoT Security: An 5486 IJSTR©2020 www.ijstr.org INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 9, ISSUE 03, MARCH 2020 ISSN 2277-8616

Exhaustive Survey on IoT Vulnerabilities and a First Empirical Look on Internet-Scale IoT Exploitations”, IEEE Communications Surveys & Tutorials,2019, Vol. 21, No. 3, pp.2702-2733. [10] Jing, Q., Vasilakos, A. V., Wan, J., Lu, J., & Qiu, D. “Security of the internet of things: Perspectives and challenges”, Wireless Networks, 2014,20(8), 2481-2501. [11] Genkin, D., Pachmanov, L., Pipman, I., and Tromer, E. “Stealing keys from PCs using a radio: Cheap electromagnetic attacks on windowed exponentiation” In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES 2015). Springer, 2015, pp.207–228. [12] Mukrimah Nawir1, Amiza Amir, Naimah Yaakob, Ong Bi Lynn, “Internet of Things (IoT): Taxonomy of Security Attacks”, 3rd International Conference on Electronic Design (ICED), 2016,pp. 321-326. [13] Hankerson.D, Menezes.A, and Vanstone.S.A, “Guide to Elliptic Curve Cryptography”, Springer-Verlag, 2004. [14] Ananthi.P, Balasubramanie.P, “ Two level Authentication and Packet Marking Mechanism for Defending against DoS and DDoS attacks”, International Journal of Computer Applications, 63(1), 2013, pp 41-45.

5487 IJSTR©2020 www.ijstr.org