SecSmartLock: An Architecture and Protocol for Designing Secure Smart Locks

The Internet of Things (IoT) has become widespread in home to industrial environments. Smart locks are one of the most popular IoT devices that have been in use. Smart locks rely on smartphones to ease the burden of physical key management. Concerns that include privacy risks as well as access through unreliable devices have been raised regarding smart locks. A number of attacks have been identified based on the weaknesses in the system design of the smart locks. For example, several security vulnerabilities have been found in one of the popular architectures for smart locks called DGC (Device-Gateway-Cloud) architecture. Efforts have also been made to mitigate these attacks as much as possible. In this paper, we propose a new smart lock framework called SecSmartLock, that overcomes the above attacks and thus, prevents the possibility of unauthorized access to the user’s premises. The proposed framework includes an architecture along with a secure communication protocol that can be used to implement marketable smart locks and server as fundamental guidelines to enhance the future research on secure smart locks. We establish proof of security of the proposed smart lock architecture and protocol. To demonstrate the practicality of our approach, we have implemented a prototype smart lock simulated using an Android smartphone along with a companion Android application. Advantages of our approach over other approaches follow from our comparison with other prominent solutions in the literature. We also highlight our implementation along with its’ performance.

[1]  Alex Biryukov,et al.  Chosen Plaintext Attack , 2005, Encyclopedia of Cryptography and Security.

[2]  R. K. Shyamasundar,et al.  Secure Synthesis of IoT via Readers-Writers Flow Model , 2018, ICDCIT.

[3]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[4]  Dawn Song,et al.  Smart Locks: Lessons for Securing Commodity Internet of Things Devices , 2016, AsiaCCS.

[5]  Blase Ur,et al.  The Current State of Access Control for Smart Devices in Homes , 2013 .

[6]  Henk C. A. van Tilborg,et al.  Encyclopedia of Cryptography and Security, 2nd Ed , 2005 .

[7]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[8]  Nan Jiang,et al.  Security analysis of Internet-of-Things: A case study of august smart lock , 2017, 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[9]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[10]  R. K. Shyamasundar,et al.  PGSP: a protocol for secure communication in peer-to-peer system , 2005, IEEE Wireless Communications and Networking Conference, 2005.

[11]  Yvo Desmedt,et al.  A New Paradigm of Hybrid Encryption Scheme , 2004, CRYPTO.

[12]  Lujo Bauer,et al.  Lessons learned from the deployment of a smartphone-based access-control system , 2007, SOUPS '07.

[13]  Lujo Bauer,et al.  Device-Enabled Authorization in the Grey System ¶ , 2006 .

[14]  James Newsome,et al.  Access right assignment mechanisms for secure home networks , 2011, Journal of Communications and Networks.

[15]  James Newsome,et al.  Challenges in Access Right Assignment for Secure Home Networks , 2010, HotSec.

[16]  Sonal Sharma,et al.  A voice-controlled multi-functional Smart Home Automation System , 2015, 2015 Annual IEEE India Conference (INDICON).