Skip to main content

Advertisement

Springer Nature Link
Log in

Secure user authentication and key agreement scheme for IoT device access control based smart home communications

  • Original Paper
  • Published:
Wireless Networks Aims and scope Submit manuscript

Abstract

The upcoming paradigm in Internet of Things (IoT) based applications is to afford effective interactional communication strategies between the devices in the smart home system. With the rapid growth of IoT services, the incorporation of security measures becomes a vital concern. The general issue faced in the security of the intercommunication between the devices and the users is improper authentication between them. Also, the access control of devices must be ensured with reliable features for establishing secure communication between the users and devices. Hence, we propose a protocol called Modified Honey Encryption using Inverse Sampling-Conditional Probability Model Transform (MHE-IS-CPMT) with Elliptic Curve Cryptography (ECC) to authenticate and perform the key agreement. Here, we employ the following steps: (1) Initialization, (2) Registration, (3) Login and data access Request, (4) Authentication and Session key agreement, and (5) Key update. At the commencement of the session, the users (u), Mobile Users (MU), and the other devices participating in the smart home system are initialized to the Home network head (H). Then, for the registration process, the user and the devices register them into H via the smart gateway (SG) by providing their own identities. The user details and the data about the devices are secured using the MHE-IS-CPMT with the ECC method. Next, during the login process, the registered users connect to the smart home system and send a request to SG to gain access to the devices. After verification, the user is authenticated and the system enables them to acquire the device access control by providing them with the private key of the device. In addition, the proposed system facilitates the secure key change procedure for the legitimate user to update their key whenever required. Hence, the performance of the model is secured against different types of attacks and also obtains more security features than existing methods.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

References

  1. Chakraborty, S., Bhatt, V., & Chakravorty, T. (2019). Impact of IoT adoption on agility and flexibility of healthcare organization. International Journal of Innovative Technology and Exploring Engineering, 8(11), 2673–2681. https://doi.org/10.35940/ijitee.k2119.0981119

    Article  Google Scholar 

  2. Alvi, S. A., Afzal, B., Shah, G. A., Atzori, L., & Mahmood, W. (2015). Internet of multimedia things: Vision and challenges. Ad Hoc Networks, 33, 87–111. https://doi.org/10.1016/j.adhoc.2015.04.006

    Article  Google Scholar 

  3. Tweneboah-Koduah, S., Skouby, K. E., & Tadayoni, R. (2017). Cyber security threats to IoT applications and service domains. Wireless Personal Communications, 95(1), 169–185. https://doi.org/10.1007/s11277-017-4434-6

    Article  Google Scholar 

  4. Gubbi, J., Buyya, R., Marusic, S., & Palaniswami, M. (2013). Internet of things (IoT): A vision, architectural elements, and future directions. Future Generation Computer Systems, 29(7), 1645–1660. https://doi.org/10.1016/j.future.2013.01.010

    Article  Google Scholar 

  5. Alaa, M., Zaidan, A. A., Zaidan, B. B., Talal, M., & Kiah, M. L. M. (2017). A review of smart home applications based on Internet of Things. Journal of Network and Computer Applications, 97, 48–65. https://doi.org/10.1016/j.jnca.2017.08.017

    Article  Google Scholar 

  6. Jaikla, T., Vorakulpipat, C., Rattanalerdnusorn, E., & Hai, H. D. (2019). A secure network architecture for heterogeneous iot devices using role-based access control. In 2019 International conference on software, telecommunications and computer networks (SoftCOM) (pp. 1–5). IEEE. https://doi.org/10.23919/softcom.2019.8903605

  7. Togan, M., Chifor, B. C., Florea, I., & Gugulea, G. (2017). A smart-phone based privacy-preserving security framework for IoT devices. In 2017 9th International conference on electronics, computers and artificial intelligence (ECAI) (pp. 1–7). IEEE. https://doi.org/10.1109/ecai.2017.8166453

  8. Beitollahi, H., & Deconinck, G. (2012). Analyzing well-known countermeasures against distributed denial of service attacks. Computer Communications, 35(11), 1312–1332. https://doi.org/10.1016/j.comcom.2012.04.008

    Article  Google Scholar 

  9. Sciancalepore, S., Piro, G., Boggia, G., & Bianchi, G. (2016). Public key authentication and key agreement in IoT devices with minimal airtime consumption. IEEE Embedded Systems Letters, 9(1), 1–4. https://doi.org/10.1109/les.2016.2630729

    Article  Google Scholar 

  10. Atamli, A. W., & Martin, A. (2014). Threat-based security analysis for the internet of things. In 2014 International workshop on secure internet of things (pp. 35–43). IEEE. https://doi.org/10.1109/siot.2014.10

