228 Int. J. Security and Networks, Vol. 7, No.

4, 2012

Internet of things’ authentication and access control

Jing Liu and Yang Xiao*

Department of Computer Science,
The University of Alabama,
101 Houser Hall, Box 870290,
Tuscaloosa, AL 35487-0290, USA
Email: [email protected]
Email: [email protected]
*Corresponding author

C.L. Philip Chen

Faculty of Science of Technology,
University of Macau,
Macau, China
Email: [email protected]

Abstract: The Internet of Things (IoT) is regarded as the next generation worldwide network that
connects every necessary object to facilitate our daily life. Although it is only an abstract concept
to some extent, a number of relevant undergoing researches make this blueprint more possible in
the near future. Those works involve wired and wireless sensor networks, mobile ad-hoc
network, radio frequency identification, ubiquitous computing, etc. Due to the inherent
vulnerabilities of the internet, security and privacy issues should be considered and addressed
before the IoT is widely deployed. Authentication and access control are two key techniques to
prevent a computer or network component from being compromised. This paper mainly analyses
existing authentication and access control methods, and then, it designs a feasible one for the IoT.
Potential future directions are discussed at the end of this paper.

Keywords: IoT; authentication; access control; RFID; security.

Reference to this paper should be made as follows: Liu, J., Xiao, Y. and Chen, C.L.P. (2012)
‘Internet of things’ authentication and access control’, Int. J. Security and Networks, Vol. 7,
No. 4, pp.228–241.

Biographical notes: Jing Liu is a PhD candidate in the Department of Computer Science at the
University of Alabama. He received his BSc and MSc degrees from the Hunan University
(China) in 2005 and 2008, respectively. He is an active researcher in the area of network security,
bio-inspired networks, telemedicine and smart grids, such as botnet, visual attention, anonymous
communication and accountability.

Yang Xiao is currently in the Department of Computer Science at the University of Alabama. His
research areas are security and communications/networks. His research has been supported by the
US National Science Foundation (NSF), US Army Research, Global Environment for Network
Innovations (GENI), Fleet & Industrial Supply Center San Diego (FISCSD), FIATECH, and The
University of Alabama’s Research Grants Committee.

C.L. Philip Chen is currently Dean and Chair Professor of the Faculty of Science and Technology,
University of Macau. His current research interests include theoretic development in computational
intelligence, intelligent systems, cyber-physical systems, robotics and manufacturing automation,
networking, diagnosis and prognosis, and life prediction and life-extending control. He is an elected
Fellow of IEEE and AAAS. He is the President of the IEEE Systems, Man and Cybernetics Society
(SMCS), 2012–2013.

This paper is a revised and expanded version of a paper entitled ‘Authentication and access
control in the Internet of Things’ presented at ‘32nd International Conference on Distributed
Computing Systems Workshops (ICDCSW 2012)’, Macau, China, 18–21 June 2012.

Copyright © 2012 Inderscience Enterprises Ltd.

 Internet of things’ authentication and access control 229

1 Introduction 2008; Xiao et al., 2008a; Xiao et al., 2008b; Du et al., 2009;
Huang, 2009; Laur and Pasini, 2009; Le et al., 2009; Lee
The almost ubiquitous internet can be accessed not only by and Sivalingam, 2009; Lee et al., 2009; Mccune et al., 2009;
conventional computing machines, but also by new and Scannell et al., 2009; Huang and Shieh, 2010; Stallings,
smart devices. These devices, like smart phones and sensing 2010; Vapen et al., 2010; Wang and Smith, 2010; Yang,
nodes, may connect to certain online services that provide 2010; Barua et al., 2011; Choi et al., 2011; Fathy et al.,
specialised functionalities to users. They are now forming 2011; Krontiris and Dimitriou, 2011; Lim et al., 2011;
an emerging global and internet-based information service Sharma and Leung, 2011; Tsai and Shao, 2011; Zhao et al.,
platform called the Internet of Things (IoT) (Atzori et al., 2011). They can prevent unauthorised users from gaining
2010; Liu et al., 2012). Generally speaking, the IoT access to resources, prevent legitimate users from accessing
architecture is based on some existing data communication resources in unauthorised manner, and enable legitimate
tools, which could range from Radio Frequency Identification users to access resources in an authorised manner. Due to
(RFID) tagged products to complex computational items (Sun the different characteristics between the current internet and
et al., 2006; Xiao and Shroff, 2006; Xiao et al., 2006b; Hu the IoT, directly adopting existing approaches or schemes
et al., 2007; Su and Xiao, 2007; Xiao et al., 2007b; Su and may be not feasible or efficient. To better secure the IoT, it
Xiao, 2008; Sun et al., 2008; Hu et al., 2009; Xiao and is necessary to give an analysis of existing authentication
Liang, 2009; Xiao and Zhang, 2009; Zhang and Xiao, 2009; and access control methods under the IoT scenario.
Xiao and Zhang, 2011a; Xiao et al., 2011a; Olteanu et al., Motivated by the analysis results, a feasible authentication
2011; Grau et al., 2012). The latter originally targeted and access control scheme is presented in this paper.
productivity, mobile applications and entertainment, but The rest of this paper is organised as follows: Section 2
now they are placed into new contexts, realise a better user gives a brief overview of the IoT regarding its features
interface, or package functionality aspects in a new, and architectures; Sections 3 and 4 discuss existing
cheaper, or more robust way (Weber, 2009; Atzori et al., authentication and access control methods for the IoT,
2010). The main function of the IoT is to collect data from respectively. Section 5 proposes our design and security
the ‘things’, to make seamless connections between ‘things’ analysis, Section 6 gives several open issues for future
and the current network infrastructure, and to exchange directions and finally Section 7 is the conclusion of this
information via the internet. paper.
The most challenging topics in such an interconnected
system of miniaturised ‘things’ are security and privacy
aspects (Sarma and Girao, 2009; Huang and Wang, 2010; 2 Internet of things
Wang et al., 2010; Weber, 2010; Xiong et al., 2011).
Without sureness that private information is protected and 2.1 Features
adequate security is provided, users will be unwilling to
adopt this new technology although it invisibly integrates The term IoT, originally introduced by Kevin Ashton’s
into their environment and life. Having every ‘thing’ presentation in 1998, describes an emerging global, internet-
connected to the global future internet and ‘things’ based information service architecture (Weber, 2009).
communicating with each other, new security and privacy Technically, the architecture is based on data communication
issues arise. The problems mainly stem from confidentiality, tools, primarily RFID-tagged devices. The main purpose of
authenticity and integrity of data sensed and exchanged by the IoT consists of the facilitation of information exchanges
‘things’. Privacy of humans must be ensured to prevent among different things about, for example, goods in global
unauthorised identification and tracking. Furthermore, as supply chain networks. As such, the infrastructure should
‘things’ become more autonomous and intelligent, problems provide information about ‘things’ in a secure and reliable
like identities or owners of ‘things’, and responsibility of manner. Extending the initial application scope, the IoT might
‘things’ in their acting will arise as well (Weber, 2010). also serve as the backbone for ubiquitous computing, which
Before the IoT existence, corrupted digital systems were helps enabling smart environments to recognise/identify
mostly unable to act in the physical world. This will change objects and retrieve information from the internet to facilitate
dramatically and dangerously now that corrupted digital their adaptive functionalities.
systems can operate in and influence the physical world The formal definition of the IoT has been widely
(Sarma and Girao, 2009; Wang et al., 2010; Weber, 2010). discussed by Atzori et al. (2010) and Weber (2009, 2010).
Authentication and access control technologies are ‘A world-wide network of interconnected objects uniquely
known as the central elements to address the security and addressable, based on standard communication protocols’ is
privacy problems in computer networks (Vandenwauver et al., a universally agreed one upon definition (Atzori et al.,
1997; Benenson et al., 2005; Jiang et al., 2006; Kim et al., 2010). To some extent, the IoT is an ultimate product of
2006; Wang and Li, 2006; Wang et al., 2006; Wong et al., pervasive computing. It can connect a variety of things and
2006; Zheng et al., 2006; Abdalla et al., 2007; Li et al., make them communicate with each other for a common
2007; Shen et al., 2007; Tartary and Wang, 2007; Tseng goal. The things may include, but are not limited to, sensors,
et al., 2007; Zhou et al., 2007; Asadpour et al., 2008; Lei smart phones, RFID tags, actuators, etc. (Xiao et al., 2006a;
et al., 2008a; Lei et al., 2008b; Lin et al., 2008; Wang et al., Xiao et al., 2007c; Xiao et al., 2009b; Peng et al., 2009;
230 J. Liu, Y. Xiao and C.L.P. Chen

