A Secure and Lightweight Authentication Protocol for IoT-Based Smart Homes

With the information and communication technologies (ICT) and Internet of Things (IoT) gradually advancing, smart homes have been able to provide home services to users. The user can enjoy a high level of comfort and improve his quality of life by using home services provided by smart devices. However, the smart home has security and privacy problems, since the user and smart devices communicate through an insecure channel. Therefore, a secure authentication protocol should be established between the user and smart devices. In 2020, Xiang and Zheng presented a situation-aware protocol for device authentication in smart grid-enabled smart home environments. However, we demonstrate that their protocol can suffer from stolen smart device, impersonation, and session key disclosure attacks and fails to provide secure mutual authentication. Therefore, we propose a secure and lightweight authentication protocol for IoT-based smart homes to resolve the security flaws of Xiang and Zheng’s protocol. We proved the security of the proposed protocol by performing informal and formal security analyses, using the real or random (ROR) model, Burrows–Abadi–Needham (BAN) logic, and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Moreover, we provide a comparison of performance and security properties between the proposed protocol and related existing protocols. We demonstrate that the proposed protocol ensures better security and lower computational costs than related protocols, and is suitable for practical IoT-based smart home environments.

[1]  Hyun Jung Kim,et al.  AUTHHOTP - HOTP Based Authentication Scheme over Home Network Environment , 2011, ICCSA.

[2]  Ashok Kumar Das,et al.  LAKS-NVT: Provably Secure and Lightweight Authentication and Key Agreement Scheme Without Verification Table in Medical Internet of Things , 2020, IEEE Access.

[3]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[4]  Ashok Kumar Das,et al.  On the Design of Secure and Efficient Three-Factor Authentication Protocol Using Honey List for Wireless Sensor Networks , 2020, IEEE Access.

[5]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[6]  Willy Susilo,et al.  Secure Remote User Authenticated Key Establishment Protocol for Smart Home Environment , 2020, IEEE Transactions on Dependable and Secure Computing.

[7]  Muhammad Khurram Khan,et al.  A robust and anonymous patient monitoring system using wireless medical sensor networks , 2018, Future Gener. Comput. Syst..

[8]  Jiaqing Mo,et al.  A Lightweight Secure User Authentication and Key Agreement Protocol for Wireless Sensor Networks , 2019, Secur. Commun. Networks.

[9]  YoHan Park,et al.  Secure Three-Factor Authentication Protocol for Multi-Gateway IoT Environments , 2019, Sensors.

[10]  Samiran Chattopadhyay,et al.  Physically Secure Lightweight Anonymous User Authentication Protocol for Internet of Things Using Physically Unclonable Functions , 2019, IEEE Access.

[11]  Gautam Srivastava,et al.  Fuzzy-in-the-Loop-Driven Low-Cost and Secure Biometric User Access to Server , 2020 .

[12]  Taekyoung Kwon,et al.  A Lightweight Three-Factor Authentication and Key Agreement Scheme in Wireless Sensor Networks for Smart Homes , 2019, Sensors.

[13]  Ashok Kumar Das,et al.  A Dynamic Privacy-Preserving Key Management Protocol for V2G in Social Internet of Things , 2019, IEEE Access.

[14]  Andrei Gurtov,et al.  Lightweight and Secure Session-Key Establishment Scheme in Smart Home Environments , 2016, IEEE Sensors Journal.

[15]  Lokesh Chouhan,et al.  A privacy and session key based authentication scheme for medical IoT networks , 2021, Comput. Commun..

[16]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[17]  Jun Zheng,et al.  A Situation-Aware Scheme for Efficient Device Authentication in Smart Grid-Enabled Home Area Networks , 2020 .

[18]  YoungHo Park,et al.  Secure Authentication Protocol for Wireless Sensor Networks in Vehicular Communications , 2018, Sensors.

