A Secure and Efficient Cluster-Based Authentication Scheme for Internet of Things (IoTs)

IPv6 over Low Power Wireless Personal Area Network (6LoWPAN) provides IP connectivity to the highly constrained nodes in the Internet of Things (IoTs). 6LoWPAN allows nodes with limited battery power and storage capacity to carry IPv6 datagrams over the lossy and error-prone radio links offered by the IEEE 802.15.4 standard, thus acting as an adoption layer between the IPv6 protocol and IEEE 802.15.4 network. The data link layer of IEEE 802.15.4 in 6LoWPAN is based on AES (Advanced Encryption Standard), but the 6LoWPAN standard lacks and has omitted the security and privacy requirements at higher layers. The sensor nodes in 6LoWPAN can join the network without requiring the authentication procedure. Therefore, from security perspectives, 6LoWPAN is vulnerable to many attacks such as replay attack, Man-in-the-Middle attack, Impersonation attack, and Modification attack. This paper proposes a secure and efficient cluster-based authentication scheme (CBAS) for highly constrained sensor nodes in 6LoWPAN. In this approach, sensor nodes are organized into a cluster and communicate with the central network through a dedicated sensor node. The main objective of CBAS is to provide efficient and authentic communication among the 6LoWPAN nodes. To ensure the low signaling overhead during the registration, authentication, and handover procedures, we also introduce lightweight and efficient registration, de-registration, initial authentication, and handover procedures, when a sensor node or group of sensor nodes join or leave a cluster. Our security analysis shows that the proposed CBAS approach protects against various security attacks, including Identity Confidentiality attack, Modification attack, Replay attack, Man-in-the-middle attack, and Impersonation attack. Our simulation experiments show that CBAS has reduced the registration delay by 11%, handoff authentication delay by 32%, and signaling cost by 37% compared to the SGMS (Secure Group Mobility Scheme) and LAMS (Light-Wight Authentication & Mobility Scheme).