Continuous and low-cost broadcast authentication is a fundamental security service for distributed sensor networks. This paper presents a novel development of a continuous and low-overhead broadcast authentication protocol named enhanced Infinite timed-efficient stream-loss tolerant authentication (enhanced Inf-TESLA) protocol, based on the Inf-TESLA protocol, whose continuous authentication is limited to the duration of its keychains. The enhanced Inf-TESLA protocol satisfies important security properties, including lower communication and computational overhead; a continuous generation of keychains without the need to establish synchronization packets; scalability to a large network; and resistance to masquerading, modification, man-in-the-middle, and replay attacks. We also highlighted an unaddressed authentication issue in the last packets of the original TESLA protocol and proposed a corresponding solution. We performed a simulation analysis using JAVA and proved that, compared to the Inf-TESLA protocol, the enhanced Inf-TESLA protocol can continuously authenticate packets for the entire lifetime of the receiver. We also compared the enhanced Inf-TESLA protocol with the original TESLA protocol in terms of time complexity and critical authentication processes. The results revealed the superiority of the enhanced Inf-TESLA protocol over the original TESLA protocol in terms of the message authentication code (MAC) value generation time and packet authentication time, which we believe can significantly improve the lifetime and lower the energy expenditure of Internet of Things devices with limited power sources.
INDEX TERMS Continuous authentication, Internet of Things, low overhead, TESLA protocol, time complexity
I. INTRODUCTIONThe development of the Internet of Things (IoT) technology has enabled billions of devices around the world to be connected to the Internet to collect and share data, create a level of digital intelligence, and support real-time communication of data [1]. Majority of devices that contribute to the IoT are constrained devices that have access to user information and daily life changes, which makes them vulnerable to cybersecurity attacks. Counter actions include using IoT devices as entry points to access other parts of the network or as a bait to turn turn down the attacker's system down. Constrained devices, such as sensors or smart devices, have limited CPU, memory, and power resources, which restricts the use of security protocols in protecting the privacy of their transferred data [1], [2].The main challenges in securing broadcast communication are source and integrity authentication, verifying that the received data comes from a legitimate source and has not been altered en-route [3]. Furthermore,