  11. Chen, B., Huang, Y. L., & Güneş, M. (2015). S-CBAC: A secure access control model supporting group access for Internet of Things. In 2015 IEEE International symposium on software reliability engineering workshops (ISSREW) (pp. 67–67). IEEE. https://doi.org/10.1109/issrew.2015.7392046

  12. Rivera, D., Cruz-Piris, L., Lopez-Civera, G., de la Hoz, E., & Marsa-Maestre, I. (2015). Applying an unified access control for IoT-based intelligent agent systems. In 2015 IEEE 8th international conference on service-oriented computing and applications (SOCA) IEEE, 247–251. https://doi.org/10.1109/soca.2015.40

  13. Li, J., Chen, X., Li, J., Jia, C., Ma, J., & Lou, W. (2013). Fine-grained access control system based on outsourced attribute-based encryption. In European symposium on research in computer security (pp. 592–609). Springer. https://doi.org/10.1016/j.jss.2016.12.018

  14. Wang, H., He, D., Shen, J., Zheng, Z., Zhao, C., & Zhao, M. (2017). Verifiable outsourced ciphertext-policy attribute-based encryption in cloud computing. Soft Computing, 21(24), 7325–7335. https://doi.org/10.3837/tiis.2017.06.024

    Article  MATH  Google Scholar 

  15. Gaikwad, P. P., Gabhane, J. P., & Golait, S. S. (2015). 3-level secure Kerberos authentication for smart home systems using IoT. In 2015 1st International conference on next generation computing technologies (NGCT) (pp. 262–268). IEEE. https://doi.org/10.1109/ngct.2015.7375123

  16. Mahalle, P. N., Prasad, N. R., & Prasad, R. (2014). Threshold cryptography-based group authentication (TCGA) scheme for the Internet of Things (IoT). In 2014 4th International conference on wireless communications, vehicular technology, information theory and aerospace and electronic systems (VITAE) (pp. 1–5). IEEE. https://doi.org/10.1109/vitae.2014.6934425

  17. Forsby, F., Furuhed, M., Papadimitratos, P., & Raza, S. (2017). Lightweight x. 509 digital certificates for the internet of things. In Interoperability, safety and security in IoT (pp. 123–133). Springer. https://doi.org/10.1007/978-3-319-93797-7_14

  18. Gyamfi, E., Ansere, J. A., & Xu, L. (2019). ECC based lightweight cybersecurity solution for IoT networks utilising multi-access mobile edge computing. In 2019 Fourth international conference on fog and mobile edge computing (FMEC) (pp. 149–154). IEEE. https://doi.org/10.1109/fmec.2019.8795315

  19. Miettinen, M., Marchal, S., Hafeez, I., Asokan, N., Sadeghi, A. R., & Tarkoma, S. (2017). Iot sentinel: Automated device-type identification for security enforcement in iot. In 2017 IEEE 37th international conference on distributed computing systems (ICDCS) (pp. 2177–2184). IEEE. https://doi.org/10.1109/icdcs.2017.283

  20. Hao, P., Wang, X., & Shen, W. (2018). A collaborative PHY-aided technique for end-to-end IoT device authentication. IEEE Access, 6, 42279–42293. https://doi.org/10.1109/access.2018.2859781

    Article  Google Scholar 

  21. Lee, I., & Lee, K. (2015). The internet of things (IoT): Applications, investments, and challenges for enterprises. Business Horizons, 58(4), 431–440. https://doi.org/10.1016/j.bushor.2015.03.008

    Article  Google Scholar 

  22. Hossain, M.M., Fotouhi, M., & Hasan, R. (2015). Towards an analysis of security issues, challenges, and open problems in the internet of things. In2015 IEEE world congress on services. IEEE, 21–28. https://doi.org/10.1109/services.2015.12

  23. Singh, S., Sharma, P. K., Moon, S. Y., & Park, J. H. (2017). Advanced lightweight encryption algorithms for IoT devices: Survey, challenges and solutions. Journal of Ambient Intelligence and Humanized Computing., 1, 8. https://doi.org/10.1007/s12652-017-0494-4

    Article  Google Scholar 

  24. Alassaf, N., Gutub, A., Parah, S. A., & Al Ghamdi, M. (2019). Enhancing speed of SIMON: A light-weight-cryptographic algorithm for IoT applications. Multimedia Tools and Applications., 78(23), 32633–32657. https://doi.org/10.1007/s11042-018-6801-z

    Article  Google Scholar 

  25. Tewari, A., & Gupta, B. B. (2017). Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags. The Journal of Supercomputing., 73(3), 1085–1102. https://doi.org/10.1007/s11227-016-1849-x

