Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
The yoking-proof-based authentication protocol for cloud-assisted wearable devices
Liu W., Liu H., Wan Y., Kong H., Ning H. Personal and Ubiquitous Computing20 (3):469-479,2016.Type:Article
Date Reviewed: Aug 16 2016

To understand the problem raised in the paper, we have to clarify two important concepts included in its title. One of the concepts is yoking-proof-based authentication. The idea of a yoking-proof protocol for radio-frequency identifications (RFIDs) is outlined in Juels’ paper [1]. It means basically coupling or pairing (“yoking”) two devices having computationally limited resources. The yoking enforces that both devices should be present when scanning happens by a reading device. The other concept is cloud-assisted wearable devices, which include any Internet of Things (IoT) applications, sensors, or gadgets that can be connected to a cloud through some communicating device, for example, a smartphone, and can be worn on the body. In such a scenario, the specific wearable device and the cloud represent the two parties that should be (strongly) coupled.

IoT wearable devices constrain computational capacity, hence an appropriate protocol and cryptographic algorithm are required to ensure confidentiality, integrity, mutual trust, and protection against eavesdropping. These concerns contain mutually opposite demands so that a reasonable compromise should be found. The paper proposes a lightweight authentication protocol to implement a suitable identification mechanism in a secure manner.

The paper was published in a peer-reviewed journal; this fact is important for the reason that the paper contains a detailed mathematical formalism for the cryptographic procedures and algorithms. The basic idea for mutual authentication is a handshaking, a Diffie-Hellman-like method that takes into account the computational resource limitations when generating pseudo-random numbers and shares a secret key. The computationally heavy part of the algorithm is carried out in the cloud to perform the verification for wearable devices that are connected to the cloud through a smartphone. The protocol uses as a parameters the identification data of devices, the secret key, and a randomly generated hash to support the message exchange and to prove that the parties (devices, agent in the cloud) can mutually trust each other. The mathematics of the cryptographic procedures shown in the paper seems plausible. A formal security analysis proves the validity of the proposed algorithm [2].

A performance analysis is executed as well, to buttress the suitability of the algorithm in an environment that is computationally resource constrained and having real-time requirements. Only the resource-intensive hash generation was delegated to the IoT devices; the other computational tasks are carried out in the cloud so that the solution produces good performance in a real-time environment.

The paper might be interesting for researchers in the fields of security, ubiquitous computing, and IoT applications.

Reviewer:  Bálint Molnár Review #: CR144689 (1611-0808)
1) Juels, A. “Yoking-proofs” for RFID tags. In Proc. of the 2nd IEEE International Conference on Pervasive Computing and Communications. IEEE, 2004, 138–143.
2) Rubin, A. D.; Honeyman, P. Nonmonotonic cryptographicprotocols. In Proc. of the Computer Security Foundations Workshop VII. IEEE, 1994, 100–116.
Bookmark and Share
  Featured Reviewer  
 
Cloud Computing (C.2.4 ... )
 
 
Authentication (D.4.6 ... )
 
 
Portable Devices (C.5.3 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Cloud Computing": Date
Cloud security and privacy: an enterprise perspective on risks and compliance
Mather T., Kumaraswamy S., Latif S., O’Reilly Media, Inc., Sebastopol, CA, 2009.  336, Type: Book (9780596802769), Reviews: (1 of 3)
Dec 14 2009
Cloud security and privacy: an enterprise perspective on risks and compliance
Mather T., Kumaraswamy S., Latif S., O’Reilly Media, Inc., Sebastopol, CA, 2009.  336, Type: Book (9780596802769), Reviews: (2 of 3)
Jan 26 2010
Cloud security and privacy: an enterprise perspective on risks and compliance
Mather T., Kumaraswamy S., Latif S., O’Reilly Media, Inc., Sebastopol, CA, 2009.  336, Type: Book (9780596802769), Reviews: (3 of 3)
Mar 18 2010
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy