Authentication protocol for internet of things devices using bluetooth low energy

VIETNAM NATIONAL UNIVERSITY HO CHI MINH CITY UNIVERSITY OF TECHNOLOGY NGUYEN LE PHUONG THAO AUTHENTICATION PROTOCOL FOR INTERNET OF THINGS DEVICES USING BLUETOOTH LOW ENERGY Majors: Computer Science ID: 60480101 MASTER THESIS Ho Chi Minh City, January 2021 i THE WORK IS DONE AT HO CHI MINH CITY UNIVERSITY OF TECHNOLOGY – VNU – HCM Scientific supervisor: Assoc Prof Dang Tran Khanh The reviewer 1: Assoc Prof Tran Trung Hieu The reviewer 2: Assoc Prof Nguyen Tuan Dang This master thesis is defended at Ho Chi Minh City University of Technology – VNU – HCM on 22nd January 2021 The master thesis assessment committee includes: Assoc Prof Tran Minh Quang Dr Phan Trong Nhan Assoc Prof Huynh Trung Hieu Assoc Prof Nguyen Tuan Dang Assoc Prof Dang Tran Khanh Confirmation of the Chairman of the assessment committee and the Head of the specialized management department after the thesis has been corrected (if any) CHAIRMAN OF THE HEAD OF FACULTY OF ASSESSMENT COMMITTEE COMPUTER SCIENCE AND ENGINEERING ii VNU –HO CHI MINH CITY HO CHI MINH CITY UNIVERSITY OFTECHNOLOGY SOCIALIST REPUBLIC OF VIETNAM Independence –Freedom –Happiness MASTER THESIS Student name: NGUYEN LE PHUONG THAO Student ID: 1770160 Date of birth: Dec 30th, 1991 Place of birth: Ho Chi Minh City Major: Computer Science Major ID: 60480101 I THESIS TITLE: Authentication Protocol for Internet of Things Devices using Bluetooth low energy II TASKS AND CONTENTS: Proposing an authentication protocol for Internet of Things Devices using Bluetooth low energy, which is lightweight and secure III DATE OF THE THESIS ASSIGNMENT: Feb 24th, 2020 IV DATE OF THE THESIS COMPLETION: Dec 20th, 2020 V SUPERVISOR: Assoc Prof Dang Tran Khanh Ho Chi Minh City,…… Jan 2021 SUPERVISOR (Sign and full name) HEAD OF DEPARTMENT (Sign and full name) DEAN OF FACULTY OF COMPUTER SCIENCE AND ENGINEERING (Sign and full name) ii Acknowledgement I would like to express my gratitude to my supervisor Assoc Prof Dang Tran Khanh for the continuous support of my Master study and related research I am thankful for his patience, advice and all the opportunities he has given me during the last two years I would like to thank my fellow master students and my co-workers at work for their help, cooperation and our friendships as well, which have encouraged and got me through certain difficult stages Last but not least, I would like to thank my friends and my families, to my parents and my sister for unconditionally supporting me throughout the course and life in general Nguyen Le Phuong Thao iii Abstract More than twenty years have passed since the day the term "Internet of Things" (IoTs) first appeared, now IoTs systems are so familiar in our daily life The greatest benefit of IoTs comes from highly heterogeneous interconnected devices and systems, covering every shape, size, and functionality Being considered as the future of the Internet, IoT development comes with urgent requirements about the provision of security and privacy as the number of deployed IoT devices rapidly increases every year Among those, authenticity is the main requirement for the IoT Device to Device connection is also a crucial part of IoTs One of the most popular standards for Device to Device connection is Bluetooth Bluetooth Low Energy (BLE) is increasing in popularity, especially now many scientists are proposing it as a technique for contact tracing to combat COVID-19 Additionally, BLE is being used in applications involving transferring sensitive information such as home security systems Therefore, a secure authentication protocol for IoTs based on BLE framework will be necessary due to the lightweight and popularity of BLE In this thesis, I propose a new authentication solution for BLE with enhanced privacy, but minimal impact on energy consumption I also provided a framework to demonstrate our protocol