Abstract: Internet of Things (IoT) integrates numerous devices into networks for providing intelligent and advanced services to the user community. With these devices that provide services to humans they should protect human privacy and secrecy. Many attacks are possible in the current world like DoS attacks, eaves dropping, user identity theft etc. To mitigate such attacks we develop an approach which uses human pulse for generating OTP and to authenticate the user based on OPT Authentication. This approach provides better authentication since the OTP is generated using IoT Cloud and pulse of humans which is dynamic in nature.
Index Terms: Pulse, OTP, Internet of Things, ThingSpeak.
Biometrics is currently making a good impact in the field of user authentication. Biometrics has been used in diverse applications since they provide access control mechanisms to secure the devices such as mobiles, ATM, IoT devices etc. Biometrics has been well-defined as personal authentications grounded on their behavior and physical features they contain. Some examples of biometric systems widely used for human authentication are based on iris, retina, fingerprint, hand geometry, face recognition etc.
Internet of Things (IoT) is currently gained so much popularity since its wide spread applications such as developing smart cities, smart agriculture, defense, home automation etc. With wide spread applications there are possibilities that the IoT systems which provide these functionalities may be attacked by the attackers. So it is the responsibilities of developers to safe guard the user credentials that use the services.
Currently a lot of research has been in happening in finding new biometrics which can provide more secure authentication for the users. In respect to this, human pulse can be used for authentication. Since pulse is frequently varying, its dynamic nature can be used for authentication. The pulse obtained from a person can be used to generate one time password which can be sent to the users mobile for authentication. Since the OTP generation uses real time human pulse obtained from a pulse sensor, no need to use any random generator for obtaining OTP.
In this paper we discuss about the OTP generation using pulse sensor and IoT cloud for secure authentication of user.
Section II discuss on literature survey carried out. Section III highlights on proposed methodology worked on. Section IV emphasize on experimental setup. Section V discuss on results obtained and Section VI concludes and future scope.
II. RELATED WORK
Shivaji Kulkarni et.al  has discussed a security approach using AES and Intel Galileo. IoT security comprises of securing the data and uploading the data to cloud. AES algorithm is used to encrypt the data. Intel Galileo is used which works on Linux operating system. Data is collected from a source and is given as input to AES algorithm. The data encryption is done using 128 bits. To make it more secure AES-192 and AES-256 can be used. It was verified in Bird hit Probability.
Paramasiven Appavoo et.al  proposes a privacy-preserving trust model which is lightweight based on simple threshold detection on which a large class of applications can be provisioned. The main issue addressed in this work is how to decrease data loss in the existence of untrusted service sources so that providers are prohibited from unveiling information to third parties. A lightweight approach to functional encryption (FE) for privacy-preservation is deliberated here. The proposed model uses a combination of perfunction initialization vector to disclose information only to relevant service providers and sensor aliases to hide the identity of the sensing source and it has been implemented as a prototype on TelsoB, by demonstrating the viability of the proposed scheme on resource-constrained devices.
Jinho Choi et.al  has proposed a method which can spawn an order of arbitrary numbers for a secret-key in an OFDM system. Each device is having a exclusive secret key, Since the key generated is random based on CDS and generated without any fixed sequences. In this proposed approach, various wrong images are transmitted all the while to confound spies, while the right image can be gotten by a genuine recipient utilizing the mutual mystery of the CSI with a real transmitter in view of the direct correspondence in TDD mode. CSI is different from existing secret-key generation methods since it is not used directly for secret-key generation. The above approach is unresponsive to gains of RF chains which are different so that proposed scheme suits for sensors or IoT devices.
Tarun Kumar Goyal et.al  has presented a work which includes the software and hardware implementation of Diffie-Hellman, Elliptic Curve Diffie-Hellman (ECDH) Key agreement algorithm, and RSA algorithm. The proposed work involves performance, analysis of power, area, and their comparisons. With respect to power and area are concerned, ECDH algorithm is found to be better. The primary focus is on low power algorithm & lightweight robustness for encryption and decryption using key exchange algorithm.
M. Shamim Hossain et.al  has presented a biometric- built IoT infrastructure encompassing four layers. The proposed approach takes face and uses it as the biometric feature. The sensors capture image of face and send it to the IoT devices, like linked smartphones etc. After suitable encryption technique, the face which is encrypted is directed to the cloud storage. All facial features are decrypted and extracted in cloud using local binary pattern (LBP) and Weber local descriptor (WLD) and coordinated with corresponding templates which form database. If matching occurs the user is authentic. The novelty of proposed module is a nonlinear union of two dissimilar local texture descriptors, namely LBP and WLD, used to attain high accurateness.
Zhe Liu et.al  has proposed the calculation of Verification of an ECDSA signature task on a contorted Edwards bend with a productively process endomorphism, which authorities decreasing the quantity of point doublings by roughly half contrasted with an ordinary execution. They build up a few improvements to the task and portray two architecture models for processing the activity. The principal design is a little processor executed in 0.13 m CMOS ASIC and is valuable in asset obliged gadgets for the Internet of Things (IoT) applications. The second design is fast signature verification design by using FPGA acceleration and used in the server-side applications.
