Existing authentication solutions proposed for Internet of Things (IoT) provide a single Level of Assurance (LoA) regardless of the sensitivity levels of the resources or interactions between IoT devices being protected. For effective (with adequate level of protection) and efficient (with as low overhead costs as possible) protections, it may be desirable to tailor the protection level in response to the sensitivity level of the resources, as a stronger protection level typically imposes a higher level of overheads costs. In this paper, we investigate how to facilitate multi-LoA authentication for IoT by proposing a multi-factor multi-level and interaction based (M2I) authentication framework. The framework implements LoA linked and interaction based authentication. Two interaction modes are investigated, P2P (Peer-to-Peer) and O2M (One-to-Many) via the design of two corresponding protocols. Evaluation results show that adopting the O2M interaction mode in authentication can cut communication cost significantly; compared with that of the Kerberos protocol, the O2M protocol reduces the communication cost by 42% ~ 45%. The protocols also introduce less computational cost. The P2P and O2M protocol, respectively, reduce the computational cost by 70% ~ 72% and 81% ~ 82% in comparison with that of Kerberos. Evaluation results also show that the two factor authentication option costs twice as much as that of the one-factor option.
翻译:对互联网事物(IoT)提出的现有认证解决方案提供了单一的保证级别,而不论资源或IoT装置之间互动的敏感程度如何,都提供了单一的保证级别(LOA),为了有效(有足够的保护水平)和高效(尽可能低间接费用)保护,也许有必要根据资源的敏感程度调整保护级别,因为较强的保护水平通常要求更高的管理费用。在本文件中,我们调查如何通过提议一个基于多因素的多层次和互动(M2I)认证框架,促进IoT的多层次和互动(M2I)认证框架的多重因素(LoA)认证。框架实施基于LoA的链接和互动认证。通过设计两个相应的协议来调查两种互动模式,P2P(Peer-Peer)和O2M(O2-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-O-% AS-O-O-O-O-O-I)的计算成本成本-I-I-I-I)选项,成本成本成本成本成本成本成本成本成本成本成本成本成本,分别一个成本的计算成本的计算成本,分别。