The Internet of Things (IoT) has changed our lives significantly. Although IoT provides new opportunities, security remains a key concern while providing various services. Existing research methodologies try to solve the security and time-consuming problem also exists. To solve those problems, this paper proposed a Hashed Advanced Encryption Standard (HAES) algorithm based efficient key management system for internet-based lightweight devices in IoT networks. The proposed method is mainly divided into two phases namely Data Owner (DO) and Data User (DU) phase. The DO phase consists of two processes namely authentication and secure data uploading. In authentication, the registration process consists of three phases namely KGC, SCC and DVC. In Key Generation Center (KGC), the device ID is converted into a 128-bit hash key using the Point on Curve based Fowler–Noll–Vo (PoC-FNV) algorithm. In DVC, the Data Access Policy (DAP) is created by using the selected attributes which is in turn selected by using the Chen Chaotic Chimp Optimization Algorithm(CCCOA). Thus, the authentication information is stored in the blockchain. If the person is an authorized, then the data is securely stored and uploaded into the cloud server using HAES. In the DU phase, the DU sends the data access request to the blockchain then the blockchain forwards the request to the DO, if the DO accepts the request then the DU obtains the data by using the DAP. Finally, the performance of the proposed method is compared with the existing methods and attains better result than the existing research methodologies.
The IoT is globally connected networks, which are associated with each other via the Internet [
Reem et al. [
The Internet-of-Things (IoT), which refers to the interconnection of heterogeneous devices, has gained a lot of interest and it has witnessed a growth in the number of IoT devices connected due to the importance of such system in today’s communication networks. However, the IoT has an enormous threat to security and privacy due to its heterogeneous and dynamic nature. Authentication is one of the most challenging security requirements in the IoT environment, where a user (external party) can directly access information from the devices, provided the mutual authentication between the user and devices takes place. For authentication, this research paper proposes an efficient key management system for internet-based lightweight devices in IoT networks using Hashed AES algorithm. The proposed method is mainly divided into two phases namely, data owner and data user phase. The data owner phase has the authentication and secure data uploading phase. In the authentication phase, the data owner registers their details and their sensor device details. The registration consists of three steps such as, Key Generation Centre (KGC), Signature Creation Centre (SCC) and Data Verification Centre (DVC). In the KGC phase, the device ID is changed into a 128-bit hash key, which is generated by using the Point on Curve-based Fowler–Noll–Vo hash function (PoC-FNV). In the SCC phase, the signature is derived from the device ID and the hash value of the device ID. In the DVC phase, the attributes are extracted from the data owner and device details using Chen Chaotic Chimp Optimization Algorithm (CCCOA). By using the selected attributes, the data access policy is created using Attribute-Based Access Control (ABAC). The data of those three phases are stored in the blockchain. During login time, the data owner enters their Device ID, username, password and signature. In the verification process, the Cloud Service Provider (CSP) checks the previously stored information with login information and if it gets matched, then the data is uploaded into the cloud server. The next phase is the secure data uploading phase where the data owner securely uploads the data by using the Hashed Advanced Encryption Standard (HAES) algorithm. The next phase is the data user phase, that has authentication, data request and secure downloading steps. Data-user requests the data from the blockchain which in-turn forwards the request to the data owner. If the data owner accepts the request, the access policy and the decryption key are sent to the data user. Then, the data user downloads the data with help of obtained access policy and decrypts the data by using the decryption key. The block diagram for the proposed method is shown in
Data Owner (DO) is the act of having legal rights and complete control over a single piece or set of data elements. Here, the data owner has the sensor devices. This data owner has two processes for storing their data into the cloud namely authentication and secure data uploading. The data owner is expressed as follows,
where,
Authentication is the process of verifying the identity of a person or device. The data owner authentication phase consists of four sub-phases namely, registration, blockchain storage, login and verification.
