Main Article Content

Antonio Pinto
GCC, CIICESI, ESTG, Polytechnic of Porto, Portugal AND CRACS & INESC TEC, Porto, Portugal
Ricardo Costa
GCC, CIICESI, ESTG, Polytechnic of Porto, Portugal
Vol. 5 No. 4 (2016), Articles, pages 43-57
Accepted: Nov 15, 2016


The number of everyday interconnected devices continues to increase and constitute the Internet of Things (IoT). Things are small computers equipped with sensors and wireless communications capabilities that are driven by energy constraints, since they use batteries and may be required to operate over long periods of time. The majority of these devices perform data collection. The collected data is stored on-line using web-services that, sometimes, operate without any special considerations regarding security and privacy. The current work proposes a modified hash-chain authentication mechanism that, with the help of a smartphone, can authenticate each interaction of the devices with a REST web-service using One Time Passwords (OTP) while using open wireless networks. Moreover, the proposed authentication mechanism adheres to the stateless, HTTP-like behavior expected of REST web-services, even allowing the caching of server authentication replies within a predefined time window. No other known web-service authentication mechanism operates in such manner.


Download data is not yet available.

Article Details


ABIresearch, 2014. The Internet of Things Will Drive Wireless Connected Devices to 40.9 Billion in 2020.

Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P. H., Heam, P. C., Kouchnarenko, O., and Mantovani, J., 2005. The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications. volume 5, pages 281–285. Springer.

Costa, R. and Pinto, A., 2015. A framework for the secure storage of data generated in the IoT. Advances in Intelligent and Soft Computing.

Dolev, D. and Yao, A., 1983. On the security of public key protocols. Information Theory, IEEE Transactions on, 29:198–208.

Fielding, R. and Reschke, J. Hypertext Transfer Protocol (HTTP/1.1): Authentication.

Fielding, R. T., 2000. Architectural Styles and the Design of Network-based Software Architectures. PhD, University of California, Irvine.

Hardt, D. The OAuth 2.0 Authorization Framework.

Hardt, D. and Jones, M. The OAuth 2.0 Authorization Framework: Bearer Token Usage.

Jammer-Lahav, E. The OAuth 1.0 Protocol.

Liang, J. and Lai, X.-J., 2007. Improved Collision Attack on Hash Function MD5. Journal of Computer Science and Technology, 22(1):79–87. ISSN 1000-9000, 1860-4749.

Peng, D., Li, C., and Huo, H., 2009. An extended UsernameToken-based approach for REST-style Web Service Security Authentication. In 2nd IEEE International Conference on Computer Science and Information Technology, 2009. ICCSIT 2009, pages 582–586.

Press, G., 2014. It's Official: The Internet Of Things Takes Over Big Data As The Most Hyped Technology.

Stevens, M.M.J., 2006. Fast Collision Attack on MD5. Technical report.

Wang, X., Yin, Y. L., and Yu, H., 2005. Finding Collisions in the Full SHA-1. In Shoup, V., editor, Advances in Cryptology – CRYPTO 2005, number 3621 in Lecture Notes in Computer Science, pages 17–36. Springer Berlin Heidelberg. ISBN 978-3-540-28114-6, 978-3-540-31870-5.

Xia, F., Yang, L. T., Wang, L., and Vinel, A., 2012. Internet of Things. International Journal of Communication Systems, 25(9):1101–1102. ISSN 1099-1131.