Open Access
Issue
Wuhan Univ. J. Nat. Sci.
Volume 28, Number 6, December 2023
Page(s) 523 - 530
DOI https://doi.org/10.1051/wujns/2023286523
Published online 15 January 2024

© Wuhan University 2023

Licence Creative CommonsThis is an Open Access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

0 Introduction

In recent years, applications based on Internet of Things (IoT) technology, such as smart homes, intelligent healthcare, and smart cities, have received much attention [1]. Among them, smart home systems optimize household resources through remote control smart devices, such as monitoring the operation status of monitoring devices, remotely starting or shutting down devices, and monitoring the working status of safety monitoring devices. The first value of the smart home is the convenience and comfort of living [2]; for example, you can use voice or an APP to control the lighting, curtains, and other equipment at home or monitor the temperature and humidity at home in real-time through our terminal devices. The second value is safety, for example, the ability to monitor the home in real-time so that in the event of an accident, users can be informed of the situation at home and seek help from the relevant personnel. The third value is energy saving, as the smart home can actively or passively adjust the devices' time and area of use according to users' frequency of use and habits. Smart homes simplify our lives while relying on technological development, making life more convenient and less stressful [3].

However, with the development of smart homes, user data and privacy become the focus of attackers[4]. In a smart home environment, entities communicate over a common channel, and messages can be maliciously eavesdropped, inserted, or deleted by an attacker. This allows adversaries to attempt various security attacks, including man-in-the-middle (MITM), user impersonation, and replay attacks [5-7]. Through these attacks, an attacker can access a user's true identity and information, thus threatening the user's anonymity and privacy [8]. In addition, an attacker can perform a device capture attack by capturing physically accessible smart devices, thereby compromising the entire system [9].

In the past few years, various security threats, such as monitoring electricity usage and malicious control appliances, have continuously occurred in actual smart home environments, severely affecting the trust in smart homes. At the same time, robust encryption algorithms are unsuitable for deployment in smart home environments due to the resource-constrained nature of most smart devices.

In order to improve the security of various network environments, scholars at home and abroad have carried out many related researches [10]. In 1981, Lamport [11] first proposed a remote user authentication scheme using a password table and claimed that the scheme was secure. In 2000, Hwang and Li [12] discovered that Lamport's scheme was vulnerable to a password table modification attack. They then proposed a remote user authentication scheme based on the El Gamal public key encryption method without using a password table. So far, there have been many remote user authentication schemes. In 2008, Jeong et al [13] proposed an authentication scheme specifically for home networks. However, this scheme does not protect user identity and is vulnerable to attacks such as smart card loss attacks and node capture attacks. In 2019, Shuai et al [14] proposed a smart home environment certification scheme based on elliptic curve cryptograpy (ECC). However, Xu et al [15] pointed out that Shuai et al 's scheme had security problems, such as offline password guessing attacks and internal privilege attacks. In 2021, Kaur and Kumar [16] proposed a scheme based on two-factor authentication and claimed their scheme was resistant to potential security attacks. However, in the same year, Yu et al [17] proved that the scheme proposed by Kaur and Kumar was not resistant to key leakage attacks and impersonation attacks and could not meet the security requirements of mutual authentication. Yu et al[17] proposed a smart home three-factor anonymous authentication scheme using lightweight symmetric encryption primitives and claim that their scheme is resistant to various known security attacks.

To sum up, in order to ensure security and reduce the cost of computing, storage, and other resources required by authentication schemes, scholars have carried out relatively sufficient research. Therefore, a lightweight, anonymous authentication scheme is essential to counteract security issues and securely use smart home services.

The contributions of this paper are summarized as follows:

1) An authentication and key negotiation scheme is proposed to address the security and privacy issues inherent in traditional smart home security schemes[18].

2) Timestamps and random numbers are incorporated into the design to help stop many attacks, such as replay attacks and denial of service attacks.

3) The performance and security of the proposed scheme was compared with other schemes. The results show that the proposed scheme outperforms similar schemes regarding security and computational cost.

The rest of the paper is organized in the following way. Section 1 shows the proposed scheme. Section 2 contains the security analysis of the proposed scheme. Section 3 includes the performance of the proposed scheme, and finally, Section 4 is the conclusion.

1 Proposed Scheme

We propose a lightweight anonymous authentication and key negotiation scheme for a smart home environment that includes four entities: the user, the home gateway, the smart device, and the authority. Among them, the gateway is a bridge for mutual authentication and key negotiation between the user and the smart device, and the authority is a fully trusted third-party entity responsible for generating essential parameters during the system set up phase and for registering the user and the smart device. For ease of understanding, we show the symbols used in the scheme in Table 1.

Table 1

Symbols and definition

1.1 Set Up Phase

At this phase, the authority generates security parameters for GW and SDj.

Step 1   The TA selects a unique identity IDG for the GW, generates a private key KG, and stores IDG, KG in the memory of GW.