can be implemented on real devices, which support BLE modules The correctness of the proposed scheme is formally proved with BAN logic Additionally, I provided an information security analysis to prove my protocol can withstand typical types of cyberattacks Last but not least, I measured the execution time and power consumption when applying my protocol on the top of BLE framework I also attach three publicized articles regarding to my research during master study iv Tóm tắt luận văn Hơn hai mươi năm trôi qua kể từ ngày thuật ngữ “Internet of Things” (IoTs) lần xuất hiện, hệ thống IoTs quen thuộc sống hàng ngày Lợi ích to lớn đến từ kết nối chặt chẽ thiết bị hệ thốngvô đa dạng mặt chủng loại, hình dáng, kích thước chức Được xem tương lai Internet, phát triển IoT kèm với yêu cầu cấp thiết việc cung cấp bảo mật quyền riêng tư số lượng thiết bị IoT triển khai tăng nhanh hàng năm Trong số đó, khả xác thực yêu cầu quan trọng IoT Kết nối thiết bị với thiết bị phần thiết yếu IoT Một tiêu chuẩn phổ biến cho kết nối Thiết bị với Thiết bị Bluetooth Bluetooth Low Energy (BLE) ngày phổ biến, đặc biệt nhiều nhà khoa học đề xuất kỹ thuật truy tìm liên lạc để chống lại COVID-19 Ngồi ra, BLE sử dụng ứng dụng liên quan đến việc chuyển thông tin nhạy cảm hệ thống an ninh gia đình Do đó, giao thức xác thực an toàn cho IoTs dựa tảng BLE cần thiết tính hiệu phổ biến BLE Trong luận văn này, đề xuất giải pháp xác thực cho IoTs tảng BLE với tính riêng tư nâng cao tiêu thụ lượng cách tối thiểu Tôi cung cấp khuôn khổ để chứng minh giao thức chúng tơi triển khai thiết bị thực hỗ trợ phần cứng BLE Tính đắn giao thức đề xuất chứng minh với logic BAN Ngoài ra, luận văn cung cấp phân tích bảo mật thơng tin để chứng minh giao thức đề xuất chống lại loại cơng mạng điển hình Cuối cùng, thực đo đạc cần thiết để đảm bảo tính tiết kiệm lượng cuả giao thức v Declaration of authorship I declare that the work presented herein is my own original work and has not been published or submitted elsewhere for any degree programme, diploma or other qualifications Any literature data or work done by others and cited within this thesis has been completely listed in the reference section Nguyen Le Phuong Thao vi Contents Acknowledgement iii Abstract iv Tóm tắt luận văn v Declaration of authorship vi List of acronyms xiii Introduction 1.1 Overview 1.2 Major purposes of the thesis 1.3 Contributions 1.3.1 Scientific contributions 1.3.2 Practical contributions 1.4 Research scope 1.5 Thesis outline Backgrounds 2.1 Internet of Things overview vii 2.1.1 2.2 2.3 2.4 IoT properties Public key cryptography 2.2.1 Public-key encryption 2.2.2 Public-key digital signature 10 Bluetooth Low Energy 11 2.3.1 Overview 11 2.3.2 Network topology 11 2.3.3 Security features 13 BAN-logic 15 2.4.1 BAN-logic overview 15 2.4.2 Notations 16 2.4.3 Typical protocol goals 17 2.4.4 Protocol analysis with BAN-logic 19 Related works 20 3.1 Criteria of Authentication schemes 20 3.2 Existing authentication frameworks 22 3.3 Previous work 23 Proposed scheme 26 4.1 Senario 26 4.2 Proposed protocol 27 System implementation and proposed framework 33 5.1 33 Hardware viii 5.2 Library information 33 5.3 OS information 35 5.4 Description 35 5.5 Experiment 38 Security analysis 41 6.1 Formal analysis 41 6.2 Informal analysis 44 6.2.1 Security Attributes 44 6.2.2 Security analysis 44 Performance analysis 47 7.1 Communication 47 7.2 Authentication Message Calculation 49 Conclusion and Future Work 51 List of published articles 53 Appendix 54 References 108 Autobiography xiv ix 10 Nguyen et al exchange data securely Hence, PO can give PC the party secret, which is now exchanged in a secure channel, i.e the Wi-Fi key Cause we use BLE framework, the communication between PC and PP are supposed to be safe since they are protected by security methods apply in BLE System implementation and experiment We have a set up of Raspberry Pi Model B and a Asus laptop Raspberry Pi boards are set up as Figure and we establish an secure shell connection from our Asus laptop to them to control Below is some description about hardware and software information regarding Fig Raspberry Pi boards set up to our experiment 99 Three-way Authentication using BLE 11 Fig Experiment model 5.1 Hardware Raspberry Pi Model B+ and Asus laptop (This can also be replaced with a Raspberry Pi Model B+.) 