Capítulo de livro Revisado por pares

Multi-factor Authentication for an Administrator's Devices in an IoT Environment

2021; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-981-33-6835-4_3

ISSN

1865-0937

Autores

Abdulla J. Y. Aldarwish, Ali A. Yassin, Abdullah Mohammed Rashid, Aqeel A. Yaseen, Hamid Alasadi, Ahmed A. Alkadhmawee,

Tópico(s)

Biometric Identification and Security

Resumo

In the information technology era, authentication systems have been developed that use multi-factor authentication to ensure the authorisation of users and administrators. There are many schemes based on factors such as smart cards, biometrics, and token devices. Although these schemes are generally strong, they suffer from several drawbacks such as malicious attacks, factors that may be lost/stolen, and a need for extra hardware/software. In this paper, we propose a strong authentication scheme for an IoT environment to authenticate the owners of devices. Our work supports a negotiation service using an anonymous QR image as a second factor to check the authority of an administrator. The proposed scheme has good security features such as mutual authentication, a secure index file, anonymity of the user’s identity and password, a secure session key, and perfect forward secrecy. Additionally, our work can resist well-known attacks such as the man in the middle, insider, and spoofing attacks, among others. In the real world, we apply our scheme using a mobile phone (Samsung Galaxy S5 model SM-900H) and server (Intel Xeon E3 – 1220LV2 3.5GHZ 4GB RAM). Based on its accuracy and performance standards, we obtain good results in the login and authentication phases. Moreover, the computational cost of our work is comparable to that of related works.

Referência(s)