Enhanced IoT Wi-Fi protocol standard’s security using secure remote password

In the Internet of Things (IoT) environment, a network of devices is connected to exchange information to perform a specific task. Wi-Fi technology plays a significant role in IoT based applications. Most of the WiFi-based IoT devices are manufactured without proper security protocols. Consequently, the low-security model makes the IoT devices vulnerable to intermediate attacks. The attacker can quickly target a vulnerable IoT device and breaches that vulnerable device's connected network devices. So, this research suggests a password protection based security solution to enhance Wi-Fi-based IoT network security. This password protection approach utilizes the secure remote password protocol (SRPP) in Wi-Fi network protocols to avoid brute force attack and dictionary attack in Wi-Fi-based IoT applications. The performance of the IoT security solution is implemented and evaluated in the GNS3 simulator. The simulation analysis report shows that the suggested password protection approach supports scalability, integrity and data protection against intermediate attacks.


Introduction
The Internet of Things (IoT) [1] provides interactive network enabling services without using a keyboard or screen's interaction. A network of objects or appliances, and people are connected through the internet to provide interactive services. The technology utilizes the internet's power to automatically collect information [2] from the device and perform data analysis to make intelligent decisions based on the application requirement. The IoT technologies are utilized in many application services such as smart home monitoring [3,4], environment monitoring [5,6], industrial equipment automation, health monitoring [7], inventory management etc. The IoT network enables many interactive services such as machine to machine, human to machine, and machine to human interactions. Generally, the IoT network services are enabled by protocol standards [8,9]. The adapted protocol services define the interaction between sensor devices, gateways, access points, applications and users. Manufactures introduces many protocols based on the customer's primary needs. The standard protocol helps to avoid data or connection fragmentation and to reduce security risks. Some of the popular IoT protocol services are constrained application protocol (CoAP) [10], message queuing telemetry transport (MQTT) [11,12], Wi-Fi [13], ZigBee [14], Bluetooth, Extensible Messaging and Presence Protocol (XMPP) [15], Data Distribution services(DDS), Advanced Message queuing protocols (AMQP) [16], etc.  Figure 1 shows some popular IoT applications utilizing Wi-Fi technologies to perform automation at low cost and short-range. Among these IoT protocols, Wi-Fi technology [17] is trendy among the customers for its shortrange and low-cost interactive services. Due to this technology's popularity, manufacturers rush to build IoT Wi-Fi device without specifying any good standard protocol-based security services. The low protocol models make the IoT device vulnerable to intermediate attacks [18]. Therefore, in this research, a secure passwordbased security model reduces the security risks in Wi-Fi network standard-based IoT applications. It combines the Wi-Fi standard's basic features and SRP protocol's secret key encryption generation and verification to enhance password protection against dictionary attacks and brute force attacks. The protocol security extension helps to find out feasible IoT configurations for Wi-Fi network. The feasible IoT configurations are identifies by analyzing the simulated parameter's outcomes. Moreover, this research is suggesting suitable node's configuration parameter for IoT smart home application to establish secure communications. The rest of the research is organized as section 2 discusses the related works on IoT security, and section 3 discusses the security issues in Wi-Fi-based IoT. Section 4 discusses the Wi-Fi module's and SRP protocol-based security extensions, and section 5 discusses the simulations results and their discussions. Section 6 discusses the conclusion of the IoT security-based research findings.