Olteanu et al., 2010; Xiao et al., 2010; Liu and Xiao, 2011; makers. Furthermore, many of the nodes connected to the
Xiao et al., 2011b; Xiao et al., 2011c; Abbasi et al., 2012; internet would be extremely heterogeneous in nature in
Aly, 2012; Balakrishnan et al., 2012; Beghdad, 2012; Cai terms of their computing resources, networking abilities and
et al., 2012; Callegari et al., 2012; Cao et al., 2012; Chen energy consumption. In addition to smart phones, laptops,
and Li, 2012a; Chen and Liu, 2012b; Chew et al., 2012; PDAs, and their various combinations, tiny RFID tags and
Chia et al., 2012; Gamm et al., 2012; Gao et al., 2012; pervasive RFID (as are low power devices) have been
Goodney and Cho, 2012; Guo et al., 2012; Hänel et al., touted as one of the enabling technologies for the IoT, as
2012; He et al., 2012; Li et al., 2012; Liang and Xiao, 2012; well as robotics and nanotechnology.
Lin et al., 2012; Luu anf Tang, 2012; Medjiah et al., 2012; RFID systems are obviously key components of the IoT
Mustafa et al., 2012; Nandi and Kundu, 2012; Nguyen et al., since they can be adopted in a wide range of application
2012; Peng et al., 2011; Peng and Xiao, 2012; Pham, 2012; scenarios. Typically, they are composed of several RFID
Raghuvanshi et al., 2012; Ren and Younis, 2012; Shan tags and one or more readers. The reader acts like a scanner
et al., 2012; Silva et al., 2012; Singh and Lobiyal, 2012; to trigger the tag transmission and capture the responding
Swain and Hansdah, 2012; Thakur et al., 2012; Xiao et al., signal. The tag basically contains ID information only.
2012; Xu et al., 2012; Yu et al., 2012; Zamil et al., 2012; However, it may cooperate with certain on-board sensors to
Zeghilet et al., 2012; Zhang et al., 2012; Zheng et al., 2012a; track the status of things such as temperature, location and
Zheng et al., 2012b). Compared with the present internet, far movements.
more devices and objects with unique addressing will be In order to become truly ubiquitous, the IoT has to
connected in the IoT. evolve to provide connectivity anytime, anyplace and for
As we can see, the most challenging issues are object any ‘thing’. The ubiquity of the wireless internet is expected
unique addressing and processing the exchanged to pervade over multiple kinds of ad hoc networks. As
information over the network with different things. In other Figure 1 illustrates, these could range from personal area
words, any object or thing around us should be addressable networks to ad hoc and mesh networks to vehicular,
and capable of exchanging necessary information. The community and metropolitan area networks. Such wireless
information could simply be an ID number, or it could technologies today include IEEE 802.11-based Wi-Fi
describe the surroundings via certain sensors. Given such LANs, WCDMA and EDGE-based cellular networks, and
features, the IoT can offer a wider range of applications in Bluetooth or IrDA-based near-field communications. Wide-
different areas than what the current internet offers now. area metropolitan networks, such as IEEE 802.16 WiMAX,
According to the observation on existing IoT products, most higher speed cellular networks based upon HSDPA/
IoT applications are utilised for improving our daily lives. HSUPA/HSPA+, and low power, energy efficient radio
For example, vehicles/trains can send real-time road/rail networks, such as ZigBee, are all widely expected to play
information to the control centre and thus get a faster/safer dominant roles in the medium to long-term future for
route to the destination. Similarly, any goods equipped wireless mobility.
with RFID tags can be traced in a whole supply chain. It
indeed helps retailers on commodity management. The IoT Figure 1 An example of IoT architecture (see online version
technology also plays a very important role in the healthcare for colours)
domain. It has already formed a promising sub-direction
called telemedicine or tele-healthcare. Heterogeneous
wireless access-based remote patient monitoring systems Vehicular
can be utilised to reach the patient everywhere with multiple Personal Area Networks
wireless technologies integrated to support continuous bio- Networks
Home
signal monitoring in the presence of patient mobility (Xiao Networks
et al., 2006b; Xiao et al., 2011b). Many creative ideas are Internet
emerging on the IoT, but here, we just name a few. Enterprise
Networks
The majority of things have computation and energy Cellular
Networks
capacity constraints. We cannot simply adopt the discipline Ad-Hoc
of modern telecommunications to address the IoT Networks

communication issues. Besides, the IoT also requires the

synergetic contribution from other fields, such as electronics, IoT
informatics and social science (Atzori et al., 2010).
In addition to this range of potential wireless and radio
technologies, wireless mobility at the network level,
2.2 Architectures particularly for the internet protocol, must also be
The IoT brings extensive market potential, societal and considered. Today, such mobility has been restricted to
standardisation challenges, sustainable development, and wireless terminals obtaining their IP connectivity via
lifestyle implications (Weber, 2009). In the IoT, the number DHCP, either through a public wireless hotspot or via an
of users (both human and non-human) connected would be ad-hoc network. Most of them are using private IPv4
counted in billions. Devices are expected to greatly addresses. Furthermore, research done in future IP-level
outnumber humans and to become the biggest traffic efforts (e.g. IPv6) has begun to produce research and
 Internet of things’ authentication and access control 231

industrial prototypes. For example, after the recent the ‘things’ know that they are really accessed by that a
standardisation of Mobile IPv6, more research came to the particular service provider? This question is the original
forefront, focusing on network mobility and vehicular motivation of the paper.
networking as well as bringing IPv6 to IEEE 802.15.4-based Whereas dealing with one set of credentials is already
low-power sensor, mesh and mobile ad-hoc networks difficult, dealing with multiple credentials due to the
(Weber, 2009). Advances in delay-tolerant networking call separation of network access service and application access
for inordinate periods of disruption, in which end-hosts may service is even harder. Therefore, using the same credential
not even be reachable end-to-end at any period in time. for both types of access seems unavoidable. Besides, the
single sign on schemes are being considered as additional
optimisation tools.
3 Authentication in IOT IoT devices are expected to surround our daily lives.
Our activities could be closely monitored and reported by
Security appears to be one of the most challenging areas of them. Unless proper measures are put into place, our
designing the IoT. While ‘things’ or objects forming the IoT personal privacy will be in much bigger danger than before.
can be extremely constrained (low-computational power, Hiding the device identifiers from neighbouring elements
low-storage space, limited memory, lack of user interface), and even intermediaries will be essential. Before we design
this is no excuse for them to have less security than any a suitable authentication scheme for the IoT, a quick review
other devices on the internet. Sometimes, ‘things’ could lead on current solutions is necessary.
critical roles, such as monitors in home security systems or
controllers as a part of an intelligent transportation system. 3.1 ID/password pairs
Compromise of such devices can be more catastrophic than
For example, an original UNIX system addresses the
that of a typical device on the internet (e.g. a personal
authentication problem with the scheme of ID/password
computer (PC), or a mobile phone).
pairs (Vandenwauver et al., 1997). In order to provide proof
Security design begins with the selection of credential
of one’s identity, the user will send a shared secret to
types which will be used by the IoT devices to obtain
authorisation for network access followed by an application the system. This shared secret consists of an eight letter
request. ID/password pairs, certificates and SIM cards are word in which a letter will be any printable character. UNIX
the most popular choices being considered in the industry will typically store these encrypted passwords in the
(Stallings, 2010). However, each one of these credential ‘/etc/passwd’ file. This file contains the name of the user, a
types has its own merits and flaws. ID/password pairs are salt (a random value between 0 and 4095), and a one-way
relatively lightweight, but yet, managing them in high function applied to his password. In a standard UNIX,
quantities is not practical. Certificates provide robust and the encryption algorithm is the Data Encryption Standard
mature solutions for large-scale applications, but they (DES), where the result of the expansion is changed
require extra cost and rely on certificate authority (CA) according to the user’s salt. The one-way function is
vendors. SIM cards are attractive but only suitable for small obtained by applying the DES in Cipher Block Chain (CBC)
group of applications. The procedure to the provision of mode 25 times to an initial zero value, using the password
devices with those credentials depends on the type of the as the key.
credential. ID/password pairs may be provisioned by the This typical authentication method has been widely used
manufacturer and passed on to the service provider who in most online services. The benefit is, obviously, that it is
would be managing the devices. Certificates can be simple and easy to use. However, it requires a trustworthy
provisioned by the manufacturer and optionally overwritten party to maintain the password file. In a network scenario,
by the service provider with another certificate. Devices transmitting a password file can possibly increase the
changing service providers may require a re-provisioning vulnerability of the system. Hence, we need another
procedure, which also impacts the choice of credential type. mechanism to ensure the ID/password pairs are hardly ever
For example, ID/password-based credentials cannot be kept compromised.
the same once the device changes hands. To agree upon one
type of credentials for all kinds of devices and applications 3.2 Biometrics
is a difficult job for the industry.
It is expected that fragmentation similar to that of the Instead of using a password to identify the user, it is
internet will be seen in the IoT, and application-specific (i.e. possible to use the user’s biometrical properties
vertical) profiling could be required in order to narrow (Vandenwauver et al., 1997). It is a well-known fact that
down the possibilities and achieve interoperability. Secure these properties usually form excellent decision criteria.
service provider discovery and service-specific provisioning Their biggest advantage is that they represent something
is a challenging issue. The lack of a human user behind the that is difficult to be forged, stolen or forgotten. However,
device and the difficulty in pre-configuring a large number they also have some disadvantages, such as requiring
of devices make it difficult for device-initiated discovery specialised equipment and thus becoming a large
and selection mechanisms. On the other hand, network- investment, and resulting false alarms. Also, these biometric
initiated discovery and selection mechanism lead to device systems are not perfect: some legitimate users will
ownership problems. Especially in the IoT, how would inevitably fail the identification, and some intruders will be
232 J. Liu, Y. Xiao and C.L.P. Chen