Sriram Sankaran et.al  has presented a Light-weight security framework for IoTs using Identity based Cryptography. In this approach hierarchical security architecture for IoTs using identity based cryptography is proposed. The proposed technique is evaluated using simulations led using Contiki and RELIC. Identity based Cryptography has been evolving as good public key based cryptographic technique owed to the capability of using characteristics as public keys. Security devices grounded on IBC have revealed that they produce minor overhead than intrinsic public key based cryptography due to decrease in key size.
Siddaramappa .V et.al  has proposed a technique of encryption and decryption grounded on Bioinformatics and Cryptography. Proposed algorithm is a novel method where deoxyribonucleic acid and RNA are used for key generation for secure data encryption and decryption methods. The projected system delivers high level of security for data compared to existing algorithms. DNA properties are used for Decryption or encryption methods. Some of the methods of DNA properties like replication, translation, mRNA, and transcription.
This section gives a detailed description of proposed methodology. The proposed system uses a pulse sensor which uses the heart pulse for OTP generation. The sensed pulse values are sent to Arduino and later stored in IOT cloud for processing. The data is sent to the cloud using ESP8266, a Wi-Fi module. The sensor values are processed for generating an OTP in cloud using OTP generation algorithm. The generated OTP is sent to user mobile using a GSM module to authenticate a user. Based on the OTP returned from the user we can provide access to the IOT objects. Figure 1 shows the overall architecture of the proposed methodology. OTP generation algorithm is discussed here.
Figure 1: Proposed Architecture
A. OTP Generation Algorithm
Step 1: Obtain ReadApiKey for the channel from ThingSpeak.
Step 2: Obtain Data from the Channel.
Step 3: Reshape the array of data to 4X4 matrix.
Step 4: Perform Modulus operation for each element in matrix by 10. The resultant matrix is a matrix which contains all single digit values.
Step 5: Obtain the Principle Diagonal Elements from the Resultant matrix.
Step 6: Convert the array to an OTP Number.
IV. EXPERIMENTAL SETUP
Figure 2 shows the hardware implementation of the proposed methodology. The hardware components used are pulse sensor, Arduino Uno Microcontroller, ESP8266 WIFI module, GSM Module. IoT cloud used as part of the methodology is IBM Bluemix.
Figure 2: Hardware Implementation
V. RESULTS AND DISCUSSION
After performing the hardware implementation the following results were drawn. Figure 3 shows the BPM vs TIME graph of pulse sensor. The OTP generated at a specific time is recorded and shown as sample output. This OTP is transferred to user registered mobile as OTP for authentication. Figure 4 shows the OTP generated.
Figure 3: BPM vs Time Graph
Figure 4: Generated OTP
VI. CONCLUSION AND FUTURE SCOPE
Despite many existing authentication approaches of user, in this paper a unique approach used to authenticate a person with the help of his/her pulse and processing it in IoT cloud is discussed. It provides an OTP based authentication which user can use for his authentication without using any random number generator for getting an OTP. Future scope will be working on biometrics for generating instant OTP by using finger print features.
1. Nalini Iyer Shivaji Kulkarni, Shrihari Durg, , Internet of Things (IoT) Security, In the proceedings of International Conference on Computing for Sustainable Global Development, IEEE, PP.821-824,2012.
2. Paramasiven Appavoo, Anand Bhojan, Mun Choon Chan Ee-Chien Chang , Efficient and Privacy-Preserving Access to Sensor Data for Internet of Things (IoT) based Services, In the proceedings of 8th International Conference on Communication Systems and Networks (COMSNETS), IEEE, PP:1-8, 2016.
3. Jinho Choi , Jeongseok Ha, Secret Key Transmission Based on Channel Reciprocity for Secure IoT, In the proceedings of European Conference on Networks and Communications (EuCNC),IEEE,PP:1-5, 2016.
4. Vineet Sahula, Tarun Kumar Goyal , Lightweight Security Algorithm for Low Power IoT Devices, In the proceedings of International Conference on Advances in Computing, Communications and Informatics (ICACCI), IEEE, PP:1725-1729, 2016.
5. Ghulam Muhammad, M. Shamim Hossain, Sk Md Mizanur Rahman, Wadood Abdul, Abdulhameed Alelaiwi, and Atif Alamri, Toward End-to-End Biomet rics-Based Security for IoT Infrastructure, IEEE Wireless Communications, PP:44-51, 2016.
6. Zhe Liu, Johann, Kimmo J? arvinen Gro?sch? adl, Zhi Hu, Husen Wang and Ingrid Verbauwhede, Elliptic Curve Cryptography with Efficiently Computable Endomorphisms and Its Hardware Implementations for the Internet of Things , IEEE TRANSACTIONS ON COMPUTERS, VOL. 14, NO. 8, AUGUST 2016.
7. Sriram Sankaran , Lightweight Security Framework for IoTs using Identity based Cryptography, International. Conference on Advances in Computing, Communications and Informatics (ICACCI) , IEEE, PP: 880-886, 2016.
8. Ramesh K . B, Siddaramappa .V Cryptography and Bioinformatics techniques for Secure Information transmission over Insecure Channels, International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT), IEEE, PP:137-139, 2015