2022 Fourth International Conference on Emerging Research in Electronics, Computer Science and Technology (ICERECT)
Development of Secured Authentication Contract
Communication Network Protocol for IoT
2022 Fourth International Conference on Emerging Research in Electronics, Computer Science and Technology (ICERECT) | 978-1-6654-5635-7/22/$31.00 ©2022 IEEE | DOI: 10.1109/ICERECT56837.2022.10060005
Environment
Mahdi Mohammad Abdullah Al Momani
Research Scholar, PET Research Center
Mandya, Karnataka, India
[email protected]
ABSTRACT- Internet of Things (IoT) is a subject of great
interest and is the current technology. For the last few years,
IoT application has increased many folds. In addition,
systems security has been a wonderful field for research
activities. The mutual authentication between the IoT devices
and Users of the IoT Environment is a significant part of
secure IoT systems. At present the widely used
authentication mechanisms are Single password based and
are likely vulnerable to side-channel and dictionary attacks.
This paper introduces a multi-key-based mutual
authentication mechanism to provide a contract for secure
authentication and communication between the IoT devices
and Users of the IoT Environment. It also deals with publish-
subscribe-based Message Queuing Telemetry Transport
(MQTT) protocol is used for secure communication, which is
bandwidth-efficient and uses a small amount of battery
power. The blockchain technology is used in the present
work to store data helps to bring trust and transparency to
the developed model. The implementation of this entire
methodology, the authors has created a prototype using
Node MCU ESP8266 and Arduino IDE IoT platform for IoT
Environment. To have secured communication via the cloud
has been designed for the client to control IoT devices, and
the same will be stored using blockchain technology for
future data validation. The Node MCU ESP8266 IoT
platform used in the present work makes effective and fast
IoT applications.
General Terms: IoT, Security, Blockchain
Keywords: IoT Device, Users of IoT Environment, Message
Queuing Telemetry Transport (MQTT) protocol, Adler-32
I. INTRODUCTION
The IoT has become a rising subject in the recent past. It
can be defined as connecting the devices or things over the
internet to convey a given function. This is primarily a
device that either sends or collects information. In the
globe of the IoT, billions of devices are linked to the
internet, giving an attacker a chance to control the IoT
system on a huge scale. Due to the entryof super- cheap
computer chips and the universality of wireless systems, it
is possible to turn anything where something little as a pill
to something as large as an airplane, to form a part of the
IoT [1]. IoT is the fabric of the globe around us to be more
brilliant and more reactive, blending the digital and
physical universes. It is possible to transform any physical
object into an IoT device and it can be connected to the
internet, controlled, or want to communicate the data.
978-1-6654-5635-7/22/$31.00 ©2022 IEEE
Authorized licensed use limited to: VIT University. Downloaded on February 18,2025 at 14:27:34 UTC from IEEE Xplore. Restrictions apply.
P S Puttaswamy
PET Research Center
PESCE, Mandya
Karnataka, India
Authentication, authorization, data confidentiality, and
privacy are some of the significant security problems
associated with IoT. While smart phones are now
commonplace, other smart devices are still in their infancy
but use is growing all the time and there are now an
estimated 6.4 billion “things” connected to the Internet. A
30% increase from 2015. In 2020, this number is expected
to grow to a staggering 20.8 billion. Smart devices are
intended to make our lives easier and more convenient,
For example home automation systems allow homeowners
to turn up the thermostat on their way home from work in
the winter, or be alerted immediately of a suspected home
intrusion while they’re out. Every piece of hardware and
software that you use and is connected to the internet has
the potential to be accessed by cybercriminals. With the
introduction of each new device, the number of potential
access points for hackers grows.
IT Environment, its advantages, and threats need to
mitigate: IoT servers and devices can be hacked
remotely by malicious actors and unauthorized parties
who might attempt to find their way into the device
using a connection. If IoT devices could have been
configured more securely to allow for communication
to take place only with authorized servers, the outside
communication attempts could have been ignored. The
number of attacks targeting IoT servers and devices has
continued to seen increase every year many folds.
Thus, as these devices are being integrated into
corporate networks, special attention should be
redirected to the essence of security [2]. The powerful
and efficient cryptographic solution should be utilized
because it can assist with the standardization of secure
lines of communication between different devices and
machines. It is also a tough decision to select the most
appropriate authentication model to get the job done
before choosing the architecture model ideal for IoT
authentication. First, it is essential to consider a wide
range of factors that include which are not limited to
connectivity, security requirements, security expertise,
financial budgets, hardware capacity, and energy
recourses. Therefore, the various models are able to
address the authentication problem related to IoT
servers and devices.
The use of security keys capable to make secure the
IoT devices against cyber attacks which is considered in
this present work against those attacks, and the attacks
includes Network attacks, web attacks, malware attacks
Need of Mitigation: It is found that IoT networks are
also vulnerable to attacks; hence they need to mitigate as
far as possible. This includes the following implementation
methodology with the requirement as mentioned below.
Security: The proposed security key should protect
users against man-in-the-middle attacks, phishing, etc.
Environment: (i) Authentication; (ii) Contract; (iii)
Communication.
The following section shows the steps followed in each
one of these phase implementation, and these phases are
pictorially represented.

