Abstract
The Internet of Things (IoT) has become widespread in home to industrial environments. Smart locks are one of the most popular IoT devices that have been in use. Smart locks rely on smartphones to ease the burden of physical key management. Concerns that include privacy risks as well as access through unreliable devices have been raised regarding smart locks. A number of attacks have been identified based on the weaknesses in the system design of the smart locks. For example, several security vulnerabilities have been found in one of the popular architectures for smart locks called DGC (Device-Gateway-Cloud) architecture. Efforts have also been made to mitigate these attacks as much as possible. In this paper, we propose a new smart lock framework called SecSmartLock, that overcomes the above attacks and thus, prevents the possibility of unauthorized access to the user’s premises. The proposed framework includes an architecture along with a secure communication protocol that can be used to implement marketable smart locks and server as fundamental guidelines to enhance the future research on secure smart locks. We establish proof of security of the proposed smart lock architecture and protocol. To demonstrate the practicality of our approach, we have implemented a prototype smart lock simulated using an Android smartphone along with a companion Android application. Advantages of our approach over other approaches follow from our comparison with other prominent solutions in the literature. We also highlight our implementation along with its’ performance.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Amazon key. https://www.amazon.com/key. Accessed 25 July 2018
August. https://www.august.com/. Accessed 24 July 2018
Danalock. https://www.danalock.com/. Accessed 24 July 2018
Gamebench. https://www.gamebench.net/. Accessed 29 July 2018
Geo-fencing. https://en.wikipedia.org/wiki/Geo-fence. Accessed 26 July 2018
Kwikset kevo smart lock. http://www.kwikset.com/kevo/default. Accessed 24 July 2018
Okidokeys. https://www.okidokeys.com/. Accessed 24 July 2018
Uuid. https://en.wikipedia.org/wiki/Universally_unique_identifier. Accessed 26 July 2018
Arora, N., Shyamasundar, R.: PGSP: a protocol for secure communication in peer-to-peer system. In: 2005 IEEE Wireless Communications and Networking Conference, vol. 4, pp. 2094–2099. IEEE (2005)
Bauer, L., Cranor, L.F., Reiter, M.K., Vaniea, K.: Lessons learned from the deployment of a smart phone-based access-control system. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, pp. 64–75. ACM (2007)
Bauer, L., Garriss, S., McCune, J.M., Reiter, M.K., Rouse, J., Rutenbar, P.: Device-enabled authorization in the grey system. In: Zhou, J., Lopez, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 431–445. Springer, Heidelberg (2005). https://doi.org/10.1007/11556992_31
Biryukov, A.: Chosen plaintext attack. In: van Tilborg, H.C.A., Jajodia, S. (eds.) Encyclopedia of Cryptography and Security, pp. 205–206. Springer, Boston (2011). https://doi.org/10.1007/978-1-4419-5906-5
CBray, T., Paoli, J., Sperberg-McQueen, C.M., Maler, E., Yergeau, F.: Extensible Markup Language (XML) 1.0 (2008)
Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 255–271. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_16
Denning, T., Kohno, T.: Empowering consumer electronic security and privacy choices: navigating the modern home. In: Symposium on Usable Privacy and Security (SOUPS) (2013)
Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 636–654. IEEE (2016)
Gonikberg, M.: Wlan-based positioning system. US Patent 9,125,165, 1 September 2015
Ho, G., Leung, D., Mishra, P., Hosseini, A., Song, D., Wagner, D.: Smart locks: lessons for securing commodity internet of things devices. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 461–472. ACM (2016)
Khobragade, S., Narendra Kumar, N.V., Shyamasundar, R.K.: Secure synthesis of IoT via readers-writers flow model. In: Negi, A., Bhatnagar, R., Parida, L. (eds.) ICDCIT 2018. LNCS, vol. 10722, pp. 86–104. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-72344-0_5
Kim, T.H.J., Bauer, L., Newsome, J., Perrig, A., Walker, J.: Challenges in access right assignment for secure home networks. In: HotSec (2010)
Kurosawa, K., Desmedt, Y.: A new paradigm of hybrid encryption scheme. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 426–442. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_26
Mittal, Y., Toshniwal, P., Sharma, S., Singhal, D., Gupta, R., Mittal, V.K.: A voice-controlled multi-functional smart home automation system. In: 2015 Annual IEEE India Conference (INDICON), pp. 1–6. IEEE (2015)
Mohebbi, B.B.: Short range booster with multiple antennas. US Patent 8,478,191, 2 July 2013
Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_35
Ur, B., Jung, J., Schechter, S.: The current state of access control for smart devices in homes. In: Workshop on Home Usable Privacy and Security (HUPS), HUPS 2014 (2013)
Ye, M., Jiang, N., Yang, H., Yan, Q.: Security analysis of internet-of-things: a case study of august smart lock. In: 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 499–504. IEEE (2017)
Acknowledgement
The work was done as part of Information Security Research and Development Centre (ISRDC) at IIT Bombay, funded by MEITY, Government of India. We also thank the anonymous reviewers for providing their insights and valuable feedback.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Patil, B., Vyas, P., Shyamasundar, R.K. (2018). SecSmartLock: An Architecture and Protocol for Designing Secure Smart Locks. In: Ganapathy, V., Jaeger, T., Shyamasundar, R. (eds) Information Systems Security. ICISS 2018. Lecture Notes in Computer Science(), vol 11281. Springer, Cham. https://doi.org/10.1007/978-3-030-05171-6_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-05171-6_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05170-9
Online ISBN: 978-3-030-05171-6
eBook Packages: Computer ScienceComputer Science (R0)