TY - JOUR
T1 - On Designing a Lesser Obtrusive Authentication Protocol to Prevent Machine-Learning-Based Threats in Internet of Things
AU - Chakraborty, Nilesh
AU - Li, Jian Qiang
AU - Mondal, Samrat
AU - Luo, Chengwen
AU - Wang, Huihui
AU - Alazab, Mamoun
AU - Chen, Fei
AU - Pan, Yi
PY - 2021/3/1
Y1 - 2021/3/1
N2 - In the era of the Internet of Things (IoT), people access many applications through smartphones for controlling smart devices. Therefore, such a centralized node must follow a robust access control mechanism so that an intruder cannot control the connected devices. Recent reports suggest that password can be used as an authentication factor for accessing the smart setups. However, this static information can be compromised under the light of different machine learning (ML)-empowered attack mechanisms. Alarmingly, different sensors used in the IoT setup can also expose this static information to the adversaries. Password-based authentication that uses a challenge-response strategy is an effective solution for handling such threat scenarios. In this article, at first, we show that no existing usable challenge-response protocol is safe to be used in the public area network. Following this, we propose a challenge-response protocol that is more secure to use in the public domain. By using eight classifiers, we show that a learning-based threat specific to our protocol has a marginal impact on the method's security standard. The discussion in this article also suggests that the proposed protocol has usability and security advantages compared to the existing state of the art (e.g., reduces the number of interactions between the user and verifier by a factor of 0.5).
AB - In the era of the Internet of Things (IoT), people access many applications through smartphones for controlling smart devices. Therefore, such a centralized node must follow a robust access control mechanism so that an intruder cannot control the connected devices. Recent reports suggest that password can be used as an authentication factor for accessing the smart setups. However, this static information can be compromised under the light of different machine learning (ML)-empowered attack mechanisms. Alarmingly, different sensors used in the IoT setup can also expose this static information to the adversaries. Password-based authentication that uses a challenge-response strategy is an effective solution for handling such threat scenarios. In this article, at first, we show that no existing usable challenge-response protocol is safe to be used in the public area network. Following this, we propose a challenge-response protocol that is more secure to use in the public domain. By using eight classifiers, we show that a learning-based threat specific to our protocol has a marginal impact on the method's security standard. The discussion in this article also suggests that the proposed protocol has usability and security advantages compared to the existing state of the art (e.g., reduces the number of interactions between the user and verifier by a factor of 0.5).
KW - Challenge-response protocol
KW - Internet-of-Things (IoT) sensor
KW - machine learning (ML)-based threat
KW - observational-attack
KW - PIN
KW - security
KW - usability
UR - http://www.scopus.com/inward/record.url?scp=85101702080&partnerID=8YFLogxK
U2 - 10.1109/JIOT.2020.3025274
DO - 10.1109/JIOT.2020.3025274
M3 - Article
AN - SCOPUS:85101702080
SN - 2327-4662
VL - 8
SP - 3255
EP - 3267
JO - IEEE Internet of Things Journal
JF - IEEE Internet of Things Journal
IS - 5
M1 - 9201092
ER -