Taxonomy of Authentication Techniques in Internet of Things (IoT)

Taxonomy of Authentication Techniques in Internet of Things (IoT) Maroun Chamoun Mohammed El-hajj USJ USJ Beirut, Lebanon Beirut, Lebanon [email protected] [email protected]

Abstract— Internet of Things (IoT) is slowly but steadily becoming part of different aspects of our lives, with applications ranging from smart homes, to wearable devices, to healthcare, etc. This wide spectrum of applications results in shared data containing large amount of users’ private information. The security of such information becomes a paramount concern. The IoT security requirements include data confidentiality, data integrity, authentication, access control, privacy, etc. In particular, authentication of IoT devices has a particular importance given the variety of attacks which might result from its breach [1]. This paper provides a survey of the different authentication schemes proposed in the literature. Through a multi-criteria classification, it compares and analyzes the existing authentication protocols, showing their advantages and disadvantages. Keywords— Internet of Things (IoT); Security; Authentication; Taxonomy

I.

INTRODUCTION

IoT platform and scope have evolved gradually along time [1,2]. Its functionality and application grew up in a way that made them integrated in wide spectrum domains such as environmental monitoring, public health, smart cities, smart homes, intelligent transportation system, waste management, chemicals, manufacturing, aviation, military, topography, agriculture, etc. [3, 4, 5, 6]. Sensors are integral part of the IoT network. They are characterized by real-time processing, and are responsible for collecting different forms of data such as light, temperature, humidity, wind, location, mechanics, sound, etc. Sensors are durable enough to be set up in various environmental and geographical conditions. In addition, there are various connectivity mechanisms, ranging from Machine-to-Machine (M2M), Machine-to-Human, and Human-to-Human connectivity [7, 8]. With the rapid development of technologies involved with IoT, their functionality also changed from simple tasks (e.g., tracking) into becoming as intelligent as humans are (e.g., processing, analyzing, and decision-making). Such technologies change all types of IoT devices (end devices, gateways, etc.) which can have the ability to collect, control and analyze without Human interaction in many levels [9]. In other words, IoT represents a revolutionary transformation of the internet conceptualization from a man-to-man

978-1-5386-2126-4/17/$31.00 ©2017 IEEE

Ahmad Fadlallah USAL Beirut, Lebanon [email protected]

Ahmed Serhrouchni Telecom ParisTech Paris, France [email protected]

communication tool into all-to-all communication model. This would create a lot of security challenges and risks. In particular, privacy, authentication, access control, and information collection and management are becoming critical functions to be handled and maintained [10, 11, 12]. Hackers without any doubt find IoT as an attractive and new promising environment for increasing their unethical actions and developing their network expansion scope [2, 13, 14]. The IoT generated data can be sniffed by illegal activities to be exploited in different domains. Thus, intensive attacks would make the cost-benefit analysis investment in IT negative [15, 16, 17]. In other words, the absence of vivid and strengthened baseline information security infrastructure would lead to increase the barriers of entries of innovations, businesses, and developments in the IoT industry. Another system security weakness could result from the security incompatibility issues, which spread across plenty of incompatible security platform systems. In addition, there are some claims that current cryptography mechanisms and security protocols are no longer satisfactory with respect to the restriction of the devices used in the IoT [18, 19]. Thus, new international security vision, best practices and standards requirements must surface up then, to diminish the inconsistency gaps, maintain data integrity and enhance the standardize security bases globally [18, 19]. Authentication of end devices and data is a key success factor for the Internet of Things (IoT). A single compromised node can be turned into a malicious one that brings down whole system or causes disasters. This paper provides a survey of the different authentication schemes proposed in the literature. Through a multi-criteria classification, it compares and analyzes the existing authentication protocols, showing their advantages and disadvantages. The rest of the paper is organized as follows: Section II is an overview of related works. Section III provides taxonomy of the existing authentication schemes. Finally, Section IV concludes the paper. II.