5.2 Library information Python version 2.7 Plugin for python 2.7: - https://pypi.org/project/PyBluez/ - https://pypi.org/project/pycrypto/ Below buitlin libraries in python 2.7 - base64 - datetime - hashlib - os - sys - uuid 5.3 OS information Raspberry Pi boards are installed to boot up with fresh Raspbian Stretch Lite OS version 2018-06-27 Asus laptop uses Ubuntu 14.04 5.4 Description All devices are configured to be able to use all features of BLE We made a simple implementation for our proposed protocol using BLE RFCOMM protocol with 100 12 Nguyen et al devices, representing elements of this Protocol: PC, PP and PO D1 is PC, D2 is PO and D3 is PP We have D1, D2 and D3 The assumptions here are: D1 and D2 not know each other Each D3 is a closed friend of both D1 and D2 If the devices have been authenticated before, their BLE devices have been already paired and exchanged data, so the connection between them is considered as safe via BLE standard When BLE devices have been paired, they will have the same link key in the database Function interface Class NewDevice1: #Support following functions for PC: (a) Send request to join to D2 Input: ID of D2 Output: True/ False Function interface: def DeviceRequestJoin(id2) (b) Create Message, send to D2 so D2 can forward to D3 for help This message is encrypted by D1 and D3 link key If D3 knows D1, D2 will authenticate with D1 Input: ID of D3, message Output: True/ False (result of D1 and D2 authentication) Function interface: def DeviceAuthenticate(id3, message) (c) Running function: Running authentication process Input: None Output: None Function interface: def Running() Class NewDevice2: #Support following functions for PO: (a) Receive Join request from D1: Input: ID1 Output: Message created by D1, ID D1, ID D3, time of authentication Function interface: def ReceiveJoinRequest(id1) (b) In case D2 does not know D1, and need support from D3, D2 need to forward D1 message to D3 101 Three-way Authentication using BLE 13 Input: Message created by D1, ID D1, ID D3, time of authentication Output: True/ False (depend on relationship between D1 and D3) Function interface: def ForwardJoinRequest(id3, id1, m, t) (c) Running function: Running authentication process Input: None Output: None Function interface: def Running() Class NewDevice3: #Support following functions for PP: (a) Accept connection from D2 Input: D2 connection Output: True/ False Function interface: def DeviceConnect(id2) (b) Get D1 data from D2 Input: D2 connection Output: message created by D1, D1 ID Function interface: def GetData(d2) (c) Help D2 authenticate with D1 Input: message created by D1, D1 ID Output True/ False (depend on relationship between D1 and D3) Function interface: def SupportAuthenticate(id1, m) (d) Running function: Running authentication process Input: None Output: None Function interface: def Running() Common functions We also have supporting functions which are shared between all devices: (a) Hash message Input: Message Output: hash value Function interface: def hashMessage(message) (b) Encrypt message Input: Message, key, padding character Output: encrypted message Function interface: def encryptMessage(privateMsg, encodedSecretKey, paddingCharacter) (c) Decrypt message Input: Encoded message, key, padding character 102 14 Nguyen et al Output: decryted message Function interface: def decryptMessage(encodedEncryptedMsg, encodedSecretKey, paddingCharacter) (d) Get Bluetooth link key This key will exist if devices paired with each other before