Related works
This section discusses the various authors' research experience on IoT network's security. It helps to identify the research gaps and strengths and weaknesses of advanced security systems of IoT protocol environments. This research [19] analyzed the wireless network's security issues and identified end to end security services as challenging tasks. Enhanced wireless network security is introduced to achieve this challenging task named Eclipse curve cryptography (ECC). This approach encrypts the data in a 164-bit platform, and to breach the network, 1024 bit platform is defined. This research [20] combined machine learning and artificial intelligence to detect attacks in the wireless network. It's analyzing each IoT device's behaviour, which is connected with a wireless network environment to detect insecure devices. In this, the insecure devices are identified using sensor devices' abnormal traffic behaviour using the intelligent technique. This study [21], Introduced a machine learning approach to detect vulnerable subnet detection approach. In this, the Support vector machine method is used to detect abnormal traffic behaviours of each device. The density-based clustering method clusters the infected devices and their subnet devices using random behaviour of even sequence. The evaluation results show that the binary classifier and density clustering-based attackers behaviours and infected node detection have a maximum 94.8 % precision rate in attack detection. The security of IoT mobility nodes is evaluated [22] using three existing mobility models. In this analysis, a graphical model is utilized to detect the potential attacker's path detections in mobility changing devices such as mobile phone, smart TV etc. The detection process is explained with two use cases. In [23], tree-based fabrication attack detection and defence strategies are developed for Wi-Fi network-based IoT devices. Initially, it performs entity and message fabrications. It then identifies spoofing in entity spoofing, and packet reply and pocket foraging are conducted in message fabrication. In the final stage, IDS is defined to detect the spoofing, authentication is performed for all the packets to detect replay attack, and data freshness is implemented to discard old packets. Generally, the encryption and decryption approaches are utilized to protect the data from attackers; on the other hand, this study [24] introduced attack based password retrieval and decryption technique for L2TP/IP Sec Protocol layer. This research [25] evaluated the performance of the security extension of IoT communication protocol. Based on each extension's simulation analysis report, this research suggested that the CoAP with DTLT approach as a reliable security extension for smart grid application's environment. This study [26] introduced a Zigbee protocol security model to reduce the reply attack in Zigbee-related IoT applications. The performance of this security model is analyzed using various IoT end devices for all the Zigbee topologies. This research [27] reviewed the functionalities, limitations, and specifications of the IoT MAC layer's protocols and applications. This review is performed for the short-range wired and wireless protocols and long-range wired and wireless protocols. This study [28] designed a nested attributed meta-graph architecture-based security approach to protect vulnerable IoT devices against attacks. This architecture performs the supervisory control and Data accusation (SCADA) techniques to establish secure data transmission in public networks for IoT protocols. This in-depth study [29] analyzed the functionalities and vulnerabilities of various network security protocols. It covers the various security protocol model's authentication techniques, public-key cryptography techniques, key agreement techniques etc. This study [30] recommended an easily adaptable and manageable software and hardware-based security verification approach. It verifies each level of organizational operation's security at the design phase. The operating system's security features are enabled to detect unauthorized security access in the software model. The hardware model ensures the data protection of both sides of IoT devices during the data transmission. This research [31] designed an end to end security model for organizational plans. It helps organizations to plan strategies and disclosures. In this, the data gathering approach analyze and measure the overall security of IoT organizations. This study [32] analyzed the security attacks for each layer of IoT reference models. It also suggested a four-layered IoT reference model layers based security approach. It contains the perception layer, edge computing layer, network and cloud layers. This research [33] analyzed the vulnerabilities of a password protecting protocol. This protocol not storing the secret keys directly in server, it stores the key in encrypted password form. It is specially designed to reduce dictionary attacks. Some of the researches are utilizing machine learning and artificial network approaches to ensure IoT applications' security. Some researches utilize hardware and software-based solutions to ensure IoT security. Few research types are focused on establishing security in protocol levels by establishing security extension policies. All approaches are focused on ensuring data protection from cyber-attacks. Due to the availability of automated software attackers such as brute force attacks and dictionary, attackers can quickly enter even into the protected environment by targeting one or a few systems in a connected environment. In this situation, the existing system's data protection policies failed to protect the devices from attackers. In this research, an encrypted password approach is incorporated to provide security for wireless network-based IoT applications. It applies cryptographic policies for the password to protect from attackers. In this case, attackers can't guess the encrypted passwords even if they try to access the device's information to take control.