RELATED WORKS

Authors in [20] present a comprehensive survey of authentication protocols for Internet of Things (IoT) under four environments: Machine to Machine communication

(M2M), Internet of Vehicles (IoV), Internet of Energy (IoE), and Internet of Sensors (IoS).A taxonomy and comparison of authentication protocols for IoT in the form of tables in five terms: namely, network model, goals, main processes, computation complexity, and communication overhead is provided. In [23] authors provide a classification and comparison of different authentication protocols for Internet of Things (IoT) but the classification was based on the inherent features of these authentication techniques such as being distributed vs. centralized, flat vs. hierarchical and another separate classification is done based on the characteristics of the authentication process: Two-way authentication, additional hardware based, multiple credentials, multiple authentication, registration phase, and offline phase. Our work will do a multi-criteria classification in one table, and to our knowledge this will be the first work to classify and compare different authentication protocols using multi-criteria. III. ANALYSIS OF IOT AUTHENTICATION SCHEMES A. Taxonomy of IoT Authentication Schemes This work presents a classification of IoT authentication protocols using multiple criteria, which were selected based on the similarities/commonalities and the important features of the existing authentication schemes. These criteria are summarized in Fig. 1.

Fig. 1.

Criteria used

B. Analysis of IoT Authenticaiton Schemes The IoT authentication protocols are surveyed using the criteria mentioned in the previous paragraph. In [24], the authors presented intelligent Service Security Application Protocol. It consolidates cross-platform communications with encryption, signature, and authentication, to enhance IoT applications improvement capacities. Message integrity, confidentiality, and authenticity are provided by authors in [25], they introduced a two-way authentication security scheme for IoT, the Datagram Transport Layer Security (DTLS) protocol, grounded on RSA and designed for IPv6 over Low power Wireless Personal Area Networks (6LoWPANs), placed between transport and application layer. In [26], the authors propose a robust WSN mutual authentication protocol. A real implementation of the protocol was realized on Optimization of Communication for Ad hoc Reliable Industrial networks (OCARI). All nodes wanting to access the network should be authenticated at the MAC sub-layer of OCARI. A suitable Key Management System protocols for IoT scenarios are Blom [27] and the polynomial schema [28]. In these schemes, several countermeasures are required to manage authentication and Man in the middle attack. In [29, 30], authors presented a structure for IoT based on Public Key Infrastructure (PKI). In [31], authors proposed a transmission model with signature-encryption schemes, which addresses the IoT security necessities by Object Naming Service (ONS) inquiries. It provides identities authentication, platform creditability, and data integrity. In [32], authors presented an authentication protocol the usage of lightweight encryption based totally on XOR manipulation for anti-faking and privacy protection, managed with restricted IoT devices with respect to memory and processor. In [33], authors proposed a user authentication and key agreement scheme for WSN, by developing hash and XOR computations. It confirms mutual authentication among end users, end devices and gateway nodes (GWN). Using a lightweight encryption mechanism based on Elliptic Curve Cryptography (ECC) authors in [34] presented the authentication and access control method, which establishes session keys. This scheme defines attribute-based access control policies, managed by an attribute authority, to enhance authentication. In [26, 35, 36], two-way authentication is used in which the proposed authentication involves two phases: 1) the registration phase, each node within the system should be identified, and 2) the authentication phase where a number of messages are substituted between the end node and server node.At the end of which both nodes authenticate each other and generate a secret key to be used for further communication. In [37], authors introduced a security manager used to protect the IoT network from unauthenticated users using OAuth 2.0 protocol although it has the ability to overcome some attacks like impersonation and replay attacks [38], but it is still affected by eavesdropping attacks. In [39], the authentication method is handled by two separate servers and no longer done at the cloud side. To admit the identity of users at the client side, the end device should be registered to an authentication server. Each user is assigned a unique code