Input: device self Bluetooth MAC address and partner Bluetooth MAC address Output: Key Function interface: def getLinkKey(selfAddr, devAddr) (e) Check if a device is nearby Input: MAC address of device which we need to check Output: True/ False Function interface: def checkNearbyDev(devAddr) (f) Verify time whether it is acceptable (10 minutes should be fine.) Input: sending time, receiving time Output: True/False Function interface: def verifyTime(devTime, receivedTime) 5.5 Experiment We set up our experiment to have type of devices here: Ubuntu laptop, work as PO (D2 device) Raspberry Pi Model B+, work as PC (D1 device) Raspberry Pi Model B+, work as PP (D3 device) There are stages: Beginning stages: PC knows PP and PO knows PP PC does not know PO but wants to authenticate with it Running stage: PC send request to authenticate with PO with support from PP Final stage: complete authentication process PO is paired with PC and can see information of PC Now we will see link key inside PO and PC This link key will be used to generate key for each communication between PO and PC in the future 6.1 Security analysis Security analysis Our protocol is implemented by using BLE connection, so we can utilize the BLE security features BLE 4.2 devices are fully backwards compatible with BLE 4.0 103 Three-way Authentication using BLE 15 and 4.1 devices, this means that 4.2 devices can perform the exact same pairing process as 4.0 and 4.1 devices However, BLE 4.2 are also capable of creating what are known as LE Secure Connections Instead of using a TK and STK, LE Secure Connections use a single Long Term Key (LTK) to encrypt the connection This LTK is exchanged/generated using Elliptic Curve Diffie Hellman public key cryptography which offers significantly stronger security compared to the original BLE key exchange protocol In LE Secure Connections, both phase one and phase three of the pairing process are exactly the same as they are in LE Legacy connections Thus, the only differences occur during phase two of the pairing process The way phase two works in LE Secure Connections is as follows Both devices generate an ECDH public-private key pair The two devices will then exchange their public keys and then start computing the Diffie-Hellman key One of the pairing methods is then used to authenticate the connection Once the connection is authenticated, the LTK is generated and the connection is encrypted AES-CCM is used in Bluetooth LE to provide confidentiality as well as perpacket authentication and integrity Because the LTK is used as input for the encryption key, successful encryption setup provides implicit authentication Similarly, data signing using Identity Resolving Key(IRK) provides implicit authentication that the remote device holds the correct Connection Signature Resolving Key(CSRK) 6.2 Key Generation Key generation in Bluetooth with low energy is performed by the Host on each low energy device independent of any other When using Bluetooth LE Secure Connections, the following keys are exchanged between master and slave: - Connection Signature Resolving Key for Authentication of unencrypted data: CSRK is an 128-bit key used to sign data and verify signatures on the receiving device - Identity Resolving Key for Device Identity and Privacy: In LE Secure Connections, the public/private key pair is generated in the Host and a Secure Connection Key is generated by combining contributions from each device involved in pairing IRK is a 128-bit key used to generate and resolve random address 6.3 Encryption Encryption in Bluetooth with low energy uses AES-CCM cryptography, which is also known as Counter with CBC-MAC, is a mode of operation for cryptographic block ciphers This is an authenticated encryption algorithm that provides both confidentiality and authentication 6.4 Signed Data Bluetooth with its low energy features supports the ability to send authenticated data over