Privacy: The Blockchain adoption helps the implemented

storage of data to prevent any tracking.

Easy Authentication and Registration process for User.

The detailed design captures cryptographic primitives, a
test of user presence, client data, device attestation,
authentication, and registration is essential. The most
important aspects will be registration and authentication, as
shown in this article.
Hardware performance is found to be better, and this is
performed through the MQTT protocol.
Hardware cost: The security developed must be cost-
effective [3].
I. LITERATURE SURVEY
Many approaches have been proposed by the
researchers using a secure authentication protocol to
authenticate the IoT device and the server [4]. The existing
authentication mechanisms are primarily based on single
passwords and are exposed to dictionary and side-channel
attacks. A multi-key authentication mechanism has been
designed, and token values will change over time, avoiding
dictionary attacks. Kalra S and Sood S. K [5] introduced
the IoT authentication and key agreement scheme. Even
though the authors' method uses the elliptic curve
cryptography to improve security, it has two security
issues and they are the mistiness of the session key and the
failure of mutual authentication.
The framework to design a security protocol for the
IoT was proposed [6]. The present research work provides
the information about the security protocol's structure,
philosophy, and communication involved in the approach.
This mechanism has been implemented on the Sensible
Things platform and expected to provide the secure
communication for the devices connected to the IoT.
Randa Almadhoun et al. [7] presented the user
authentication scheme using blockchain-enabled fog
nodes. In this technique, users are authenticated to access
IoT devices by fog nodes interface to Ethereum contracts.
The fog nodes are used to deliver scalability to the system
by relieving the IoT devices from carrying out heavy
computation involving tasks related to authentication and
communicating with the Blockchain. Additionally, the
blockchain technology adopted is a technology capable of
giving secure authentication, management, and admittance
to IoT devices and their information.
II. SCHEMATIC-SECURED
AUTHENTICATION SYSTEM
The proposed secured authentication communication
network proposed for IoT environment is shown above in
Fig. 1. The implementation involves the following
methodology to develop a secure platform for IoT
Fig. 1. Proposed Secured Authentication Mechanism
Authentication Phase involves the following:
(i) To configure User device and user profile
management
(ii) Data security key generation
(iii) Distribution and mapping of the user profile
with keys
(iv) Accept user request
(v) Get secret key (Sk) from Secure Vault for the
User (U), represented as USk
Secure Vault: The secure vault contains n keys, each
being m bits long. The value of m is the key size. We
denote all the keys as K[0], K[1], K[2],…..K[n-1]. During
the time of deployment of the IoT device, the secure vault
is shared between the IoT device and the server. On the
IoT device, the secure vault should be stored in an
encrypted format. On the server, secure vaults are stored in
a secure database. Using the secure vault generates the
secret key for the User (U)=Usk
(vi) Encrypt using a key to generate Secure key
Eusk
(vii) Share Secure key to User Eusk
(viii) User should Decrypt EUsk to identify
the key and return back Dusk
Validate EUsk= DUsk, and identify the User as a valid
user to create a contract.
Contract Phase deals with the following:
(i) Contract phase is a session key (SKn)
generation for valid user post-authentication
phase.
(ii) The Server should distribute SKn for User and
IoT environment for any further transaction.
Each session key (SKn) has been assigned with timeout for
the contract and expired automatically based on timeout.

