Anotace:
With the advancement of new hardware and software technologies, the Internet of Things (IoT) has become ubiquitous in our day-to-day life. Along with many diversified applications, IoT has made inroads into several sensitive areas like Healthcare, Industries (IIoT), Smart Cities, Realtime Systems and so on. With the exploding application of IoT, there is an exponential increase in the requirement for security and keeping in mind the constrained nature of IoT devices and networks, customized lightweight protocols and measures have been proposed in the literature. Multi-party authorisation is one of the key aspects of IoT security. Access to sensitive IoT devices should be allowed only after authorisation from trusted entities. In this work, we have proposed a novel Lightweight Multi Party Authorisation for IoT Device Access with key establishment using Bilinear Pairing and multi party authorisation through Shamir's Secret Sharing. All communications are protected by lightweight XOR-based encryption with pairwise session keys. Further, threshold based Shamir's Secret Sharing facilitates the provision of dynamic authorisation policy set by the Admin according to application requirement. A prototype is developed using Raspberry Pi3, DHT11 sensor and an Android Application and tested for satisfactory performance. The scheme is formally verified on AVISPA and an informal security analysis is performed to assess its resistance to various attacks. A feature based comparison of the proposed scheme with other state of the are works established the unique advantages of the system. The proposed scheme has potential applications including, but not limited to, IoMT, IIoT and Smarthome.