Continuous Authentication (CA) has been proposed as a potential solution to counter complex cybersecurity attacks that exploit conventional static authentication mechanisms that authenticate users only at an ingress point. However, widely researched human user characteristics-based CA mechanisms cannot be extended to continuously authenticate Internet of Things (IoT) devices. The challenges are exacerbated with increased adoption of device-to-device (d2d) communication in critical infrastructures. Existing d2d authentication protocols proposed in the literature are either prone to subversion or are computationally infeasible to be deployed on constrained IoT devices. In view of these challenges, we propose a novel, lightweight, and secure CA protocol that leverages communication channel properties and a tunable mathematical function to generate dynamically changing session keys. Our preliminary informal protocol analysis suggests that the proposed protocol is resistant to known attack vectors and thus has strong potential for deployment in securing critical and resource-constrained d2d communication.
翻译:持续验证(CA)是应对复杂的网络安全攻击的一个潜在解决方案,这种攻击利用了只在进入点验证用户的常规静态认证机制,但是,不能将广泛研究的基于人类用户特性的CA机制扩大到持续验证物(IoT)装置的互联网,由于在关键基础设施中更多地采用设备对设备(d2d)的通信,挑战更加严重。文献中提议的现有d2d认证协议容易颠覆,或者在计算上无法在受限制的IoT装置上部署。有鉴于这些挑战,我们提议采用新颖的、轻重和安全的CA协议,利用通信频道特性和可金枪鱼的数学功能生成动态变化的会话键。我们的初步非正式协议分析表明,拟议的协议对已知攻击矢量具有抗药性,因此在确保受资源限制的关键D2d通信方面有很大的部署潜力。