that will be encrypted by the server and decrypted at client side using a chosen password with AES algorithm. While unregistered devices are authenticated by Software-as-aService (SaaS) agent using modified Diffie-Hellman algorithm. For protecting the end devices in the supply chain, authors in [40] proposed an RFID-based solution that enables traceability and authentication of IoT devices across the supply chain. Authors in [41] proposed a novel continuous authentication protocol for IoT based on secret sharing pattern provided by Shamir in 1979 [42]. This protocol provides secure and efficient authentication for frequent message transmissions in short session time intervals. In [43], authors proposed a multi-tier authentication scheme in which singletier authentication is not sufficient for accessing the services like in cloud computing. The authentication process is done in two steps (two-level): In the first step, user enters simple username and password. In the second step, user follows a pre-determined series. In [44] authors proposed a method for authentication by using either bio-metric or by using some other physical characteristics of the user. In [45], authors proposed an identity authentication scheme based on elliptic curve public-private key pair according to the characteristics of WSN, which is supplemented by a simple two-way authentication scheme. Authors in [46] proposed a gatewaybased authentication allowing gateway smart meters to help aggregate power usage information, and the power generators to determine the total amount of power that needs to be generated at different times. To reduce the impact of attacking traffic, the scheme allows gateway smart meters to help filter messages before they reach the control center. In [47] authors proposed an authentication scheme predicated on Diffie– Hellman key establishment protocol. It uses RSA and AES, in order to maintain message integrity; it exploits the advantages of the HMAC. The proposed scheme is lightweight and is felicitous for resource constrained environments like smart meters. Authors in [48] provided an enhanced user authentication and key agreement protocol for WSNs using Bio-hashing [49]. Using the BAN-logic (which is a logic of belief and action that ensure one part of communication believes that this key is good [50]) ensures mutual authentication. IV. CONCLUSION IoT Authentication is important to IoT/ M2M devices, recent attacks show that identification of IoT devices and the authentication done between communicating ones is critical. In the recent years, intensive research and development performed by the standardized organizations like the Institute of Electrical and Electronics Engineers (IEEE) and the Internet Engineering Task Force (IETF) to reengineer the existing technologies of the communication and security protocols used. Even though these efforts resulted in great development outcomes; however, there is still a huge room for more research advancements and improvements [3]. In particular, IoT authentication mechanisms took a lot of attention from researchers given that authentication-related weaknesses and vulnerabilities wide-open the door to a variety

of attacks [15, 21, 22]. In this paper taxonomy of IoT authentication protocols is done with respect to different criteria to help researchers in comparing and classifying other authentication protocols and a table of comparison is provided at the end. In future we are planning to continue this paper by including all the authentication methods provided for IoT from 2002 in the table of comparison. V.

REFERENCES

[1]

Saadeh, M., Sleit, A., Qatawneh, M., & Almobaideen, W., "Authentication Techniques for the Internet of Things: A Survey," in 2016 Cybersecurity and Cyberforensics Conference (CCC), Amman, 2016, pp. 28-34., Amman, Jordan, 2016.

[2]

Yang, Y., Wu, L., Yin, G., Li, L., & Zhao, H., "A Survey on Security and Privacy Issues in Internet-of-Things," IEEE Internet of Things Journal, vol. PP, no. 99, pp. 1-10, 2017.

[3]

Granjal, J., Monteiro, E., & Silva, J. S., " Security for the internet of things: a survey of existing protocols and open research issues," IEEE Communications Surveys & Tutorials, vol. 17, no. 3, pp. 1294-1312, 2015.

[4]

Atzori, L., Iera, A., & Morabito, G., "The Internet of Things: A Survey," Computer Networks Journal, vol. 54, no. 15, pp. 2787-2805, 2010.

[5]

Miorandi, D., Sicari, S., De Pellegrini, F., & Chlamtac, I., "Internet of things: Vision, applications and research challenges," Ad Hoc Networks, vol. 10, no. 7, pp. 1497-1516, 2012.

[6]

Yang, D. L., Liu, F., & Liang, Y. D., "A survey of the internet of things," in Proceedings of the 1st International Conference on EBusiness Intelligence (ICEBI2010), 2010.

[7]

Perera, C., Liu, C. H., Jayawardena, S., & Chen, M., "A Survey on Internet of Things From Industrial Market Perspective," IEEE Access, vol. 2, pp. 1660-1679, 2014.

[8]

Lin, C. C., Deng, D. J., & Lu, L. Y., "Many-Objective Sensor Selection in IoT Systems," IEEE Wireless Communications, vol. 24, no. 3, pp. 40-47, June 2017.

[9]

Rathore, M. M., Ahmad, A., & Paul, A., "IoT-based smart city development using big data analytical approach," in 2016 IEEE International Conference on Automatica (ICA-ACCA), Curico, Chile, 2016.

