On Designing a Lesser Obtrusive Authentication Protocol to Prevent Machine-Learning-Based Threats in Internet of Things

In the era of the Internet of Things (IoT), people access many applications through smartphones for controlling smart devices. Therefore, such a centralized node must follow a robust access control mechanism so that an intruder cannot control the connected devices. Recent reports suggest that password can be used as an authentication factor for accessing the smart setups. However, this static information can be compromised under the light of different machine learning (ML)-empowered attack mechanisms. Alarmingly, different sensors used in the IoT setup can also expose this static information to the adversaries. Password-based authentication that uses a challenge-response strategy is an effective solution for handling such threat scenarios. In this article, at first, we show that no existing usable challenge-response protocol is safe to be used in the public area network. Following this, we propose a challenge-response protocol that is more secure to use in the public domain. By using eight classifiers, we show that a learning-based threat specific to our protocol has a marginal impact on the method's security standard. The discussion in this article also suggests that the proposed protocol has usability and security advantages compared to the existing state of the art (e.g., reduces the number of interactions between the user and verifier by a factor of 0.5).