Skip to main content
SpringerLink
Log in

SecSmartLock: An Architecture and Protocol for Designing Secure Smart Locks

  • Conference paper
  • First Online:
Information Systems Security (ICISS 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11281))

Included in the following conference series:

Abstract

The Internet of Things (IoT) has become widespread in home to industrial environments. Smart locks are one of the most popular IoT devices that have been in use. Smart locks rely on smartphones to ease the burden of physical key management. Concerns that include privacy risks as well as access through unreliable devices have been raised regarding smart locks. A number of attacks have been identified based on the weaknesses in the system design of the smart locks. For example, several security vulnerabilities have been found in one of the popular architectures for smart locks called DGC (Device-Gateway-Cloud) architecture. Efforts have also been made to mitigate these attacks as much as possible. In this paper, we propose a new smart lock framework called SecSmartLock, that overcomes the above attacks and thus, prevents the possibility of unauthorized access to the user’s premises. The proposed framework includes an architecture along with a secure communication protocol that can be used to implement marketable smart locks and server as fundamental guidelines to enhance the future research on secure smart locks. We establish proof of security of the proposed smart lock architecture and protocol. To demonstrate the practicality of our approach, we have implemented a prototype smart lock simulated using an Android smartphone along with a companion Android application. Advantages of our approach over other approaches follow from our comparison with other prominent solutions in the literature. We also highlight our implementation along with its’ performance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Amazon key. https://www.amazon.com/key. Accessed 25 July 2018

  2. August. https://www.august.com/. Accessed 24 July 2018

  3. Danalock. https://www.danalock.com/. Accessed 24 July 2018

  4. Gamebench. https://www.gamebench.net/. Accessed 29 July 2018

  5. Geo-fencing. https://en.wikipedia.org/wiki/Geo-fence. Accessed 26 July 2018

  6. Kwikset kevo smart lock. http://www.kwikset.com/kevo/default. Accessed 24 July 2018

  7. Okidokeys. https://www.okidokeys.com/. Accessed 24 July 2018

  8. Uuid. https://en.wikipedia.org/wiki/Universally_unique_identifier. Accessed 26 July 2018

  9. Arora, N., Shyamasundar, R.: PGSP: a protocol for secure communication in peer-to-peer system. In: 2005 IEEE Wireless Communications and Networking Conference, vol. 4, pp. 2094–2099. IEEE (2005)

    Google Scholar 

  10. Bauer, L., Cranor, L.F., Reiter, M.K., Vaniea, K.: Lessons learned from the deployment of a smart phone-based access-control system. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, pp. 64–75. ACM (2007)

    Google Scholar 

  11. Bauer, L., Garriss, S., McCune, J.M., Reiter, M.K., Rouse, J., Rutenbar, P.: Device-enabled authorization in the grey system. In: Zhou, J., Lopez, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 431–445. Springer, Heidelberg (2005). https://doi.org/10.1007/11556992_31

    Chapter  Google Scholar 

  12. Biryukov, A.: Chosen plaintext attack. In: van Tilborg, H.C.A., Jajodia, S. (eds.) Encyclopedia of Cryptography and Security, pp. 205–206. Springer, Boston (2011). https://doi.org/10.1007/978-1-4419-5906-5

    Chapter  Google Scholar 

  13. CBray, T., Paoli, J., Sperberg-McQueen, C.M., Maler, E., Yergeau, F.: Extensible Markup Language (XML) 1.0 (2008)

    Google Scholar 

  14. Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 255–271. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_16

    Chapter  Google Scholar 

  15. Denning, T., Kohno, T.: Empowering consumer electronic security and privacy choices: navigating the modern home. In: Symposium on Usable Privacy and Security (SOUPS) (2013)

    Google Scholar 

  16. Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 636–654. IEEE (2016)

    Google Scholar 

  17. Gonikberg, M.: Wlan-based positioning system. US Patent 9,125,165, 1 September 2015

    Google Scholar 

  18. Ho, G., Leung, D., Mishra, P., Hosseini, A., Song, D., Wagner, D.: Smart locks: lessons for securing commodity internet of things devices. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 461–472. ACM (2016)

    Google Scholar 

  19. Khobragade, S., Narendra Kumar, N.V., Shyamasundar, R.K.: Secure synthesis of IoT via readers-writers flow model. In: Negi, A., Bhatnagar, R., Parida, L. (eds.) ICDCIT 2018. LNCS, vol. 10722, pp. 86–104. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-72344-0_5

    Chapter  Google Scholar 

  20. Kim, T.H.J., Bauer, L., Newsome, J., Perrig, A., Walker, J.: Challenges in access right assignment for secure home networks. In: HotSec (2010)

    Google Scholar 

  21. Kurosawa, K., Desmedt, Y.: A new paradigm of hybrid encryption scheme. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 426–442. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_26

    Chapter  Google Scholar 

  22. Mittal, Y., Toshniwal, P., Sharma, S., Singhal, D., Gupta, R., Mittal, V.K.: A voice-controlled multi-functional smart home automation system. In: 2015 Annual IEEE India Conference (INDICON), pp. 1–6. IEEE (2015)

    Google Scholar 

  23. Mohebbi, B.B.: Short range booster with multiple antennas. US Patent 8,478,191, 2 July 2013

    Google Scholar 

  24. Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_35

    Chapter  Google Scholar 

  25. Ur, B., Jung, J., Schechter, S.: The current state of access control for smart devices in homes. In: Workshop on Home Usable Privacy and Security (HUPS), HUPS 2014 (2013)

    Google Scholar 

  26. Ye, M., Jiang, N., Yang, H., Yan, Q.: Security analysis of internet-of-things: a case study of august smart lock. In: 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 499–504. IEEE (2017)

    Google Scholar 

Download references

Acknowledgement

The work was done as part of Information Security Research and Development Centre (ISRDC) at IIT Bombay, funded by MEITY, Government of India. We also thank the anonymous reviewers for providing their insights and valuable feedback.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology Bombay, Mumbai, India

    Bhagyesh Patil, Parjanya Vyas & R. K. Shyamasundar

Authors
  1. Bhagyesh Patil
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Parjanya Vyas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. R. K. Shyamasundar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bhagyesh Patil .

Editor information

Editors and Affiliations

  1. Indian Institute of Science, Bangalore, India

    Vinod Ganapathy

  2. Pennsylvania State University, University Park, PA, USA

    Trent Jaeger

  3. Indian Institute of Technology Bombay, Mumbai, India

    R.K. Shyamasundar

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Patil, B., Vyas, P., Shyamasundar, R.K. (2018). SecSmartLock: An Architecture and Protocol for Designing Secure Smart Locks. In: Ganapathy, V., Jaeger, T., Shyamasundar, R. (eds) Information Systems Security. ICISS 2018. Lecture Notes in Computer Science(), vol 11281. Springer, Cham. https://doi.org/10.1007/978-3-030-05171-6_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-05171-6_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-05170-9

  • Online ISBN: 978-3-030-05171-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation