A signature-based data security and authentication framework for internet of things applications

ABSTRACT


INTRODUCTION
Internet of things (IoT) connects various physical objects using a sophisticated network chain [1].An IoT is utilized in smart home appliances, elder-care, medical healthcare, transportation, vehicle-to-everything communication, home automation, and industrial application [2], [3].However, with the massive connectivity of many heterogeneous devices and communication protocols, it is equally exposed to the highest degree of threat [4].IoT's primary security attacks/issues are privacy, hardware issues, encryption of data, web interface, less network awareness, insecure software, side-channel attacks, and rogue IoT devices [5].At present, various work is being carried out towards securing the communication system to resist multiple attacks [6]- [10], with each process having its advantages and limiting factors.Authentication is a standard method for ascertaining the legitimacy of any actor or event present within the communication area.The contribution of the proposed system is to formulate a proper authentication mechanism with an inclusion of critical practical constraints while performing data transmission in IoT.Different from existing approach, proposed system provides a significant balance in offering the algorithm's capability concerning the security and data transmission in IoT.The novelty of proposed system also resides in its authentication to offer enhanced scalability in its performance.Therefore, this paper contributes towards a novel computational model capable of performing secure authentication in IoT to resist a higher degree of threat and better resource retention within the resourceconstrained IoT nodes.The paper's organization is section 1 discusses the study background and its problems.

3299
The proposed solution followed by elaborating proposed method in section 2. The discussion of the obtained results is carried out in section 3. Finally, the conclusion is briefed in section 4.
Various works have been carried out towards a secure authentication mechanism in IoT [11].Security is of utmost concern when it comes to using IoT in the automation system.Adopting a key agreement protocol using public-key encryption is proven to resist threats and use light-weight security operations [12].Use of XOR function, concatenation, hashing, physically unclonable operation, elliptical curve encryption is reported to thwart common security intrusion.A study towards adopting a key agreement scheme independent of any verification table is showcased to offer light-weight authentication schemes [13].The authentication process is strongly linked with access rights, which requires an explicit authentication scheme.In the paper, Xue et al. [14] have used a handover mechanism where the authentication is carried out by satellite making the operation quite faster.An authentication mechanism to strengthen the privacy factor is carried out by Lai et al. [15], which associates the secret key with a trusted server for boosting the privacy factor in IoT communication.IoT consists of static nodes and has mobile nodes, and authenticating mobile nodes is a complicated task.A study towards addressing such a problem is carried out by Zhang et al. [16], where authentication of vehicular nodes is carried out.Authentication of the message is carried out towards better privacy preservation, as seen in the work of Li et al. [17] and Vijayakumar et al. [18].Furthermore, other studies towards similar privacy problems in authentication are carried out by Huang et al. [19], Hammi et al. [20], Shin et al. [21], Deeback et al. [22], and Zhang et al. [23].Blockchain has been evolved as another robust security alternative for securing data and assisting in a better authentication process.Studies towards considering blockchain technology explicitly for authentication purpose is seen in the work [24]- [39].The next section outlines research problems.
Various approaches are being carried out towards securing the communication addressing mainly authentication issues in an IoT.The associated problems in the existing system are: i) the existing studies have focused mainly on the encryption aspect while emphasizing effective resource utilization associated with resource-constrained IoT nodes; ii) the formation of the IoT nodes and its possible influence on the adversarial environment leading to the complex form of attacks are not addressed in existing studies; iii) adopting blockchain demands equal participation of servers for authentication, and it is highly centralized with less scalability over high-end deployment; iv) there is a lack of any studies which offer a simplified and costeffective encryption approach.Usually, the encryption approach is quite iterative and leads to computational complexity; and v) existing security solutions are developed to address an intrusion's specific event, and hence its solution is not applicable when the means of attack are changed.Therefore, the existing solution offers less coverage towards maximum attacks in an IoT.
Different from any existing approaches that only focuses on security over predefined environment, the proposed system introduces a framework that can offer a robust authentication in the dynamic environment of an IoT.The present work extends our prior work that has introduced a computational model for securing the transmission between the sensor nodes and IoT using public-key encryption [40], [41].This part of the implementation targets to evolve up with a scheme to offer resistivity against maximum threats.The proposed study considers two typical environments termed local and global IoT, where secure modeling is carried out.Each local IoT system consists of one specific application in a single domain.In contrast, all the local IoT system with heterogeneous communication schemes formulates together to generate a global IoT system.The global IoT system forms a centralized structure to facilitate communication.Hence, this environment defines a practical IoT deployment case and introduces various challenges to monitoring the security breach events in any one node residing within each domain; thereby defining an adversary environment unlike any existing system.From a practical perspective, all the data centers and sensors formed a local IoT system, while all the data centers' connectivity will create a global IoT system.The proposed method implements an authentication mechanism that helps secure all the actors involved in the communication of an IoT.The study uses a challenge and response to exchange information among the communicating nodes present within the environment.The model also incorporates both backward and forward secrecy towards the design of a light-weight encryption process.Figure 1 presents top-down architecture of proposed authentication mechanism where digital signature and key management plays a significant role.As a novel approach, the methodology presented is non-iterative.
The essential block of operation of the proposed system: i) local level of IoT: the proposed system considers a group of specific IoT devices that aggregates the data and forwards it to the datacenter.There is a different group in the simulation area where each group has a distinct underlying communication protocol of IoT.A specific IoT device is specifically elected within this communication group, which can take the data from other IoT devices and forward it to the gateway node.Such a node's election is carried out based on the highest level of resources within the IoT node.Hence, all the communication occurring within a single IoT node group is termed the given IoT environment's local level; ii) global level of IoT: each local level of IoT is required to be arranged effectively over an IoT environment to complete the process of data aggregation.The communication process is carried via a gateway node with all the aggregated data from the main collector IoT nodes from the local level and then forwards them to the data center's defined storage servers; and iii) data center: the proposed study considers the data center to collect various rack servers capable of distributed All the operations mentioned above play a core role in carrying out communication.Owing to the possibilities of dynamic attacks of unknown types, the proposed system carries out this security operation mainly on the normal IoT nodes and then on the gateway node before disseminating and store the data over the distributed storage servers over the cloud environment, i.e., data center.The resource also plays an essential role in selecting the core IoT nodes that extract information from all the member nodes in a group.Only the nodes with higher residual energy are considered core IoT nodes, and hence the proposed system performs consistent monitoring of the nodes with higher residual resources.For security, the proposed system constructs a novel digital signature that is highly simplified in its operation.Unlike conventional public-key encryption, the proposed method performs the computation of both public key and private key.Another novelty of the proposed system is that the generated private key is subjected to four sequential rounds of the encoding process to develop a full backward and forward secrecy.A digital signature is caused by the proposed system used to sign the data to be forwarded to the destination node.Unlike an existing digital signature scheme, the proposed method does not have any extensive inclusion of the parameters.However, it only uses a simplified and smaller number of parameters, e.g., random seeds, multiple levels of the generation of secret keys, prime values, and a data packet.The design is carried out so that if attackers somehow bypass the protocol and capture the encoded data packet or the digital signature, they will not be capable enough to perform cryptanalysis to break the encoded data or the signed data packet.Simultaneously, the prime emphasis of the proposed system is to offer maximum resistivity from the maximum form of threats over an IoT environment.Finally, a verification process is carried out that assesses the data integrity using completely different conditions where the final secret key and excellent value's hash value is matched with the hash value of the 3 rd level of secret key multiplied by the hash value of random seed of prime significance.Although this is a very simplified process, attackers will never retrace the encoding steps and can never access the dynamic data to attack.The following section discusses the algorithm implementation.

