MAAMSIC: Multimodal Authentication and Authorization Model for Security of IoT Communication via GSM Messaging in Sub-Saharan Africa

Abstract

Internet of Things (IoT) which consists of heterogeneous devices is an enabling technology that can greatly improve the quality of lives in Sub-Saharan Africa. For instance, soil humidity and irrigation for e-agriculture, energy consumption, or even health data. As with technology, however, IoT has introduced security and privacy challenges. IoT devices create, transfer, process, and store sensitive data that must be protected from unauthorized access. Similarly, the devices and infrastructure linking with IoT and the IoT devices themselves are assets that must be protected. Though IoT devices are being adopted, there isn’t wide access to GPRS In rural parts of Africa; hence users need to have access to technology that is seamless, viable, and easy to use. This thesis introduces a Multimodal Authentication and Authorization Model for the Security of IoT Communication via GSM Messaging (MAAMSIC). The MAAMSIC introduces a secure GSM multimodal authentication and authorization model that utilizes modalities of OAuth, JWT, JWS and 2-factor verification, and encrypts data and tokens between the user, the server and the IoT device. The model is illustrated using experiment methodology, which consists of a soil and moisture control system, phone app to send Attention Commands to IoT, and the server system. The system has a server to securely store encrypted data and send feedback to the user in case of any anomalies, as a way of fast mitigation. For validation, the system is compared with existing IoT systems that use GSM, and parameters such as request time, security and availability were tested. It was found out that MAAMSIC greatly improved the security of IoT communication with its added layer of security, which is lightweight and can be used in areas with low network coverage. The system provides the availability of both Internet phones and simple phones that don’t use the internet. To ensure that third-party apps don’t read data from the smartphone, it has an app to send commands, and the data JWT data is encrypted using custom JSON Web Encryption algorithm at the header. To advance MAAMSIC, there will be need for dedicated servers, integration of AI and data analytics to make it more efficient for integrating it with predictive models.