A PLS-HECC-based device authentication and key agreement scheme for smart home networks

Abstract

IoT devices permeate our society, collect personal data, and support critical infrastructures such as the healthcare. Therefore, there is a critical need for authentication and authorization schemes for IoT devices to meet privacy requirements, such as mutual authentication and user anonymity, as well as robustness against security attacks. In this paper, we propose a device authentication and key agreement scheme for IoT networks. Our proposal takes as a model the scheme proposed by Rezai et al., and combines it with a physical layer security technique and a hyper-elliptic curve cryptosystem. Our results show that not only our authentication scheme provides anonymity, mutual authentication, and efficiency, but it also provides resilience to various attacks, including man-in-the-middle, replay, and de-synchronization attacks. Our comparison shows that our scheme performs better than the state-of-the-art in terms of security properties, while adding a small overhead of $\approx 10\left(\mathrm{ms}\right)$.

Introduction

The Internet of Things (IoT) enabled advanced smart homes to improve and simplify modern lives, increasing comfort, reducing usual costs, and guaranteeing safety and security of residents. Smart homes consist of several heterogeneous smart appliances that use different communication protocols, such as heating and air conditioning units, refrigerators, washing machines, lighting devices, cameras, and security systems. Therefore, smart things should connect and interact easily, efficiently, and without pre-configured keys [1].

Despite the development efforts spent on IoT devices and the relevant benefits brought by them, security and privacy have remained two major problems. In particular, smart home devices can closely monitor the status of their users, detecting when they are inside the house, when they leave it, or what activities they are performing [2], [3]. Authentication is an important process for ensuring security and privacy within a network, and is responsible for allowing two parties to corroborate their identities with each other. The main purpose of entity authentication is to facilitate access control to network resources and make them available to authorized entities [4], [5]. Digital signatures allow two parties to reciprocally authenticate and are widely used for achieving network access policies.

Asymmetric encryption is the gold standard for achieving authentication and establishing secure communications between parties over a network. However, traditional encryption schemes such as RSA are cumbersome for IoT devices that rely on battery power and are equipped with limited computation power and bandwidth. To address the heavy load required, enhanced techniques have been proposed. In particular, the Elliptic Curve Cryptosystem (ECC) which is based on the hardness of the elliptic curve discrete logarithm problem, provides the same security level of RSA but uses a shorter operand and smaller key size [6], [7], [8].

Koblitz et al. [9] proposed the Hyperelliptic Curve Cryptosystem (HECC), an improved version of ECC which provides the same security assurance of 160-bit ECC and 1024-bit RSA, but with a key of 80-bit size. HECC provides better performance than ECC and RSA and is a good candidate for resource-limited IoT devices [6], [7], [10]. Considering IoT devices’ limited computation power and throughput, the Hyper-elliptic Curve-based Digital Signature Arithmetic (HECDSA) is a good choice for IoT devices authentication [11], [12].

Cryptographic techniques alone are not the silver bullet. Communication schemes might lead to information leakage to unauthorized eavesdroppers, opening to the possibility of guessing encryption keys, and posing a serious threat to the secrecy of the communication session [13] To address this challenge, several physical-layer-based methods have been recently proposed as an alternative to cryptographic solutions [1], [14], [15].

Wireless channels provide a unique source of randomness, which works as a foundation for physical layer security (PLS). This allows to extract shared session keys (e.g., using channel-based nonces) and ensures secure communications. PLS-based protocols rely on the principle that malicious attackers cannot detect the variations of the medium channel used by two communicating parties. Therefore, the intrinsic randomness of wireless channels can be leveraged to provide confidentiality and authentication to the communication [16], [17].

Contributions. In this paper, we propose a novel authentication and key-agreement scheme, based on the authentication scheme proposed by [18]. We show that, even though Rezai et al.’s scheme provides efficiency, it is vulnerable to attacks such as replay, man-in-the-middle, and reflection attacks. More importantly, the authors did not take into account the fact that in wireless channels the risk of information leakage is high and that relying only on cryptography techniques could compromise the security of the whole system.

Our scheme provides stronger authentication and key agreement than the ones achieved by Rezai et al. [18]. We achieve such improvement by making both participating parties contribute to the final session key generation. This is ensured by taking advantage of dynamic physical channel parameters. In addition, we use a fuzzy extractor for minimizing the noise on the wireless channels and ensure channel reciprocity when extracting channel-based nonces, preventing an attacker from eavesdropping on the channel [15]. Furthermore, instead of utilizing ECDH, we utilize HECDH key exchange protocol to lower the cost of computation and the key size. To achieve strong mutual authentication and provide non-repudiation, we use HECDSA and we replace timestamps with random numbers and nonces. Last, taking into account the limited computation power and bandwidth of IoT devices, a considerable part of the computational load of our scheme is implemented in the GW node [19], [20].

Outline. The rest of this paper is organized as follows. In Section 2, we provide an overview of the related work. In Section 3, we recap and analyse the scheme proposed by Rezai et al. and in Section 4, we explain in details our proposed scheme. In Section 5, we provide a security analysis of our proposal with respect to other state-of-the-art schemes, and in Section 6 we analyse the time performance, compared to the same schemes. Finally, Section 7 summarizes our contributions and conclusions.