Authorized licensed use limited to: VIT University. Downloaded on February 18,2025 at 14:27:34 UTC from IEEE Xplore. Restrictions apply.
 Communication Phase involves the following functions: subscribes technique. Publishing messages and
subscribing to topics or "pub/sub" is the principle on
(i) Incorporate the User request is always attached with Skn which the MQTT protocol is built. Many clients link to
for any transaction. a broker and subscribe to the topics which they are
(ii) Provide Secure communication via cloud for the client to concerned. Same topics can be used to subscribe for
control IoT devices and the same will be stored using many clients, and where the clients can access the data
blockchain technology for future data validation. as they received. The MQTT protocol and a broker act
as a simple and common interface for everything to link
The cloud created for the client is used to control IoT device to. The default port for MQTT is 1883, registered for
[8,9,10]. secure MQTT. In the proposed work, the
Blockchain: Blockchain is a form of distributed storage system implementation of the MQTT protocol between the user
that stores the chronological sequence of transactions in a tamper- and IoT device is for the message exchange.
evident manner. In Blockchain, each node has the same order of data HiveMQ is one of the MQTT brokers. It is a service
which is immutable. Since Blockchain is a form of distributed storage, provider which uses the MQTT protocol for efficient
it uses a consensus algorithm to maintain consistency of data data exchange between the user and IoT Environment.
amongthe nodes. Due to its decentralized, immutability nature, In the present implementation have integrated the
Blockchain becomes a promising technology for untrusted peer to HiveMQ and MQTT broker into the proposed
peer network. Currently, there are various Blockchain platforms in the system[14]. In this case, the communication phase
market of Bitcoin, Ethereum, Bigchaindb, Hyperledger are some should be active until Session Key expires.
examples. There are some of the Blockchains which are mostly used
for electronic currencies such as Bitcoin [11,12].The Ethereum and
Hyperledger go beyond crypto-currency to support different kind of
transaction storage models that are related to other forms of business
or e-commerce activities [13]. However, these platform are having
slack high throughput and the immediate concern for the research
community is to improve the throughput. The present work uses
Ethereum for the process of storing and data validation.
Adler-32 Algorithm: Hash is created for each entry in the
Blockchain ledger. To create a hash, the present work used the Adler-
32 algorithm. It is a popular checksum algorithm designed to detect
corruption in the data. Since it is faster than the other checksum
algorithms, Adler-32 is chosen for the current work. If the
uncompressed information does not match the Adler-32 checksum, Fig. 2. Main Menu
the application can notify through its protocol or detects the handler
that the information is corrupted. To get an Adler-32 checksum, we
must calculate the two 16-bit checksums, P and Q, and add their bits
to form a 32-bit integer. P is the aggregate of all bytes in the stream in
addition, and Q is the aggregate of the individual P values from each
phase. At the start of an Adler-32 run, P is set to 1, Q to 0. The sum
done is the modulo Pn (the highest prime number). The bytes are
stored in network in order, where Q occupies the two most significant
bytes.