[10] Bari, N., Mani, G., & Berkovich, S., "Internet of things as a methodological concept.," in Computing for Geospatial Research and Application (COM. Geo), San Jose, CA, USA, 2013. [11] G. Z. Y. Liu, "Key technologies and applications of internet of things," in Intelligent Computation Technology and Automation (ICICTA), Zhangjiajie, Hunan, China, 2012. [12] L. Kai Zhao, "A Survey on the Internet of Things Security," Computational Intelligence and Security, vol. 9, pp. 663 - 667, 2013. [13] Sathyadevan, S., Vejesh, V., Doss, R., & Pan, L., "Portguard - an authentication tool for securing ports in an IoT gateway," in 017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops) pp. 624-629., Kona, HI, USA, 2017. [14] Kraijak, S., & Tuwanut, P. , "A survey on IoT architectures, protocols, applications, security, privacy, real-world implementation and future trends," in 1th International Conference on Wireless Communications, Networking and Mobile Computing, Shanghai, China, 2015. [15] Zhang, Bing, Xin-Xin Ma, and Zhi-Guang Qin., "Security Architecture on the Trusting Internet of Things," JOURNAL OF ELECTRONIC SCIENCE 364 AND TECHNOLOGY, vol. 9, no. 4, pp. 364-367, 2011. [16] Z. Cekerevac, "Internet of Things and Man In The Middle attacksSecurity and Economic Risks," MEST Journal, vol. 5, no. 2, pp. 15-25, July 2017.

for IoT Networks," in ICTC, 2015.

[17] L. Nastase, "Security in the Internet of Things: A Survey on Application Layer Protocols," in In Control Systems and Computer Science (CSCS), 2017 21st International Conference on (pp. 659-666). IEEE., Bucharest,Romania, May 2017.

[38] Cheol-Joo, C., et al. "The Extended Authentication Protocol using Email Authentication infromation," Journal of Internet Computing and Services (JICS), pp. 21-28, 2015.

[18] dos Santos, Giederson Lessa, et al., "A DTLS-based security architecture for the Internet of Things," in In Computers and Communication (ISCC)pp. 809-815, Larnaca, Cyprus, 2015.

[39] Moghaddam, Faraz Fatemi, et al. "A scalable and efficient user authentication scheme for cloud computing environments," in Region 10 Symposium, 2014 IEEE, Kuala Lumpur, Malaysia, 2014.

[19] Mahmoud, Rwan, et al., "Internet of Things (IoT) Security:Current Status, Challenges and Prospective Measures," in The 10th International Conference for Internet Technology and Secured Transactions, London, 2015.

[40] Yang, Kun,et al. "Protecting Endpoint Devices in IoT Supply Chain," in 2015 IEEE/ACM International Conference on Computer-Aided Design (ICCAD),pp. 351-356, Austin, TX, USA, 2015.

[20] Ferrag, M. A., Maglaras, L. A., Janicke, H., & Jiang, J. . Authentication Protocols for Internet of Things: A Comprehensive Survey 2016.

[41] Bamasag, Omaimah Omar, and Kamal Youcef-Toumi. "Towards continuous authentication in internet of things based on secret sharing scheme," in Proceedings of the WESS'15: Workshop on Embedded Systems Security (p. 1). ACM., Amsterdam, Netherlands, 2015.

[21] Matharu, G. S., Upadhyay, P., & Chaudhary, L."The Internet of Things: Challenges & security issues," in Emerging Technologies (ICET), Islamabad, Pakistan, 2014.

[42] A. Shamir, "How to share a secret," Communications of the ACM, vol. 22, no. 11, pp. 612-613, 1979.