accepted as genuine. Therefore, the FAR (False Acceptation if the system involves a huge amount of ‘thing’, time
Rate – the probability of an imposter being accepted as a synchronisation among different ‘things’ becomes a
genuine user) and the FRR (False Rejection Rate – the challenging issue.
probability of a genuine user being rejected) must be kept at
3 Challenge-response based
a minimum. The FAR and FRR are trade-off each other
(Stallings, 2010). When a person tries to identify himself/herself to the
Because the FAR and FRR will never be zero at the same system, the system generates a random challenge and sends
time, these systems are usually combined with other it to the person or to his/her device. In case of a token (e.g. a
authentication mechanisms, such as passwords, Personal mini-calculator), the user will have to response the
Identification Numbers (PINs), or hardware tokens. PINs challenge (Vandenwauver et al., 1997). The device will then
work in the same way as passwords. They usually consist of a compute the corresponding answer using secret information
secret 4–6 digit code that needs to be typed in a keypad. The that has been assigned to him/her. This answer is then sent
classic example is the use of a PIN to let a bank identify a back to the system, which verifies it. In this case, the
customer who wants to withdraw money using his ATM card. procedure does not authenticate the user but rather his/her
Since the majority of things in the IoT will have device. In order to increase the security, the user should
power, computing and storage constraints, exchanging and authenticate himself/herself with respect to the device using,
verifying biometrics information over such networks may for example, using a PIN. This makes the device useless
cause unnecessary traffic overhead. Besides, for certain if it is stolen. However, it is a lightweight solution for
types of ‘things’, designing unique ‘biometric’ identifiers authentication, which could be considered in the IoT
for them is already a challenge. Considering the number of scenarios.
IoT objects is soaring, biometric-based authentication is not
recommended for IoT here.
4 Access control in IOT
3.3 Dynamic authentication
So far, most of the access control schemes proposed for IoT
Even the very sophisticated techniques, discussed in the
concentrates on the authentication aspects instead of the access
previous section, are not full proof if it remains possible to
control while ignoring the authorisation step (Sarma and Girao,
replay the authentication information (Lei et al., 2008a; Lei
2009; Huang and Wang, 2010; Wang et al., 2010; Xiong et al.,
et al., 2008b; Xiao et al., 2008a; Xiao et al., 2008b).
2011). Considering the fact that Wireless Sensor Networks
Therefore, a good solution is to use one-time passwords. This
(WSNs) and RFID-based networks are part of the essential
method has been approved 100% secure in terms of brute
framework for the IoT, in this section, we mainly review the
force attacks. These passwords are automatically changed
state-of-the-art access control approaches in these areas.
after every login, and as a result, they eliminate the value of a
stolen or lost password. One percent of changes can
distinguish between several kinds of dynamic authentication 4.1 Typical access control methods
schemes, and we will present some of them here: Trust access control is by far a popular research area in
1 Code book trust control management technology. Access control is a
mechanism that can allow a resource possessor to define
Code book (Lei et al., 2008b; Xiao et al., 2008b) is the
management and mandatory access control conditions of a
simplest form of one-time passwords. Using an adequate
resource. Many access control models are designed for
mathematical algorithm (e.g. a one-way hash function, that
some particular situations. There are three major methods
is easy to calculate, but the procedure is very hard to invert),
for access control: arbitrary access control, mandatory
one can generate a sequence of passwords. The user can
access control and Role-Based Access Control (RBAC).
either run this algorithm on a portable computer, or it could
Syntax access control is a new type of access control
be run for him by the system administrator and then
model (Stallings, 2010). It uses machine reasoning to decide
transferred to him on a piece of paper. Each time the user
successfully accessed, he/she has to delete a password. whether application can be approved in a syntax layer
When the user runs out of passwords, the whole procedure according to resource, application, strategy, and other
can be repeated (Vandenwauver et al., 1997). The advantage entities’ syntax description. Syntax access control has better
is that it is very cheap, but the disadvantage is that if the scalability and adapts more to a dynamic environment
synchronisation between the user and the system is lost, it which has heterogeneity and complicated access rules.
becomes impossible for the user to log on. A general synchronous access control model based on
‘roles’ can show a large range of time constraint (Stallings,
2 Time based 2010). It can also implement period constraint, continuous
If the user possesses a device that can perform simple role constraint, user role allocation and role permission
computations, the security can be increased significantly. In allocation.
the time-based solution, the device will calculate the current In order to reflect the heterogeneity of IoT-merged
password based upon the current time and a secret it shares network resource, two-dimensional or multiple-dimensional
with the system (Vandenwauver et al., 1997). Nevertheless, variables are needed to show the composition of network
 Internet of things’ authentication and access control 233

resources, such as united network resource control. United leakage from the sensor nodes. Also, it provides legitimate
network resource control optimises network resource’s users the ability to change their passwords at will and has
utilisation. It aims at extending network volume and coverage better efficiency compared to the previous schemes. One
and optimising utilisation of the network resource. problem is that, however, the proposed scheme does not
provide mutual authentication between the users and the
4.2 Related work sensor nodes. Instead, it requires a centralised station for
registration and password change. This centralised approach
A WSN is considered the most similar context as the IoT. may be troublesome for the IoT.
Regardless of the unique global address, ‘thing’ with limited Wang and Li (2006) propose a distributed user access
power, computing and storage capacity, can be regarded as control under a realistic adversary model in which sensors
a node in a WSN. Research on WSN authentication and can be compromised and may collude. The authors propose
authorisation, therefore, can be used as references for a practical and scalable certificate-based local authentication
building access control policy for the IoT. that based on ECC. PKC eliminates the complicated key
Preventing nodes from being compromised is one of the management and pre-distribution required by SKC schemes.
most important yet difficult problems in WSN security, and The proposed scheme is resilient to user collusion attacks.
Benenson et al. (2005) proposed a solution using access But the feasibility of the proposed scheme is questionable.
control. The idea is to introduce collaboration among a As they claimed, their scheme takes 3.1 s to generate a
certain number of sensor nodes. To achieve the access public key and 10.8 s to conduct local authentication
control function, all neighbouring nodes will verify the user (Wang and Li, 2006). For our expectation, a user should
who is requesting to participate in the WSN. Albeit the be authenticated in less than a second (typically in
proposed scheme is sufficient to deal with aforementioned milliseconds). This scheme therefore is not acceptable in
problem, it would cause power supplies of the nodes to the IoT.
consume rapidly due to increased network traffic in WSN. Wang et al. (2006) implement access control based on
Le et al. (2009) present an energy-efficient access ECC on the TelosB mote test bed. They provide an
control scheme for WSN based upon Elliptic Curve application for access control, which shows that PKC is
Cryptography (ECC). ECC is a lightweight Public Key feasible to secure WSN, but the proposed access control
Cryptography (PKC) scheme, which is widely used in scheme is vulnerable to impersonation attacks. The
industry nowadays. The security of ECC relies on the performance of the proposed scheme is poor, and it is 80
difficulty of the Elliptic Curve Discrete Logarithm Problem times more expensive than SKC-based access control
(Du et al., 2009). The proposed solution (Le et al., 2009) has schemes. The proposed scheme achieves user authentication
better performance compared to the other PKC-based access in 10.1 s, which is not acceptable in practical real-life
control solutions and fair performance compared to Secret applications (Wang et al., 2006).
Key Cryptography (SKC) based ones. However, it requires Wang et al. (2008) give a tutorial on comparing SKC-
an additional Key Distribution Centre (KDC) to be available and PKC-based schemes for access control in WSN. Their
all the time. This may not be the case in some cases, ECC-based access control protocol provides pair-wise key
especially in the application of IoT. Using KDC could cause sharing between neighbouring sensors and local and remote
legitimate users to be rejected by the access controlling access control. Based on their analysis, it is agreed that
nodes of the WSN. the PKC-based user access control schemes are more
Shen et al. (2007) propose three different access control
advantageous in terms of the memory usage, message
strategies for the WSN. The proposed schemes have the
complexity and security resilience compared to SKC-based
following advantages compared to the traditional ones: low
user access control schemes whereas SKC-based schemes
expenses in calculation and communication, resistance to
are advantageous in terms of computational efficiency.
node capture, query replay and DoS attacks. Nevertheless,
Zhou et al. (2007) also propose an access control
they are SKC-based solutions, which are not scalable as
we know. protocol for the WSN based on the ECC algorithm, which
Wong et al. (2006) provide a dynamic user prevents malicious nodes from participating in the WSN at
authentication scheme for the WSN. In their design, the very beginning. Also, key establishment is included to
authorised users can access any of the sensor nodes using help new nodes in establishing shared keys with their
mobile devices, such as smart phones and PDAs. It also neighbours. The proposed protocol is resilient against
allows legitimate users to query sensor data at any of the most well-known attacks in WSN and achieves better
sensor nodes in an ad-hoc manner. It requires a very little computation and communication performance compared to
computational load and only simple operations. However, protocols based on RSA algorithm. The usage of PKC in
this scheme is vulnerable to replay and forgery attacks. sensor networks is a hot topic of debate and seems it will be
Besides, changing passwords is a difficult task. Passwords so for a while. Unless it is proven, the SKC will be the
could be revealed by any of the sensor nodes. Tseng et al. major tool that will be used for resource constraint sensor
(2007) fix the password problem (Wong et al., 2006). They networks.
also further enhance the security. Specifically, the scheme in Huang (2009) presents an access control scheme based
the work of Tseng et al. (2007) not only prevents replay and on ECC. The proposed scheme is useful in a sense that it
forgery attacks, but also reduces the risk of password provides a solution to the problem of new node admissions
234 J. Liu, Y. Xiao and C.L.P. Chen

to the WSN, which requires establishment of keys with the 5.2 Authentication protocol
neighbouring nodes, but on the other hand, the proposed
To better describe our protocol, we first introduce some
scheme is insecure against replay attacks. It lacks hash chain
relevant terms here.
renewability causing the WSN to be non-usable after the
usage of the last key in the hash key chain.  Fp: a finite field
 E: an elliptic curve defined on Fp with a large order
5 Our design for IOT  P: a point on E