Fig. 3. Main Menu of Client

Where Z is the string of bytes for which the checksum is

calculated, Pn is the highest prime number, and n is the length
of Z. The MQTT protocol is used for communication between
the IoT device and the Users of the IoT Environment.
Fig. 4. User Request Form
Message Queuing Telemetry Transport Protocol: The
MQTT is a messaging protocol based on the published

Authorized licensed use limited to: VIT University. Downloaded on February 18,2025 at 14:27:34 UTC from IEEE Xplore. Restrictions apply.
Fig. 5. Approval Process

Fig. 9. Request to Control

Fig. 6. Check Status

Fig. 10. IOT Control Screen

The various stages of implementation of the methodology

chosen is represented with various snapshots from Fig 2 to 10
as seen.
Fig.2 describes the Introduction Screen for the Main Menu
of the Internet of Things. The Internet of Things (IOT) is the
network of physical objects or "things" embedded with
Fig. 7. Certificate Download electronics, software, sensors, and network connectivity, which
enables these objects to collect and exchange data.
Fig. 3 describes Client Main Menu form which contains
options like registration, check status, send request and exit.
These options can be used to process the particular operations.
Initially Registration is the first process used in user screen.
Sequentially remaining operations will be processed.
Fig. 4 describes the User Registration Request Form
containing attributes (username, Mac ID, IP address, machine
name and date time) and Radio buttons (send request and
close). The user information is auto fetched from the system
Fig. 8. Certificate Manager and sends the request to the admin. The message will be
displayed as “Your request submitted successfully, please wait
until approved”, and can close the form.
Fig. 5 describes the Main Menu for Approval Process. The
attributes of the user process which are auto filled are displayed
in the screen. The approval process consists of two options
such as process request and delete request. The request can be
processed otherwise it can be deleted. The delete request is
used when the public common IP is used.

