NomadiKey: User authentication for smart devices based on nomadic keys

Cotta, Leonardo; Fernandes, Artur Luis; Melo, Leandro T. C.; Saggioro, Luiz Felipe Z.; Martins, Frederico Bastos Pinheiro; Neto, Antonio L. Maia; Loureiro, Antônio A. F.; Cunha, Ítalo; Oliveira, Leonardo B.

doi:10.1109/icc.2016.7511425

Cited by 3 publications

(2 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are different types of user-to-device authentication schemes for IoT [68]. First, a user can authenticate himself onto a device by entering a previously shared secret [69][70][71][72][73]. This type of authentication is the most common on smart devices [74] and its security and usability are heavily affected by the chosen secret; complex secrets usually increase security but impair usability [75].…”

Section: Related Workmentioning

confidence: 99%

AoT

Neto

Souza

Cunha

et al. 2016

Proceedings of the 14th ACM Conference on Embedded Network Sensor Systems CD-ROM

Self Cite

View full text Add to dashboard Cite

The consumer electronics industry is witnessing a surge in Internet of Things (IoT) devices, ranging from mundane artifacts to complex biosensors connected across disparate networks. As the demand for IoT devices grows, the need for stronger authentication and access control mechanisms is greater than ever. Legacy authentication and access control mechanisms do not meet the growing needs of IoT. In particular, there is a dire need for a holistic authentication mechanism throughout the IoT device life-cycle, namely from the manufacturing to the retirement of the device. As a plausible solution, we present Authentication of Things (AoT), a suite of protocols that incorporate authentication and access control during the entire IoT device life span. Primarily, AoT relies on Identity-and Attribute-Based Cryptography to cryptographically enforce Attribute-Based Access Control (ABAC). Additionally, AoT facilitates secure (in terms of stronger authentication) wireless interoperability of new and guest devices in a seamless manner. To validate our solution, we have developed AoT for Android smartphones like the LG G4 and evaluated all the cryptographic primitives over more constrained devices like the Intel Edison and the Arduino Due. This included the implementation of an Attribute-Based Signature (ABS) scheme. Our results indicate AoT ranges from highly efficient on resource-rich devices to affordable on resource-constrained IoT-like devices. Typically, an ABS generation takes around 27 ms on the LG G4, 282 ms on the Intel Edison, and 1.5 s on the Arduino Due.

show abstract

Section: Related Workmentioning

confidence: 99%

AoT

Neto

Souza

Cunha

et al. 2016

Proceedings of the 14th ACM Conference on Embedded Network Sensor Systems CD-ROM

Self Cite

View full text Add to dashboard Cite

show abstract

“…To defend against the aforementioned attacks, we present a novel authentication mechanism robust to these attacks while incurring a negligible increase in authentication speed (Section 3). NomadiKey, as it is called, places keys at different absolute positions on the screen each time, preventing the attacks from inferring which keys are pressed during authentication and improving security. Besides, NomadiKey preserves usability by maintaining relative key positions, helping users navigate the keyboard and locate keys.…”

Section: Introductionmentioning

confidence: 99%

NomadiKey: User authentication for smart devices based on nomadic keys

2017

View full text Add to dashboard Cite

SummaryThe growing importance of smart devices calls for effective user authentication mechanisms. We argue that state-of-the-art authentication mechanisms are either vulnerable to known attacks or do not meet usability needs. To address this problem, we designed NomadiKey, a user-to-device authentication mechanism based on nomadic keyboard keys. NomadiKey increases security level by placing keys at different screen coordinates each time it is activated. Besides, NomadiKey preserves usability by maintaining the traditional relative position of keys. To increase security even further, we also design an extension to NomadiKey that uses out-of-band channels to thwart shoulder-surfing adversaries. We compare NomadiKey with other user authentication mechanisms under different attacks using statistical models and simulation. We also evaluate NomadiKey's usability with 20 users. Our results show that NomadiKey increases security compared to widely deployed PIN authentication with limited impact on authentication times.

show abstract