Authentication is a communication protocol processing  G: the group of elliptic curve points on E

procedure. In the IoT, secure communication should be  h(x): a public one-way hash function, it will map the x
constructed between one ‘thing’ and another by such a to a point on G
procedure. The identity that the second ‘thing’ or object
claims should be consistent with what the first one claims.  s: the RA’s private key
Claimed identity information becomes a single message.  IDu: the identity of the user
Based on this message, we verify the identity of the ‘things’.
The purpose for both communication partners to  IDt: the identity of the ‘thing’.
implement authentication protocol is to have solid As we known, key establishments and distribution are the
communication in the high layer (e.g. application layer). In fundamental tasks for entity authentication. We can use
order to do that, usually the authentication protocol has either SKC or PKC for their implementations, but we have
several sub-tasks such as identification key establishment,
to know the pros and the cons of each algorithm. SKC-
or key switching and consultation. In an authentication
based schemes suffer the following problems: they require a
process, the identity of the claimer can be acquired through
large memory to store key materials, provide low scalability
message identification. In authenticated key establishment
due to distribution of the keys, add and revoke keys, and
protocol, key establishment materials are also important
require complicated key pre-distribution. On the other hand,
protocol messages, which is part of entity authentication.
In this section, we focus on simple and efficient secure PKC-based schemes suffer from high-energy consumption
key establishment based on ECC. For the access control and considerable time delay. PKC provides a more flexible
policy, we adopt RBAC-based authorisation method using and simple interface compared to SKC, which does not
the thing’s particular role(s) and application(s) in the require key pre-distribution, pair-wise key sharing, or
associated IoT network. complicated one-way key chain schemes. For our situation,
it is a wise choice if we adopt a PKC-based solution and at
the meantime, we also address the aforementioned constraint
5.1 Architecture
problems. Based on current research achievements, we
Based on what we have learned from current literatures of believe ECC-based solution is a solid one to be considered.
IoT, we may reasonably draw an abstract architecture for it The reason we choose ECC is that, its lightweight
(as shown in Figure 2). ‘Things’ or objects become end nodes cryptographic scheme is better suit for the constrained IoT
in the internet environment. They have unique global network.
addresses (e.g. IPv6 address) and are capable of To establish a session key for two entities, taking a user
communicating with each other over the internet. In order to and an object as an example, only three steps are required as
organise and manage massive resources, every object will follows:
pre-register on a nearby trustworthy access point or gateway
(denoted as Registration Authority, or RA). This assumption  First, the RA who is responsible for the object will
has another advantage that the RA can expend computing and choose a random point PG and compute Ps = sP over
storage capacity of the ‘things’ or objects for authentication Fp. The RA’s public key becomes (P, Ps). Note that, the
purpose. Meanwhile, RA is also able to maintain a history s is a secret key that is assumed to be assigned before
record of all access requests for auditing purpose. the RA has joined the IoT. For each user with IDu, RA
will generate Pu = h(IDu) and the private key of the user
Figure 2 An example of IoT architecture (see online version Su = s Pu.
for colours)
 Second, the user generates an ephemeral private key ‘a’
Internet of Things
and compute Qu = a Su and Qu’ = aPu. Then, the user
6 will send an authentication message {IDu, Qu,
5 HRA h(IDu||IDt||Qu||Qu’)} to the RA. Once receives the
RA 4 message, RA will compute Qu’’ = s–1Qu and
5.1
7 3 5.2 h(IDu||IDt||Qu||Qu’’), respectively. Then, it check
2 whether h(IDu||IDt||Qu||Qu’’) is equal to h(IDu||
1 IDt||Qu||Qu’) or not. If not, authentication fails.
Things User Otherwise go to Step 3.
 Internet of things’ authentication and access control 235

 The third step is the establishment for user’s session users and reflect their own characteristics and needs. As a
key. Similarly, the RA will choose a random ephemeral result, we can selectively use our favourite authentication
key ‘b’ and compute Qt = bPu for the user-‘thing’ pair. method among existing authentication methods. The
The session key will be h(abPu) based on ECC authentication mechanisms are safe and reliable. Our
algorithm. It can be computed by h(Qu’’b) = h(abPu). proposed authentication mechanism satisfies these
The user will get the session key from the response requirements. The RA verifies the certificate contents and
message, {IDt, Qt, h(IDu||IDt||Qu||Qu’’)}, by computing the identity of the ‘thing’. Two RA models exist in general
h(Qta) = h(abPu). PKC. In the first model, the RA collects and verifies the
necessary information for the requesting entity before a
Once the session key is established, RA will issue the key to
request for a certificate is submitted to the HRA. The HRA
‘thing’ and the user is able to communicate with the ‘thing’
trusts the information in the request because the RA already
directly using h(abPu). The session key can be further used
verified it. In the second model, the HRA provides the RA
for rekey purpose, which will save the time and computing
with information regarding a certificate request that it has
energy for authentication process.
already received. The RA reviews the contents and
The next question is how to authenticate a legitimate
determines if the information accurately describes the user.
user in the IoT. Before establishing the session keys, RA
The RA provides the HRA with a ‘yes’ or ‘no’ answer. It is
needs to authenticate the user’s requests. ‘Things’ and users
a device of the kind that has the same or more computing
are in different domains. They could locate in different
power, memory and data protection module. Therefore,
hierarchy level of the network. Central authentication
the RA generates key pairs and requests and receives
method is only valid if a wide accepted KDC is available. In
certificates for all ‘things’.
industry, OpenID technology solves this problem. OpenID
enables users to have a single account that allows them to
log on to many different sites by authenticating a single 5.3 Access control
identity provider (Vapen et al., 2010). One approach to A novel scheme for user access control in IoT would bring
identity management is federated identity management, in solutions to the problems addressed above. One important
which participating sites form a circle of trust. Therefore, if topic in access control is admission control for all potential
the user is authenticated to one site, the other sites will
users. Admission control algorithm decides whether new
automatically log the user in if the user visits that (Vapen
connection is accepted when communication quality is
et al., 2010). This lightweight idea should be adopted into
already ensured. When a new service request arrives, if
our design. As such, user authentication is performed in the
resource in the community (managed by the same RA) is
user domain or registered OpenID service provider. We
denote it as Home Registration Authority (HRA). Note that, still available, the request will be processed. If there is not
peer-to-peer authentication method is another solution that enough resource when a new request arrives, the call will be
can be utilised for further research. However, without congested (discarded) or put on the waiting list. In the IoT,
solving the mutual-trust problem between two entities, this there are two types of requests that need admission
approach cannot be success. connection. One is new service request launched by users in
As shown in Figure 2, a complete request procedure for the current community. The second is switching service
accessing a ‘Thing’ involves seven steps. needed by users in other communities to switch to their
current community. From the user’s perspective, an
 Step 1: User request to access a ‘Thing’;
interruption during the service is more unacceptable than
 Step 2: ‘Thing’ sends an authentication request to its being unable to be served. That is why switching service has
RA for verification purpose; higher priority in admission control strategy.
 Step 3: RA request user ID; In IoT, different networks have different features. IoT
supplies limited service bandwidth, but it has short
 Step 4: User response with HRA information; transmission delay. Wireless LAN can increase the service
 Step 5: RA verifies the user HRA information and bandwidth, but it has long transmission delay. In a
sends ID verification request to the HRA; heterogeneous network, it is crucial to supply the optimal
wireless host based on Quality of Service (QoS) request of
 Step 5.1: HRA challenge the user with a question;
each service to networks that have different resources and
 Step 5.2: User response the challenge with an answer; services. There are many wireless LAN QoS research (Xiao,
 Step 6: HRA response ID OK or not; 2003; Xiao, 2004a; Xiao, 2004b; Xiao and Li, 2004a; Xiao
et al., 2004; Xiao and Li, 2004b; Xiao and Li, 2004c; Xiao
 Step 7: RA response the ‘Thing’ about the user ID and et al., 2007a; Li et al., 2008; Xiao et al., 2008c; Xiao et al.,
issue a session key with the user as we described. 2008d; Xiao et al., 2009a). According to different demands
The IoT needs to authenticate entities that are accessing the of service quality, service flow can be divided and
pervasive network in order to provide service to only scheduled. Service streams can be rated as different service
registered members. The entity may be an IoT user or a levels and are transmitted in separate networks, which
device. The IoT is able to support a wide range of ages of improve the service quality of the whole IoT network.
236 J. Liu, Y. Xiao and C.L.P. Chen