Authorized licensed use limited to: VIT University. Downloaded on February 18,2025 at 14:27:34 UTC from IEEE Xplore. Restrictions apply.
 Fig. 6 describes the User Check Status Form. The user has already
requested and to know the status of user request the above screen is
used. It has an option called as “Click following image to check
status”. If the request is approved then the message will be displayed
as “Download Certificate” or if the request is not approved then the
message will be as “Not Approved”.
Fig. 7 describes Certificate Download Form with a download
option. The downloaded certificate will be in the form of cipher text
and the message will be displayed as “Private Key Downloaded
Successfully”.
Fig. 8 describes Service Manager Interface. The only two options
are start and stop service. When the service starts it will be always
running on back ground and waits for any request to come from
client.
Fig.9 describes Control Request Form. When the control request
is clicked internally the request is submitted, the request will be
handled by service manager. The request will be accepted by server
and generates all certificate matching and checks whether approved or
not. Once everything is done an OTP is generated and also it is
examined in background. When the user check the status of his/her
request a session key is generated with Request Id to control the IOT
device.
Fig. 10 describes Environment Control Panel. When the admin
grant the permission to access the IOT the control screen will be
displayed. Turn On the button and send command to the IOT
Environment then the message is displayed as “Command Submitted
Successfully” and the LED light will be On in the model.
The Node MCU IoT platform for IoT Environment is developed.
The Node MCU IoT platform is used for making effectual and fast
IoT applications. The goal is to provide a secure authentication,
contract and communication for IoT Environment. We have used the
Node MCU platform to create a IoT application.
Authentication process: Before the user registration process the
admin as to login to permit the user for further communication and the
steps are explained below.
Admin login: Admins are the entities responsible for managing
the user access control list and permissions for IoT devices. The main
task of the admin is to manage the registration and de- registration of
IoT devices and nodes in the system. Furthermore, admin give
permission to the end users to access IoT devices.
Cloud: The cloud hosts compute and storage servers which
aggregate and store IoT data. The data can be then subjected to
heavy processing and analytics by the cloud servers
Registration Phase: The steps involved in this phase are
explained below.
In order to register with the cloud server S, the embedded
device Di sends a unique IDi to the server. On receiving this
request, the cloud server generates a unique password Pi for every
device Di as given below
Embedded Device Di Server S: IDi 268, Server S generates
Pi
Authentication Phase: In this phase, the embedded device and
cloud server mutually authenticate each other using ECC
parameters [15].
Authorized licensed use limited to: VIT University. Downloaded on February 18,2025 at 14:27:34 UTC from IEEE Xplore. Restrictions apply.
The server selects a unique a random number Ri for
every device and generates a cookie CK = H(Ri | X |
EXP_TIME | IDi) where X is the private key of the server
and stores the cookie on the embedded device 2 as ECC
point CK‟= CK × G. The server also calculates the security
parameters Ti = RiH(X), Ai = H(Ri H(X)  Pi CK‟)
and stores Ai ‟ 272 = H(Ri H(X)
Pi CK‟) × G, Ti corresponding to the identity IDi of
the device Di in its database. The server itself stores the
expiration time of the cookie EXP_TIME corresponding to
a particular embedded device’s identity. When the cookie
expires, the expiration time is updated to EXP_TIME‟ and
cookie is updates as CK = H(Ri | X | EXP_TIME‟ | IDi).
Server -> Embedded Device Di: Before every login, the
device selects a random number N1 and calculates an ECC
point P1= N1 × G and stores it in its memory. Embedded
Device Calculates ECC point P1 In order to login with the
cloud server, the device calculates the ECC point P2=
H(N1×CK‟) sends the P1, P2 and its IDi to the server.
Embedded Device  Server: IDi, P1, P2 The code developed
for this purpose presented below is the user authentication
function for IoT devices[16].
Fig. 11. User authentication function for IoT devices
The template developed for registration is shown in the
form of a snapshot. Here User Requests for Registration. The
Request form contains attributes such as Username, IP
address, Mac ID, Machine name, Date, and time. The user
information is auto-fetched from the system, and the
administrator sends a request for verification once it is
confirmed [17,18,19].
The IoT Environment Control Panel is pictorially shown
in the above image. The control screen will be displayed when
the admin grants permission to access the IoT device. Turn
On the button and send the command to the IoT Environment,
then, the message is displayed as "Command Submitted
Successfully," and the LED light will be On in the model to
confirm the process validation.
III. COMPARISON OF MQTT PROTOCOL WITH
HTTP PROTOCOL
For better understanding and validation comparative
