A Proposal for Dynamic and Secure Authentication in IoT Architectures Based on SDN

Main Article Content

Younes Abbassi https://orcid.org/0000-0002-4506-3967
Hicham Toumi
El Habib Ben Lahmar


Internet of things (IoT), Software-Defined Networking (SDN), One-Time Password (OTP), Two-Factor Authentication (2FA)


The connectivity of private resources on public infrastructure, user mobility, and the advent of new technologies have added new client and server-side security requirements. Security is the major element of the Internet of Things (IoT) that will certainly reinforce an even greater acceptance of IoT by citizens and companies. Security is critical in this context given the underlying stakes. This paper aims to advance the thinking on authentication of connected objects by proposing an authentication mechanism that meets the needs of IoT systems in terms of security and performance. It is based on SDN (Software-Defined Networking), which refers to a set of advanced technologies that allow for centralized control of network resources. OTP (One-Time Password) is a type of authentication that could be useful in connected object environments and smart cities. This research work extends the principle of OTP and proposes a lightweight authentication method using a new approach to OTP generation that relies on two parameters (Two-Factor Authentication, 2FA) to ensure the security of underlying systems. Subsequently, we leverage the combination of SDN and the 2FA algorithm to propose an adaptive authentication and authorization solution in the IoT network.


Download data is not yet available.
Abstract 65 | 564-PDF-v10n4pp72-93 Downloads 6


