Abstract
Started as a hyped technology a few years ago, IoT is now a reality providing sensing and computing capabilities from SCADA systems to households. At their core, IoT devices connect to the outside world to share sensed or computed data. However, the sensitivity and privacy of shared data has made access management a stringent need also for the IoT. In particular, continuous authentication could solve a few security issues, like session hijacking, via checking device legitimacy for each exchanged message and preventing attackers from pretending their actions came from authenticated devices. To date, device-to-device (D2D) continuous authentication still relies on tokens/certificates or devices’ fingerprints such as battery levels or location. The cited solutions, while being not always implementable on resource constrained devices, provide low-entropy and thus sporting a non negligible probability of being guessable during impersonation attacks. In this paper, we overcome the above limitations with LENTO: unpredictable Latency-based continuous authEntication for Network inTensive IoT envirOnments. In addition to a thorough analysis, we also offer experimental validation of our proposal. We have deployed LENTO as an additional authentication module of the well-known NextCloud platform, and we have performed an extensive experimental campaign. Collected results confirm our working hypothesis. Network delays can be exploited as random seeds in continuous authentication protocols as they provide as much entropy as standard approaches. To the best of our knowledge, our approach is the first continuous authentication protocol relying purely on the network characteristics, regardless of the underneath computing base trustworthiness. Given the minimal overhead introduced by our solution, it provides continuous authentication even for those devices that cannot afford to run (defacto) standard protocols. As such, LENTO could be retrofitted, offering enhanced security to a plethora of nowadays unsecured devices.
Original language | English (US) |
---|---|
Pages (from-to) | 151-166 |
Number of pages | 16 |
Journal | Future Generation Computer Systems |
Volume | 139 |
DOIs | |
State | Published - Feb 2023 |
Bibliographical note
Funding Information:The authors declare the following financial interests/personal relationships which may be considered as potential competing interests: Roberto Di Pietro reports financial support was provided by NATO Science for Peace and Security Programme. We declare that manuscript co-author Roberto Di Pietro is a member of the Advisory Board for the FGCS Journal.
Publisher Copyright:
© 2022 Elsevier B.V.
Keywords
- Cloud
- Continuous authentication
- Internet of Things (IoT)
- Latency
- Network
- Security
ASJC Scopus subject areas
- Software
- Hardware and Architecture
- Computer Networks and Communications