Machine learning based hybrid trust management scheme for authentication and authorization in IoT

Ahmed, Kazi Istiaque (2024) Machine learning based hybrid trust management scheme for authentication and authorization in IoT. Doctoral thesis, Sunway University.

Preview

Text Machine learning based hybrid trust management scheme.pdf - Accepted Version Download (15MB) | Preview

Abstract

With the ongoing efforts for widespread adoption of the Internet of Things (IoT), security is one critical factor hindering the wide acceptance of IoT. To address the security issue of IoT, several studies have been carried out that involve the use of, but are not limited to, Blockchain, Artificial Intelligence (AI), and edge/fog/cloud computing. Authentication and Authorization (AA) are crucial aspects of the information security policy of the CIA triad that protect the network from malicious parties. However, existing authorization and authentication schemes are insufficient for handling security due to the IoT network’s scalability issue and the devices’ resource-constrained nature. To overcome challenges due to various constraints of IoT networks and nodes, there is a significant interest in trust management (TM) techniques to assist in the AA process for IoT. TM eliminates the requirement to determine "identities" while facilitating the authorization process. Instead, they represent security rights and constraints. This permits more flexibility and expressiveness, and standardizing current, scalable security measures. Hence, TM has received significant attention in enhancing the system’s security by defining policies and providing users with specific access rights. The current TM model in IoT is still under development, and the centralized characteristics of the IoT AA scheme are not enough to solve the heterogeneity and scalability problems. Generic TM for AA depends solely on direct inputs such as user ID and password, MAC, key, digital certificates, etc. Most common security attacks occur in the physical layer by MAC impersonation (spoofing attack), which may jeopardize the whole network. Furthermore, malicious nodes are increasingly intelligent and can change their attack approaches dynamically depending on the ambient inputs to avoid being detected. This makes attack pattern identification for the defending system difficult. Therefore, this thesis attempts to resolve this situation by proposing a holistic multilevel distributed TM scheme for trust and reputation in IoT and privacy control. Zigbee Zolertia Z1 is a popular communication node that offers coverage in a wide-area network with minimal implementation cost and power consumption. Our data-collection testbed consists of 3 client nodes and an edge or gateway node. Here, we used Zolertia Z1 low-power wireless modules compliant with IEEE 802.15.4 and Zigbee protocols. Firstly, a dataset was created from a wireless sensor network testbed comprising the node’s history of (RSSI), (LQI), MAC address, device Temperature, and battery level. Second, a multilevel TM model is designed and implemented to determine the suitable trust level for each node. The proposed scheme trained a feed-forward network and shared the weights between multi-layer perceptrons to the federated machine learning (FML) of the proposed distributed TM model to classify 4-trust levels. Once the trust level is determined, authentication and authorization access rights are intelligently determined using FML. Here, the Local trust manager, such as the edge node or gateway node, will manage the device’s access rights learning model in a distributed fashion. The Global trust manager in the cloud, on the other hand, will aggregate the device’s or edge node’s (e.g., gateway node) learning model in a centralized manner. Furthermore, intelligent attacks can be determined by the probability and frequency of the attack. The proposed TM scheme for AA in IoT allows for spoofing and impersonation attacks to be consistently detected autonomously to remove or isolate a malicious node seeking unauthorized access. Performance evaluation and benchmarking results indicate a high accuracy level compared to the currently available schemes in the literature. The proposed AA scheme’s results were achieved for the four different trust levels, with an overall accuracy of 99.7925% for different AA classes.

Actions (login required)

View Item