TY - JOUR
T1 - LENTO
T2 - Unpredictable Latency-based continuous authEntication for Network inTensive IoT envirOnments
AU - Al-Sadi, Mohammed
AU - Di Pietro, Roberto
AU - Lombardi, Flavio
AU - Signorini, Matteo
N1 - Funding Information:
The authors declare the following financial interests/personal relationships which may be considered as potential competing interests: Roberto Di Pietro reports financial support was provided by NATO Science for Peace and Security Programme. We declare that manuscript co-author Roberto Di Pietro is a member of the Advisory Board for the FGCS Journal.
Publisher Copyright:
© 2022 Elsevier B.V.
PY - 2023/2
Y1 - 2023/2
N2 - Started as a hyped technology a few years ago, IoT is now a reality providing sensing and computing capabilities from SCADA systems to households. At their core, IoT devices connect to the outside world to share sensed or computed data. However, the sensitivity and privacy of shared data has made access management a stringent need also for the IoT. In particular, continuous authentication could solve a few security issues, like session hijacking, via checking device legitimacy for each exchanged message and preventing attackers from pretending their actions came from authenticated devices. To date, device-to-device (D2D) continuous authentication still relies on tokens/certificates or devices’ fingerprints such as battery levels or location. The cited solutions, while being not always implementable on resource constrained devices, provide low-entropy and thus sporting a non negligible probability of being guessable during impersonation attacks. In this paper, we overcome the above limitations with LENTO: unpredictable Latency-based continuous authEntication for Network inTensive IoT envirOnments. In addition to a thorough analysis, we also offer experimental validation of our proposal. We have deployed LENTO as an additional authentication module of the well-known NextCloud platform, and we have performed an extensive experimental campaign. Collected results confirm our working hypothesis. Network delays can be exploited as random seeds in continuous authentication protocols as they provide as much entropy as standard approaches. To the best of our knowledge, our approach is the first continuous authentication protocol relying purely on the network characteristics, regardless of the underneath computing base trustworthiness. Given the minimal overhead introduced by our solution, it provides continuous authentication even for those devices that cannot afford to run (defacto) standard protocols. As such, LENTO could be retrofitted, offering enhanced security to a plethora of nowadays unsecured devices.
AB - Started as a hyped technology a few years ago, IoT is now a reality providing sensing and computing capabilities from SCADA systems to households. At their core, IoT devices connect to the outside world to share sensed or computed data. However, the sensitivity and privacy of shared data has made access management a stringent need also for the IoT. In particular, continuous authentication could solve a few security issues, like session hijacking, via checking device legitimacy for each exchanged message and preventing attackers from pretending their actions came from authenticated devices. To date, device-to-device (D2D) continuous authentication still relies on tokens/certificates or devices’ fingerprints such as battery levels or location. The cited solutions, while being not always implementable on resource constrained devices, provide low-entropy and thus sporting a non negligible probability of being guessable during impersonation attacks. In this paper, we overcome the above limitations with LENTO: unpredictable Latency-based continuous authEntication for Network inTensive IoT envirOnments. In addition to a thorough analysis, we also offer experimental validation of our proposal. We have deployed LENTO as an additional authentication module of the well-known NextCloud platform, and we have performed an extensive experimental campaign. Collected results confirm our working hypothesis. Network delays can be exploited as random seeds in continuous authentication protocols as they provide as much entropy as standard approaches. To the best of our knowledge, our approach is the first continuous authentication protocol relying purely on the network characteristics, regardless of the underneath computing base trustworthiness. Given the minimal overhead introduced by our solution, it provides continuous authentication even for those devices that cannot afford to run (defacto) standard protocols. As such, LENTO could be retrofitted, offering enhanced security to a plethora of nowadays unsecured devices.
KW - Cloud
KW - Continuous authentication
KW - Internet of Things (IoT)
KW - Latency
KW - Network
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=85140021478&partnerID=8YFLogxK
U2 - 10.1016/j.future.2022.09.023
DO - 10.1016/j.future.2022.09.023
M3 - Article
AN - SCOPUS:85140021478
SN - 0167-739X
VL - 139
SP - 151
EP - 166
JO - Future Generation Computer Systems
JF - Future Generation Computer Systems
ER -