A Rabin Cryptosystem-Based Lightweight Authentication Protocol and Session Key-Generation Scheme for IoT Deployment

Abstract

Handling unpredictable attack vulnerabilities in self-proclaiming secure algorithms in WSNs is an issue. Vulnerabilities provide loop holes for adversary to barge in the privacy of the network. Attacks performed by the attacker can be active or passive. Adversary may listen to the sensitive information and exploit its confidentiality which is passive, or adversary may modify sensitive information being transferred over a WSN in case of active attacks. As Internet of things has basically three layers, middle-ware layer, Application layer, perceptron layer, most of the attacks are observed to happen at the perceptron layer in case of both wireless sensor network and RFID Tag implication Layer. Both are a major part of the perceptron layer that consist a small part of the IoT. Some of the major attack vulnerabilities are exploited by executing the attacks through certain flaws in the protocol that are difficult to identify and almost complex to identify in complicated bigger protocols. As most of the sensors are resource constrained in terms of memory, battery power, processing power, bandwidth and due to which implementation of complex cryptosystem to keep the data being transferred secure is a challenging phase. The three main objectives studied in this scenario are setting up the system, registering user and the sensors via multiple gateways. Generating a common key which can be used for a particular interaction session among user, gateway and the sensor network. In this paper, we address one or more of these objectives for some of the fundamental problems in authentication and mutual authentication phase of the WSN in IoT deployment. We prevent the leakage of sensitive information using the rabin cryptosystem to avoid attacks like Man-in-the-middle attack, sensor session key leakage, all session hi-jacking attack and sniffing attacks in which data is analyzed maliciously by the adversary. We also compare and prove the security of our protocol using proverif protocol verifier tool.