Step 2   The TA selects a unique identity IDj for the SDj, generates a private key KS, and stores IDj, KS in the memory of SDj.

1.2 Registration Phase

At this phase, Ui and SDj send registration requests to TA. After receiving registration requests, the TA will generate confidential credentials for Uiand SDj. At this stage, the message is transmitted through a secure channel, as shown in Fig. 1 and Fig. 2.

thumbnail Fig. 1

User registration phase

thumbnail Fig. 2

Smart device registration phase

1.2.1 User registration phase

Step 1   The Ui selects unique IDiand PWi, imprints BIOi, generates , computes Gen (BIOi) = (σi, τi), PPWi = h (PWi σi), and PIDi = h (IDi σi), and sends {IDi, PIDi, PPWi, ri} to TA through a private channel.

Step 2   The TA computes Xi = h (IDi KG ri), Yi = Xi⊕PPWi, and stores {IDi, PIDi, ri} in the memory of GW, and sends {Yi} to Ui.

Step 3  Uinow computes A1 = rih (PIDi‖ PPWi), Authi = h (PIDi ‖ PPWi ri) and stores {Authi, Yi, A1, τi} into Ui's terminal device.

1.2.2 Smart device registration phase

Step 1   The SDj generates , and computes PIDj = h (IDj rj) and sends PIDj, rjto TA through a private channel.

Step 2   The TA computes Xj = h (PIDj KG rj), Yj = Xjrj, and stores PIDj, rjin the memory of GW, and sends Yjto SDj.

Step 3   SDj now computes B1 = rih (PIDj KS) and, discloses PIDj to the Ui and stores {Yj, B1} in the memory of SDj.

1.3 Login and Authentication Phase

Once the registration phase is complete, Ui and SDj achieve mutual authentication with the assistance of GW by the following steps. After successful authentication, a session key is negotiated between Ui and SDj, as shown in Fig. 3.

thumbnail Fig. 3

Login and authentication phase

Step 1  Ui inputs IDi*, PWi*, BIOi*, the terminal device computes σi* = Rep (BIOi*, τi), PPWi*= h (PWi* σi*), PIDi* = h (IDi* σi*), ri* = A1h (PIDi*‖ PPWi*), and Authi* = h (PIDi*‖ PPWi* ri*). Now, Ui's terminal device checks the equality , and if the validation is unsuccessful, the session is terminated. Otherwise, IDi* = IDi, PWi* = PWi, BIOi* = BIOi, Ui generates and the current timestamp T1. Then, Ui computes Xi = Yi⊕PPWi, M= ni1h (Xi T1), and V1= h (PIDj Xi ni T1) and sends {M1, V1, T1, PIDi} to SDj.

Step 2   On receiving {M1, V1, T1, PIDi}, SDj checks |TC - T1| ≤ ΔT, where TC is the current timestamp recorded at SDj and ΔT is the allowable time delay. On the successful timestamp validation, SDjextracts B1, Yj and computes rj = B1h (PIDj KS), and Xj = Yjrj. Then, SDj generates and the current timestamp T2, and computes M2 = njh (Xj T2) and V2 = h (PIDi ‖ Xj nj T1 T2), and sends {M1, V1, T1, PIDi, M2, V2, T2, PIDj} to GW.

Step 3   On receiving{M1, V1, T1, PIDi, M2, V2, T2, PIDj}, GW checks |TC - T2| ≤ ΔT, and on successful validation of timestamp, GW retrieves {rj} from its memory and computes Xj* = h (PIDj KG rj), nj* = h (Xj* T2)⊕M2 and V2* = h (PIDi Xj* nj* T1 T2). Now, GW checks the validity , and the session is terminated if the validation is unsuccessful. Otherwise, GW authenticates the identity of SDj and Xj*= Xj, nj*= nj, and GW retrieves {IDi, ri} from its memory and computes Xi* = h (IDi KG ri), ni* = M1h (Xi*T1) and V1* = h (PIDj Xi* ni* T1).

Then, GW checks the validity of, and if the validation is not successful, the session is terminated. Otherwise, GW authenticates the identity of Ui and Xi*= Xi, ni*= ni, and GW generates and the current timestamp T3, and computes M3 = h (PIDi ni), M4 =nih (M3 nj), M5= M3nk, M6 = M3h (Xj nj), V3= h (Xj nj ni M5 T3), PIDinew = h (PIDi nk Xi) and replaces { PIDi } with { PIDinew }. GW now sends {M4, M5, M6, T3, IDG} to SDj.

