FLAT: Federated Lightweight Authentication of Things

Abstract

The Internet of Things (IoT) applications and technologies have been modifying the way people and businesses interact. The IoT growth, however, is followed by several challenges. Among them, a critical aspect in IoT is the authentication of devices and its access control to the available network resources. The Identity Management (IdM) provides means to manage identities of devices and users, being also responsible for the authentication and authorization tasks. In this sense, it is essential to IoT the development of an IdM model that contemplates the specific characteristics of this context, especially considering the computational and storage restrictions of devices and their potential mobility between different domains. Nowadays, widely used IdM solutions are based on asymmetric cryptography, and thus, require more computation and storage from devices, which is not a desirable approach in restricted devices, commonly found in IoT scenarios. As a solution to this problem, it is proposed FLAT, a federated authentication protocol for IoT. FLAT associates: (i) the use of only symmetric cryptosystems in the Client side, (ii) the replacement of traditional cryptosystems such as RSA/DSA by equivalent cryptosystems based on elliptic curves, and (iii) the use of implicit certificates, providing a lightweight solution for authenticating restricted devices. The results show that FLAT can reduce the data exchange overhead in around 31% when compared to the baseline solution. FLAT's Client is also more efficient than the baseline solution in terms of data transmitted, data received, total data exchange, and computation time. FLAT offers an alternative to IoT scenarios where the device authentication between different domains is necessary, and can be executed even in devices with computational and storage restrictions.