In terms of nodes in coupling-interconnected IoT Several RBAC models are already provided nowadays
network, data stream received or sent can be divided in when integrating constraints, sessions and other information
nodes in IoT network. The principles of division vary based into the basic model. The access policy could vary based on
on service requirement. Divided data stream can only be different types of applications.
transmitted on IoT. Flow converges when data stream gets
to the nodes can be improved so that service quality in IoT 5.4 Security analysis
network. A feasible IoT admission control algorithm is
In this section, we will analyse whether our proposed
hence designed. When a new connection arrives, RA will
protocol is secure or not.
judge whether there are free resources available for
interconnected networks that launch connection requests. It 1 Eavesdropping attack
will also decide what mechanism is needed to accept current
Each run produces a different session key, and knowledge
connection request.
of past session keys does not allow deduction of future
When we have flow scheduling in multiple services in
session keys. In our scheme, the session key is calculated by
IoT network, all of the data streams’ waiting and priority
one way hash and session secrets. Know that only the user
management are in charge of the united flow scheduler and
and RA know the abPu, which is computed from the random
under the united admission control. Admission control
ephemeral key. That is, even if the previous session secrets
algorithm optimises the system volume and reduces the
are revealed, the other secrets will remain unknown to the
quality decline caused by increasing data missing rate so
adversary.
that both of which can be balanced.
It is easy to control centralising by using strategy-based 2 Man-in-the-middle attack
resource management. By using such a method, the network
Compromising of a long-term secret key, such as RA’s at
state can have consistency, and the IoT of different network
some point in the future, does not lead to compromise of
technologies can be managed together. Methods based on
communications in the past. Note that in our scheme, even if
strategy make it easy to implement united control over
the adversary compromises the RA’s secret key, it cannot
heterogeneous network and to set up local control in sub-
compromise the previous session key because the adversary
networks by using hierarchical strategy mechanism.
If we consider the admission control is from resources’ cannot know the ephemeral key a or b such that it cannot
perspective, we should analyse the access control from compute the session key. Also, our protocols satisfy both
users’ perspective as well. In RBAC model, users are partial forward secrecy and perfect forward secrecy since it
assigned to different roles with certain privileges. A role is hard to compute the session key without knowing the
represents a specific function within a community and can ephemeral key a or b.
be seen as a set of actions or responsibilities associated with 3 Key control attack
this function. In an RBAC model, all grant authorisations
deal with roles rather than being granted directly to users. Both communication entities select a random number to
Users are made members of roles, which thereby generate the session key, which would be discarded after the
acquires the roles’ authorisations. User access to resources session expired. Neither one can control the outcome of the
is controlled by roles. Each user is authorised to play certain session by, for example, restricting it to lie in some
roles, and based on his own role, he/she can access the predetermined small set. In other words, neither entity can
resources and operate them correspondingly. As a role force the session key to a pre-selected value. Hence, our
organises a set of related authorisations together, it can proposed protocol can resist any key control attack.
simplify the authorisation management. Whenever a user 4 Replay attack
needs a certain type of authority to perform an activity,
he/she only has to be granted the authority of a proper role, In case a malicious one gained a valid session key or
rather than directly assigned the specific authorisations. captured network traffic in the IoT, the protocol should
Furthermore, when he/she changes his/her function inside resist replay attack by introducing a nonce in every
the community, he/she needs to revoke the permission transmitted message. However, it is an optional choice that
function of the role. Complicated cascaded authorisation could vary on different applications. Besides, the session
revoke operations are no longer needed. key could be used for identification. Therefore, replayed
RBAC ensures that only authorised users are given message from unidentified person will be discarded.
access to certain data or resources. It also supports three
well-known security principles: information hiding, least-
privilege and separation of duties. 6 Open issues
Role hierarchy in RBAC is a natural way of organising
roles to reflect the organisation’s lines of authority and The domain of connected objects is soaring and will sooner
responsibility. By convention, junior roles appear at the or later form a significant share of the IoT, a world-wide
bottom of the hierarchic role diagrams and senior roles network of interconnected physical devices. This mass of
at the top. The hierarchic diagrams are partial orders. different products is a challenge for user experienced
Therefore, they are reflexive, transitive and anti-symmetric. professionals both in industry and in academia. According
 Internet of things’ authentication and access control 237

to the analysis above, several open issues are to be References

considered, as follows: Abbasi, A., Younis, M.F. and Baroudi, U.A. (2012) ‘A least-
The IoT is extremely vulnerable to attacks for several movement topology repair algorithm for partitioned wireless
reasons. First, its components often spend most of the time sensor-actor networks’, International Journal of Sensor
unattended, and thus, it is easy to physically attack them. Networks, Vol. 11, No. 4, pp.250–262.
Second, most of the communications are wireless, which Abdalla, M., Bresson, E., Chevassut, O., Moller, B. and
makes eavesdropping extremely simple. Finally, most of the Pointcheval, D. (2007) ‘Strong password-based authentication
IoT components are characterised by low capabilities in in TLS using the three-party group Diffie–Hellman protocol’,
International Journal of Security and Networks, Vol. 2,
terms of both energy and computing resources (this is Nos. 3/4, pp.284–296.
especially the case for passive components). Therefore, they Aly, S.A. (2012) ‘Distributed data collection and storage
cannot implement complex schemes supporting security. algorithms for collaborative learning vision sensor devices
More specifically, the major security problems are with applications to pilgrimage’, International Journal of
authentication and data integrity. Authentication is difficult as Sensor Networks, Vol. 12, No. 3, pp.137–148.
it usually requires appropriate authentication infrastructures Asadpour, M., Sattarzadeh, B. and Movaghar, A. (2008)
and servers that achieve their goal through the exchange of ‘Anonymous authentication protocol for GSM networks’,
appropriate messages with other nodes. In the IoT, such International Journal of Security and Networks, Vol. 3, No. 1,
pp.54–62.
approaches are not feasible given that passive RFID tags
cannot exchange too many messages with the authentication Atzori, L., Iera, A. and Morabito, G. (2010) ‘The Internet of
things: a survey’, Computer Networks, Vol. 54, No. 15,
servers. The same reasoning applies (in a less restrictive way) pp.2787–2805.
to the sensor nodes as well. Besides our method, the IoT Balakrishnan, M., Benhaddou, D. and Yuan, X. (2012)
requires more researches on authentication schemes. ‘Preemptive emergency medium access for wireless sensor
Several solutions have been proposed for sensor networks in networks: performance under realistic network conditions’,
the recent past; however, existing solutions can be applied International Journal of Sensor Networks, Vol. 11, No. 2,
when sensor nodes are considered as a part of a sensor network pp.90–99.
connected to the rest of the internet via some nodes playing the Barua, M., Liang, X., Lu, R. and Shen, X. (2011) ‘ESPAC:
roles of gateways. In the IoT scenarios, instead, sensor nodes enabling security and patient-centric access control for
must be seen as nodes of the internet so that it becomes eHealth in cloud computing’, International Journal of
necessary to authenticate them even from nodes not belonging Security and Networks, Vol. 6 Nos. 2/3, pp.67–76.
to the same sensor network. To deal with such difference in Beghdad, R. (2012) ‘Efficient coverage protocol without location
authentication and access control design is a challenge. information’, International Journal of Sensor Networks,
Vol. 11, No. 4, pp.263–273.
Benenson, Z., Gartner, F. and Kesdogan, D. (2005) ‘An
algorithmic framework for robust access control in wireless
7 Conclusion sensor networks’, Proceedings of the 2nd European
Workshop on Wireless Sensor Networks, pp.158–165.
The IoT is a promising concept for a future network. Cai, Z., Ji, S. and Li, J. (2012) ‘Data caching-based query processing
Building a secure and robust IoT from the very beginning in multi-sink wireless sensor networks’, International Journal
still requires continuous efforts and contributions from of Sensor Networks, Vol. 11, No. 2, pp.109–125.
researchers, industrials and governments. This paper mainly Callegari, C., Giordano, S., Pagano, M. and Pepe, T. (2012)
analyses existing authentication and access control methods, ‘Detecting anomalies in backbone network traffic: a
performance comparison among several change detection
and then, it designs a feasible one for the IoT. Analysis
methods’, International Journal of Sensor Networks, Vol. 11,
results show that our approach can prevent attacks like No. 4, pp.205–214.
eavesdropping, the man-in-the middle, key control attack Cao, J., Jia, X. and Shu, L. (2012) ‘Editorial’, International
and replay attacks. In order to see the performance in a real Journal of Sensor Networks, Vol. 11, No. 1, pp.1–2.
network in terms of traffic overhead and message delay, our Chen, H. and Li, M. (2012a) ‘Editorial’, International Journal of
next job is to establish an experimental platform for the IoT Sensor Networks, Vol. 12, No. 2, pp.63–64.
to evaluate our authentication and access control protocol. Chen, B. and Liu, W. (2012b) ‘A high computational power
wireless sensor network for distributed structural health
monitoring’, International Journal of Sensor Networks,
Acknowledgements Vol. 11, No. 3, pp.137–147.
Chew, L.W., Chia, W.C., Ang, L. and Seng, K.P. (2012) ‘Low-
This work is supported in part by The US National Science memory video compression architecture using strip-based
processing for implementation in wireless multimedia sensor
Foundation (NSF), under grants CNS-0716211, CCF- networks’, International Journal of Sensor Networks, Vol. 11,
0829827, CNS-0737325 and CNS-1059265. Professor No. 1, pp.33–47.
Chen’s work is supported in part by the National Chia, W.C., Chew, L.W., Ang, L. and Seng, K.P. (2012) ‘Low
Fundamental Research 973 Program of China under grant memory image stitching and compression for WMSN using
2011CB302801 and the Macau Science and Technology strip-based processing’, International Journal of Sensor
Development Fund grant number 008/2010/A1. Networks, Vol. 11, No. 1, pp.22–32.
238 J. Liu, Y. Xiao and C.L.P. Chen