[22] Wu, Zhen-Qiang, Yan-Wei Zhou, and Jian-Feng Ma. "A Security Transmission Model for Internet of Things," Chinese Journal of Computers, vol. 34, no. 8, pp. 1351-1364, 2011. [23] Saadeh, Maha, et al. "Authentication techniques for the internet of things: A survey." Cybersecurity and Cyberforensics Conference (CCC), 2016. IEEE. [24] Z. Yanling, "Research on data security technology in internet of things," Applied Mechanics and Materials , Vols. 433-435, pp. 17521755, 2013. [25] Kothmayr, Thomas, et al. "DTLS based security and two-way authentication for the Internet of Things," Ad Hoc Network, vol. 11, no. 8, pp. 2710-2723, 2013. [26] Hammi, M. T., Livolant, E., Bellot, P., Serhrouchni, A., & Minet, P. (2017, June). A Lightweight Mutual Authentication Protocol for the IoT. In International Conference on Mobile and Wireless Technology (pp. 3-12). Springer, Singapore. [27] Du, Wenliang, et al. "A Pairwise Key Predistribution Scheme for Wireless Sensor Networks," ACM Trans. Inf. Syst. Secur. (TISSEC), vol. 8, no. 2, p. 228–258, 2005. [28] Liu, D., Ning, P., & Li, R. "Establishing pairwise keys in distributed sensor networks," ACM conference on Computer and communications security, pp. 52-61, 2003. [29] Pranata, H., Athauda, R., & Skinner, G., "Securing and governing access in ad-hoc networks of internet of things," International Conference on Engineering and Applied Science, p. 84–90, 2012. [30] H.Ning, "A security framework for the internet of things based on public key infrastructure," Advanced Materials Research, Vols. 671674, pp. 3223-3226, 2013. [31] Wu, Zhen-Qiang, et al. "A Security Transmission Model for Internet of Things," Chinese Journal of Computers, vol. 34, no. 8, pp. 1351-1364, 2011. [32] Lee, Jun-Ya , et al."A lightweight authentication protocol for internet of things," in International Symposium on Next- Generation Electronics, Kwei-Shan, 2014. [33] Turkanovi,M., et al. "A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion," Ad Hoc Network, vol. 20, p. 96–112, 2014 [34] Ye, Ning, et al. "An efficient authentication and access control scheme for perception layer of internet of things," Applied Mathematics & Information Sciences, vol. 8, no. 4, p. 1617–1624, 2014. [35] M. B. C.Schmitt, "TinyTO: Two-way Authentication for Constrained Devices in the Internet-of-Things (chapter 13)," in Internet of Things Principles and Paradigms, 1st Edition, 2016, pp. 239-258. [36] Porambage, Pawani, et al. "Two-phase Authentication Protocol for Wireless Sensor Networks in Distributed IoT Applications," in IEEE WCNC'14 Track 3 (Mobile and Wireless Networks), 2014. [37] Emerson, Shamini, et al. "An OAuth based Authentication Mechanism

[43] Singh, A., & Chatterjee, K. "A secure multi-tier authentication scheme in cloud computing environment," in 2015 International Conference on Circuits, Power and Computing Technologies [ICCPCT-2015], pp. 17., lNagercoil, India, 2015. [44] Lu, Jian-Zhu, et al. "An enhanced biometrics-based remote user authentication scheme using smart cards," in 2013 6th International Congress on Image and Signal Processing (CISP), pp.1643-1648., Hangzhou, China, 2013. [45] Chu, Fuzhi, et al. "An Improved Identity Authentication Scheme for Internet of Things in Heterogeneous Networking Environments," in 013 16th International Conference on Network-Based Information Systems, pp. 589-593., Gwangju,South Korea, 2013. [46] Chim, Tat Wing, et al. "PRGA: Privacy-Preserving Recording & Gateway-Assisted Authentication of Power Usage Information for Smart Grid," EEE Transactions on Dependable and Secure Computing, vol. 12, no. 1, pp. pp.85-97, 2015. [47] Mahmood, Khalid, et al. "A lightweight message authentication scheme for Smart Grid communications in power sector," Computers & Electrical Engineering, vol. 52, pp. 114-124, 2016. [48] Srinivas, J., Mukhopadhyay, S., & Mishra, D. "Secure and efficient user authentication scheme for multi-gateway wireless sensor networks," Ad Hoc Networks, vol. 54, pp. 147-169, 2017. [49] Choi, Y., Lee, Y., Moon, J., & Won, D. (2017). Security enhanced multi-factor biometric authentication scheme using bio-hash function. PloS one, 12(5), e0176250.

Encryption/Asymmetric

Encryption/Asymmetric

Encryption/Symmetric

Encryption/Symmetric using XOR

Encryption/Symmetric + Hash---Credit card as context

Encryption/Asymmetric using ECC

N/A TLS

Encryption: registered user with AES and non-registered users using Diffie– Hellman Encryption/Symmetric using AES

No Encryption/Hash

Context /multiple credentials using physical context No Encryption/Hash 256 bits + context biometric Encryption/Asymmetric using ECC

Encryption /RSA + Hash SHA or MD5

Encryption /RSA + AES

Encryption/Symmetric + Hashing

Network

Application + Network

Application + Network

Application + Network + Perception Network + Perception

Network + Perception

Network + Perception

Application + Network + Perception Application + Network + Perception

Application

Application

Perception

Application

Application

Application

Application

Application

Application + Network

Application + Network

[28]