In this registration phase, the data owner enters their details along with the sensor device details in the Cloud Service Provider (CSP). At the registration time, the Data Owner(DO) must provide the data owner name, data owner password, device ID, device name, password, Device Type, Frequency, Data Rate, Range, Power, etc. The registered details are stored on the BlockChain, which is expressed in
where, Rg indicates the registered information and tn defines the n-number of details. At this registration time, the CSP generates the key in KGC, generates the signature in SCC and verifies in DVC and these steps are explained as follows,
(a) Key Generation Centre
During this registration process, the key is generated from the device ID. Key generation is a promising technique to bootstrap secure communications for the Internet of Things (IoT) devices that have no prior knowledge of each other. Here, the 128-bit hash code key is generated by using PoC-FNV algorithm. The Fowler–Noll–Vo is a non-cryptographic hash function. It creates a non-zero FNV offset basis. One of FNV key’s advantages is that it is very simple to implement. Start with an initial hash value of FNV offset basis. But if the input size is larger, then the original input is unpredictable. Hence, the Point on Curve value is used to solve the unpredictable problem for larger size of input . The steps of the PoC-FNV is described as follows,
Step 1: DO registration details, such as device ID t1 is considered as the input value
Step 2: Start with an initial hash value
where,
where,
(b) Signature Creation Centre
After hash code key generation, the CSP creates the signature for DO. A cloud-based signature is considered as a paradigm for proper, reliable, secure infrastructure, with flexible access to the network. This signature is helpful for providing a high level security. Here, the signature is created by using the 128-bit hash code that is generated and the device ID, is expressed as follows,
where, δ defines the generated signature and t1 defines the device ID.
(c) Data Verification Centre (DVC)
In this section, with the data owner and device details, the Data Access Policy (DAP) is created. An access control policy would be a policy that defines the kind of user has the permission to read the documents. This DVC has three processes namely, attribute extraction, attribute selection and attribute-based access policy control.
First, the sensor device and the data owner-related attributes are extracted as data owner name, data owner password, device ID, device name, password, Device Type, Frequency, Data Rate, Range, Power, etc. Thus, the attributes are expressed as follows in
where,
where,
In this Choa, prey is hunted during the exploration and exploitation phases. The mathematical model of driving and chasing the prey is expressed as follows,
where,
where,
where,
where Zatt , Zbar, Zcha and Zdri represents the attacker, barrier, chasing and driver chimps respectively (i.e., access policy structure) and
At last, the position of the attributes are updated by using
The chaotic behaviour in the final stage helps chimps to further alleviate the two problems of entrapment in local optima and slow convergence rate in solving high dimensional problems. The position of the attribute policy structure is updated by using
where,
where,
In this section, the registered information is stored in blockchain technology for enhancing the security level of cloud computing. Blockchains are write-only data structures with no administrative permissions for editing or deleting the data. The data structures are known as blocks and are distributed in a P2P network. Each block contains the cryptographic hash function of the previous block and is used to develop a link between them. The linked blocks form a complete chain, hence the term blockchain. The hash function maintains security, integrity and immutability of the blockchain.
where,
After DO registration, when the owner wants to upload the resources on the cloud, the owner should log in to the cloud. At the time of login, the DO enter the sensor device ID, username, password and the obtained signatures during the registration process. Thus, the login details are represented as follows,
where,
At the time of the verification process, the saved details of the user are matched with the login details and then the user is allowed to access the cloud server. If the login details are not matched with the stored details, then the access gets denied.
If the person is authenticated, then the cloud server is allowed to upload their document. Here, the data is securely uploaded by using the Hashed Advanced Encryption Standard (HAES) algorithm. AES is a block cipher well-known round-based symmetric, where sizes of the input and output are equal to 128 bits and fixed. In this research method, the input key is considered as the 128-bit hashed key generated by the PoC-FNV algorithm. Primitive four functions are executed in a sequence
The Sub-Byte method is a non-linear byte substitution, using a replacement table (S-box), ordered on the basis of multiplication. The S-box converts the byte into another value using its hexadecimal code.
It is a simple byte transposition. The bytes in the last three rows of the state depending upon the row location are cyclically shifted. For the 2nd row, the 1-byte circular left shift is performed. For the 3rd and 4th row, 2-byte and 3-byte left circular left shifts are performed respectively.
