Abstract

As the Internet of Things (IoT) ecosystem continues to spread, many researchers are addressing the need for robust and lightweight authentication mechanisms for both continuous and mobile IoT devices. However, the main issue that many face is the lack of a consensus on the definitions of both continuous and mobile IoT authentication. This thesis aims to investigate the diverse definitions and approaches surrounding continuous and mobile IoT authentication. We delve into the evolving landscape of authentication methods, protocols, and security measures tailored for IoT devices that operate in dynamic and mobile environments. A comprehensive survey navigates through the multifaceted dimensions of continuous authentication, which includes examining user behavior, biometrics, and contextual data to ensure the ongoing security of IoT devices. It serves as a valuable resource for researchers, practitioners, and stakeholders in the IoT domain, offering insights into the diversity of definitions of continuous and mobile IoT authentication. In this thesis we are proposing a unified definition of continuous mobile authentication on which the solution will be built on. This Thesis aims to present a protocol that is based on monitoring the mobile IoT Device’s motion continuously through gateways, where at each gateway a nonce value is always assigned and checked by the next gateway. From the analysis, the protocol successfully provides 2 authentication modes, full authentication where the user is involved in the process and continuous authentication that is done without the interference of the user. Overall, the protocol contributes to the IoT security field by offering a authentication that can be applied to organizations that has multiple gateways without some of the common drawbacks that are observed in previous approaches. It is also worth mentioning that SPAN AVISPA was used to verify the protocol against the attacks that are defined in the intruder simulation mode of the software, and the results of the simulation were found to be safe and following the same intended steps. In the simulation two things were tested , the secrecy of keys and where the nodes authenticate each other.

Publication Date

5-2024

Document Type

Thesis

Student Type

Graduate

Degree Name

Computing Security (MS)

Advisor

Wesam Almobaideen

Advisor/Committee Member

Huda Saadeh

Advisor/Committee Member

Kevser Akpinar

Comments

This thesis has been embargoed. The full-text will be available on or around 7/22/2025.

Campus

RIT Dubai

Download

Available for download on Tuesday, July 22, 2025

Share

COinS