Choi, T., Acharya, H.B. and Gouda, M.G. (2011) ‘Is that you? Kim, K., Jeon, J. and Yoo, K. (2006) ‘Efficient and secure password
Authentication in a network without identities’, International authentication schemes for low-power devices’, International
Journal of Security and Networks, Vol. 6, No. 4, pp.181–190. Journal of Sensor Networks, Vol. 2, Nos. 1/2, pp.77–81.
Du, X., Guizani, M., Xiao, Y. and Chen, H. (2009) ‘A routing- Krontiris, I. and Dimitriou, T. (2011) ‘Scatter – secure code
driven elliptic curve cryptography based key management authentication for efficient reprogramming in wireless sensor
scheme for heterogeneous sensor networks’, IEEE networks’, International Journal of Sensor Networks, Vol. 10,
Transactions on Wireless Communications, Vol. 8, No. 3, Nos. 1/2, pp.14–24.
pp.1223–1229. Laur, S. and Pasini, S. (2009) ‘User-aided data authentication’,
Fathy, A., ElBatt, T. and Youssef, M. (2011) ‘A source International Journal of Security and Networks, Vol. 4,
authentication scheme using network coding’, International Nos. 1/2, pp.69–86.
Journal of Security and Networks, Vol. 6 Nos. 2/3, pp.112–122. Le, X.H., Lee, S., Butun, I., Khalid, M. and Sankar, R. (2009) ‘An
Gamm, G.U., Kostic, M., Sippel, M. and Reindl, L.M. (2012) energy efficient access control for sensor networks based on
‘Low-power sensor node with addressable wake-up on- elliptic curve cryptography’, Journal of Communications and
demand capability’, International Journal of Sensor Networks, Vol. 11, No. 6, pp.599–606.
Networks, Vol. 11, No. 1, pp.48–56. Lee, D.G., Han, J., Park, D.S. and Lee, I.Y. (2009) ‘Intelligent
Gao, X., Wu, W., Zhang, X. and Li, X. (2012) ‘A constant-factor pervasive network authentication – s/key based device
approximation for d-hop connected dominating sets in unit authentication’, The 6th IEEE Consumer Communications
disk graph’, International Journal of Sensor Networks, and Networking Conference (CCNC 2009), Las Vegas, NV,
Vol. 12, No. 3, pp.125–136. pp.1–5.
Goodney, A. and Cho, Y.H. (2012) ‘Water temperature sensing Lee, S. and Sivalingam, K.M. (2009) ‘An efficient one-time
with microtomography’, International Journal of Sensor password authentication scheme using a smart card’,
Networks, Vol. 12, No. 2, pp.65–77. International Journal of Security and Networks, Vol. 4, No. 3,
Grau, D., Zeng, L. and Xiao, Y. (2012) ‘Automatically tracking pp.145–152.
engineered components through shipping and receiving Lei, M., Xiao, Y., Vrbsky, S.V. and Li, C-C. (2008a) ‘Virtual
processes with passive identification technologies’, password using random linear functions for on-line services,
Automation in Construction, Vol. 28, pp.36–44. ATMs, and pervasive computing’, Computer Communications
Guo, W., Xiong, N., Vasilakos, A.V., Chen, G. and Yu, C. (2012) Journal, Vol. 31, No. 18, pp.4367–4375.
‘Distributed k-connected fault-tolerant topology control Lei, M., Xiao, Y., Vrbsky, S.V., Li, C-C. and Li, L. (2008b) ‘A
algorithms with PSO in future autonomic sensor systems’, virtual password scheme to protect passwords’, Proceedings
International Journal of Sensor Networks, Vol. 12, No. 1, of IEEE ICC 2008, 19–23 May, pp.1536–1540.
pp.53–62. Li, D., Liu, L. and Du, H. (2012) ‘An approximation algorithm for
Hänel, M.L., Kuhn, S., Henrich, D., Grüne, L. and Pannek, J. dominating nodes selection in multi-channel multi-radio
(2012) ‘Optimal camera placement to measure distances wireless sensor networks’, International Journal of Sensor
regarding static and dynamic obstacles’, International Journal Networks, Vol. 11, No. 1, pp.57–65.
of Sensor Networks, Vol. 12, No. 1, pp.25–36. Li, H., Xiao, Y. and Zhang, J. (2008, February) ‘Variable bit rate
He, J., Ji, S., Yan, M., Pan, Y. and Li, Y. (2012) ‘Load-balanced VoIP in IEEE 802.11e wireless LANs’, IEEE Wireless
CDS construction in wireless sensor networks via genetic Communications Magazine, Special Issue on ‘Medium Access
algorithm’, International Journal of Sensor Networks, Control Protocols for Wireless LANs, pp.56–62.
Vol. 11, No. 3, pp.166–178. Li, R., Li, J. and Chen, H. (2007) ‘DKMS: distributed hierarchical
Hu, F., Celentano, L. and Xiao, Y. (2009) ‘Error-resistant RFID- access control for multimedia networks’, International
assisted wireless sensor networks for cardiac tele-healthcare’, Journal of Security and Networks, Vol. 2, Nos. 1/2, pp.3–10.
Wireless Communications and Mobile Computing, Vol. 9, Liang, X. and Xiao, Y. (2012) ‘Studying the stochastic capturing of
No. 1, pp.85–101. moving intruders by mobile sensors’, Computers and
Hu, F., Kumar, S. and Xiao, Y. (2007) ‘Towards a secure, Mathematics with Applications, Vol. 64, No. 8, pp.2431–2449.
RFID/sensor based tele-cardiology system’, Proceedings of Lim, H., Kim, M., Lee, J., Seo, D. and Chung, T.M. (2011) ‘Reducing
IEEE CCNC 2007, pp.732–736. communication overhead for nested NEMO networks: roaming
Huang, H.F. (2009) ‘A novel access control protocol for secure authentication and access control structure’, IEEE Transactions
sensor networks’, Journal of Computer Standards and on Vehicular Technology, No. 99, pp.1–17.
Interfaces, Vol. 31, No. 2, pp.272–276. Lin, C-Y., Tseng, Y-C. and Lai, T.H. (2012) ‘Exploiting spatial
Huang, H. and Wang, H. (2010) ‘Studying on internet of things correlation at the link layer for event-driven sensor networks’,
based on fingerprint identification’, Proceedings of 2010 International Journal of Sensor Networks, Vol. 12, No. 1,
International Conference on Computer Application and pp.1–15.
System Modelling (ICCASM 2010), pp.628–630. Lin, X., Ling, X., Zhu, H., Ho, P. and Shen, X. (2008) ‘A novel
Huang, S. and Shieh, S. (2010) ‘Authentication and secret search localized authentication scheme in IEEE 802.11 based
mechanisms for RFID-aware wireless sensor networks’, Wireless Mesh Networks’, International Journal of Security
International Journal of Security and Networks, Vol. 5, No. 1, and Networks, Vol. 3, No. 2, pp.122–132.
pp.15–25. Liu, J. and Xiao, Y. (2011) ‘Temporal accountability and
Jiang, Y., Lin, C., Shi, M. and Shen, X. (2006) ‘A self-encryption anonymity in medical sensor networks’, ACM/Springer
authentication protocol for teleconference services’, Mobile Networks and Applications (MONET), Special Issue:
International Journal of Security and Networks, Vol. 1, Wireless and Personal Communications, Vol. 16, No. 6,
Nos. 3/4, pp.198–205. pp.695–712.
 Internet of things’ authentication and access control 239