an unencrypted transport between two devices with a trusted relation- 104 16 Nguyen et al ship This means that in some circumstances where the communication channel is not encrypted, the device could still have a method to maintain and ensure the data authentication This is accomplished by signing the data with a CSRK The sending devices place a signature after the Protocol Data Unit (PDU) The receiving device verifies the signature and, if the signature is verified, the Data PDU is assumed to come from the trusted source The signature is composed of a Message Authentication Code generated by the signing algorithm and a counter, which is used to protect against a replay attack This counter is increased on each signed Data PDU sent 6.5 Privacy preserving - BLE provides feature that reduces the chance of an attacker to track a device over a long period by often changing an advertising device’s address Only the devices that have been authenticated before can resolve the real Bluetooth MAC address (or we can call ID here) of devices thanks to the IRK If the advertising device was previously discovered and has returned to an advertising state, the device can only be identifiable by trusted devices in future connections without going through discovery procedure again The IRK stored in the trusted device will solve the problem of maintaining privacy while saving discovery computational load and connection time The advertising devices IRK together with other keys was sent to the master device during initial bonding The a master device then can use the IRK to identify the advertiser as a trusted device Conclusion In this paper, we provide a new authentication protocol which is safe to used with IoTs environment Because we use BLE as the framework to test our protocol, we can utilize its low-energy feature We also proved that our work can withstand different kinds of cyberattacks The short range communication of BLE is also a good point to strengthen the proposed protocol In this paper, we only use the Star model of BLE, however, in future works, we can have an improved protocol which uses Mesh model It will not only help to widen the authentication area, but also allow more devices can join the party We can also make the protocol better by doing experiments with around 100 devices as BLE mentioned in its specs and measure the exact energy we need Another interesting topic is making a comparison between BLE and 5G, which is the top trend of current technologies for networking Acknowledgment This research is funded by Vietnam National University Ho Chi Minh City(VNUHCM) under grant number B2018-20-08 We also thank other members of the project, specially Chau D M Pham, for their meaningful help and comments during this paper preparation 105 Three-way Authentication using BLE 17 References Ashton, K.: That ”internet of things” thing vol 22, pp 97–114 (2009) Barbareschi, M., De Benedictis, A., Mazzocca, N.: A puf-based hardware mutual authentication protocol Journal of Parallel and Distributed Computing 119 (2018) https://doi.org/10.1016/j.jpdc.2018.04.007 Blazquez, A., Tsiatsis, V., Vandikas, K.: Performance evaluation of openid connect for an iot information marketplace pp 1–6 (2015) https://doi.org/10.1109/VTCSpring.2015.7146004 Chae, C.J., Choi, K.N., Choi, K., Yae, Y.H., Shin, Y.: The extended authentication protocol using e-mail authentication in oauth 2.0 protocol for secure granting of user access Journal of Internet Computing and Services 16, 21–28 (2015) https://doi.org/10.7472/jksii.2015.16.1.21 Dang, T.K., Tran, K.T.K.: The meeting of acquaintances: A costefficient authentication scheme for light-weight objects with transient trust level and plurality approach Security and Communication Networks 2019, 8123259:1–8123259:18 (2019) https://doi.org/10.1155/2019/8123259, https://doi.org/10.1155/2019/8123259 Delaune, S., Kremer, S., Ryan, M.D., Steel, G.: A formal analysis