Trust-Aware Authentication and Authorization for IoT: A Federated Machine Learning Approach

Abstract

<p>The need for strong authentication and authorization (AA) security measures is growing with the proliferation of the Internet of Things (IoT). This paper presents an advanced trust-aware authentication and authorization system for IoT environments. Using real-world data collected from Zigbee Zolertia Z1 devices, a Federated Machine Learning model was developed that utilizes Physical Layer properties such as Received Signal Strength Indicator (RSSI), Link Quality Indicator (LQI), device Internal Temperature, device Battery Level, and device MAC address. The proposed solution for AA IoT utilizes a trust calculation algorithm based on Federated Learning (FL), which is suitable for IoT environments and enables data privacy and scalability. Incorporating device-specific information, such as internal temperature and battery level, helps a more nuanced evaluation of the device’s status, improving the precision of trust calculations. The proposed architecture performs particularly well for unauthorized intrusion attempts modelled using spoofing, replay and Sybil attacks. Specifically, the proposed methodology can detect malicious AA activities classified as Writing + Reading attempts with 100% accuracy, demonstrating its effectiveness in protecting IoT devices from attacks. Furthermore, the model achieves 99.18% accuracy in reading access permissions and 99.99% accuracy in identifying Write + Read + Execute permissions, highlighting its reliability in implementing access control restrictions for improving security in IoT environments. This research helps improve IoT security by addressing crucial challenges in the ever-expanding world of networked devices.<br></p>