ISSN: 2088-8708 
A signature-based data security and authentication framework for internet of things … (Nasreen Fathima) 3301

PROPOSED METHOD
The proposed system authenticates the legitimacy of the IoT nodes and gateway nodes and their data packets using a non-conventional public critical encryption method.The steps of the algorithm as shown in Figure 2. The algorithm uses a prime value pv considering two random seeds r1 and r2 (Line-2), considering all the IoT nodes n into consideration (Line-1).The proposed algorithm also finds a key authority, KA, which constructs two secret keys k1 and k2 (Line-3).The first secret key k1 is carried out by multiplying the first random seed r1 with prime value pv (Line-4).Unlike the conventional public-key encryption, where the public key is set as a default key, the proposed system computes the public key by multiplying the second random seed r2 with prime value pv (Line-5).The proposed method also calculates the second secret key k2 where an explicit function f1(x) is applied over remaining IoT nodes, i.e. (i-n(id)) (Line-4), and it represents hashing operation.However, it does not use default hashing, but it generates hashing as f1(x)=pv-n(id).pkt.The generated second secret-key k2 from Line-4 is further encoded to create the third secret-key k3 (Line-6), where k3 is the second secret key k2 and first random seed r1.Further encoding was carried out on this generated third secret key where the fourth secret key is generated by summing up third secret key k3 and product of first random seed r1, prime value pv, and hash h (Line-7).The algorithm then generates a signature s where a multiplicative function f2(x) is applied over the input arguments of data packet pkt, IoT nodes n(id), fourth secret key k4, and product of first random seed r1 with prime value pv (Line-8).Finally, the algorithm generates an ultimate secret attribute Tatt, a multiplicative function f2(x) of the newly computed public key of data center pubkeyDC and fourth secret key k4 (Line-9).This mechanism is used by the transmitting nodes where the data packets are signed before delivering it to the gateway node, and a similar principle is also applied for the gateway node when it wants to forward it to the data center.The proposed system also delivers the aggregated data using Accsig(k4, (r1.pV), S) as the last encoding steps.A closer look into the entire algorithmic steps will show that it offers inter-dependency of multiple key parameters which offers higher degree of security as well as lower computational overhead owing to its progressive steps.This makes the algorithm feasible to be executed over resource-constrained IoT nodes with secure connectivity.