of authentication in the tpm In: Degano, P., Etalle, S., Guttman, J (eds.) Formal Aspects of Security and Trust pp 111–125 Springer Berlin Heidelberg, Berlin, Heidelberg (2011) Emerson, S., Choi, Y.K., Hwang, D.Y., Kim, K.S., Kim, K.H.: An oauth based authentication mechanism for iot networks pp 1072–1074 (2015) https://doi.org/10.1109/ICTC.2015.7354740 Ferrag, M.A., Maglaras, L., Derhab, A.: Authentication and authorization for mobile iot devices using biofeatures: Recent advances and future trends Security and Communication Networks 2019 (2019) https://doi.org/10.1155/2019/5452870 Gartner: Leading the iot (2018), https://www.gartner.com/imagesrv/books/iot/iotEbook digital.pdf 10 Gershenfeld, N.: When Things Start to Think Hodder & Stoughton (1999), https://books.google.it/books?id=y2SPPwAACAAJ 11 IHS: Internet of things (iot) connected devices installed base worldwide from 2015 to 2025 (in billions) (2018), https://www.statista.com/statistics/471264/iotnumber-of-connected-devices-worldwide/ 12 Kothmayr, T., Schmitt, C., Hu, W., Bruenig, M., Carle, G.: Dtls based security and two-way authentication for the internet of things Ad Hoc Networks 11 (2013) https://doi.org/10.1016/j.adhoc.2013.05.003 13 El-hajj M, Fadlallah A, C.M.S.A.: A survey of internet of things (iot) authentication schemes, https://www.mdpi.com/1424-8220/19/5/1141/htm 14 M Thamrin, N., Ahmad, I., Khalil-Hani, M.: A true random number generator for crypto embedded systems (2006) 15 Mahalle, P., Anggorojati, B., Prasad, N., Rangistty, n.: Identity authentication and capability based access control (iacac) for the internet of things J Cyber Security Mobility 1, 309–348 (2012) 16 Salman, O., Abdallah, S., Elhajj, I., Chehab, A., Kayssi, A.: Identity-based authentication scheme for the internet of things pp 1109–1111 (2016) https://doi.org/10.1109/ISCC.2016.7543884 17 Santos, G., Guimaraes, V., Rodrigues, G., Granville, L., Tarouco, L.: A dtlsbased security architecture for the internet of things pp 809–815 (2015) https://doi.org/10.1109/ISCC.2015.7405613 106 18 Nguyen et al 18 SIG, B.: Bluetooth (2018), https://www.bluetooth.com/˜ /media/files/marketing/bluetooth 5final.ashxla=en 19 Vasilomanolakis, E., Daubert, J., Luthra, M., Gazis, V., Wiesmaier, A., Kikiras, P.: On the security and privacy of internet of things architectures and systems In: 2015 International Workshop on Secure Internet of Things (SIoT) pp 49–57 (2015) https://doi.org/10.1109/SIOT.2015.9 107 References [1] Kevin Ashton That "internet of things" thing volume 22, pages 97–114, 2009 [2] N Gershenfeld When Things Start to Think Hodder & Stoughton, 1999 [3] IHS Internet of things (iot) connected devices installed base worldwide from 2015 to 2025 (in billions), 2018 [4] L Columbus timates Roundup of internet of things forecasts and market es- https://www.forbes.com/sites/louiscolumbus/2016/11/27/roundup-of- internet-of-things-forecasts-and-market-estimates-2016 Accessed: 2018-Nov10 [5] Gartner Leading the iot, 2018 [6] E Vasilomanolakis, J Daubert, M Luthra, V Gazis, A Wiesmaier, and P Kikiras On the security and privacy of internet of things architectures and systems In 2015 International Workshop on Secure Internet of Things (SIoT), pages 49– 57, 2015 [7] Daniela Maresch and Johannes Gartner Make disruptive technological change happen-the case of additive manufacturing Technological Forecasting and Social Change, 2018 [8] Emmanouil Vasilomanolakis, Jăorg Daubert, Manisha Luthra, Vangelis Gazis, Alex Wiesmaier, and Panayotis Kikiras On the security and privacy of internet of things architectures and systems In 2015 International Workshop on Secure Internet of Things (SIoT), pages 49–57 IEEE, 2015 [9] Luigi Atzori, Antonio Iera, and Giacomo Morabito The internet of things: A survey Computer networks, 54(15):2787–2805, 2010 108 [10] Carlo Maria Medaglia and Alexandru Serbanati An overview of privacy and security issues in the internet of