Security issues in Wi-Fi-based IoT
Fluhrer, Mantin and Shamir (FSM) attack is also known as FMS [34] attack. It permits the hackers to recover the encoded key in an RC4's. It is using a key scheduling algorithm to reconstruct the encoded large number of the frame. It requires a large number of the frame to succeed.
Korek and ChopChop attack can able to decode the wired equivalent privacy data packets without knowing the key. It does not retrieve the key; however, it can able to expose the actual text. It requires a minimum of one data packets to decode the entire packets data.
The Internet Protocol (IP) datagram fragmentation is one of the DoS attacks [35]. All the packets transmitted over the Wi-Fi standards use a common header so the attacker can guess the first 8 bytes of data quickly. The rest of the parts are extracted from the Initialization Vector (IV). It has several forms of attacks, such as user datagram protocol and Internet Control Message Protocol (ICMP) fragment attack and Transport Control Protocol (TCP) fragment attack.
Pyshkin Tews Weinmann (PTW) attack [36] is an improved form of FSM attack. It decreases the requirement of the initialization vector count to retrieve the WEP key. It can retrieve 104 bit of the WEP key with more than a 50% success rate. It guesses the wireless traffic on the same channel as the target frames. However, it requires a large amount of time to collect the necessary frame information. So, re-inserts frames in the response path to create traffic to retrieve the frame information more quickly.
In Google reply attack, attackers can retrieve all the log streams by merely setting the Google search engine as default. Generally, this type of attackers may send mail to the target system or ID and notify them to reset the password. The hackers can retrieve partial information about the logs.
The Michael algorithm is generally used to create hash functions. But the Michael attack is performing the dehashing. In this, hackers can insert code in data packets.
In Ohigashi-Morii attack, the time taken to inject a malicious packet in-network is decreased. The time taken to perform the packet injection is reduced from 15 minutes to 1 minute.
The Hole 196 vulnerability attack allows the known user in the same network to access other's resources using the WPA 2 and wireless network. The IEEE standard 802.11 contains the documentation for these vulnerability attacks.
In the Brute force attack [37], the attackers submit a set of possible password's combinations, log information, encryption key, and hidden web page to determine the matching password combinations to access the information. Generally, a set of the automated bot is utilized to perform this attack. The attacks are performed in various form such as Simple brute force, Dictionary attack, hybrid brute force, revere brute force, and credential stuffing. The simple BF approach is to guess the simple form of password or PIN. The hackers try possible password combinations on the targeted system to enter the profile in a dictionary attack. The hybrid approach combines the dictionary and other brute force method to form a combo of password combinations. In credential stuffing, the hybrid approach predicted password combo of one site is utilized to breach many websites. The password guessing process is performed using automated tools. It uses several techniques to obtain the matches, such as dictionary mode, weak password prediction, decoding the password from the encoded passwords stored location, and trying all the possible character combinations.
Dictionary attack is one of the BF attacks. It gains access by guessing the possible set of the password and tying the previously saved passwords. It guesses and tries the possible password or passphrases for thousands and millions of times to determine the matches to gain access. The sequential attack is mostly used to reveal the password. Some attackers' uses complete dictionary of words and its combinations of alphabets, numeric and special characters to found the matches. The research is focused on reducing brute force and dictionary attack based issues in Wi-Fi standard modules. The subsequent section discusses the security extension techniques of Wi-Fi standards, which discusses the specifications of Wi-Fi standards, SRP protocol's encrypted secret key generation and authentication process, and a use case is explaining how the SRP Protocol avoids brute force and dictionary attack in Wi-Fi-based IoT application.

Enhanced Wi-Fi network's security using secure remote password protocol (SRPP)
This section discusses the Specification features of Wi-Fi standards and describes the SRPP's encryption and secret key exchange strategies. Then it demonstrates how the SRP protocol is enhancing the security of Wi-Fi modules in IoT applications using two use cases, such as brute force and dictionary attacks.  Table 2 [30] describes the standards of the IEEE 802.11 protocols; it follows OSI reference mode's Physical (PHY) and MAC layers. These standards are designed to establish communications between peer to peer devices. The layer supports frequency bands from 2.4 GHz to 5GHz with OFDM and DSSS. It adapted the multiple beams forming technology to enhance the data transmission rate from 2 Mbps (802.11) to 600 Mbps (802.11n). The median of access supported by this standard is CSMA/CA. The IEEE standard 802.11 has several attractive features: security and power-saving mechanisms, Acknowledgement in MAC layer level, roaming support, inter-frame gaps and exponential back-off, fragmentations, and resemble support, synchronization. The standards use a best-effort delivery mechanism to LLC. Consequently, data transmission is not guaranteed. Therefore, the MAC layer is employed for these standards to manage the data relay in the ISO layer's high-level protocols. In the MAC layer, NDP is carrying a null data payload of a wireless client. It contains RAW and PS mode. The RAW is restricting authorized access to other wireless client's information. The TWT permits an AP to manage the Wi-Fi network activity to reduce the medium contention between Stations (STA's); it also allows to set the minimum required amount of time the station is awake to PS mode. The access point (AP) /a station / by both is determining the capacity of SST. It supports many (multi-hop) relay operations such as a fixed relay, mobile relay etc. In PHY layer, the base station or AP using MIMO/ MU-MIMO/ FHSS technology; it uses multiple transceivers for each cell sector. The IEEE 802.11 n/ac supports CCK. In infrastructure mode, all the communications are performed through base stations. The communications within the network are established using additional airwaves. In ad hoc and Wi-Fi direct mode, it can establish communications between two computers without using any intermediate access points. In TDLS, two devices on the same network can communicate directly without access point support. The modulation types supported by the Wi-Fi standards are BPSK, QPSK, COFDM, CCK, M-QAM. The IEEE standard 802.11h supports the dynamic frequency selection transmits power control method. This standard supports a 32-bit cyclic redundancy check (CRC) to provide data protection. It establishes connections to cell nodes maximum of >2007. It uses 14 radio frequency channels to produce data signals. The Specifications and the functionalities of some of the Wi-Fi standards are discussed in these sections. The Wi-Fi technology is trendy among the customers and IoT developers for its attractive features, discussed in this section. Consequently, the manufactures rush to build IoT Wi-Fi device without specifying any good security policies. The low-security protocol adoption makes the Wi-Fi-based IoT device vulnerable to intermediate attacks. This research suggests a secure secret keying to reduce the security risks in Wi-Fi network standard-based IoT applications. The subsequent section discusses the functionalities of the SRP protocol.

