A Multifactor Multilevel and Interaction Based (M2I) Authentication Framework for Internet of Things (IoT) Applications

Existing authentication solutions proposed for Internet of Things (IoT) provide a single Level of Assurance (LoA) regardless of the sensitivity levels of the resources or interactions between IoT devices being protected. For effective (with adequate level of protection) and efficient (with as low ov...

Full description

Saved in:
Bibliographic Details
Main Authors: Salem AlJanah, Ning Zhang, Siok Wah Tay
Format: Article
Language:English
Published: IEEE 2022-01-01
Series:IEEE Access
Subjects:
Online Access:https://ieeexplore.ieee.org/document/9764763/
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1850126925083705344
author Salem AlJanah
Ning Zhang
Siok Wah Tay
author_facet Salem AlJanah
Ning Zhang
Siok Wah Tay
author_sort Salem AlJanah
collection DOAJ
description Existing authentication solutions proposed for Internet of Things (IoT) provide a single Level of Assurance (LoA) regardless of the sensitivity levels of the resources or interactions between IoT devices being protected. For effective (with adequate level of protection) and efficient (with as low overhead costs as possible) protections, it may be desirable to tailor the protection level in response to the sensitivity level of the resources, as a stronger protection level typically imposes a higher level of overhead costs. In this paper, we investigate how to facilitate multi-LoA authentication for IoT by proposing a multi-factor multi-level and interaction based (M2I) authentication framework. The framework implements LoA linked and interaction based authentication. Two interaction modes, P2P (Peer-to-Peer) and O2M (One-to-Many), are investigated via the design of two corresponding protocols. Evaluation results show that adopting the O2M interaction mode in authentication in the related use-case scenarios can cut communication cost significantly; compared with that of the Kerberos protocol, the O2M protocol reduces the communication cost by 42%~45%. The protocols are also more efficient. The P2P and O2M protocol, respectively, reduce the computational cost by 70%~72% and 81%~82%, in comparison with that of Kerberos. The evaluation results also show that the two-factor authentication option costs twice as much as that of the one-factor option.
format Article
id doaj-art-9b70d461a0fb4a368c389b139fdd0e79
institution OA Journals
issn 2169-3536
language English
publishDate 2022-01-01
publisher IEEE
record_format Article
series IEEE Access
spelling doaj-art-9b70d461a0fb4a368c389b139fdd0e792025-08-20T02:33:48ZengIEEEIEEE Access2169-35362022-01-0110479654799610.1109/ACCESS.2022.31708449764763A Multifactor Multilevel and Interaction Based (M2I) Authentication Framework for Internet of Things (IoT) ApplicationsSalem AlJanah0https://orcid.org/0000-0003-0480-4543Ning Zhang1https://orcid.org/0000-0001-9519-9128Siok Wah Tay2https://orcid.org/0000-0002-0005-889XDepartment of Computer Science, The University of Manchester, Manchester, U.K.Department of Computer Science, The University of Manchester, Manchester, U.K.Department of Computer Science, The University of Manchester, Manchester, U.K.Existing authentication solutions proposed for Internet of Things (IoT) provide a single Level of Assurance (LoA) regardless of the sensitivity levels of the resources or interactions between IoT devices being protected. For effective (with adequate level of protection) and efficient (with as low overhead costs as possible) protections, it may be desirable to tailor the protection level in response to the sensitivity level of the resources, as a stronger protection level typically imposes a higher level of overhead costs. In this paper, we investigate how to facilitate multi-LoA authentication for IoT by proposing a multi-factor multi-level and interaction based (M2I) authentication framework. The framework implements LoA linked and interaction based authentication. Two interaction modes, P2P (Peer-to-Peer) and O2M (One-to-Many), are investigated via the design of two corresponding protocols. Evaluation results show that adopting the O2M interaction mode in authentication in the related use-case scenarios can cut communication cost significantly; compared with that of the Kerberos protocol, the O2M protocol reduces the communication cost by 42%~45%. The protocols are also more efficient. The P2P and O2M protocol, respectively, reduce the computational cost by 70%~72% and 81%~82%, in comparison with that of Kerberos. The evaluation results also show that the two-factor authentication option costs twice as much as that of the one-factor option.https://ieeexplore.ieee.org/document/9764763/Internet of Things (IoT)level of assurance (LoA)interaction based authenticationmulti-level authenticationre-authentication
spellingShingle Salem AlJanah
Ning Zhang
Siok Wah Tay
A Multifactor Multilevel and Interaction Based (M2I) Authentication Framework for Internet of Things (IoT) Applications
IEEE Access
Internet of Things (IoT)
level of assurance (LoA)
interaction based authentication
multi-level authentication
re-authentication
title A Multifactor Multilevel and Interaction Based (M2I) Authentication Framework for Internet of Things (IoT) Applications
title_full A Multifactor Multilevel and Interaction Based (M2I) Authentication Framework for Internet of Things (IoT) Applications
title_fullStr A Multifactor Multilevel and Interaction Based (M2I) Authentication Framework for Internet of Things (IoT) Applications
title_full_unstemmed A Multifactor Multilevel and Interaction Based (M2I) Authentication Framework for Internet of Things (IoT) Applications
title_short A Multifactor Multilevel and Interaction Based (M2I) Authentication Framework for Internet of Things (IoT) Applications
title_sort multifactor multilevel and interaction based m2i authentication framework for internet of things iot applications
topic Internet of Things (IoT)
level of assurance (LoA)
interaction based authentication
multi-level authentication
re-authentication
url https://ieeexplore.ieee.org/document/9764763/
work_keys_str_mv AT salemaljanah amultifactormultilevelandinteractionbasedm2iauthenticationframeworkforinternetofthingsiotapplications
AT ningzhang amultifactormultilevelandinteractionbasedm2iauthenticationframeworkforinternetofthingsiotapplications
AT siokwahtay amultifactormultilevelandinteractionbasedm2iauthenticationframeworkforinternetofthingsiotapplications
AT salemaljanah multifactormultilevelandinteractionbasedm2iauthenticationframeworkforinternetofthingsiotapplications
AT ningzhang multifactormultilevelandinteractionbasedm2iauthenticationframeworkforinternetofthingsiotapplications
AT siokwahtay multifactormultilevelandinteractionbasedm2iauthenticationframeworkforinternetofthingsiotapplications