RESULTS AND DISCUSSION
This section demonstrates the experimental results obtained from simulating the formulated mathematical expressions in a numerical computing environment.The study performed the entire workflow execution with mathematical computation in MATLAB.The simulation environment modeling, with parameters as shown in Table 1, depends on a system requirement with a minimum of 4 GB internal memory and a 1.2 GHz processing speed/clock frequency.It should be equipped with 64-bit Windows operating systems/x64-based processor architecture.

Simulation environment
The simulation environment for numerical framework modeling considers a comparison of different approaches to validate the performance of proposed approach which is now named as S-bAC.The simulation study is carried out for proposed approach S-bAC with both aggregation and un-aggregation test scenarios, and also the baseline approach of Challaet et al. [41] under two different conditions of aggregation and un-aggregation.The prime reason for the adoption of Challa et al. [41] is that 208 researchers adopt it as a standard implementation framework for secure data aggregation, which is higher than any existing standard

Significance of accomplished result
The comparison of the formulated approach is performed with a baseline theoretical modeling of [41] concerning a performance metric consisting of two distinct parameters viz: i) outcome corresponds to the number of IoT-node that is no longer active with an increasing round of IoT communication cycle.That means that the number of IoT dead node computations with progressive communication cycle and ii) the assessment of remaining energy outcome into consideration with descriptive statistics computation.All the statistical effect corresponds to the simulation, and the behavioral outcome is further illustrated.It provides the reader much more insight into the trend of the variation for different performance metrics.To analyze the number of IoT dead nodes, the simulation in this phase of the study considers 80 rounds of the IoT communication cycle.The trend of the outcome is observed.The statistical mean, variance, and standard deviation trend are computed from that outcome, further discussed.Table 2 highlights mean computation of the numerical outcome obtained for dead IoT nodes for 4-different approaches viz: i) existing system with aggregation i.e., Agg [41], ii) proposed system with aggregation i.e., Agg-S-bAC, iii) existing system without aggregation i.e., UAgg [41], and iv) proposed system without aggregation i.e., UAgg-S-bAC.