    Article  Google Scholar 

  26. Chifor, B. C., Bica, I., Patriciu, V. V., & Pop, F. (2018). A security authorization scheme for smart home Internet of Things devices. Future Generation Computer Systems, 86, 740–749. https://doi.org/10.1016/j.future.2017.05.048

    Article  Google Scholar 

  27. Shen, J., Wang, C., Li, T., Chen, X., Huang, X., & Zhan, Z. H. (2018). Secure data uploading scheme for a smart home system. Information Sciences, 453, 186–197. https://doi.org/10.1016/j.ins.2018.04.048

    Article  Google Scholar 

  28. Anthi, E., Williams, L., Słowińska, M., Theodorakopoulos, G., & Burnap, P. (2019). A supervised intrusion detection system for smart home IoT devices. IEEE Internet of Things Journal, 6(5), 9042–9053. https://doi.org/10.1109/jiot.2019.2926365

    Article  Google Scholar 

  29. Yan, H., Wang, Y., Jia, C., Li, J., Xiang, Y., & Pedrycz, W. (2019). IoT-FBAC: Function-based access control scheme using identity-based encryption in IoT. Future Generation Computer Systems, 95, 344–353. https://doi.org/10.1016/j.future.2018.12.061

    Article  Google Scholar 

  30. Alshahrani, M., & Traore, I. (2019). Secure mutual authentication and automated access control for IoT smart home using cumulative keyed-hash chain. Journal of Information Security and Applications, 45, 156–175. https://doi.org/10.1016/j.jisa.2019.02.003

    Article  Google Scholar 

  31. Punithavathi, P., Geetha, S., Karuppiah, M., Islam, S. H., Hassan, M. M., & Choo, K. K. R. (2019). A lightweight machine learning-based authentication framework for smart IoT devices. Information Sciences, 484, 255–268. https://doi.org/10.1016/j.ins.2019.01.073

    Article  Google Scholar 

  32. Naik, K., & Patel, S. (2018). An open source smart home management system based on IOT. Wireless Networks. https://doi.org/10.1007/s11276-018-1884-z

    Article  Google Scholar 

  33. Gochhayat, S. P., Lal, C., Sharma, L., Sharma, D. P., Gupta, D., Saucedo, J. A., & Kose, U. (2020). Reliable and secure data transfer in IoT networks. Wireless Networks, 26(8), 5689–5702. https://doi.org/10.1007/s11276-019-02036-0

    Article  Google Scholar 

  34. Mansoor, K., Ghani, A., Chaudhry, S. A., Shamshirband, S., Ghayyur, S. A., & Mosavi, A. (2019). Securing IoT-based RFID systems: A robust authentication protocol using symmetric cryptography. Sensors, 19(21), 4752. https://doi.org/10.3390/s19214752

    Article  Google Scholar 

  35. Shahid, F., Ashraf, H., Ghani, A., Ghayyur, S. A., Shamshirband, S., & Salwana, E. (2020). PSDS–proficient security over distributed storage: A method for data transmission in cloud. IEEE Access, 8, 118285–118298. https://doi.org/10.1109/access.2020.3004433

    Article  Google Scholar 

  36. Samuel, O., Omojo, A. B., Onuja, A. M., Sunday, Y., Tiwari, P., Gupta, D., Hafeez, G., Yahaya, A. S., Fatoba, O. J., & Shamshirband, S. (2022). IoMT A COVID-19 healthcare system driven by federated learning and blockchain. IEEE Journal of Biomedical and Health Informatics, 1, 21. https://doi.org/10.1109/jbhi.2022.3143576

    Article  Google Scholar 

  37. Jaeger, J., Ristenpart, T., & Tang, Q. (2016). Honey encryption beyond message recovery security. In Annual international conference on the theory and applications of cryptographic techniques (pp. 758–788). Springer. https://doi.org/10.1007/978-3-662-49890-3_29

  38. Santoso, F. K., & Vun, N. C. (2015). Securing IoT for smart home system. In 2015 international symposium on consumer electronics (ISCE) (pp. 1–2). IEEE. https://doi.org/10.1109/isce.2015.7177843

  39. https://www.tensorflow.org/about/bib

  40. Sarawale, R., Deshpande, A., & Arora, P. (2021). Implementation pathways of smart home by exploiting internet of things (IoT) and Tensorflow. In Data science and security (pp. 478–489), Springer.

