Anonymous mutual IoT interdevice authentication and key agreement scheme based on the ZigBee technique

Abstract Establishing end-to-end device authentication in Internet of Things (IoT) networks is challenging because of the heterogeneous nature of IoT devices. By covering different security properties, various authentication protocols have been introduced to ensure a certain level of security and privacy protection. In this paper, we propose an anonymous device-to-device mutual authentication and key exchange scheme based on the ZigBee technique, designed for a smart home network, an important domain in the IoT. The proposed protocol relies on symmetric encryption and enables IoT devices to authenticate in the network and agree on a shared secret session key when communicating with each other via a trusted intermediary (home controller). To achieve perfect forward secrecy, the session keys are changed frequently after every communication session. The proposed scheme achieves secure anonymous authentication with the unlinkability and untraceability of IoT devices’ transactions. The overhead and efficiency of the proposed scheme are analyzed and compared with other related schemes. In addition, the security of the scheme is evaluated using three different methods: informal analysis, formal analysis using the Burrows–Abadi–Needham logic (BAN), and a model check using the automated validation of internet security protocols and applications (AVISPA) toolkit.

[1]  Shuang-Hua Yang,et al.  A zigbee-based home automation system , 2009, IEEE Transactions on Consumer Electronics.

[2]  Freddy K. Santoso,et al.  Securing IoT for smart home system , 2015, 2015 International Symposium on Consumer Electronics (ISCE).

[3]  Soma Bandyopadhyay,et al.  Lightweight security scheme for vehicle tracking system using CoAP , 2013, ASPI '13.

[4]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[5]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[6]  Saleem Ullah,et al.  Security Issues in the Internet of Things (IoT): A Comprehensive Study , 2017 .

[7]  Runtong Zhang,et al.  An Improved Identity Authentication Scheme for Internet of Things in Heterogeneous Networking Environments , 2013, 2013 16th International Conference on Network-Based Information Systems.

[8]  Qusay H. Mahmoud,et al.  A context-aware authentication framework for smart homes , 2017, 2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE).

[9]  Moncef Gabbouj,et al.  ShakeMe: Key Generation from Shared Motion , 2015, 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing.

[10]  Issa Traoré,et al.  Secure mutual authentication and automated access control for IoT smart home using cumulative Keyed-hash chain , 2019, J. Inf. Secur. Appl..

[11]  Ahmad-Reza Sadeghi,et al.  Security analysis on consumer and industrial IoT devices , 2016, 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC).

[12]  Yu-Hung Huang,et al.  A lightweight authentication protocol for Internet of Things , 2014, 2014 International Symposium on Next-Generation Electronics (ISNE).

[13]  Md. Mahbubur Rahman,et al.  Advanced real time RFID mutual authentication protocol using dynamically updated secret value through encryption and decryption process , 2017, 2017 International Conference on Electrical, Computer and Communication Engineering (ECCE).

[14]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[15]  Nitesh Saxena,et al.  Accelerometers and randomness: perfect together , 2011, WiSec '11.

[16]  Jyotsna P. Gabhane,et al.  3-level secure Kerberos authentication for Smart Home Systems using IoT , 2015, 2015 1st International Conference on Next Generation Computing Technologies (NGCT).

[17]  Luca Viganò,et al.  Automated Security Protocol Analysis With the AVISPA Tool , 2006, MFPS.

[18]  Jingcheng Wang,et al.  A novel mutual authentication scheme for Internet of Things , 2011, Proceedings of 2011 International Conference on Modelling, Identification and Control.

[19]  Ruhul Amin,et al.  Efficient authentication protocol for secure multimedia communications in IoT-enabled wireless sensor networks , 2017, Multimedia Tools and Applications.

[20]  Xiang Li,et al.  The study on the application of BAN logic in formal analysis of authentication protocols , 2005, ICEC '05.

[21]  Geir M. Køien,et al.  Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks , 2015, J. Cyber Secur. Mobil..

[22]  Ankur Lohachab,et al.  ECC based inter-device authentication and authorization scheme using MQTT for IoT networks , 2019, J. Inf. Secur. Appl..

[23]  Nir Kshetri,et al.  Can Blockchain Strengthen the Internet of Things? , 2017, IT Professional.