{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,7]],"date-time":"2026-04-07T01:12:38Z","timestamp":1775524358288,"version":"3.50.1"},"reference-count":19,"publisher":"MDPI AG","issue":"10","license":[{"start":{"date-parts":[[2022,9,27]],"date-time":"2022-09-27T00:00:00Z","timestamp":1664236800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Deanship of Scientific Research and Graduate Studies at Philadelphia University-Jordan"}],"content-domain":{"domain":["www.mdpi.com"],"crossmark-restriction":true},"short-container-title":["Computers"],"abstract":"<jats:p>The Internet of Things (IoT) has become one of the most attractive domains nowadays. It works by creating a special network between physical devices such as vehicles, home equipment, and other items. In recent days, the common technologies of communication such as Wi-Fi and 2G\/3G\/4G cellular networks are insufficient for IoT networks because they are designed to serve appliances with immense processing capabilities such as laptops and PCs. Moreover, most of these technologies are centralized and use an existing infrastructure. Currently, new communication technologies such as Z-Wave, 6LowPAN, and Thread are dedicated to the IoT and have been developed to meet its requirements. These technologies can handle many factors such as range, data requirements, security, power demands, and battery life. Nevertheless, the security issues in IoT systems have major concerns and issues because vulnerabilities in such systems may result in fatal catastrophes. In this paper, an enhanced IoT security framework for authentication and authorization is proposed and implemented to protect the IoT protocols from different types of attacks such as man-in-the-middle attacks, reply attacks, and brute force attacks. The proposed framework combines an enhanced token authentication that has identity verification capabilities and a new sender verification mechanism on the IoT device side based on time stamps, which in turn can mitigate the need for local identity verification methods in IoT devices. The proposed IoT security framework was tested using security analysis with different types of attacks compared with previous related frameworks. The analysis shows the high capability of the proposed framework to protect IoT networks against many types of attacks compared with the currently available security frameworks. Finally, the proposed framework was developed using Windows applications to simulate the framework phases, check its validity through the real network, and calculate the payload time added.<\/jats:p>","DOI":"10.3390\/computers11100147","type":"journal-article","created":{"date-parts":[[2022,9,27]],"date-time":"2022-09-27T21:23:27Z","timestamp":1664313807000},"page":"147","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["User Authentication and Authorization Framework in IoT Protocols"],"prefix":"10.3390","volume":"11","author":[{"given":"Ammar","family":"Mohammad","sequence":"first","affiliation":[{"name":"Faculty of IT-Department of CS, Philadelphia University, Amman P.O. Box 1, Jordan"}]},{"given":"Hasan","family":"Al-Refai","sequence":"additional","affiliation":[{"name":"Faculty of IT-Department of Information Security and Cybersecurity, Philadelphia University, Amman P.O. Box 1, Jordan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8522-4040","authenticated-orcid":false,"given":"Ali","family":"Alawneh","sequence":"additional","affiliation":[{"name":"Faculty of IT-Department of MIS, Philadelphia University, Amman P.O. Box 1, Jordan"}]}],"member":"1968","published-online":{"date-parts":[[2022,9,27]]},"reference":[{"key":"ref_1","unstructured":"(2021, April 21). Statista 2021. IoTdevs. Available online: https:\/\/www.statista.com\/statistics\/471264\/IoT-number-of-connected-devices-worldwide\/."},{"key":"ref_2","first-page":"150936","article-title":"Foundations and Evolution of Modern Computing Paradigms: Cloud, IoT, Edge, and Fog","volume":"7","author":"Tange","year":"2019","journal-title":"IEEE Access Digit. Object Identifier"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"61","DOI":"10.5121\/ijwmn.2014.6105","article-title":"A comparative study in wireless sensor networks","volume":"6","author":"Alawneh","year":"2014","journal-title":"Int. J. Wirel. Mob. Netw."},{"key":"ref_4","first-page":"373","article-title":"Analysis of Secure Hash Algorithm (SHA) 512 for Encryption Process on Web Based Application","volume":"7","author":"Sumagita","year":"2018","journal-title":"Int. J. Cyber-Secur. Digit. Forensics"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"385","DOI":"10.1016\/j.future.2016.10.005","article-title":"Cloud security engineering: Early stages of SDLC","volume":"74","author":"Aljawarneh","year":"2017","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"2961","DOI":"10.1109\/COMST.2018.2849509","article-title":"IEEE Survey on Multi-Access Edge Computing for Internet of Things Realization","volume":"20","author":"Porambage","year":"2018","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Choudhury, A.J., Kumar, P., Sain, M., Lim, H., and Hoon, J.L. (2011, January 12\u201315). A strong user authentication framework for cloud computing. Proceedings of the 2011 IEEE Asia-Pacific Services Computing Conference, Jeju, Korea.","DOI":"10.1109\/APSCC.2011.14"},{"key":"ref_8","first-page":"59","article-title":"An enhanced user authentication framework in cloud computing","volume":"12","author":"Batiha","year":"2020","journal-title":"Int. J. Netw. Secur. Its Appl."