  41. Nagpal, A., & Gabrani, G. (2019). Python for data analytics, scientific and technical applications. In 2019 Amity international conference on artificial intelligence (AICAI) (pp. 140–145). IEEE. https://doi.org/10.1109/aicai.2019.8701341

  42. https://www.python.org/downloads/release/python-368/

  43. Li, X., Niu, J., Kumari, S., Wu, F., Sangaiah, A. K., & Choo, K. K. R. (2018). A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments. Journal of Network and Computer Applications, 103, 194–204. https://doi.org/10.1016/j.jnca.2017.07.001

    Article  Google Scholar 

  44. Li, X., Niu, J., Bhuiyan, M. Z. A., Wu, F., Karuppiah, M., & Kumari, S. (2017). A robust ECC-based provable secure authentication protocol with privacy preserving for industrial Internet of Things. IEEE Transactions on Industrial Informatics, 14(8), 3599–3609. https://doi.org/10.1109/tii.2017.2773666

    Article  Google Scholar 

  45. Srinivas, J., Das, A. K., Wazid, M., & Kumar, N. (2018). Anonymous lightweight chaotic map-based authenticated key agreement protocol for industrial Internet of Things. IEEE Transactions on Dependable and Secure Computing, 17(6), 1133–1146. https://doi.org/10.1109/tdsc.2018.2857811

    Article  Google Scholar 

  46. Park, K., Noh, S., Lee, H., Das, A. K., Kim, M., Park, Y., & Wazid, M. (2020). LAKS-NVT: Provably secure and lightweight authentication and key agreement scheme without verification table in medical internet of things. IEEE Access, 8, 119387–119404. https://doi.org/10.1109/access.2020.3005592

    Article  Google Scholar 

  47. Mallareddy, A., Bhargavi, V., & Rani, K. D. (2014). A single to multi-cloud security based on secret sharing algorithm. International Journal of Research, 1(7), 910–915. https://doi.org/10.15373/22501991/mar2013/35

    Article  Google Scholar 

  48. Rawal, B. S., Vijayakumar, V., Manogaran, G., Varatharajan, R., & Chilamkurti, N. (2018). ‘Secure disintegration protocol for privacy preserving cloud storage.’ Wireless Personal Communications, 103(2), 1161–1177. https://doi.org/10.1007/s11277-018-5284-6

    Article  Google Scholar 

  49. Bogos, S., Gaspoz, J., & Vaudenay, S. (2018). Cryptanalysis of a homomorphic encryption scheme. Cryptography and Communication, 10(1), 27–39. https://doi.org/10.1109/isit.2012.6283832

    Article  MathSciNet  MATH  Google Scholar 

  50. Yang, J., Park, J., Lee, H., Ren, K., & Kim, K. (2005). Mutual authentication protocol for low-cost RFID. In Workshop on RFID and lightweight crypto WRLC (pp. 17–24). https://doi.org/10.1109/apscc.2010.22

  51. Tan, C. C., Sheng, B., & Li, Q. (2008). Secure and serverless RFID authentication and search protocols. IEEE Transactions on Wireless Communications. https://doi.org/10.1109/twc.2008.061012

    Article  Google Scholar 

  52. Cai, S., Li, Y., Li, T., & Deng, R. H. (2009). Attacks and improvements to an RIFD mutual authentication protocol and its extensions. Proceedings of the Second ACM Conference on Wireless Network Security, Zurich, Switzerland, 16–19, 51–58. https://doi.org/10.1145/1514274.1514282

    Article  Google Scholar 

  53. Gope, P., & Hwang, T. (2015). A realistic lightweight authentication protocol preserving strong anonymity for securing RFID system. Computers and Security, 55, 271–280. https://doi.org/10.1016/j.cose.2015.05.004

    Article  Google Scholar 

  54. Cho, J. S., Jeong, Y. S., & Park, S. O. (2015). Consideration on the brute-force attack cost and retrieval cost: A hash-based radio-frequency identification (RFID) tag mutual authentication protocol. Computers and Mathematics with Applications, 69, 58–65. https://doi.org/10.1016/j.camwa.2012.02.025

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. GITAM University, Visakhapatnam, Andhra Pradesh, 530045, India

    Sirisha Uppuluri & G. Lakshmeeswari

Authors
  1. Sirisha Uppuluri
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. G. Lakshmeeswari
    View author publications

    You can also search for this author inPubMed Google Scholar

Contributions

All the authors have participated in writing the manuscript and have revised the final version. All authors read and approved the final manuscript.

Corresponding author

Correspondence to Sirisha Uppuluri.

Ethics declarations

Conflict of interest

Authors declares that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants and/or animals performed by any of the authors.

Informed consent

There is no informed consent for this study.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Uppuluri, S., Lakshmeeswari, G. Secure user authentication and key agreement scheme for IoT device access control based smart home communications. Wireless Netw 29, 1333–1354 (2023). https://doi.org/10.1007/s11276-022-03197-1

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11276-022-03197-1

Keywords