Abstract
User authentication plays an important role in smart home environments in which devices are interconnected through the Internet and security risks are high. Most of the existing research works for remote user authentication in smart homes fail in one way or the other in combating common attacks specifically smartphone capture attack. Robust authentication method which can uniquely identify the smartphones of users can thwart unauthorized access through the physical capture of smartphones. Existing studies demonstrate that Photo Response Non-Uniformity (PRNU) of a smartphone can be used to uniquely identify the device with an error rate less than 0.5%. Based on these results, we propose a multi-factor user authentication protocol based on Elliptic Curve Cryptography (ECC) and secret sharing for smart home environments. We leverage face biometric and PRNU to make it resilient to common attacks. Moreover, the proposed protocol achieves mutual authentication among all participating entities and thereby ensures the legitimacy of all the participating entities. Subsequently, a session key is established for secure communication between the users and the devices. Our analysis of the proposed protocol shows that it provides significantly better security than the existing schemes with a reasonable overhead. In addition, it provides better usability by alleviating the burden of users from memorizing passwords and carrying additional mechanisms such as smart cards.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ali, B., Awad, A.I.: Cyber and physical security vulnerability assessment for IoT-based smart homes. Sensors 18(3), 817 (2018). https://doi.org/10.3390/s18030817
Armando, A., et al.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005). https://doi.org/10.1007/11513988_27
Ba, Z., Piao, S., Fu, X., Koutsonikolas, D., Mohaisen, A., Ren, K.: ABC: enabling smartphone authentication with built-in camera. In: Network and Distributed System Security Symposium, pp. 18–21 (2018)
Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-662-09527-0
Challa, S., et al.: An efficient ECC-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks. Comput. Electr. Eng. 69, 534–554 (2018). https://doi.org/10.1016/j.compeleceng.2017.08.003
Chen, E.Y., Pei, Y., Chen, S., Tian, Y., Kotcher, R., Tague, P.: OAuth demystified for mobile application developers. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 892–903. ACM (2014)
Chen, M., Fridrich, J., Goljan, M.: Digital imaging sensor identification (further study). In: Security, Steganography, and Watermarking of Multimedia Contents IX, vol. 6505, p. 65050P. International Society for Optics and Photonics (2007). https://doi.org/10.1117/12.703370
Chifor, B.C., Bica, I., Patriciu, V.V., Pop, F.: A security authorization scheme for smart home internet of things devices. Future Gener. Comput. Syst. 86, 740–749 (2018)
Cooijmans, T., de Ruiter, J., Poll, E.: Analysis of secure key storage solutions on android. In: Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, pp. 11–20. ACM (2014)
Dabov, K., Foi, A., Katkovnik, V., Egiazarian, K.: BM3D image denoising with shape-adaptive principal component analysis. In: Signal Processing with Adaptive Sparse Structured Representations, SPARS 2009 (2009)
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)
Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 636–654. IEEE (2016)
Fouladi, B., Ghanoun, S.: Honey, i’m home!!, hacking zwave home automation systems. Black Hat USA (2013)
Genet, T.: A short SPAN+ AVISPA tutorial. Ph.D. thesis, IRISA (2015)
He, D., Kumar, N., Lee, J.H., Sherratt, R.S.: Enhanced three-factor security protocol for consumer usb mass storage devices. IEEE Trans. Consum. Electron. 60(1), 30–37 (2014). https://doi.org/10.1109/TCE.2014.6780922
Jeong, J., Chung, M.Y., Choo, H.: Integrated OTP-based user authentication scheme using smart cards in home networks. In: Proceedings of the 41st Annual Hawaii International Conference on System Sciences, pp. 294–294. IEEE (2008)
Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)
Kumar, P., Gurtov, A., Iinatti, J., Ylianttila, M., Sain, M.: Lightweight and secure session-key establishment scheme in smart home environments. IEEE Sens. J. 16(1), 254–264 (2016)
Lomas, N.: Critical flaw identified in zigbee smart home devices (2015)
Lukas, J., Fridrich, J., Goljan, M.: Digital camera identification from sensor pattern noise. IEEE Trans. Inf. Forensics Secur. 1(2), 205–214 (2006). https://doi.org/10.1109/TIFS.2006.873602
Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986). https://doi.org/10.1007/3-540-39799-X_31
Nimmy, K., Sethumadhavan, M.: Novel mutual authentication protocol for cloud computing using secret sharing and steganography. In: ICADIWT, pp. 101–106 (2014). https://doi.org/10.1109/ICADIWT.2014.6814685
Rahmati, A., Fernandes, E., Eykholt, K., Prakash, A.: Tyche: risk-based permissions for smart home platforms. arXiv preprint arXiv:1801.04609 (2018)
Sankaran, S.: Lightweight security framework for IoTs using identity based cryptography. In: 2016 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 880–886. IEEE (2016)
Santoso, F.K., Vun, N.C.: Securing IoT for smart home system. In: 2015 IEEE International Symposium on Consumer Electronics (ISCE), pp. 1–2. IEEE (2015)
Singh, L.D., Singh, K.M.: Image encryption using elliptic curve cryptography. Procedia Comput. Sci. 54, 472–481 (2015). https://doi.org/10.1016/j.procs.2015.06.054
Tewari, A., Gupta, B.: A lightweight mutual authentication protocol based on elliptic curve cryptography for IoT devices. Int. J. Adv. Intell. Paradigms 9(2–3), 111–121 (2017)
UC-Denver: Secret sharing schemes. http://www-math.ucdenver.edu/wcherowi/courses/m5410/ctcsss.html. Accessed 2 Jan 2018
Vaidya, B., Park, J.H., Yeo, S.S., Rodrigues, J.J.: Robust one-time password authentication scheme using smart card for home network environment. Comput. Commun. 34(3), 326–336 (2011)
Wazid, M., Das, A.K., Odelu, V., Kumar, N., Susilo, W.: Secure remote user authenticated key establishment protocol for smart home environment. IEEE Trans. Dependable Secure Comput. (2017). https://doi.org/10.1109/TDSC.2017.2764083
Zhang, Y., Xiang, Y., Huang, X., Chen, X., Alelaiwi, A.: A matrix-based cross-layer key establishment protocol for smart homes. Inf. Sci. 429, 390–405 (2018)
Acknowledgment
We thank Dr. Atul Prakash, Professor, University of Michigan, for his valuable comments and suggestions on this work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Nimmy, K., Sankaran, S., Achuthan, K. (2018). A Novel Multi-factor Authentication Protocol for Smart Home Environments. In: Ganapathy, V., Jaeger, T., Shyamasundar, R. (eds) Information Systems Security. ICISS 2018. Lecture Notes in Computer Science(), vol 11281. Springer, Cham. https://doi.org/10.1007/978-3-030-05171-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-05171-6_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05170-9
Online ISBN: 978-3-030-05171-6
eBook Packages: Computer ScienceComputer Science (R0)