things In The internet of things, pages 389– 395 Springer, 2010 [11] Bluetooth SIG Bluetooth 5, 2018 [12] Xiaolin Jia, Quanyuan Feng, Taihua Fan, and Quanshui Lei Rfid technology and its applications in internet of things (iot) In 2012 2nd international conference on consumer electronics, communications and networks (CECNet), pages 1282– 1285 IEEE, 2012 [13] Ruth Ande, Bamidele Adebisi, Mohammad Hammoudeh, and Jibran Saleem Internet of things: Evolution and technologies from a security perspective Sustainable Cities and Society, 2019 [14] Yuqiuge Hao and Petri Helo The role of wearable devices in meeting the needs of cloud manufacturing: A case study Robotics and Computer-Integrated Manufacturing, 45:168–179, 2017 [15] Everything you need to know about iot applications https://www.simplilearn.com/iot-applications-article Accessed: 2019-Nov-30 [16] Internet of things applications area – iot applications https://iotworm.com/internet-of-things-applications-area/ market Accessed: 2019- Nov-30 [17] Darrel Hankerson, Alfred J Menezes, and Scott Vanstone Guide to elliptic curve cryptography Computing Reviews, 46(1):13, 2005 [18] Introduction to public-key cryptography https://access.redhat.com/documentation/enUS/Red_Hat_Certificate_System_Common_Criteria_Certification/8.1/html/Deploy_and_Install_Guide/Introduction_to_Public_Key_Cryptography.html Ac- cessed: 2019-Nov-30 [19] Michael Burrows, Martin Abadi, and Roger Michael Needham A logic of authentication Proceedings of the Royal Society of London A Mathematical and Physical Sciences, 426(1871):233–271, 1989 [20] Chamoun M Serhrouchni A El-hajj M, Fadlallah A A survey of internet of things (iot) authentication schemes 109 [21] Cheol-Joo Chae, Kwang-Nam Choi, Kiseok Choi, Yong-Hee Yae, and YounJu Shin The extended authentication protocol using e-mail authentication in oauth 2.0 protocol for secure granting of user access Journal of Internet Computing and Services, 16:21–28, 2015 [22] Shamini Emerson, Young-Kyu Choi, Dong-Yeop Hwang, Kang-Seok Kim, and Ki-Hyung Kim An oauth based authentication mechanism for iot networks pages 1072–1074, 2015 [23] Alberto Blazquez, Vlasios Tsiatsis, and Konstantinos Vandikas Performance evaluation of openid connect for an iot information marketplace pages 1–6, 2015 [24] Giederson Santos, Vinicius Guimaraes, Guilherme Rodrigues, Lisandro Granville, and Liane Tarouco A dtls-based security architecture for the internet of things pages 809–815, 2015 [25] Thomas Kothmayr, Corinna Schmitt, Wen Hu, Michael Bruenig, and Georg Carle Dtls based security and two-way authentication for the internet of things Ad Hoc Networks, 11, 2013 [26] Ola Salman, Sarah Abdallah, Imad Elhajj, Ali Chehab, and Ayman Kayssi Identity-based authentication scheme for the internet of things pages 1109– 1111, 2016 [27] P.N Mahalle, Bayu Anggorojati, Neeli Prasad, and nirmalaDevi Rangistty Identity authentication and capability based access control (iacac) for the internet of things J Cyber Security Mobility, 1:309–348, 2012 [28] Mohamed Amine Ferrag, Leandros Maglaras, and Abdelouahid Derhab Authentication and authorization for mobile iot devices using biofeatures: Recent advances and future trends Security and Communication Networks, 2019, 2019 [29] Mario Barbareschi, Alessandra De Benedictis, and Nicola Mazzocca A pufbased hardware mutual authentication protocol Journal of Parallel and Distributed Computing, 119, 2018 [30] Norashikin M Thamrin, Illiasaak Ahmad, and Mohamed Khalil-Hani A true random number generator for crypto embedded systems 2006 110 [31] Stéphanie Delaune, Steve Kremer, Mark D Ryan, and Graham Steel A formal analysis of authentication in the tpm In Pierpaolo Degano, Sandro Etalle, and Joshua Guttman, editors, Formal Aspects of Security and Trust, pages 111–125, Berlin, Heidelberg, 2011 Springer Berlin Heidelberg [32] David Mazières The stellar consensus protocol: A federated model for internetlevel consensus, 