Design of secure authentication protocol for dynamic user addition in distributed Internet-of-Things

Rapid rise in adoption of smart devices in distributed Internet-of-things (IoT) has resulted in an exponential increase in volume of generated data. However, due to resource-constrained sensor nodes and vulnerable communication channels, information protection has become a key concern and prominent factor for improvement in IoT environment. Batch processing systems have several shortcomings as compared to distributed systems. Distributed systems enable dynamic changes in the potential number of sensors, actuators, RFID's, resources, users and subjects to tolerate unbounded interruptions in communication patterns. In this paper, we address the key challenges of communication security and scalability in IoT environment. We hypothesize distributed IoT approach between non-identical entities to communicate through secure authentication protocol for dynamically adding new user with partially involved trusted third party (TTP) as our module 1 and attribute based encryption scheme for non-identical smart entities to communicate securely as our module 2. We discuss module 1 in this paper. The existing approaches that focus on fully trusted central authority having full rights lead to serious weakness in violating security rules, while multi-authority based systems display revocation and compulsory user participation issues. As ideal functionalities we view TTP as honest-but-curious, honestly following the protocol while on the other hand curious to decrypt the cipher-text to breach the intention of encrypting parties. This motivates us to design an approach which jointly achieves effective authentication and partial trust management with scalability in distributed IoT environment. In accordance, we propose a novel authentication scheme with partially involved TTP nomenclatured Secure Dynamic User Addition Protocol (SDUAP) based on JWT (JSON Web Token) challenge and response game using symmetric key cryptography. The security of SDUAP is proved under real or random oracle model and its robustness against several attacks is verified using scyther security verification tool. We also compare performance of SDUAP with relatively similar modeled schemes in terms of communication, computation and storage overheads. The purpose of this paper is to mitigate the complications associated with scalability and curious/suspicious third party in distributed IoT approaches.