[29]

[30]

[31]

[33]

[34]

[35]

[37]/[38]

[39]

[40]

[41]

[43]

[44]

[45]

[46]

[47]

[48]

[36]

Encryption/Asymmetric using RSA and ECC Encryption/Asymmetric using ECC

Token (SpecificId)

Encryption/Symmetric

Network

[27]

[32]

Token (IP/EPC)

Encryption/ Symmetric asynchronous One Time Password (OTP) Encryption/Symmetric

Perception

[26]

Token + None Token

No

No

Token (UserId)

No (User name + password) Token (User Identity)

Token

Token

No (User name + password)

Token (OAuth2.0)

Two-way

Two-way

Two-way

Two-way

Multiple authentication Two-way

One-way

Two-way

One-way

One-way

Two-way

Token (Identity)

Centralized/Flat

Distributed/ Flat

Distributed/ Flat

Distributed/ Flat

Distributed/ Hierarchical Distributed/ Flat

Distributed/Flat

Centralized/Hierarchical

Centralized/Flat

Centralized/Hierarchical

Distributed/Flat

Centralized/Flat

Centralized/Hierarchical

Two-way Two-way

Centralized/Hierarchical

Centralized/Flat

Centralized/Flat

Centralized/Hierarchical

Distributed/Hierarchical

Distributed/Hierarchical

Distributed/Hierarchical

Centralized/Hierarchical

Centralized/Hierarchical

Centralized/Hierarchical

Methodology/ Architecture

Two-way

Two-way

Two-way

Two-way

Two-way

Three-way

Three-way

Two ways

Two-way

Two-way

Token (Identity, Elliptic curve function, and parameters) No/DTLS

Token (Nonce)

Token (FormId)

Token (Information)

Token (NodeID, Indices of space, and Seed) Token (polynomialID)

No/TLS

No/DTLS

Encryption /RSA

No

Encryption

Application (ISSAP)

Application + Network

Entities

TAXONOMY OF AUTHENTICATION PROTOCOLS

Token based?

TABLE I.

[25]

Identity/Context Credentials

[24]

IoT Layer

Scheme

+Authentication of RFID tags with readers - Location privacy is not considered + Resistance to replay attacks, man-in-the-middle attacks, impersonation attacks, privileged insider attacks, stolen smart card attacks, smart card breach attacks, etc. -Communication cost is higher than other schemes +Resistance to DoS, replay attack, eavesdropping, node capture, and man-in-themiddle attack - Brief discussion related to attribute-based access control +performance measurement is done and resistance to man-in-the middle attack. -Replay attacks and Dos attacks are not considered +Resistance to DoS and malicious users -High memory consumption for certificate authority operations and not resistance to node capturing attack +Resistance to replay and impersonation -No performance measurement is provided + Two separate servers for storing authentication and cryptography data, resistance to Man-in-the-middle, brute force, and timing attacks -No performance measurement is provided +Resistance to split attacks (i.e., separating tag from product, swapping tags, etc.) - Location privacy is not considered +Resistance to replay, main-in-the-middle, DoS, and Eavesdropping attacks. -Storage cost is high +Resistance to replay attack -DoS attack is not considered + Second-tier authentication is done at client side, resistance to inside attacks. - Changing the username and password in both the tiers do not possible +Resistance to DoS attacks and man-in-the middle attack. -User must be authenticated many times in distributed multi-server environment +Message filtering at gateway -DDoS is not considered +Resistance to attacks: replay, message analysis, and modification attacks -location privacy is not considered +Resistance to attacks: replay, spoofing, and gateway impersonation. -Wormhole And Blackhole attacks are not considered

+ Low overheads and high interoperability -Using UDP over DTLS leads to unreliable + Resistance to replay attack and some DoS attacks - No performance measurement done with comparison with other schemes +Resistance to node capture -Energy cost to establish a key is little bit high. +Resistance node captures, and low communication overhead -Location privacy is not considered +Resistance to Malicious entity by using PKI -No performance measurement is provided +Compatibility problems are solved - No performance measurement is provided +Resilience to attacks, data confidentiality, access control and client privacy

+Packet encapsulation to reduce the overhead of data resources

Strength(+) Weakness(-)