IOT Transaction Security | Original Article

ABSTRACT:

There are a continuously growing number of customers who use Internet banking because of its convenience. But the security and privacy of Information may be one of the biggest concerns to the Online Banking users. The problem with Online banking applications is that they send data directly to customer in plain text form compromising with security. The solutions to the security issues require the use of software-based solutions that involve the use of encryption algorithms. Proxy plays the role of interface between client and Server. It can also decrypt the received message and encrypt data according to the used security transport protocol of the other side. The vulnerability appears during this phase, especially, where the proxy is not confident or supervised by an illegitimate entity. Consequently, passing through the proxy communication node, security services like confidentiality and integrity can easily be compromised. Exploiting advantages of studied cryptographic algorithms, we focus on our customized security objectives regarding proxy element and DTLS-TLS translation. We detail, in this paper, the algorithm and the sequence diagram of secure communication of our proposal adapted for CoAP architecture. As an encryption strategy, we follow the cryptographic envelope principle based on ID-KEM and Three-pass Protocol. As a hypothesis, we assumed that the communication deploys our recent IDMS (Identity management System) contribution for loT, relying on the EAP OAuth2.0 (Extensible Authentication Protocol and Open Authorization Protocol) protocols via DTLS, as the starting phase in order to keep authentication and authorization services.