Secure mutual authentication and automated access control for IoT smart home using cumulative Keyed-hash chain

Abstract IoT platforms face huge challenge in deploying robust authentication mechanisms due to the fact that edge devices and resource-constrained devices may not have enough compute and storage capability to deploy and run existing mechanisms, which involve in general complex computations. In this paper, we propose a secure lightweight mutual authentication and key exchange protocol for IoT smart home environment based on temporary identity and cumulative Keyed-hash chain. Nodes can anonymously authenticate and establish session with the controller node using dynamic identities and symmetric keys in an unlinkable manner. Moreover, the enforcement of security policy between nodes is ensured by setting up a virtual domain segregation and restricting nodes capabilities of sending and receiving instructions and commands to or from other nodes. Cumulative Keyed-hash chain mechanism is introduced as a way to ensure the identity of the sender (through challenge-response). In addition, we capitalize on fog computing concept to improve identity assurance. Finally, we formally evaluate and prove the security of our protocol by using the Burrows-Abadi-Needham (BAN) logic and the Automated Validation of Internet Security Protocols and Applications (AVISPA) toolkit.

[1]  Georgios Kambourakis,et al.  DDoS in the IoT: Mirai and Other Botnets , 2017, Computer.

[2]  Moon-Seog Jun,et al.  A Design of Secure Authentication Method Using Zero Knowledge Proof in Smart-Home Environment , 2016, CSA/CUTE.

[3]  Antonio F. Gómez-Skarmeta,et al.  Towards a Lightweight Authentication and Authorization Framework for Smart Objects , 2014 .

[4]  Ru-chuan Wang,et al.  An efficient authentication and access control scheme for perception layer of Internet of Things , 2014 .

[5]  Xiang Li,et al.  The study on the application of BAN logic in formal analysis of authentication protocols , 2005, ICEC '05.

[6]  Luca Viganò,et al.  Automated Security Protocol Analysis With the AVISPA Tool , 2006, MFPS.

[7]  Qian Li,et al.  Efficient authenticated key exchange protocols for wireless body area networks , 2015, EURASIP Journal on Wireless Communications and Networking.

[8]  Praveen Gauravaram,et al.  Blockchain for IoT security and privacy: The case study of a smart home , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[9]  Yang Lu,et al.  Internet of Things (IoT) Cybersecurity Research: A Review of Current Research Topics , 2019, IEEE Internet of Things Journal.

[10]  Yu-Hung Huang,et al.  A lightweight authentication protocol for Internet of Things , 2014, 2014 International Symposium on Next-Generation Electronics (ISNE).

[11]  Andrei Gurtov,et al.  Lightweight and Secure Session-Key Establishment Scheme in Smart Home Environments , 2016, IEEE Sensors Journal.

[12]  Jesús M. T. Portocarrero,et al.  Contrasting Internet of Things and Wireless Sensor Network from a Conceptual Overview , 2016, 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[13]  Domenico Rotondi,et al.  A capability-based security approach to manage access control in the Internet of Things , 2013, Math. Comput. Model..

[14]  Haider Abbas,et al.  A framework for preservation of cloud users' data privacy using dynamic reconstruction of metadata , 2013, J. Netw. Comput. Appl..

[15]  Bachar El Hassan,et al.  A dynamic trust based context -aware authentication framework with privacy preserving , 2010 .

[16]  Runtong Zhang,et al.  An Improved Identity Authentication Scheme for Internet of Things in Heterogeneous Networking Environments , 2013, 2013 16th International Conference on Network-Based Information Systems.

[17]  D.G. Marks,et al.  Inference in MLS Database Systems , 1996, IEEE Trans. Knowl. Data Eng..

[18]  Soma Bandyopadhyay,et al.  Lightweight security scheme for vehicle tracking system using CoAP , 2013, ASPI '13.

[19]  Md. Mahbubur Rahman,et al.  Advanced real time RFID mutual authentication protocol using dynamically updated secret value through encryption and decryption process , 2017, 2017 International Conference on Electrical, Computer and Communication Engineering (ECCE).

[20]  Denis Reilly,et al.  An access control management protocol for Internet of Things devices , 2017, Netw. Secur..

[21]  Ramjee Prasad,et al.  Capability-based access control delegation model on the federated IoT network , 2012, The 15th International Symposium on Wireless Personal Multimedia Communications.

[22]  P. Balamuralidhar,et al.  One time password authentication scheme based on elliptic curves for Internet of Things (IoT) , 2015, 2015 5th National Symposium on Information Technology: Towards New Smart World (NSITNSW).

[23]  Seoung-Hyeon Lee,et al.  Secure firmware validation and update for consumer devices in home networking , 2016, IEEE Transactions on Consumer Electronics.

[24]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[25]  Pei-wei Tsai,et al.  Interactive Artificial Bee Colony Supported Passive Continuous Authentication System , 2014, IEEE Systems Journal.

[26]  Hannu Tenhunen,et al.  International Conference on Ambient Systems , Networks and Technologies ( ANT 2015 ) SEA : A Secure and E ffi cient Authentication and Authorization Architecture for IoT-Based Healthcare Using Smart Gateways , 2015 .

[27]  Andrei V. Gurtov,et al.  Two-phase authentication protocol for wireless sensor networks in distributed IoT applications , 2014, 2014 IEEE Wireless Communications and Networking Conference (WCNC).