When studying for a doctoral degree (PhD), candidates submit a thesis that provides a critical review of the current state of knowledge of the thesis subject as well as the student’s own contributions to the subject. The distinguishing criterion of doctoral graduate research is a significant and original contribution to knowledge.
Once accepted, the candidate presents the thesis orally. This oral exam is open to the public.
Abstract
The widespread Internet of Things (IoT) has resulted in unprecedented levels of interconnection among devices, allowing for the development of smart environments. Moreover, its massive deployment in many applications such as healthcare systems, transportation, and education has resulted in a huge amount of generated data that requires processing capability beyond what is available in many resource-constrained IoT devices. In the traditional IoT-cloud paradigm, limited-resource IoT devices outsource their heavy computations to the cloud server. However, the number of IoT devices is expected to exceed 75 billion by 2025, resulting in a significant increase in sensed data requiring further processing on the cloud. This significant increase in sensed data makes the single point of failure at the cloud more severe. Moreover, such expanding adoption of IoT devices in many real-time applications imposes some Quality of Service (QoS) requirements that conventional IoT-cloud architecture cannot address, such as low latency, location awareness, mobility support, and geo-distribution.
To address the challenges above, the 3-tier IoT-edge-cloud architecture has been proposed. In this paradigm, the sensed data are sent to nearby, more computation-capable nodes (i.e., edge nodes), instead of the centralized cloud server, for further data processing and storage. Such a distributed paradigm mitigates the single point of failure, offers location awareness, and satisfies the required IoT application QoS. However, this new paradigm comes with new security challenges. It requires IoT devices to offload their data to a network of distributed edge nodes for further computation without prior registration with such edge nodes. Additionally, an external adversary can trace the edge node that the IoT device is attached to and compromise the privacy of an IoT device user by gaining insights about the user's existence at certain locations at certain times. Furthermore, according to Gartner’s 2020 statistics, there is a total of 2.38 billion IoT devices deployed in open public sectors. These IoT devices are potential targets for hardware compromise and unauthorized access to IoT device credentials. The security concerns mentioned above restrict the widespread adoption of edge computing due to the strong commitment to individual privacy and data security.
In this thesis, we address the above challenges of adopting edge computing by proposing efficient and secure authentication protocols for IoT applications in edge computing. Our proposed protocols include Symmetric Key Authentication protocol with Forward Secrecy (SKAFS), Symmetric Key Inter-Cloud Authentication, and redeemable micropayment Protocol (SKICAP), Mutual Authentication Privacy-preserving protocol with Forward Secrecy (MAPFS), and Conditional Privacy-preserving Message Authentication protocol for VANET Emergency message exchange (CP-MAVE) protocols. The proposed protocols utilize lightweight cryptographic primitives to realize efficient protocols for edge computing. Moreover, the proposed protocols fulfill the security requirements for IoT applications, such as IoT device anonymity, session unlinkability, and resilience to hardware compromise of IoT devices.
For our proposed protocols, we provided a formal security analysis based on computationally hard problems. Furthermore, we evaluated the performance of our proposed protocols in terms of communication overhead and computation complexity and compared them with other closely related protocols. Finally, we implemented prototypes of our proposed protocols using socket programming, simulating the message flow between the protocol entities to calculate their end-to-end latency and confirm the efficiency of our proposed protocols.