PrivHome: Privacy-Preserving Authenticated Communication in Smart Home Environment

A smart home enables users to access devices such as lighting, HVAC, temperature sensors, and surveillance camera. It provides a more convenient and safe living environment for users. Security and privacy, however, is a key concern since information collected from these devices are normally communicated to the user through an open network (i. e. Internet) or system provided by the service provider. The service provider may store and have access to these information. Emerging smart home hubs such as Samsung SmartThings and Google Home are also capable of collecting and storing these information. Leakage and unauthorized access to the information can have serious consequences. For example, the mere timing of switching on/off of an HVAC unit may reveal the presence or absence of the home owner. Similarly, leakage or tampering of critical medical information collected from wearable body sensors can have serious consequences. Encrypting these information will address the issues, but it also reduces utility since queries is no longer straightforward. Therefore, we propose a privacy-preserving scheme, PrivHome. It supports authentication, secure data storage and query for smart home systems. PrivHome provides data confidentiality as well as entity and data authentication to prevent an outsider from learning or modifying the data communicated between the devices, service provider, gateway, and the user. It further provides privacy-preserving queries in such a way that the service provider, and the gateway does not learn content of the data. To the best of our knowledge, privacy-preserving queries for smart home systems has not been considered before. Under our scheme is a new, lightweight entity and key-exchange protocol, and an efficient searchable encryption protocol. Our scheme is practical as both protocols are based solely on symmetric cryptographic techniques. We demonstrate efficiency and effectiveness of our scheme based on experimental and simulation results, as well as comparisons to existing smart home security protocols.

[1]  Sung-Kwan Joo,et al.  Smart heating and air conditioning scheduling method incorporating customer convenience for home energy management system , 2013, IEEE Transactions on Consumer Electronics.

[2]  Nick Feamster,et al.  Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic , 2017, ArXiv.

[3]  Nick Feamster,et al.  Closing the Blinds: Four Strategies for Protecting Smart Home Privacy from Network Observers , 2017, ArXiv.

[4]  Eu-Jin Goh,et al.  Secure Indexes , 2003, IACR Cryptol. ePrint Arch..

[5]  Antorweep Chakravorty,et al.  Privacy Preserving Data Analytics for Smart Homes , 2013, 2013 IEEE Security and Privacy Workshops.

[6]  Andrei Gurtov,et al.  Lightweight and Secure Session-Key Establishment Scheme in Smart Home Environments , 2016, IEEE Sensors Journal.

[7]  Xingming Sun,et al.  Semantic-Aware Searching Over Encrypted Data for Cloud Computing , 2018, IEEE Transactions on Information Forensics and Security.

[8]  David Cash,et al.  Leakage-Abuse Attacks Against Searchable Encryption , 2015, IACR Cryptol. ePrint Arch..

[9]  Seoung-Hyeon Lee,et al.  Secure firmware validation and update for consumer devices in home networking , 2016, IEEE Transactions on Consumer Electronics.

[10]  Biplab Sikdar,et al.  An Efficient Privacy-Preserving Authentication Scheme for Energy Internet-Based Vehicle-to-Grid Communication , 2019, IEEE Transactions on Smart Grid.

[11]  Ee-Chien Chang,et al.  Passive Attacks Against Searchable Encryption , 2019, IEEE Transactions on Information Forensics and Security.

[12]  Seny Kamara,et al.  Boolean Searchable Symmetric Encryption with Worst-Case Sub-linear Complexity , 2017, EUROCRYPT.

[13]  Andreas Peter,et al.  A Survey of Provably Secure Searchable Encryption , 2014, ACM Comput. Surv..

[14]  Andreas Pitsillides,et al.  Survey in Smart Grid and Smart Home Security: Issues, Challenges and Countermeasures , 2014, IEEE Communications Surveys & Tutorials.

[15]  Prosanta Gope,et al.  Anonymous mutual authentication with location privacy support for secure communication in M2M home network services , 2019, J. Ambient Intell. Humaniz. Comput..

[16]  Sunny Consolvo,et al.  Living in a glass house: a survey of private moments in the home , 2011, UbiComp '11.

[17]  V. C. Gungor,et al.  Smart Grid and Smart Homes: Key Players and Pilot Projects , 2012, IEEE Industrial Electronics Magazine.

[18]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[19]  David Pointcheval,et al.  Implicit Zero-Knowledge Arguments and Applications to the Malicious Setting , 2015, IACR Cryptol. ePrint Arch..