2015 [33] A Dorri, S S Kanhere, and R Jurdak Towards an optimized blockchain for iot In 2017 IEEE/ACM Second International Conference on Internet-of-Things Design and Implementation (IoTDI), pages 173–178, 2017 [34] Project things https://labs.mozilla.org/projects/project-things/ Accessed: 2020Nov-30 [35] Tran Khanh Dang and Khanh T K Tran The meeting of acquaintances: A cost-efficient authentication scheme for light-weight objects with transient trust level and plurality approach Security and Communication Networks, 2019:8123259:1–8123259:18, 2019 [36] Tran Dang, Chau Pham, and Thao Nguyen A pragmatic elliptic curve cryptography-based extension for energy-efficient device-to-device communications in smart cities Sustainable Cities and Society, 56:102097, 05 2020 [37] Chau Pham, Thao Nguyen, and Tran Dang Resource-Constrained IoT Authentication Protocol: An ECC-Based Hybrid Scheme for Device-to-Server and Device-to-Device Communications, pages 446–466 11 2019 [38] Tran Tri Dang Ai Thao Nguyen Thi Thao L.P Nguyen, Tran Khanh Dang AThree-Way Energy Efficient Authentication Protocol Using Bluetooth Low Energy, pages 273–289 11 2020 [39] M Siekkinen, M Hiienkari, J K Nurminen, and J Nieminen How low energy is bluetooth low energy? comparative measurements with zigbee/802.15.4 In 2012 IEEE Wireless Communications and Networking Conference Workshops (WCNCW), pages 232–237, 2012 [40] Firdous Kausar, Sajid Hussain, Jong Park, and Ashraf Masood Secure group communication with self-healing and rekeying in wireless sensor networks volume 4864, pages 737–748, 12 2007 111 [41] G de Meulenaer, F Gosset, F Standaert, and O Pereira On the energy cost of communication and cryptography in wireless sensor networks In 2008 IEEE International Conference on Wireless and Mobile Computing, Networking and Communications, pages 580–585, 2008 [42] Thi Ai Thao Nguyen and Tran Khanh Dang Enhanced security in internet voting protocol using blind signature and dynamic ballots Electronic Commerce Research, 13(3):257–272, 2013 [43] Thi Ai Thao Nguyen and Tran Khanh Dang Privacy preserving biometric-based remote authentication with secure processing unit on untrusted server IET Biometrics, 8(1):79–91, 2018 [44] Tran Khanh Dang and Khanh TK Tran The meeting of acquaintances: A cost-efficient authentication scheme for light-weight objects with transient trust level and plurality approach Security and Communication Networks, 2019(8123259):1–18, 2019 [45] Que Nguyet Tran Thi and Tran Khanh Dang Towards a fine-grained privacyenabled attribute-based access control mechanism In Transactions on LargeScale Data-and Knowledge-Centered Systems XXXVI, pages 52–72 Springer, 2017 112 Autobiography Full Name: NGUYEN LE PHUONG THAO Date of Birth: 30/12/1991 Place of Birth: Ho Chi Minh City Address: 132 Tran Quoc Thao, Ward 7, District 3, Ho Chi Minh City Education: Program Period Education Organization Bachelor 2009 – 2014 Posts and Telecommunications Institute of Technology Master 2017 – Present Ho Chi Minh City University of Technology Work Experience: Period Organization Occupation 03/2014 – 12/2016 Renesas Design Vietnam Software Engineer 01/2017 – 11/2017 Renesas Design Vietnam Senior Software Engineer/ Project Leader 12/2017 – 08/2018 DEK Technologies Vietnam Software Engineer 04/2019 – Present AXON Vietnam Software Engineer xiv ... Proposing an authentication protocol for Internet of Things Devices using Bluetooth low energy, which is lightweight and secure III DATE OF THE THESIS ASSIGNMENT: Feb 24th, 2020 IV DATE OF THE THESIS... Place of birth: Ho Chi Minh City Major: Computer Science Major ID: 60480101 I THESIS TITLE: Authentication Protocol for Internet of Things Devices using Bluetooth low energy II TASKS... very low energy consumption and extensive wireless networking features, so Bluetooth Low Energy has a vast market From Bluetooth 4.0, Bluetooth Low Energy (BLE) protocols are supported Bluetooth