A Multi-factor Multi-level and Interaction based (M2I) Authentication Framework for Internet of Things (IoT) Applications

TL;DR

This paper proposes a multi-factor, multi-level, and interaction-based authentication framework for IoT that adapts security levels to resource sensitivity, significantly reducing communication and computational costs compared to traditional methods.

Contribution

It introduces a novel multi-factor, multi-level, and interaction-based authentication framework with two interaction modes, P2P and O2M, tailored for IoT security needs.

Findings

O2M mode reduces communication costs by 42-45%.

Protocols significantly lower computational costs by over 70%.

Two-factor authentication doubles the cost of one-factor authentication.

Abstract

Existing authentication solutions proposed for Internet of Things (IoT) provide a single Level of Assurance (LoA) regardless of the sensitivity levels of the resources or interactions between IoT devices being protected. For effective (with adequate level of protection) and efficient (with as low overhead costs as possible) protections, it may be desirable to tailor the protection level in response to the sensitivity level of the resources, as a stronger protection level typically imposes a higher level of overheads costs. In this paper, we investigate how to facilitate multi-LoA authentication for IoT by proposing a multi-factor multi-level and interaction based (M2I) authentication framework. The framework implements LoA linked and interaction based authentication. Two interaction modes are investigated, P2P (Peer-to-Peer) and O2M (One-to-Many) via the design of two corresponding protocols. Evaluation results show that adopting the O2M interaction mode in authentication can cut communication cost significantly; compared with that of the Kerberos protocol, the O2M protocol reduces the communication cost by 42% ~ 45%. The protocols also introduce less computational cost. The P2P and O2M protocol, respectively, reduce the computational cost by 70% ~ 72% and 81% ~ 82% in comparison with that of Kerberos. Evaluation results also show that the two factor authentication option costs twice as much as that of the one-factor option.