Token-Based Security for the Internet of Things With Dynamic Energy-Quality Tradeoff

In this paper, token-based security protocols with dynamic energy-security level tradeoff for Internet of Things (IoT) devices are explored. To assure scalability in the mechanism to authenticate devices in large-sized networks, the proposed protocol is based on the OAuth 2.0 framework, and on secrets generated by on-chip physically unclonable functions. This eliminates the need to share the credentials of the protected resource (e.g., server) with all connected devices, thus overcoming the weaknesses of conventional client-server authentication. To reduce the energy consumption associated with secure data transfers, dynamic energy-quality tradeoff is introduced to save energy when lower security level (or, equivalently, quality in the security subsystem) is acceptable. Energy-quality scaling is introduced at several levels of abstraction, from the individual components in the security subsystem to the network protocol level. The analysis on an MICA 2 mote platform shows that the proposed scheme is robust against different types of attacks and reduces the energy consumption of IoT devices by up to 69% for authentication and authorization, and up to 45% during data transfer, compared to a conventional IoT device with fixed key size.