studies are also presented below. The table 1 shown below the
tabulated values obtained by comparing the performance
parameters of the MQTT protocol with the HTTP protocol in terms
of average time taken in seconds in order to validate the
methodology considered in the present work.
For this purpose the experiment was performed for 1000
messages, and the average time has been evaluated and the same is
presented in the table. The MQTT and HTTP protocols have taken
5.9 and 115.6 seconds, respectively. It is found that the MQTT
protocol is faster than HTTP because of the short message header
and 2 bytes of packet message size.
TABLE I THE PROPOSED SYSTEM'S AVERAGE RESPONSE TIME VS. NO.
OF USERS IS ALSO PRESENTED FOR BETTER CLARITY OF THE
IMPLEMENTATION
1000 Messages Average Time in
Seconds
MQTT (1 publish- subscribe 5.9
per message)
HTTP (1 POST-GET per 115.6
message)
Fig. 12. Average Response Time Vs. No. Of Users
The average response time with respect to the number of users
pictorially presents the average response time. Even when the
number of users is increased, it is found the average response
time required marginally increases, which reflects the advantage
of the present method.
IV. CONCLUSION
This paper aims to introduce the mechanism to provide secure
authentication, Contract, and communication between the IoT
device and Users of the IoT Environment. The Secret keys
generated for the present work in Secure Vault keep changing
after each successful communication session between the user
and IoT device. The model uses the MQTT protocol for
communication between the IoT device and the Users of the IoT
Environment. The information is stored using Blockchain
Authorized licensed use limited to: VIT University. Downloaded on February 18,2025 at 14:27:34 UTC from IEEE Xplore. Restrictions apply.
technology for future data validation. The proposed system
is implemented and tested to ensure Secure IoT
communication between the user and IoT device using
authentication, Contract, communication, and data
validation. The average response time with respect to the
number of users increases marginally where it highlights
the advantage of the proposed implementation.
REFERENCES
[1] I.J. Computer Network and Information Security, 2, 29-38 Published
Online April 2021 in MECS (http://www.mecs-press.org/) DOI:
10.5815/ijcnis.2021.02.03
[2] Hien Thi Thu Truong, Miguel Almeida, Ghassan Karame and Claudio
Soriente, "Towards Secure and Decentralized Sharing of IoT Data," In
Proceedings of IEEE International Conference, Atlanta, GA, USA, pp.
176-183, 2019.
[3] C.M. Chen, X. Deng, W. Gan, J. Chen, and S. H. Islam, “A secure
blockchain-based group key agreement protocol for IoT,” The Journal
of Supercomputing, vol. 77, pp. 1–23, 2021.
[4] Trusit Shah and S. Venkatesan, "Authentication of IoT Device and IoT
Server Using Secure Vaults," In Proceedings of 17th IEEE
International Conference, New York, USA, pp. 819-824, 2018.
[5] Kalra S and Sood S. K, "Secure Authentication Scheme for IoT and
Cloud Servers," Journal of Pervasive and Mobile Computing,
Elsevier Publications, Vol. 24, pp. 210-233, 2015.
[6] Shapna Muralidharan and Heedong Ko, "An Inter Planetary File
System (IPFS) based IoT framework," In Proceedings of IEEE
International Conference, Las Vegas, NV, USA, USA, pp. 1-2, 2018.
[7] Sarada Prasad Gochhayat, Eranga Bandara, Sachin Shetty, and Peter
Foytik, "Blockchain-based Encrypted Cloud Storage for IoT Data,” In
Proceedings of IEEE International Conference, Atlanta, GA, USA, pp.
483- 489, 2019.
[8] Amazon.com, “Amazon Elastic Compute Cloud”.
URL http://aws.amazon.com/ec2/.
[9] Amazon.com. “Amazon Elastic Block Store”.
URL http://aws.amazon.com/ebs/.
[10] Microsoft Windows Azure Platform.
URL http://www.microsoft.com/azure/default.mspx.
[11] L. McRae, K. Ellis, and M. Kent, “Internet of things (IoT): education
and technology,” Relatsh. between Educ. Technol. students with
Disabil. Leanne, Res, pp. 1–37, 2018.
[12] S. A. Chaudhry, J. Nebhen, K. Yahya, and F. Al- Turjman, “A privacy
enhanced authentication scheme for securing smart grid infrastructure,”
IEEE Transactions on Industrial Informatics, 2021.
[13] B. A. Alzahrani and K. Mahmood, “Provable privacy preserving
authentication solution for internet of things environment,” IEEE
Access, vol. 9, 2021. https://github.com/hivemq/hivemq-community-
edition.
[14] Panda, Prabhat & Chattopadhyay, Sudipta, A secure mutual
authentication protocol for IoT environment. Journal of Reliable
Intelligent Environments. 6. 10.1007/s40860-020-00098-y.
[15] A., Hariprasanna & Mahesha, P., Secure Authentication, Contract and
Communication for IoT Environment using MQTT Protocol.
International Journal of Computer Applications. 175. 40-43.
10.5120/ijca2020920776.
[16] Jun Suzuki, Akira Tsuji, Yuki Hayashi, Masaki Kan, and Shinya
Miyakawa, "Device-Level IoT with Virtual I/O Device
Interconnection," In Proceedings of IEEE International Conference,
Luxembourg City, Luxembourg, pp. 67-74, 2016.
[17] Alok Kumar Gupta and Rahul Johari, "IOT-based Electrical Device
Surveillance and Control System," In Proceedings of 4th IEEE
International Conference, Ghaziabad, India, pp.1-5, 2019.
[18] Hittu Garg and Mayank Dave, "Securing IoT Devices and Securely
Connecting the Dots Using REST API and Middleware," In
Proceedings of 4th IEEE International Conference, Ghaziabad,
India, pp. 1-6, 2019.