Abdellatif, A. A., Mhaisen, N., Mohamed, A., Erbad, A., Guizani, M., Dawy, Z., &Nasreddine, W. (2022). Communication-efficient hierarchical federated learning for IoT heterogeneous systems with imbalanced data. Future Generation Computer Systems, 128, 406–419. https://doi.org/10.1016/j.future.2021.10.016
Alizadeh, M., Tadayon, M. H., & Jolfaei, A. (2021). Secure ticket-based authentication method for IoT applications. Digital Communications and Networks. [online]. https://doi.org/10.1016/j.dcan.2021.11.003
Babkin, S., & Epishkina, A. (2018). One-Time Passwords: Resistance to Masquerade Attack. Procedia Computer Science, 145, 199–203. https://doi.org/10.1016/j.procs.2018.11.040
Baseri, Y., Hafid, A., & Cherkaoui, S. (2018). Privacy preserving fine-grained location-based access control for mobile cloud. Computers & Security, 73, 249–265. https://doi.org/10.1016/j.cose.2017.10.014
Biggs, J. (2016). Hackers release source code for a powerful DDoS app called Mirai. Tech Crunch, October 11, 2016. Retrieved from https://techcrunch.com/2016/10/10/hackers-release-source-code-for-a-powerful-ddos-app-called-mirai/#:~:text=Hackers%20release%20source%20code%20for%20a%20powerful%20DDoS%20app%20called%20Mirai,-John%20Biggs%40johnbiggs&text=After%20doing%20heavy%20damage%20to,the%20source%20code%20on%20Github.
Botta, A., DeDonato, W., Persico, V., & Pescapé, A. (2014). On the integration of cloud computing and internet of things. Future internet of things and cloud (FiCloud), International Conference on, IEEE. https://doi.org/10.1109/FiCloud.2014.14
El Kamel, A., Eltaief, H., & Youssef, H. (2022). On-the-fly (D)DoS attack mitigation in SDN using Deep Neural Network-based rate limiting. Computer Communications, 182, 153–169. https://doi.org/10.1016/j.comcom.2021.11.003
Hammi, M. T., Bellot, P., & Serhrouchni, A. (2018). BCTrust: A decentralized authentication blockchain-based mechanism. IEEE Wireless Communications and Networking Conference (WCNC). https://doi.org/10.1109/WCNC.2018.8376948
Hammi, B., Fayad, A., Khatoun, R., Zeadally, S., & Begriche, Y. (2020). A Lightweight ECC-Based Authentication Scheme for Internet of Things (IoT). IEEE Systems Journal, 14(3), 3440–3450. https://doi.org/10.1109/JSYST.2020.2970167
Hussain, A., & Chun, J. (2022). Cloud service scrutinization and selection framework (C3SF): A novel unified approach to cloud service selection with consensus. Information Sciences, 586, 155–175. https://doi.org/10.1016/j.ins.2021.11.024
Junior, N. F., Silva, A. A. A., Guelfi, A. E., & Kofuji, S. T. (2021). Privacy-preserving cloud-connected IoT data using context-aware and end-to-end secure messages. Procedia Computer Science, 191, 25–32. https://doi.org/10.1016/j.procs.2021.07.007
Kemshall, A. (2011). Why mobile two-factor authentication makes sense. Network Security, 2011, 9–12. https://doi.org/10.1016/S1353-4858(11)70038-1
Kocher, P. C. (1996). Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) Advances in Cryptology — CRYPTO ’96. CRYPTO 1996. Lecture Notes in Computer Science, 1109, 104–113. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-68697-5_9
Koohang, A., Sargent, C. S., Nord, J. H., & Paliszkiewicz, J. (2022). Internet of Things (IoT): From awareness to continued use. International Journal of Information Management, 62, 102442. https://doi.org/10.1016/j.ijinfomgt.2021.102442
Lagane, C. (2017). BrickerBot, un destructeur d’objets connectés qui agit… pour la bonne cause. Silicon (France), April 21, 2017. Retrieved from https://www.silicon.fr/brickerbot-destructeur-objets-connectes-bonne-cause-172891.html
Lee, S., Kang, B., & Cho, K. (2017). Design and Implementation for Data Protection of Energy IoT utilizing OTP in the Wireless Mesh Network. Energy Procedia, 141, 540–544. https://doi.org/10.1016/j.egypro.2017.11.116
Mitake, Y., Tsutsui, Y., Alfarihi, S., Sholihah, M., & Shimomura, Y. (2021). A life cycle cost analysis method accelerating IoT implementation in SMEs. Procedia CIRP, 104, 1424–1429. https://doi.org/10.1016/j.procir.2021.11.240
M’Raihi, D., Bellare, M., Hoornaert, F., Naccache, D., & Ranen, O. (2005). HOTP: An HMAC-Based One-Time Password Algorithm. IETF, RFC 4226. https://www.ietf.org/rfc/rfc4226.txt
M’Raihi, D., Machani, S., Pei, M., & Rydell, J. (2011). TOTP: Time-Based One-Time Password Algorithm. IETF, RFC 6238. https://doi.org/10.17487/rfc6238
Munther, M. N., Hashim, F., Abdul Latiff, N. A., Alezabi, K. A., & Liew, J. T. (2021). Scalable and secure SDN based ethernet architecture by suppressing broadcast traffic. Egyptian Informatics Journal, 23(1), 113–126. https://doi.org/10.1016/j.eij.2021.08.001
Mutlag, A. A., Abd Ghani, M. K., Arunkumar, N., Mohammed, M. A., & Mohd, O. (2019). Enabling technologies for fog computing in healthcare IoT systems. Future Generation Computer Systems, 90, 62–78. https://doi.org/10.1016/j.future.2018.07.049
Nait-Hamoud, O., Kenaza, T., & Challal, Y. (2021). Certificateless Public Key Systems Aggregation: An enabling technique for 5G multi-domain security management and delegation. Computer Networks, 199, 108443. https://doi.org/10.1016/j.comnet.2021.108443
Sadri, M. J., & Asaar, M. R. (2021). An anonymous two-factor authentication protocol for IoT-based applications. Computer Networks, 199, 108460. https://doi.org/10.1016/j.comnet.2021.108460
Shan, L., Zhou, H., & Hong, D. (2021). Application of access control model for confidential data. Procedia Computer Science, 192, 3865–3874. https://doi.org/10.1016/j.procs.2021.09.161
Simpson, W. A. (1996). PPP challenge handshake authentication protocol (CHAP). RFC 1994. https://www.rfc-editor.org/rfc/rfc1994.html
Stergiou, C., Psannis, K. E., Kim, B.-G., & Gupta, B. (2018). Secure integration of IoT and Cloud Computing. Future Generation Computer Systems, 78, 964–975. https://doi.org/10.1016/j.future.2016.11.031
Sturm, R., Pollard, C., & Craig, J. (2017). Application Performance Management (APM) in the Digital Enterprise, Appendix C - The NIST Definition of Cloud Computing, 267–269. Morgan Kaufmann, Boston.
Tok, M. S., & Demirci, M. (2021). Security analysis of SDN controller-based DHCP services and attack mitigation with DHCPguard. Computers & Security, 109, 102394. https://doi.org/10.1016/j.cose.2021.102394
Zhang, R., & Hu, Z. (2021). Access control method of network security authentication information based on fuzzy reasoning algorithm. Measurement, 185, 110103. https://doi.org/10.1016/j.measurement.2021.110103