Abstract
Remote control his smart home from his mobile device is highly desirable for a mobile user. But, the sensor devices and the user mobile device communicate over an insecure communication channel. Therefore, various attacks are possible, such as impersonation attack, privileged-insider attack, mobile device stolen attack, and the denial of service attack. In this case, an illegal user may gain access to the data sent by the smart devices. In the literature, most of the existing schemes for the remote user authentication are not secure enough with respect to the aforementioned attacks. In addition, they are not enough lightweight at the sensor device side. Therefore, there is a need to design a new secure and lightweight remote user authentication scheme, where only the authorized users may have access to the home sensor devices. So, in this paper, we propose a new secure and lightweight remote user authentication scheme for a smart home environment. For the derivation of a robust session key, we propose to use Elliptic Curve Cryptography. The solution is lightweight for resource-constrained devices with limited resources as the gateway node will assist in deriving the session key to the sensor device. The security of the proposed solution is proved using a formal security evaluation via the Scyther tool. Also, a performance evaluation is performed to show the effectiveness of our solution.
Similar content being viewed by others
References
Lindsay, G., Woods, B., Corman, J.: Smart homes and the internet of things. Atlantic Council (2016)
Wazid, M., Das, A.K., Odelu, V., Kumar, N., Susilo, W.: Secure remote user authenticated key establishment protocol for smart home environment. IEEE Trans. Dependable Secure Comput. (2017). https://doi.org/10.1109/TDSC.2017.2764083
Kumar, P., Gurtov, A., Iinatti, J., Ylianttila, M., Sain, M.: Lightweight and secure session-key establishment scheme in smart home environments. IEEE Sens. J. 16(1), 254–264 (2016)
Naoui, S., Elhdhili, M.E., Saidane, L.A.: Lightweight enhanced collaborative key management scheme for smart home application. In: 2017 International Conference on High Performance Computing and Simulation (HPCS). IEEE (2017)
You, I., Jung, E.S.: A lightweight authentication protocol for digital home networks. In: International Conference on Computational Science and Its Applications. Springer, Berlin (2006)
Lee, N.Y., Chen, J.C.: Improvement of one-time password authentication scheme using smart cards. IEICE Trans. Commun. 88(9), 3765–3767 (2005)
Jeong, J., Chung, M.Y., Choo, H.: Integrated OTP-based user authentication scheme using smart cards in home networks. In: Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008). IEEE (2008)
Kim, S.K., Chung, M.G.: More secure remote user authentication scheme. Comput. Commun. 32(6), 1018–1021 (2009)
Yoon, E.J., Yoo, K.Y.: More efficient and secure remote user authentication scheme using smart cards. In: 11th International Conference on Parallel and Distributed Systems (ICPADS’05), vol. 2. IEEE (2005)
Vaidya, B., Park, J.H., Yeo, S.S., Rodrigues, J.J.P.C.: Robust one-time password authentication scheme using smart card for home network environment. Comput. Commun. 34(3), 326–336 (2011)
Kim, H.J., Kim, H.S.: AUTH HOTP-HOTP based authentication scheme over home network environment. In: International Conference on Computational Science and Its Applications. Springer, Berlin (2011)
Vaidya, B., Makrakis, D., Mouftah, H.T.: Device authentication mechanism for smart energy home area networks. In: 2011 IEEE International Conference on Consumer Electronics (ICCE). IEEE (2011)
Santoso, F.K., Vun, N.C.H.: Securing IoT for smart home system. In: 2015 International Symposium on Consumer Electronics (ISCE). IEEE (2015)
Qi, M., Chen, J.: An efficient twoparty authentication key exchange protocol for mobile environment. Int. J. Commun. Syst. 30(16), e3341 (2017)
Reddy, A.G., Das, A.K., Odelu, V., Ahmad, A., Shin, J.S.: A Privacy Preserving three-factor authenticated key agreement protocol for client–server environment. J. Ambient Intell. Human. Comput. 10(2), 661–680 (2019)
Pippal, R.S., Jaidhar, C.D., Shashikala, T.: Security issues in smart card authentication scheme. Int. J. Comput. Theory Eng. 4(2), 206 (2012)
Cremers, C.J.F.: The scyther tool: verification, falsification, and analysis of security protocols. In: International Conference on Computer Aided Verification. Springer, Berlin (2008)
Elbaz, A., Abdelaziz, M.H., Nazmy, M.T.: Analysis and verification of a key agreement protocol over cloud computing using scyther tool. Int. J. Distrib. Cloud Comput. (2015). https://doi.org/10.11591/closer.v3i6.6949
Mishra, D., Srinivas, J., Mukhopadhyay, S.: A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(10), 120 (2014)
Dai, W.: Crypto++ Library 5.2.2. http://www.cryptopp.com (2007)
Yu, H., Wang, L.: A security-enhanced mutual authentication scheme with privacy protected in wireless sensor networks. Clust. Comput. (2017). https://doi.org/10.1007/s10586-017-1575-z
Nam, J., Choo, K.K.R., Han, S., Kim, M., Paik, J., Won, D.: Efficient and anonymous two-factor user authentication in wireless sensor networks: achieving user anonymity with lightweight sensor computation. PLoS ONE 10(4), e0116709 (2015)
Wen, F., Li, X.: An improved dynamic ID-based remote user authentication with key agreement scheme. Comput. Electr. Eng. 38(2), 381–387 (2012)
Xu, J., Zhu, W.T., Feng, D.G.: An efficient mutual authentication and key agreement protocol preserving user anonymity in mobile networks. Comput. Commun. 34(3), 319–325 (2011)
Porambage, P., Braeken, A., Kumar, P., Gurtov, A., Ylianttila, M.: CHIP: collaborative host identity protocol with efficient key establishment for constrained devices in internet of things. Wirel. Pers. Commun. 96(1), 421–440 (2017)
Yeh, H.L., Chen, T.H., Liu, P.C., Kim, T.H., Wei, H.W.: A secured authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors 11(5), 4767–4779 (2011)
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Naoui, S., Elhdhili, M.E. & Saidane, L.A. Lightweight and Secure Password Based Smart Home Authentication Protocol: LSP-SHAP. J Netw Syst Manage 27, 1020–1042 (2019). https://doi.org/10.1007/s10922-019-09496-x
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10922-019-09496-x