Abstract
As the Internet of Things (IoT) ecosystem continues to spread, many researchers are addressing the need for robust and lightweight authentication mechanisms for both continuous and mobile IoT devices. However, the main issue that many face is the lack of a consensus on the definitions of both continuous and mobile IoT authentication. This thesis aims to investigate the diverse definitions and approaches surrounding continuous and mobile IoT authentication. We delve into the evolving landscape of authentication methods, protocols, and security measures tailored for IoT devices that operate in dynamic and mobile environments. A comprehensive survey navigates through the multifaceted dimensions of continuous authentication, which includes examining user behavior, biometrics, and contextual data to ensure the ongoing security of IoT devices. It serves as a valuable resource for researchers, practitioners, and stakeholders in the IoT domain, offering insights into the diversity of definitions of continuous and mobile IoT authentication. In this thesis we are proposing a unified definition of continuous mobile authentication on which the solution will be built on. This Thesis aims to present a protocol that is based on monitoring the mobile IoT Device’s motion continuously through gateways, where at each gateway a nonce value is always assigned and checked by the next gateway. From the analysis, the protocol successfully provides 2 authentication modes, full authentication where the user is involved in the process and continuous authentication that is done without the interference of the user. Overall, the protocol contributes to the IoT security field by offering a authentication that can be applied to organizations that has multiple gateways without some of the common drawbacks that are observed in previous approaches. It is also worth mentioning that SPAN AVISPA was used to verify the protocol against the attacks that are defined in the intruder simulation mode of the software, and the results of the simulation were found to be safe and following the same intended steps. In the simulation two things were tested , the secrecy of keys and where the nodes authenticate each other.
Library of Congress Subject Headings
Internet of things--Security measures; Biometric identification
Publication Date
5-2024
Document Type
Thesis
Student Type
Graduate
Degree Name
Computing Security (MS)
Advisor
Wesam Almobaideen
Advisor/Committee Member
Huda Saadeh
Advisor/Committee Member
Kevser Akpinar
Recommended Citation
Abdo, Saleem Emad Saleem, "Continuous Mobile Authentication Protocol for IoT Based Environment Supporting User Behavioural Profile" (2024). Thesis. Rochester Institute of Technology. Accessed from
https://repository.rit.edu/theses/11824
Campus
RIT Dubai
Plan Codes
COMPSEC-MS
Comments
This thesis has been embargoed. The full-text will be available on or around 7/22/2025.