[19]  Ashok Kumar Das,et al.  2PAKEP: Provably Secure and Efficient Two-Party Authenticated Key Exchange Protocol for Mobile Environment , 2018, IEEE Access.

[20]  Freddy K. Santoso,et al.  Securing IoT for smart home system , 2015, 2015 International Symposium on Consumer Electronics (ISCE).

[21]  Huaping Liu,et al.  Remotely Access “My” Smart Home in Private: An Anti-Tracking Authentication and Key Agreement Scheme , 2019, IEEE Access.

[22]  Jian Wang,et al.  Secure two-factor lightweight authentication protocol using self-certified public key cryptography for multi-server 5G networks , 2020, J. Netw. Comput. Appl..

[23]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[24]  Ping Wang,et al.  Zipf’s Law in Passwords , 2017, IEEE Transactions on Information Forensics and Security.

[25]  Luca Viganò,et al.  Automated Security Protocol Analysis With the AVISPA Tool , 2006, MFPS.

[26]  Andrei Gurtov,et al.  Anonymous Secure Framework in Connected Smart Home Environments , 2017, IEEE Transactions on Information Forensics and Security.

[27]  Fadi Al-Turjman,et al.  Securing Demand Response Management: A Certificate-Based Access Control in Smart Grid Edge Computing Infrastructure , 2020, IEEE Access.

[28]  Ashok Kumar Das,et al.  Certificateless-Signcryption-Based Three-Factor User Access Control Scheme for IoT Environment , 2020, IEEE Internet of Things Journal.

[29]  Ashraf Hossain,et al.  Session-Key Establishment and Authentication in a Smart Home Network Using Public Key Cryptography , 2019, IEEE Sensors Letters.

[30]  Issa Traore,et al.  Secure remote anonymous user authentication scheme for smart home environment , 2020, Internet Things.

[31]  Leila Azouz Saidane,et al.  Lightweight and Secure Password Based Smart Home Authentication Protocol: LSP-SHAP , 2019, Journal of Network and Systems Management.

[32]  Nenghai Yu,et al.  Anonymous authentication scheme for smart home environment with provable security , 2019, Comput. Secur..

[33]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[34]  B. D. Deebak,et al.  Seamless Authentication: For IoT-Big Data Technologies in Smart Industrial Application Systems , 2021, IEEE Transactions on Industrial Informatics.

[35]  Hari Om,et al.  A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC , 2017, Comput. Commun..

[36]  Young-Ho Park,et al.  A Secure and Efficient Three-Factor Authentication Protocol in Global Mobility Networks , 2020, Applied Sciences.

[37]  Jong Hyuk Park,et al.  Robust one-time password authentication scheme using smart card for home network environment , 2011, Comput. Commun..

[38]  Joel J. P. C. Rodrigues,et al.  AKM-IoV: Authenticated Key Management Protocol in Fog Computing-Based Internet of Vehicles Deployment , 2019, IEEE Internet of Things Journal.

[39]  Gurjot Singh Gaba,et al.  Robust and Lightweight Mutual Authentication Scheme in Distributed Smart Environments , 2020, IEEE Access.

[40]  Subhasish Dhal,et al.  A two-factor authentication scheme against FDM attack in IFTTT based Smart Home System , 2018, Comput. Secur..

[41]  Geong Sen Poh,et al.  PrivHome: Privacy-Preserving Authenticated Communication in Smart Home Environment , 2019, IEEE Transactions on Dependable and Secure Computing.

[42]  Samiran Chattopadhyay,et al.  An Efficient, Anonymous and Robust Authentication Scheme for Smart Home Environments , 2020, Sensors.

[43]  Athanasios V. Vasilakos,et al.  On the Design of Provably Secure Lightweight Remote User Authentication Scheme for Mobile Cloud Computing Services , 2017, IEEE Access.

[44]  Ashok Kumar Das,et al.  IoV-SMAP: Secure and Efficient Message Authentication Protocol for IoV in Smart City Environment , 2020, IEEE Access.