Table 2. Numerical outcomes of statistical mean in comparative analysis-i Approaches for Comparison
Quantified outcome of the Statistical Mean Agg-Challaet et al. [41] 18.3750 Agg-S-bAC 12.3750 UAgg-Challaet et al. [41] 35.7500UAgg-S-bAC 32.8750 The inferencing of the Table 2 shows that the maximum mean value is obtained in [41] when applied with the UAgg scenario.It shows that the number of dead nodes progressively increases with a growing communication cycle.Still, nodes start draining energy at early phases of communication, which is also happened in UAgg-S-bAC, where the mean value computed is 32.8750.However, in the case of Agg-Challaet [41] and Agg-S-bAC, the IoT nodes start deactivating themselves as a later phase when the IoT communication cycle reaches the 54 th round.However, among Agg [41] and Agg-S-bAC, Agg-S-bAC attains better performance outcomes means the node starts draining at further stages of the communication cycle.Agg-S-bAC outperforms Agg [41] and also other approaches to a greater extent.
Figure 3 shows the outcome of the statistical mean for both approaches.In the paper, Challa et al. [41] and S-bAC, both approaches are simulated under aggregation and un-aggregation conditions.It shows that Agg-S-bAC attains a minimum statistical mean value corresponding to IoT dead nodes that indicates that IoT nodes die with increasing rounds of communication cycle but at a slower pace.The mean computation values from the descriptive statistics viewpoint also show that it corresponds to the analysis of dead nodes, and here, the approach Agg-S-bAC attains better performance as due to the light-weight signature-based authentication schema it achieves considerable communication cost, which positively influences the energy performance of each IoT devices in both the local IoT and global IoT.Similarly, the study also performed a statistical variance assessment to check the S-bAC system's consistency while applied during the multi-hop data aggregation and aggregation phase.Table 3 highlights the statistical variance computation of the numerical outcome obtained for dead IoT nodes for 4-different approaches: Agg- [41], Agg-S-bAC, UAgg- [41], UAgg-S-bAC.
The result of the variance here indicates how far the data set corresponds to the outcome of IoT dead nodes spread out from the mean value.If the numerical value of variance is 0, then it indicates that all the data values are identical.Still, in the case of the proposed study, the highest value of variance corresponds to the number of IoT dead nodes found in UAgg [41] and the lowest value obtained for Agg-S-bAC.It shows that the outcome of Agg-S-bAC with the trend of the curve is closer to the mean statistical mean and do not indicate  The visualization corresponds to statistical variance from the analysis of IoT dead nodes shown in Figure 4 with an extensive comparative study.It also shows that the existing approach of [41], while applied during the aggregation phase, also attains a better outcome of statistical variance, which marginally differs from the outcome of Agg-S-bAC.Here an overall analysis and interpretation show that Agg-S-bAC outperforms all the other approaches.Table 4 highlights standard deviation computation of the numerical outcome obtained for dead IoT nodes for 4-different approaches: Agg- [41], Agg-S-bAC, UAgg- [41], and UAgg-S-bAC.  4 shows a comparative outcome among different approaches concerning the computed standard deviation.Here, standard deviation indicates how to spread out the data points corresponding to the IoT dead nodes are, and clear inferencing will reveal how the consistent performance of our proposed Agg-S-bAC and UAgg-S-bAC yields.The clear inferencing shows that the approach Agg-S-bAC attains superior data aggregation performance where the prime reason for accomplishing better data aggregation performance is that the formulated signature-based data authentication mechanism executes simplified steps and minimizes packet drops, leading to reducing the re-transmission counts.This, along with the simplified execution flow of Agg-S-bAC, eventually resulted in better energy performance for which the IoT nodes die slowly and lately in the proposed concept.Whereas as already discussed above, in the context of variance, it is quite clear that a lower value of standard deviation indicates that data points are very close to the mean, which is found in the case of Agg-S-bAC whereas in both the techniques while applied for un-aggregation phase resulted in spread out of numerical values over the mean.It also indicates that the light-weight security mechanism of S-bAC accomplishes better security performance and enhanced energy performance.The visual outcome of statistical standard deviation, as shown in Figure 5 shows that as compared to UAgg- [41], UAgg-S-bAC, both Agg-S-bAC and Agg- [41] resulted in the better and consistent outcome as in both the cases, IoT nodes slowly dies with increasing communication cycle.However, Agg-S-bAC attains superior performance among all.It incorporates the light-weight security mechanism and dynamic IoT gateway node election process, making the entire communication sustainable for a longer time in both local and global IoT communication scenarios.Table 5 highlights computation of the numerical outcome obtained for energy consumption for 4-different approaches: Agg- [41], Agg-S-bAC, UAgg- [41], UAgg-S-bAC.

t IoT communication cycle
Table 5 shows the behavioral study of the different approaches for remaining energy performance corresponding to the statistical mean.In this case, also it can be seen that in the case of Agg-S-bAC, the remaining energy in each I-node is much more, whereas in the case of Agg- [41], the trend of remaining energy outcome marginally differs.However, both the approaches do not perform well while applied during the un-aggregation phases, as shown in Figure 6.
Figure 6 shows the visual outcome corresponds to the statistical mean computed from simulating the designed framework modeling for different execution workflow scenarios.As highlighted in Figure 4, it indicates that the light-weight execution workflow of S-bAC and the dynamic election of IoT gateway node has enhanced the energy-efficient data aggregation in Agg-S-bAC compared to the other experimental approaches.Table 6 highlights statistical variance computation of the numerical outcome obtained for Energy Consumption for 4-different approaches: Agg- [41], Agg-S-bAC, UAgg- [41], UAgg-S-bAC.The analysis of statistical variance is also performed for four different types of approaches considering the formulated framework design where also it is observed that the trend of outcome corresponds to the remaining energy is relatively superior in the case of Agg-S-bAC among all the approaches, the prime reason behind the consistent performance is that the system converges towards secure data aggregation with the dynamic election of IoT gateway node which is energy efficient and do not generate much communication burden to the system.
Figure 7 shows the visual outcome of the statistical variance computation in this phase of the study, and the trend of outcome justifies that the proposed Agg-S-bAC outperforms all the other approaches not only with accomplishing high-level security requirements but also it attains better convergence solution with the dynamic election of IoT gateway node with a progressive round of communication cycle.Table 7 highlights standard deviation computation of the numerical outcome obtained for energy consumption for 4-different approaches: Agg- [41], Agg-S-bAC, UAgg- [41], UAgg-S-bAC.The experimental analysis also further extended for computation and visualization of the outcome corresponds to the standard deviation where it can be seen that in both the cases of Agg- [41] and Agg-S-bAC, the numerical values obtained for standard deviation is 5.3862 and 5.2649, which indicates that the data points are not much spread out from the mean, on the other hand, which is relatively higher in the case of UAgg- [41] and UAgg-S-bAC.Thereby, it can also be claimed with the justification that the proposed approach Agg-S-bAC attains superior energy performance for low-cost operations of security implementation and ensures end-to-end data privacy in unknown adversaries in the context of both local and global IoT eco-system.
Figure 8 shows the standard deviation's visual outcome from the statistical analysis for the remaining energy computation for each IoT-Node.It clearly shows how the system performance of Agg-S-bAC ensures better energy performance with sustainable routing operations to a greater extent.Hence, it can be seen that proposed system offers a novel contribution towards evaluation process where statistical approach is used in comprehensive manner for assessing node performance when the proposed authentication algorithm is applied.Such approach of evaluation is not reported in existing studies and hence anticipates offering a better flexibility in framework construction in IoT.

