Preprint Article Version 1 Preserved in Portico This version is not peer-reviewed

User Authentication and Authorization Framework in IoT Protocols

Version 1 : Received: 5 August 2022 / Approved: 10 August 2022 / Online: 10 August 2022 (04:11:00 CEST)

A peer-reviewed article of this Preprint also exists.

Al-Refai, H.; Alawneh, A.A. User Authentication and Authorization Framework in IoT Protocols. Computers 2022, 11, 147. Al-Refai, H.; Alawneh, A.A. User Authentication and Authorization Framework in IoT Protocols. Computers 2022, 11, 147.


The Internet of Things (IoT) has become one of the most attractive domains nowadays. It works by creating a special network between physical devices such as vehicles, home equipment, and other items. In recent days, the common technologies of communication such as Wi-Fi and 2G/3G/4G cellular are insufficient for the IoT networks because they are designed to serve appliances with immense processing capabilities such as laptops and PCs. Moreover, most of these technologies are centralized and use an existing infrastructure. Currently, the new communication technologies such as Z-Wave, 6LowPAN, and Thread are dedicated to the IoT and have been developed to meet its requirements. These technologies can handle many factors such as range, data requirements, security, power demands, and battery life. Nevertheless, the security issues in IoT systems have major concerns and matters because vulnerabilities in such systems may result in fatal catastrophes. In this paper, an enhanced IoT security framework for authentication and authorization is proposed and implemented to protect the IoT protocols from different types of attacks such as man-in-the-middle attack, reply attack, and brute force attack. The proposed framework combines an enhanced token authentication that has identity verification capabilities and a new sender verification mechanism on the IoT device side based on time stamp, which in turn can mitigate the need for local identity verification methods in IoT devices. The proposed IoT security framework is tested using security analysis with different types of attacks compared with previous related frameworks. The analysis shows the high capability of the proposed framework to protect IoT networks against many types of attacks compared with current available security frameworks. Finally, the proposed framework is developed using Windows application to simulate the framework phases, check its validity through the real network, and calculate the payload time is adds.


Internet of Things; security protocol; authentication; authorization; networks


Computer Science and Mathematics, Computer Science

Comments (0)

We encourage comments and feedback from a broad range of readers. See criteria for comments and our Diversity statement.

Leave a public comment
Send a private comment to the author(s)
* All users must log in before leaving a comment
Views 0
Downloads 0
Comments 0
Metrics 0

Notify me about updates to this article or when a peer-reviewed version is published.
We use cookies on our website to ensure you get the best experience.
Read more about our cookies here.