Secure remote password (SRP) protocol
This protocol is used to form a known secret session key and password for IoT Client Device and IoT Application server node. In this, the password or key matching is performed in prime group . The notation represents a sizeable prime integer. The notation represents the generator of prime numbers. The SRP uses the hash function ℎ ℎ. In this, any session password key is ∈ . The prime group is denoted as mod . Initially, the IoT device must register its password to the Application server. The server saves the value (s, u) indexed by the IoT device. The notation s indicates the encryption, and the derivative = ℎ ℎ( , ) is the encrypted hash value of the IoT device's password. The non-sensitive verifier is represented as = , which is derived from the password PS. The PS does not reveal the or PS. This process is performed in two stages, such as Key establishment and Key verification. The step-by-step key establishment and verification process for IoT client device and IoT application server is explained as flows, I. IoT Device and it's application server form session key . 1. IoT Device sends its identity to the server. 2. The server receives IoT Device's identity and searching for IoT Device's encrypt and saved verifier = , and the is contained = ℎ ℎ( , ). The server sends IoT Device's encrypt to IoT Device. 3. IoT Device receives , calculates and sends to server. 4. The server receives and generates a random secret nonce and random scrambling parameters. The server calculates and sends + to IoT Device, together with . 5. Both server and client devices compute the session key as the hash of a common value, which both server and client devices compute differently. IoT Device computes = ℎ ℎ(( + ) − ) + and Server computes = ℎ( ) .
The low-cost Wi-Fi-based wireless network is using inadequate password protection and key exchange policies to provide security. It makes the Wi-Fi-based IoT application vulnerable to Dictionary attacks and Brute force attacks. Therefore, in this research, the Wi-Fi module's secret key password protection is enhanced using a secure remote password protocol. This protocol encrypts the shared secret key with a maximum number of prime groups. Suppose the attackers try to guess the secret key by combining number; also, the automated attacker's bot can't know the actual count of the secret key. The possible attacks and the key protection schemes are explained using the use case in the subsequent section.

Dictionary attacks and brute force attacks in Wi-Fi module based IoT smart home environment
This section explains the two possible attacks in IoT application in Wi-Fi modules. This research is focused on enhancing the secret key protections against brute force and dictionary attacks. The attacks and the key protection process has been described using the IoT based smart home-based use case. In this, each infected device submitting a possible password by guessing combinations. However, SRP protocol is utilized a large number of encrypted prime number group series to encrypt the secret keys. Therefore, suppose the attackers try to guess the secret key password combinations also they can't guess the exact combinations of the actual secret key password. Figure 4 b) illustrates the Dictionary attack in a Wi-Fi-based IoT smart automation application environment. Suppose the dictionary attacker attempts to defeat the cryptographic techniques by guessing the password. Also, they can't get the exact combination of the existing password to decrypt the secret key. The SRP protocol establishes the secret key and password protection for all three layers of the IoT smart home environment. The subsequent section discusses the simulation results and analysis of the Wi-Fi protocol's enhanced security using SRPP.

Results and discussions
This section discusses the performance analysis of the enhanced Wi-Fi module's security. This protocol setup is implemented and tested with network performance monitoring metrics using the GNS3 tool. The enhanced Wi-Fi module's security is simulated using 50 data packets, 12 simulated IoT nodes, and 10 MB of comprehensive data. The enhanced Wi-Fi security performance is evaluated with the IoT security model's evaluation metrics such as packet overhead, integrity, network latency, and scalability. Lots of researches are introduced a security mechanism to enhance the Wi-Fi network's security. However, the Eclipse curve cryptography (ECC) approach [15] and the tree-based authentication (TA) approach [19] are provides better security against intermediate attacks for Wi-Fi network's IoT applications. Therefore, these two approaches are chosen to compare the Secure Remote Password protocol enhanced Wi-Fi security modules.

