On Designing a Lesser Obtrusive Authentication Protocol to Prevent Machine-Learning-Based Threats in Internet of Things

Nilesh Chakraborty, Jian Qiang Li, Samrat Mondal, Chengwen Luo, Huihui Wang, Mamoun Alazab, Fei Chen, Yi Pan

    Research output: Contribution to journalArticlepeer-review


    In the era of the Internet of Things (IoT), people access many applications through smartphones for controlling smart devices. Therefore, such a centralized node must follow a robust access control mechanism so that an intruder cannot control the connected devices. Recent reports suggest that password can be used as an authentication factor for accessing the smart setups. However, this static information can be compromised under the light of different machine learning (ML)-empowered attack mechanisms. Alarmingly, different sensors used in the IoT setup can also expose this static information to the adversaries. Password-based authentication that uses a challenge-response strategy is an effective solution for handling such threat scenarios. In this article, at first, we show that no existing usable challenge-response protocol is safe to be used in the public area network. Following this, we propose a challenge-response protocol that is more secure to use in the public domain. By using eight classifiers, we show that a learning-based threat specific to our protocol has a marginal impact on the method's security standard. The discussion in this article also suggests that the proposed protocol has usability and security advantages compared to the existing state of the art (e.g., reduces the number of interactions between the user and verifier by a factor of 0.5).

    Original languageEnglish
    Article number9201092
    Pages (from-to)3255-3267
    Number of pages12
    JournalIEEE Internet of Things Journal
    Issue number5
    Publication statusPublished - 1 Mar 2021

    Cite this