A Robust Device-to-Device Continuous Authentication Protocol for the Internet of Things

The Internet of Things (IoT) is a heterogeneous environment that connects billions of devices. Thus, it is a significantly high-value target for attackers and suffers from several threats, especially impersonation attacks during the session. Moreover, the denial of service attack (DoS) threatens IoT environments, as it affects the availability and energy of communicating devices. Continuous authentication solves session hijacking since it checks user legitimacy during the session. Several continuous authentication schemes were proposed to authenticate users to IoT devices, while few works addressed device-to-device authentication. Therefore, it is essential to authenticate devices because if one device gets compromised, then the whole system is at risk. Continuous authentication between devices differs from user-to-device authentication since it cannot rely on biometrics and passwords. This research proposes a fast and secure device-to-device continuous authentication protocol that relies on devices’ features (token, battery, and location), and mitigates DoS attacks using shadow IDs and emergency keys. Moreover, it takes the sensor movement into account while preserving privacy. To evaluate the robustness and validate the security of the proposed protocol, we conducted informal and formal analyses using Scyther. In addition, we tested its performance to establish computation costs relative to the system counterparts. The results show the protocol is robust against security threats, incurring reasonable computational costs.