Latency analysis
The latency rate comparison is performed for Wi-Fi module with SRPP, Wi-Fi module with ECC, and Wi-Fi module with AP approaches are illustrated in figure 5. The latency is analyzed by increasing the number of tasks and utilized response times. It comparison graph shows that the Wi-Fi module with SRP protocol takes less response time (59(ms) to 598(ms)) to perform the secret key creation ( = ℎ ℎ(( + ) − ) + ), = ℎ( ) and authentication tasks and packet transmission using large prime groups. It proves that the secret key generation process in SRPP protocol obtains a very less latency rate than comparison approaches.

Scalability analysis
The scalability rate comparison is accomplished for Wi-Fi module with SRPP, Wi-Fi module with ECC, and Wi-Fi module with AP approaches are illustrated in figure 6. The scalability is estimated by the number of nodes and each node's overall task completion time. It comparison graph shows that the Wi-Fi module with SRP protocol takes less overall response time (512(ms) to 6175(ms)) than comparison methods to complete all the secret key encryption and key authentication process for all the nodes.

Packet overhead analysis
The Packet overhead's analysis comparison is accomplished for Wi-Fi module with SRPP, Wi-Fi module with ECC, and Wi-Fi module with AP approaches are illustrated in figure 7 (a) and (b). In Figure 7 (a), the packet overhead is analyzed by observing the utilization of a number of the packet for each node's tasks during the key generation and key verification ( 2 = ℎ ℎ( , 1 , )). The comparison graph shows that the Wi-Fi module with SRP protocol takes fewer packets (13 packets to16 packets) to complete the encrypted key generation and secret key authentication process for all the nodes. In Figure 7 (b), the packet overhead is analyzed by observing the packet size increases for each node's tasks during the key generation ( = ℎ ℎ(( + ) − ) + ), ( = ℎ( ) ) and key verification. The comparison graph shows that the Wi-Fi module with SRP protocol utilized fewer data packets (2357 bytes to 3876 bytes) to complete the encrypted key generation and secret key authentication process for all the nodes.

Integrity analysis
The Integrity analysis comparison is accomplished for Wi-Fi module with SRPP, Wi-Fi module with ECC, and Wi-Fi module with AP approaches are shown in figure 8. It clearly shows that the Wi-Fi module with the SRPP approach obtains less response time (75 ms to 139 ms) for up to 50 data packets. It proves that the Wi-Fi module with the SRPP approach gives equal priority to perform encrypted key generation and secret key verification for both IoT client node (Sensor device) and Application Server node. The overall simulation analysis graphs in this sections proves that the Secure Remote Password Protocol in Wi-Fi module achieved reliable integrity rate, scalable rate, latency rate and packet overhead than Eclipse curve cryptography (ECC) and tree structure approach based security to perform encrypted secret key generation and authentication for both client (IoT device) and server (IoT application server).

Conclusion
The Wi-Fi module's node specification with the security protocol extension process is implemented to evaluate the performance. The simulation results and performance analysis are discussed in the previous section. The latency analysis is observed that the Wi-Fi module with the SRPP approach is to attain a good response time (59 ms to 598 ms). The scalability analysis is observed that the Wi-Fi module with SRPP approach is attain encouraging overall response time (512(ms) to 6175(ms)) to complete 10 node's tasks (encrypted key generation and authentication). The Packet overhead analysis proves that the Wi-Fi module with the SRPP approach takes fewer packets (13 packets to16 packets) and less overall data packet size (2357 bytes to 3876 bytes), the encrypted key generation and secret key authentication process for all the nodes. The integrity analysis report proves that the Wi-Fi module with the SRPP approach takes less response time (75 ms to 139 ms) to perform encrypted key generation and key verification for IoT client node (Sensor device) and application server node. Therefore, the overall simulation results analysis report is proven that the SRPP based Wi-Fi module outperforms in terms of integrity, scalable, latency and packet overhead rate than comparison approaches. Thus, the research suggests that the SRPP based Wi-Fi module approach is suitable for extending the Wi-Fi module's security against brute force and dictionary attack in an IoT-based smart home environment. Moreover, the research is extended to establish multiple authentication strategies to strengthen Wi-Fi standards security by combining two authentication strategies.