},{"key":"ref_9","first-page":"1","article-title":"Enhanced model of Payment Phase for SET Protocol","volume":"14","author":"Alawneh","year":"2014","journal-title":"Int. J. VideoImage Process. Netw. Secur. IJVIPNS-IJENS"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Deogirikar, J., and Vidhate, A. (2017, January 10\u201311). Security attacks in IoT: A survey. Proceedings of the International Conference on IoT in Social, Mobile, Analytics and Cloud (I-SMAC), Palladam, India.","DOI":"10.1109\/I-SMAC.2017.8058363"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"35","DOI":"10.13052\/jsn2445-9739.2017.003","article-title":"Authentication and Authorization Rules Sharing for Internet of Things","volume":"2017","author":"Trnka","year":"2017","journal-title":"Softw. Netw."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"2956","DOI":"10.3906\/elk-1608-6","article-title":"Token-based authentication method for M2M platforms","volume":"25","author":"Polat","year":"2017","journal-title":"Turk. J. Electr. Eng. Comput. Sci."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Sciancalepore, S., Piro, G., Caldarola, D., Boggia, G., and Bianchi, G. (2017, January 3\u20136). OAuth-IoT: An access control framework for the Internet of Things based on open standards. Proceedings of the IEEE Symposium on Computers and Communications, Heraklion, Greece.","DOI":"10.1109\/ISCC.2017.8024606"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Claeys, T., Rousseau, F., and Tourancheau, B. (2017, January 15). Securing Complex IoT Platforms with Token Based Access Control and Authenticated Key Establishment. Proceedings of the 2017 International Workshop on Secure Internet of Things (SIoT), Oslo, Norway.","DOI":"10.1109\/SIoT.2017.00006"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Oh, S.R., Kim, Y.G., and Cho, S. (2019). An interoperable access control framework for diverse IoT platforms based on oauth and role. Sensors, 19.","DOI":"10.3390\/s19081884"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Wardana, A.A., and Perdana, R.S. (2018, January 24\u201326). Access control on internet of things based on publish\/subscribe using authentication server and secure protocol. Proceedings of the 2018 10th International Conference on Information Technology and Electrical Engineering: Smart Technology for Better Society (ICITEE), Bali, Indonesia.","DOI":"10.1109\/ICITEED.2018.8534855"},{"key":"ref_17","unstructured":"Zhou, X., and Tang, X. (2011, January 22\u201324). Research and implementation of RSA algorithm for encryption and decryption. Proceedings of the 2011 6th International Forum on Strategic Technology, Harbin, China."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Su, N., Zhang, Y., and Li, M. (2019, January 15\u201317). Research on Data Encryption Standard Based on AES Algorithm in Internet of Things Environment. Proceedings of the 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), Chengdu, China.","DOI":"10.1109\/ITNEC.2019.8729488"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Hamza, A., and Kumar, B. (2020, January 4\u20135). A Review Paper on DES, AES, RSA Encryption Standards. Proceedings of the 2020 9th International Conference System Modeling and Advancement in Research Trends (SMART), Moradabad, India.","DOI":"10.1109\/SMART50582.2020.9336800"}],"updated-by":[{"DOI":"10.3390\/computers11120168","type":"correction","label":"Correction","source":"publisher","updated":{"date-parts":[[2022,9,27]],"date-time":"2022-09-27T00:00:00Z","timestamp":1664236800000}}],"container-title":["Computers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-431X\/11\/10\/147\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,3]],"date-time":"2025-08-03T14:07:19Z","timestamp":1754230039000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-431X\/11\/10\/147"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,9,27]]},"references-count":19,"journal-issue":{"issue":"10","published-online":{"date-parts":[[2022,10]]}},"alternative-id":["computers11100147"],"URL":"https:\/\/doi.org\/10.3390\/computers11100147","relation":{"has-preprint":[{"id-type":"doi","id":"10.20944\/preprints202208.0188.v1","asserted-by":"object"}]},"ISSN":["2073-431X"],"issn-type":[{"value":"2073-431X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,9,27]]}}}