[20]  Biplab Sikdar,et al.  Lightweight and Privacy-Friendly Spatial Data Aggregation for Secure Power Supply and Demand Management in Smart Grids , 2019, IEEE Transactions on Information Forensics and Security.

[21]  Jiguo Yu,et al.  A Privacy Preserving Communication Protocol for IoT Applications in Smart Homes , 2016, 2016 International Conference on Identification, Information and Knowledge in the Internet of Things (IIKI).

[22]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[23]  G. Mohankumar,et al.  PRIVACY-PRESERVING MULTI-KEYWORD TOP-K SIMILARITY SEARCH OVER ENCRYPTED DATA , 2018 .

[24]  N. Cao,et al.  Privacy-preserving multi-keyword ranked search over encrypted cloud data , 2011, 2011 Proceedings IEEE INFOCOM.

[25]  Thomas Ristenpart,et al.  Leakage-Abuse Attacks against Order-Revealing Encryption , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[26]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[27]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[28]  Hugo Krawczyk,et al.  Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation , 2014, NDSS.

[29]  Carl A. Gunter,et al.  Dynamic Searchable Encryption via Blind Storage , 2014, 2014 IEEE Symposium on Security and Privacy.

[30]  Nick Feamster,et al.  A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic , 2017, ArXiv.

[31]  Jeannie R. Albrecht,et al.  Smart Homes: Undeniable Reality or Always Just around the Corner? , 2018, IEEE Pervasive Computing.

[32]  Charlie Wilson,et al.  Benefits and risks of smart home technologies , 2017 .

[33]  Hugo Krawczyk,et al.  Highly-Scalable Searchable Symmetric Encryption with Support for Boolean Queries , 2013, IACR Cryptol. ePrint Arch..

[34]  Yuguang Fang,et al.  EPIC: A Differential Privacy Framework to Defend Smart Homes Against Internet Traffic Analysis , 2018, IEEE Internet of Things Journal.

[35]  Ying-Tsung Lee,et al.  Privacy-preserving data analytics in cloud-based smart home with community hierarchy , 2017, IEEE Transactions on Consumer Electronics.

[36]  Robert K. Cunningham,et al.  SoK: Cryptographically Protected Database Search , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[37]  Ying Cai,et al.  Location anonymity in continuous location-based services , 2007, GIS.

[38]  Ioannis Demertzis,et al.  Searchable Encryption with Optimal Locality: Achieving Sublogarithmic Read Efficiency , 2018, IACR Cryptol. ePrint Arch..

[39]  Andrei Gurtov,et al.  Anonymous Secure Framework in Connected Smart Home Environments , 2017, IEEE Transactions on Information Forensics and Security.

[40]  Adam O'Neill,et al.  Generic Attacks on Secure Outsourced Databases , 2016, CCS.

[41]  Xiaohui Liang,et al.  PaRQ: A Privacy-Preserving Range Query Scheme Over Encrypted Metering Data for Smart Grid , 2013, IEEE Transactions on Emerging Topics in Computing.

[42]  Murat Kantarcioglu,et al.  Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation , 2012, NDSS.

[43]  Elaine Shi,et al.  Practical Dynamic Searchable Encryption with Small Leakage , 2014, NDSS.

[44]  Willy Susilo,et al.  Secure Remote User Authenticated Key Establishment Protocol for Smart Home Environment , 2020, IEEE Transactions on Dependable and Secure Computing.

[45]  G. Poh,et al.  Searchable Symmetric Encryption: Designs and Challenges , 2017 .

[46]  Jonathan Katz,et al.  All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption , 2016, USENIX Security Symposium.

[47]  Kire Trivodaliev,et al.  A review of Internet of Things for smart home: Challenges and solutions , 2017 .

[48]  Rafail Ostrovsky,et al.  Private Large-Scale Databases with Distributed Searchable Symmetric Encryption , 2016, CT-RSA.

[49]  Xiaohui Liang,et al.  Querying over Encrypted Data in Smart Grids , 2014, SpringerBriefs in Computer Science.

[50]  Melissa Chase,et al.  Structured Encryption and Controlled Disclosure , 2010, IACR Cryptol. ePrint Arch..

[51]  Seny Kamara,et al.  Structured Encryption and Leakage Suppression , 2018, IACR Cryptol. ePrint Arch..