A Novel Multi-factor Authentication Protocol for Smart Home Environments

User authentication plays an important role in smart home environments in which devices are interconnected through the Internet and security risks are high. Most of the existing research works for remote user authentication in smart homes fail in one way or the other in combating common attacks specifically smartphone capture attack. Robust authentication method which can uniquely identify the smartphones of users can thwart unauthorized access through the physical capture of smartphones. Existing studies demonstrate that Photo Response Non-Uniformity (PRNU) of a smartphone can be used to uniquely identify the device with an error rate less than 0.5%. Based on these results, we propose a multi-factor user authentication protocol based on Elliptic Curve Cryptography (ECC) and secret sharing for smart home environments. We leverage face biometric and PRNU to make it resilient to common attacks. Moreover, the proposed protocol achieves mutual authentication among all participating entities and thereby ensures the legitimacy of all the participating entities. Subsequently, a session key is established for secure communication between the users and the devices. Our analysis of the proposed protocol shows that it provides significantly better security than the existing schemes with a reasonable overhead. In addition, it provides better usability by alleviating the burden of users from memorizing passwords and carrying additional mechanisms such as smart cards.

[1]  Athanasios V. Vasilakos,et al.  An efficient ECC-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks , 2017, Comput. Electr. Eng..

[2]  Yuan Tian,et al.  OAuth Demystified for Mobile Application Developers , 2014, CCS.

[3]  Miroslav Goljan,et al.  Digital camera identification from sensor pattern noise , 2006, IEEE Transactions on Information Forensics and Security.

[4]  Ali Ismail Awad,et al.  Cyber and Physical Security Vulnerability Assessment for IoT-Based Smart Homes , 2018, Sensors.

[5]  Freddy K. Santoso,et al.  Securing IoT for smart home system , 2015, 2015 International Symposium on Consumer Electronics (ISCE).

[6]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[7]  Xinyi Huang,et al.  A matrix-based cross-layer key establishment protocol for smart homes , 2018, Inf. Sci..

[8]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[9]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[10]  Joeri de Ruiter,et al.  Analysis of Secure Key Storage Solutions on Android , 2014, SPSM@CCS.

[11]  B. B. Gupta,et al.  A lightweight mutual authentication protocol based on elliptic curve cryptography for IoT devices , 2017, Int. J. Adv. Intell. Paradigms.

[12]  Jong Hyuk Park,et al.  Robust one-time password authentication scheme using smart card for home network environment , 2011, Comput. Commun..

[13]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[14]  Sriram Sankaran,et al.  Lightweight security framework for IoTs using identity based cryptography , 2016, 2016 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[15]  Dimitrios Koutsonikolas,et al.  ABC: Enabling Smartphone Authentication with Built-in Camera , 2018, NDSS.

[16]  Atul Prakash,et al.  Tyche: A Risk-Based Permission Model for Smart Homes , 2018, 2018 IEEE Cybersecurity Development (SecDev).

[17]  Andrei Gurtov,et al.  Lightweight and Secure Session-Key Establishment Scheme in Smart Home Environments , 2016, IEEE Sensors Journal.

[18]  Khumanthem Manglem Singh,et al.  Image Encryption using Elliptic Curve Cryptography , 2015 .

[19]  Ion Bica,et al.  A security authorization scheme for smart home Internet of Things devices , 2017, Future Gener. Comput. Syst..

[20]  Willy Susilo,et al.  Secure Remote User Authenticated Key Establishment Protocol for Smart Home Environment , 2020, IEEE Transactions on Dependable and Secure Computing.

[21]  Mo Chen,et al.  Digital imaging sensor identification (further study) , 2007, Electronic Imaging.

[22]  M. Sethumadhavan,et al.  Novel mutual authentication protocol for cloud computing using secret sharing and steganography , 2014, The Fifth International Conference on the Applications of Digital Information and Web Technologies (ICADIWT 2014).

[23]  Jongpil Jeong,et al.  Integrated OTP-Based User Authentication Scheme Using Smart Cards in Home Networks , 2008, Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008).

[24]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[25]  Kostadin Dabov,et al.  BM3D Image Denoising with Shape-Adaptive Principal Component Analysis , 2009 .

[26]  Robert Simon Sherratt,et al.  Enhanced three-factor security protocol for consumer USB mass storage devices , 2014, IEEE Transactions on Consumer Electronics.

[27]  Colin Boyd,et al.  Protocols for Authentication and Key Establishment , 2003, Information Security and Cryptography.

[28]  Thomas Genet A Short SPAN+AVISPA Tutorial , 2015 .