Liu, J., Xiao, Y. and Chen, C.L.P. (2012) ‘Authentication and Scannell, A., Varshavsky, A., LaMarca, A. and De Lara, E.
access control in the internet of things’, The Proceedings of (2009) ‘Proximity-based authentication of mobile devices’,
the 2012 32nd International Conference on Distributed International Journal of Security and Networks, Vol. 4,
Computing Systems Workshops (ICDCSW 2012), pp.588–592. Nos. 1/2, pp.4–16.
Luu, H.V. and Tang, X. (2012) ‘An efficient data collection Shan, S., Wu, W., Wang, W., Du, H., Gao, X. and Jiang, A. (2012)
scheme through multi-path routing structures in wireless ‘Constructing minimum interference connected dominating
sensor networks’, International Journal of Sensor Networks, set for multi-channel multi-radio multi-hop wireless network’,
Vol. 12, No. 2, pp.106–124. International Journal of Sensor Networks, Vol. 11, No. 2,
McCune, J.M., Perrig, A. and Reiter, M.K. (2009) ‘Seeing-is- pp.100–108.
believing: using camera phones for human-verifiable Sharma, M.J. and Leung, V.C.M. (2011) ‘Improved IP multimedia
authentication’, International Journal of Security and subsystem authentication mechanism for 3G-WLAN
Networks, Vol. 4, Nos. 1/2, pp.43–56. networks’, International Journal of Security and Networks,
Medjiah, S., Ahmed, T. and Asgari, A.H. (2012) ‘Streaming Vol. 6, Nos. 2/3, pp.90–100.
multimedia over WMSNs: an online multipath routing Shen, Y., Ma, J. and Pei, Q. (2007) ‘An access control scheme in
protocol’, International Journal of Sensor Networks, Vol. 11, wireless sensor networks’, NPC Workshops, IFIP
No. 1, pp.10–21. International Conference on Network and Parallel
Mustafa, H.E.H., Zhu, X., Li, Q. and Chen, G. (2012) ‘Efficient Computing Workshops, 18–21 September, pp.362–367.
median estimation for large-scale sensor RFID systems’, Silva, R., Silva, J., Caldeira, J.M.L.P. and Rodrigues, J.J.P.C. (2012)
International Journal of Sensor Networks, Vol. 12, No. 3, ‘Mobile multimedia in wireless sensor networks’, International
pp.171–183. Journal of Sensor Networks, Vol. 11, No. 1, pp.3–9.
Nandi, A. and Kundu, S. (2012) ‘Optimal transmit power and Singh, B. and Lobiyal, D.K. (2012) ‘An energy-efficient adaptive
packet size in wireless sensor networks in lognormal clustering algorithm with load balancing for wireless sensor
shadowed environment’, International Journal of Sensor network’, International Journal of Sensor Networks, Vol. 12,
Networks, Vol. 11, No. 2, pp.81–89. No. 1, pp.37–52.
Nguyen, D.T., Nguyen, N.P., Thai, M.T. and Helal, A. (2012) Stallings, W. (2010) Cryptography and Network Security,
‘Optimal and distributed algorithms for coverage hole healing
Principles and Practice, 5th ed., Prentice Hall, Upper
in hybrid sensor networks’, International Journal of Sensor
Networks, Vol. 11, No. 4, pp.228–240.
Saddle River, NJ.
Su, X. and Xiao, Y. (2007) ‘Energy consumption for multiple
Olteanu, A., Xiao, Y., Hu, F., Sun, B. and Deng, H. (2011) ‘A
lightweight block cipher based on a multiple recursive object identification system with active RFID tags’,
Proceedings of IEEE WCNC 2007, pp.4022–4026.
generator for wireless sensor networks and RFID’, Wireless
Communications and Mobile Computing (WCMC) Journal, Su, X. and Xiao, Y. (2008) ‘Analysis of energy consumption for
Vol. 11, No. 2, pp.254–266. multiple object identification system with active RFID tags’,
Wireless Communications and Mobile Computing, Vol. 8,
Olteanu, A., Xiao, Y., Wu, K. and Du, X. (2010) ‘Weaving a
proper net to catch large objects in wireless sensor networks’, No. 7, pp.953–962.
IEEE Transactions on Wireless Communications, Vol. 9, Sun, B., Li, C. and Xiao, Y. (2006) ‘A lightweight secure solution
No. 4, pp.1360–1369. for RFID’, Proceedings of GLOBECOM 2006, 27 November
Peng, M., Chen, H., Xiao, Y., Ozdemir, S., Vasilakos, A.V. and –1 December, San Francisco, CA.
Wu, J. (2011) ‘Impacts of sensor node distributions on Sun, B., Xiao, Y., Li, C-C., Chen, H. and Yang, T.A. (2008)
coverage in sensor networks’, Journal of Parallel and ‘Security co-existence of wireless sensor networks and RFID
Distributed Computing, Vol. 71, No. 12, pp.1578–1591. for pervasive computing’, Computer Communications
Peng, M. and Xiao, Y. (2012) ‘A survey of reference structure for Journal, Vol. 31, No. 18, pp.4294–4303.
sensor systems’, IEEE Communications Surveys & Tutorials, Swain, A.R. and Hansdah, R.C. (2012) ‘A weighted average-based
Vol. 14, No. 3, pp.897–910. external clock synchronisation protocol for wireless sensor
Peng, M., Xiao, Y. and Wang, P. (2009) ‘Error analysis and Kernel networks’, International Journal of Sensor Networks, Vol. 12,
density approach of scheduling sleeping nodes in wireless No. 2, pp.89–105.
sensor networks’, IEEE Transactions on Vehicular Tartary, C. and Wang, H. (2007) ‘Efficient multicast stream
Technology, Vol. 58, No. 9, pp.5105–5114. authentication for the fully adversarial network model’,
Pham, C. (2012) ‘Coverage and activity management of wireless video International Journal of Security and Networks, Vol. 2,
sensor networks for surveillance applications’, International Nos. 3/4, pp.175–191.
Journal of Sensor Networks, Vol. 11, No. 3, pp.148–165. Thakur, G.S., Kumar, U., Hsu, W. and Helmy, A. (2012) ‘Gauging
Raghuvanshi, A.S., Tiwari, S., Tripathi, R. and Kishor, N. (2012) human mobility characteristics and its impact on mobile
‘Optimal number of clusters in wireless sensor networks: a routing performance’, International Journal of Sensor
FCM approach’, International Journal of Sensor Networks, Networks, Vol. 11, No. 3, pp.179–191.
Vol. 12, No. 1, pp.16–24. Tsai, W. and Shao, Q. (2011) ‘Role-based access-control using
Ren, Z. and Younis, M. (2012) ‘Exploiting architectural techniques reference ontology in clouds’, Proceedings of the 10th
for boosting base-station anonymity in wireless sensor International Symposium on Autonomous Decentralized
networks’, International Journal of Sensor Networks, Vol. 11, Systems, pp.121–128.
No. 4, pp.215–227. Tseng, H., Jan, R. and Yang, W. (2007) ‘An improved dynamic
Sarma, A. and Girao, J. (2009) ‘Identities in the future Internet of user authentication scheme for wireless sensor networks’,
things’, Wireless Personal Communications: An International IEEE Global Communications Conference, 26–30 November,
Journal, Vol. 49, No. 3, pp.353–363. pp.986–990.
240 J. Liu, Y. Xiao and C.L.P. Chen

