Hash-chain-based authentication for IoT

Antonio PINTO, Ricardo COSTA


The number of everyday interconnected devices continues to increase and constitute the Internet of Things (IoT). Things are small computers equipped with sensors and wireless communications capabilities that are driven by energy constraints, since they use batteries and may be required to operate over long periods of time. The majority of these devices perform data collection. The collected data is stored on-line using web-services that, sometimes, operate without any special considerations regarding security and privacy. The current work proposes a modified hash-chain authentication mechanism that, with the help of a smartphone, can authenticate each interaction of the devices with a REST web-service using One Time Passwords (OTP) while using open wireless networks. Moreover, the proposed authentication mechanism adheres to the stateless, HTTP-like behavior expected of REST web-services, even allowing the caching of server authentication replies within a predefined time window. No other known web-service authentication mechanism operates in such manner.


IoT; Secure; Authentication

Full Text:



ABIresearch, 2014. The Internet of Things Will Drive Wireless Connected Devices to 40.9 Billion in 2020.

Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P. H., Heam, P. C., Kouchnarenko, O., and Mantovani, J., 2005. The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications. volume 5, pages 281–285. Springer. https://doi.org/10.1007/11513988_27

Costa, R. and Pinto, A., 2015. A framework for the secure storage of data generated in the IoT. Advances in Intelligent and Soft Computing. https://doi.org/10.1007/978-3-319-19695-4_18

Dolev, D. and Yao, A., 1983. On the security of public key protocols. Information Theory, IEEE Transactions on, 29:198–208.

Fielding, R. and Reschke, J. Hypertext Transfer Protocol (HTTP/1.1): Authentication.

Fielding, R. T., 2000. Architectural Styles and the Design of Network-based Software Architectures. PhD, University of California, Irvine.

Hardt, D. The OAuth 2.0 Authorization Framework.

Hardt, D. and Jones, M. The OAuth 2.0 Authorization Framework: Bearer Token Usage.

Jammer-Lahav, E. The OAuth 1.0 Protocol.

Liang, J. and Lai, X.-J., 2007. Improved Collision Attack on Hash Function MD5. Journal of Computer Science and Technology, 22(1):79–87. ISSN 1000-9000, 1860-4749. https://doi.org/10.1007/s11390-007-9010-1

Peng, D., Li, C., and Huo, H., 2009. An extended UsernameToken-based approach for REST-style Web Service Security Authentication. In 2nd IEEE International Conference on Computer Science and Information Technology, 2009. ICCSIT 2009, pages 582–586. https://doi.org/10.1109/ICCSIT.2009.5234805

Press, G., 2014. It's Official: The Internet Of Things Takes Over Big Data As The Most Hyped Technology.

Stevens, M.M.J., 2006. Fast Collision Attack on MD5. Technical report.

Wang, X., Yin, Y. L., and Yu, H., 2005. Finding Collisions in the Full SHA-1. In Shoup, V., editor, Advances in Cryptology – CRYPTO 2005, number 3621 in Lecture Notes in Computer Science, pages 17–36. Springer Berlin Heidelberg. ISBN 978-3-540-28114-6, 978-3-540-31870-5. https://doi.org/10.1007/11535218_2

Xia, F., Yang, L. T., Wang, L., and Vinel, A., 2012. Internet of Things. International Journal of Communication Systems, 25(9):1101–1102. ISSN 1099-1131. https://doi.org/10.1002/dac.2417

DOI: http://dx.doi.org/10.14201/ADCAIJ2016544357

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.

Clarivate Analytics