CONCLUSION
This paper has discussed a novel signature-based secure authentication mechanism where a simplified encryption-based approach is used to validate the legitimacy of both IoT nodes and gateway nodes.The proposed system's novelty/contribution is: i) the proposed encryption method is characterized by less iteration and more progressive than any existing encryption method; ii) the proposed system retains a higher degree of resource retention in the presence of adversaries while performing security operations; iii) the proposed system's overall processing time is just 0.3765 seconds in the Core i3 processor.In comparison, the average of the existing system is 2.3998 seconds; and iv) the proposed system can resist most authentication and keybased attacks.The future work will be further towards optimizing the security operation for better security outcomes.Future work could be inclusion of more number of multiple attackers and dynamic threats present in communication environment.A strategically model can be further developed which is analyze malicious behavior on the basis of different resource attribute used in data transmission over an IoT.
Int J Elec & Comp Eng ISSN: 2088-8708  A signature-based data security and authentication framework for internet of things … (Nasreen Fathima)

1 .Figure 2 .
Figure 2. Secure authentication of IoT nodes ISSN: 2088-8708 A signature-based data security and authentication framework for internet of things … (Nasreen Fathima) 3303 data points are much more spread out over the curve of mean, which justifies that the Agg-S-bAC attains consistent data aggregation performance and chances of packet drops are also significantly lesser as each IoT node dies slowly with the progressive round of IoT communication cycle.Here the data points nearer to the mean indicate that the energy performance in the proposed S-bAC is relatively superior.

Figure 3 .
Figure 3. Visual outcome of the statistical mean computation for the number of IoT dead nodes

Figure 4 .
Figure 4. Visualization of statistical variance from analysis of dead IoT nodes w.r.t IoT communication cycle

Figure 5 .
Figure 5. Visualization of statistical deviation from analysis of dead IoT nodes w.r.t IoT communication cycle

Figure 7 .
Figure 7. Visualization of statistical variance from the statistical analysis for energy consumption for 4-different approaches

Figure 8 .
Figure 8. Visualization of standard deviation from the statistical analysis for energy consumption for 4-different approaches

Perform Group wise communication Generate 1 st Secret Key Generate 2 nd Secret Key Generate 3 rd Secret Key Generate 4 th Secret Key First random seed Primary value Hashing Node identity Second secret key First random seed 3 rd secret key First random seed Primary value hash Prime value node Data packet Final security attribute Public key of DC 4 th secret key Final Signature 4 th secret key First random seed Primary value Data packet Node identity
This module is connected to the gateway node via various network peripherals, e.g., switches and routers.All the incoming data are passed via a gateway node from normal IoT nodes and are stored in a distributed manner in this data center.Explicit metadata management and indexing mechanism are offered to ensure faster and accurate retrieval of data.

Table 1 .
This is another set of novelty as majority of existing security approaches lacks comparisons.Table 1 highlights the experimental parameters used in proposed study.Experimental parameters for simulation

Table 4 .
Numerical outcomes of standard deviation in comparative analysis

Table 5 .
Numerical outcomes of mean of energy in comparative analysis Visual outcome of the statistical mean computation for remaining energy of IoT-node ISSN: 2088-8708  A signature-based data security and authentication framework for internet of things … (Nasreen Fathima) 3305 Figure 6.

Table 6 .
Numerical outcomes of variance of energy in comparative analysis