Vandenwauver, M., Govaerts, R. and Vandewalle, J. (1997) Xiao, Y., Chen, H., Sun, B., Wang, R. and Sethi, S. (2006a) ‘MAC
‘Overview of authentication protocols’, The Institute of security and security overhead analysis in the IEEE 802.15.4
Electrical and Electronics Engineers 31st Annual 1997 wireless sensor networks’, EURASIP Journal on Wireless
International Carnahan Conference on Security Technology, Communications and Networking, Doi:10.1155/WCN/
Canberra, Australia, pp.108–113. 2006/93830.
Vapen, A., Byers, D. and Shahmehri, N. (2010) ‘2-clickAuth – Xiao, Y., Shen, X., Sun, B. and Cai, L. (2006b) ‘Security and
optical challenge-response authentication’, Proceedings of privacy in RFID and applications in telemedicine’, IEEE
2010 International Conference on Availability, Reliability and Communications Magazine, Vol. 44. No. 4, pp.64–72.
Security, pp.79–86. Xiao, Y. and Shroff, S. (2006) ‘Security issues in radio frequency
Wang, H. and Li, Q. (2006) ‘Distributed user access control in identification’, Security in Sensor Networks, Auerbach
sensor networks’, Distributed Computing in Sensor Systems, Publications, Boca Raton, FL, pp.47–61.
pp.305–320.
Xiao, Y., Li, H. and Li, B. (2007b) ‘Bandwidth sharing schemes
Wang, H., Sheng, B. and Li, Q. (2006) ‘Elliptic curve for multimedia traffic in the IEEE 802.11e contention-based
cryptography-based access control in sensor networks’, WLANs’, IEEE Transactions on Mobile Computing, Vol. 6,
International Journal of Security and Networks, Vol. 1, No. 3, No. 7, pp.815–831.
pp.127–137.
Xiao, Y., Yu, S., Wu, K., Ni, Q., Janecek, C. and Nordstad, J. (2007b)
Wang, H., Sheng, B., Tan, C. and Li, Q. (2008) ‘Comparing ‘Radio frequency identification: technologies, applications, and
symmetric-key and public-key based security schemes in research issues’, Wireless Communications and Mobile
sensor networks: a case study of user access control’, The Computing (WCMC) Journal, Vol. 7, No. 4, pp.457–472.
28th International Conference on distributed Computing
Systems, ICDCS’08, pp.11–18. Xiao, Y., Yu, S., Wu, K., Ni, Q., Janecek, C. and Nordstad, J.
(2007b) ‘Radio frequency identification: technologies,
Wang, J. and Smith, G.L. (2010) ‘A cross-layer authentication applications, and research issues’, Wireless Communications
design for secure video transportation in wireless sensor and Mobile Computing Journal, Vol. 7, No. 4, pp.457–472.
network’, International Journal of Security and Networks,
Vol. 5, No. 1, pp.63–76. Xiao, Y., Li, C-C., Lei, M. and Vrbsky, S.V. (2008a) ‘Secret little
functions and codebook for protecting users from password
Wang, K., Bao, J., Wu, M. and Lu, W. (2010) ‘Research on theft’, Proceedings of IEEE ICC 2008, pp.1525–1529.
security management for internet of things’, Proceedings of
2010 International Conference on Computer Application and Xiao, Y., Li, C-C., Lei, M. and Vrbsky, S.V. (2008b)
System Modelling (ICCASM 2010), pp.133–137. ‘Differentiated virtual passwords, secret little functions, and
codebooks for protecting users from password theft’, IEEE
Weber, R.H. (2009) ‘Internet of things – need for a new legal Systems Journal, DOI: 10.1109/JSYST.2012.2183755.
environment?’, Computer Law & Security Review, Vol. 25,
No. 6, pp.522–527. Xiao, Y., Li, H., Li, M., Zhang, J., Li, B. and Hu, F. (2008c)
‘Dynamic budget partition scheme for integrated
Weber, R.H. (2010) ‘Internet of things – new security and privacy voice/video/data traffic in the IEEE 802.11e WLANs’,
challenges’, Computer Law & Security Review, Vol. 26, Proceedings of IEEE ICC 2008, pp.3085–3089.
No. 1, pp.23–30.
Xiao, Y., Li, H., Li, M., Zhang, J., Li, B. and Hu, F. (2008d)
Wong, K., Zheng, Y., Cao, J. and Wang, S. (2006) ‘A dynamic ‘Dynamic bandwidth partition with finer-tune (DP-FT)
user authentication scheme for wireless sensor networks’, scheme for multimedia IEEE 802.11e WLANs’, Proceedings
IEEE International Conference on Sensor Networks, of IEEE WCNC 2008, pp.3202–3207.
Ubiquitous, and Trustworthy Computing, 5–7 June, Taichung,
Xiao, Y. and Liang, X. (2009) ‘Bio-Inspired communications
Taiwan.
among robots, sensors, and RFID Tags’, Proceedings of IEEE
Xiao, Y. (2003) ‘A simple and effective priority scheme for IEEE ICMA 2009, pp.3573–3578.
802.11’, IEEE Communications Letters, Vol. 7, No. 2, pp.70–72.
Xiao, Y. and Zhang, Y. (2009) ‘Surveillance and tracking system
Xiao, Y. (2004a) ‘IEEE 802.11e: a QoS provisioning at the MAC with collaboration of robots, sensor nodes, and RFID tags’,
layer’, IEEE Wireless Communications, Vol. 11, No. 3, Proceedings of ICCCN 2009, pp.1–6 DOI: 10.1109/
pp.72–79. ICCCN.2009.5235295.
Xiao, Y. (2004b) ‘QoS guarantee and provisioning at the Xiao, Y., Li, H. and Choi, S. (2009a) ‘Two-level protection and
contention-based wireless MAC Layer in the IEEE 802.11e guarantee for multimedia traffic in IEEE 802.11e distributed
wireless LANs’, IEEE Wireless Communications, Special WLANs’, ACM/Springer Wireless Networks, Vol. 15, No. 2,
Issue on Voice over Wireless Local Area Network, pp.14–21. pp.141–161.
Xiao, Y. and Li, H. (2004a) ‘Local data control and admission Xiao, Y., Zhang, Y., Peng, M., Chen, H., Du, X., Sun, B. and Wu,
control for ad hoc wireless networks’, IEEE Transactions on K. (2009b) ‘Two and three-dimensional intrusion object
Vehicular Technology, Vol. 53, No. 5, pp.1558–1572. detection under randomized scheduling algorithms in
Xiao, Y. and Li, H. (2004b) ‘Evaluation of a distributed admission sensor networks’, Computer Networks, Vol. 53, No. 14,
control for the IEEE 802.11e EDCF’, IEEE Communications pp.2458–4475.
Magazine, Vol. 42, No. 9, pp.S20–S24. Xiao, Y., Chen, H., Wu, K., Sun, B., Zhang, Y., Sun, X. and Liu,
Xiao, Y. and Li, H. (2004b) ‘Voice and video transmissions with C. (2010) ‘Coverage and detection of a randomized
global data parameter control for the IEEE 802.11e enhance scheduling algorithm in wireless sensor networks’, IEEE
distributed channel access’, IEEE Transactions on Parallel Transactions on Computers, Vol. 59, No. 4, pp.507–521.
and Distributed Systems, Vol. 15, No. 11, pp.1041–1053. Xiao, Y. and Zhang, Y. (2011) ‘Divide- and conquer-based
Xiao, Y., Li, H. and Choi, S. (2004) ‘Protection and guarantee for surveillance framework using robots, sensor nodes, and RFID
voice and video traffic in IEEE 802.11e wireless LANs’, tags’, Wireless Communications and Mobile Computing,
Proceedings of IEEE INFOCOM 2004, pp.2153–2163. Vol. 11, No. 7, pp.964–979.
 Internet of things’ authentication and access control 241

Xiao, Y., Zhang, Y. and Liang, X. (2011a) ‘Primate-inspired Zamil, M.A., Samarah, S., Saifan, A. and Smadi, I.A. (2012)
communication methods for mobile and static sensors and RFID ‘Dispersion-based prediction framework for estimating
tags’, ACM Transactions on Autonomous and Adaptive Systems, missing values in wireless sensor networks’, International
Vol. 6, No. 4, pp.26:1–26:37. DOI: 10.1145/ 2019591.2019595. Journal of Sensor Networks, Vol. 12, No. 3, pp.149–159.
Xiao, Y., Takahashi, D., Liu, J., Deng, H. and Zhang, J. (2011b) Zeghilet, H., Maimour, M., Badache, N. and Lepage, F. (2012)
‘Wireless telemedicine and m-health: technologies, applications, ‘On the use of passive clustering in wireless video sensor net
and research issues’, International Journal of Sensor Networks, workers’, International Journal of Sensor Networks, Vol. 11,
Vol. 10, No. 4, pp.202–236. No. 2, pp.67–80.
Xiao, Y., Zhang, Y., Gibson, J.H., Xie, G.G. and Chen, H. (2011c) Zhang, X., Xie, L. and Shen, X. (2012) ‘Energy-efficient
‘Performance analysis of aloha and p-persistent aloha for transmission and bit allocation schemes in wireless sensor
multi-hop underwater acoustic sensor networks’, Cluster networks’, International Journal of Sensor Networks, Vol. 11,
Computing, Vol. 14, No. 1, pp.65–80. No. 4, pp.241–249.
Xiao, Y., Peng, M., Gibson, J., Xie, G.G., Du, D. and Vasilakos, T. Zhang, Y. and Xiao, Y. (2009) ‘Primate-inspired scent marking for
(2012) ‘Tight performance bounds of multi-hop fair-access mobile and static sensors and RFID tags’, Proceedings of
for MAC protocols in wireless sensor networks and ICCCN 2009, pp.1–5. DOI: 10.1109/ICCCN.2009.5235294.
underwater sensor networks’, IEEE Transactions on Mobile Zhao, X., Li, L. and Xue, G. (2011) ‘Authenticating strangers in
Computing, Vol. 11, No. 10, pp.1538–1554. online social networks’, International Journal of Security and
Xiong, L., Zhou, X. and Liu, W. (2011) ‘Research on the architecture Networks, Vol. 6, No. 4, pp.237–248.
of trusted security system based on the Internet of things’, Zheng, J., Huang, Y. and Xiao, Y. (2012b) ‘The effect of leaders
Proceedings of the 4th International Conference on Intelligent on the consistency of group behavior’, International Journal
Computation Technology and Automation, pp.1172–1175. of Sensor Networks, Vol. 11, No. 2, pp.126–135.
Xu, H., Huang, L., Zhang, Z., Liu, G. and Zhang, Y. (2012) Zheng, J., Li, J., Lee, M.J. and Anshel, M. (2006) ‘A lightweight
‘Cooperative relay assignment for static energy-constrained encryption and authentication scheme for wireless sensor
networks’, International Journal of Sensor Networks, Vol. 11, networks’, International Journal of Security and Networks,
No. 3, pp.192–203. Vol. 1, Nos. 3/4, pp.138–146.
Yang, M. (2010) ‘Lightweight authentication protocol for mobile Zheng, J., Sun, Y., Huang, Y., Wang, Y. and Xiao, Y. (2012a)
RFID networks’, International Journal of Security and ‘Error analysis of range-based localisation algorithms in
Networks, Vol. 5, No. 1, pp.53–62. wireless sensor networks’, International Journal of Sensor
Yu, C., Fiske, R., Park, S. and Kim, W. (2012) ‘Many-to-one Networks, Vol. 12, No. 2, pp.78–88.
communication protocol for wireless sensor networks’, Zhou, Y., Zhang, Y. and Fang, Y. (2007) ‘Access control in
International Journal of Sensor Networks, Vol. 12, No. 3, wireless sensor networks’, Ad Hoc Networks, Vol. 5, No. 1,
pp.160–170. pp.3–13.