Open Access

ARTICLE

A Hybrid and Lightweight Device-to-Server Authentication Technique for the Internet of Things

Shaha Al-Otaibi¹, Rahim Khan^2,*, Hashim Ali², Aftab Ahmed Khan², Amir Saeed³, Jehad Ali^4,*

1 Department of Information Systems, College of Computer and Information Sciences, Princess Nourah bint Abdulrahman University, P. O. Box 84428, Riyadh, 11671, Saudi Arabia
2 Department of Computer Science, Abdul Wali Khan University Mardan, Mardan, 23200, Pakistan
3 Department of Computer Science and IT, UET Peshawar, Jalozai Campus Peshawar, Peshawar, 24240, Pakistan
4 Department of AI Convergence Network, Ajou University, Suwon, 16499, South Korea

* Corresponding Authors: Rahim Khan. Email: ; Jehad Ali. Email:

(This article belongs to the Special Issue: Multimedia Encryption and Information Security)

Computers, Materials & Continua 2024, 78(3), 3805-3823. https://doi.org/10.32604/cmc.2024.049017

Received 25 December 2023; Accepted 29 January 2024; Issue published 26 March 2024

Abstract

The Internet of Things (IoT) is a smart networking infrastructure of physical devices, i.e., things, that are embedded with sensors, actuators, software, and other technologies, to connect and share data with the respective server module. Although IoTs are cornerstones in different application domains, the device’s authenticity, i.e., of server(s) and ordinary devices, is the most crucial issue and must be resolved on a priority basis. Therefore, various field-proven methodologies were presented to streamline the verification process of the communicating devices; however, location-aware authentication has not been reported as per our knowledge, which is a crucial metric, especially in scenarios where devices are mobile. This paper presents a lightweight and location-aware device-to-server authentication technique where the device’s membership with the nearest server is subjected to its location information along with other measures. Initially, Media Access Control (MAC) address and Advance Encryption Scheme (AES) along with a secret shared key, i.e., λ_i of 128 bits, have been utilized by Trusted Authority (TA) to generate MaskIDs, which are used instead of the original ID, for every device, i.e., server and member, and are shared in the offline phase. Secondly, TA shares a list of authentic devices, i.e., server S_j and members C_i, with every device in the IoT for the onward verification process, which is required to be executed before the initialization of the actual communication process. Additionally, every device should be located such that it lies within the coverage area of a server, and this location information is used in the authentication process. A thorough analytical analysis was carried out to check the susceptibility of the proposed and existing authentication approaches against well-known intruder attacks, i.e., man-in-the-middle, masquerading, device, and server impersonations, etc., especially in the IoT domain. Moreover, proposed authentication and existing state-of-the-art approaches have been simulated in the real environment of IoT to verify their performance, particularly in terms of various evaluation metrics, i.e., processing, communication, and storage overheads. These results have verified the superiority of the proposed scheme against existing state-of-the-art approaches, preferably in terms of communication, storage, and processing costs.

---

Keywords

---