This round is equivalent to a matrix multiplication of each Column of the states. Each column of four bytes is now transformed using a special mathematical function. This function takes four bytes of one column as input and then outputs four completely new bytes, which replace the original column. The result is another new matrix consisting of 16 new bytes. It should be noted that this step is not performed in the last round.
It is a bitwise XOR between 128 bits of the present state and 128 bits of the round key. This transformation is its own inverse.
The data user accesses the data from the cloud server. The data user phase consists of three steps, namely the authentication phase, data request phase and secure data downloading phase. Here, the authentication phase is different from the data owner phase, where the user enters only their details. If the user is an authorized user, then the user sends the request to the blockchain and the blockchain forwards the request to the DO for accessing the data. If DO accepts the request, then the data access policy and the decryption key are sent to the Data User (DU) else, the access policy is not forwarded to the DU. After that, the DU tries to download the data from the cloud server, if the access policy given by the DU is matched with the stored access policy of the data, then the data is downloaded. Next, the DU decrypts the data by using the decryption key of the HAES. The decryption process is the reverse of the encryption process namely, AddRoundKey, MixColumn, ShiftRow and SubByte.
The performance of the proposed key management system for internet-based lightweight devices in IoT networks using Hashed AES algorithm is analyzed. The proposed method is implemented in the working platform of JAVA.
In this sub-section, the performance analysis is done in three parts namely, (a) hash key generation, (b) secure data uploading and (c) attribute selection.
Here, the performance of the proposed PoC-FNV is analyzed with existing RACE Integrity Primitives Evaluation Message Digest (RIPEMD), Message Digest Algorithm 5 (MD5), Spooky Hash and FNV algorithms with respect to the hash code generation time which is shown in
Algorithms | Hash code generation Time (ms) |
---|---|
Proposed PoC-FNV | 1022 |
FNV | 1895 |
Spooky Hash | 2784 |
MD5 | 3115 |
RIPEMD | 3892 |
Here, the performance of the proposed HAES is analyzed with the existing Blowfish, Data Encryption Standard (DES), Rivest Cipher 4 (RC4) and AES based on encryption time, decryption time, security level, memory usage on encryption and memory usage on decryption.
Algorithms | Security level (%) |
---|---|
Proposed HAES | 97.89 |
AES | 96.56 |
RC4 | 93.75 |
DES | 90.76 |
Blowfish | 88.66 |
Here, the performance of the proposed CCCOA algorithm is analyzed with the existing Mayfly Optimization Algorithm (MOA), Rat Swarm Optimization Algorithm (RSOA), Deer Hunting Optimization Algorithm (DHO) and Chimp Optimization Algorithm (COA).
The IoT is the most recent Internet evolution that integrates many smart devices. However, the IoT has an enormous threat to security and privacy. Hence, the authentication process is most important for ensuring the security level. The proposed method is divided into two phases namely, the data owner phase and the data user phase. The data owner phase consists of two processes such as authentication and secure data uploading. In that authentication, the registration process has the KGC, SCC and DVC phases. In KGC, the 128-bit hash key is generated by using PoC-FNV in SCC the signature is created by the generated hash value in DVC, the DAP is created by the selected attributes thus the attributes are selected by using CCCOA. In performance analysis, the performance of the proposed algorithms is analyzed with the existing algorithm. The performance analysis is done by three steps namely (a) hash key generation, (b) secure data uploading and (c) attribute selection. In the hash key generation, the performance of the PoC-FNV is compared with the FNV, spooky hash, MD5 and RIPEMD algorithms in terms of hash code generation time. The proposed PoC-FNV takes 1022 ms time to generate the hash key, which is lesser than the other algorithms. In the secure data uploading analysis, the performance of the HAES is compared with the existing DES, RC4, Blowfish and the AES algorithm based on encryption time, decryption time, memory usage on encryption time, memory usage on decryption time and security level. The security level of the HAES is 97.89%, which is higher among the other existing algorithms. In attribute selection, the performance of the CCCOA is compared with the existing MOA, RSOA, DHO and COA, in which the proposed CCCOA attains better fitness. Hence, the suggested work provides the better result in the key management of internet-based lightweight devices in IoT network. In future, the proposed method can be extended by using distributed key management process and advanced algorithms to improve the security level.