Step 4   On receiving {M4, M5, M6, T3}, SDj checks |TC - T3| ≤ ΔT, and on successful validation of timestamp, SDj computes M3* = M6h (Xj nj), ni* = M4h (M3* nj), and V3* = h (Xj nj ni* M5 T3). Now, SDj checks the validity of, and if the validation is unsuccessful, the session is terminated. Otherwise, SDj authenticates the identity of GW and M3*= M3, ni*= ni, and SDj computes nk = M3M5. Then, SDj genetates and the current timestamp T4, and computes SKji = h (M3 ns ni), M8 = nsh (M3), and V4 = h (SKji ns ni nk T4), and sends {M5, M8, V4, T4, PIDj} to Ui.

Step 5   On receiving {M5, M8, V4, T4, PIDj}, Uichecks |TC - T4| ≤ ΔT, and on successful validation of timestamp, Ui computes M3* = h (PIDi ni), ns* = M8h (M3*), SKij = h (M3* ns* ni), nk* = M3*M5, and V4* = h (SKij ns* ni nk* T4). Now, SDj checks the validity of, and if the validation is not successful, the session is terminated. Otherwise, Ui authenticates the identity of SDj and negotiates a session key with SDj, and Ui calculates the new pseudo-identity as PIDinew = h (PIDi nk Xi), A1new = rih (PIDinew ‖ PPWi) and Authinew=h (PIDinew ‖ PPWi ri), and replaces {PIDi, A1, Authi} with {PIDinew, A1new, Authinew} in its memory.

2 Security Analysis

2.1 Anonymity

The proposed scheme generates PIDi by encrypting the Ui's identity IDi with the secret value σi. After GW successfully authenticates the Ui, GW changes the existing PIDi to a new PIDinew and transfers it to the Ui. Even if the attacker eavesdrops on messages transmitted through a public channel, he cannot identify the Ui's true identity IDi. Therefore, the proposed solution satisfies user anonymity.

2.2 Untraceability

The Ui sends a message to SDj over a public channel containing {M1,V1,T1,PIDi}, which the attacker can eavesdrop on during the login and authentication phases. Because these parameters are related to random numbers and timestamps, such as ni and T1, which differ from session to session, the attacker cannot track a Ui's actions during the login and authentication phases. Therefore, the proposed scheme guarantees untraceable Ui.

2.3 Mutual Authentication

With GW's assistance, Ui and SDj authenticate each other in the login and authentication phase. When GW receives message {M1, V1, T1, PIDi, M2, V2, T2, PIDj}, the authentication process for SDj is immediately executed. The next step can only be performed after this verification process is successful. Ui authenticates the identity of SDj by checking that the message SDj returns to Ui contains valid information related to the random number ni that Ui sends to GW. Therefore, the scheme guarantees mutual authentication between entities.

2.4 Offline Password Guessing Attack

Suppose the attacker tries to guess the real password PWi of legal Ui. In order to pass the authentication of the terminal device, the attacker must know the unique biometric information BIOi and real identity IDi of the legitimate user, but the BIOi cannot be obtained. Moreover, according to Section 2.1, the attacker cannot get the IDi based on the intercepted message, so it is difficult for the attacker to guess the real PWi. Therefore, offline password guessing attack is not feasible in the proposed scheme.

2.5 Session Key Disclosure Attack

The attacker wants to obtain {M3} and random number {ns, ni} to calculate a public session key SK = h (M3 || ns || ni). However, the correct session key SK cannot be calculated because the random numbers ns and M3 are subject to secret values by using hash and XOR functions σi. The random number ni is protected by Xj and KS using hash and XOR functions. Therefore, the scheme is safe against session key disclosure attack, because the attacker failed to calculate the public session key SK between Ui and SDj.

2.6 Impersonation Attack

If the attacker tries to impersonate legitimate Ui and SDj, the attacker must generate authentication request messages or authentication response messages. However, the attacker does not know the key credentials for authentication, Xi and Xj. Therefore, the proposed scheme can resist impersonation attacks because the attacker cannot successfully generate authentication requests and response messages for legitimate Ui and SDj.

2.7 Replay Attack

Suppose the attacker eavesdrops on the messages transmitted on the public channel during the login and mutual authentication phase. If the attacker resends and reuses all the messages transmitted in the previous session, the entity receiving the message will check the freshness of the current timestamp. In addition, all messages are masked with new random numbers by using Hash and XOR functions. Therefore, this scheme can prevent replay attacks.

2.8 Verifier Stolen Attack

The proposed scheme is immune to a stolen verifier attack by a possible malicious attacker. Even if the attacker obtains the verification table {PIDi, ri}, {PIDj, rj} stored in the gateway, the attacker must know GW's private key KG for computing Xi, Xj and recovering further information. Therefore, the proposed scheme is resistant to stolen verifier attacks.

2.9 Man in the Middle Attack

In the proposed scheme, if the attacker attempts to manipulate messages transmitted through a public channel between different entities, it will be detected when the entities verify V1, V2, V3, and V4. If the attacker attempts to modify the parameters of intermediate messages, it will not succeed in these malicious attempts. Hence, the proposed scheme can resist man-in-the-middle attacks successfully.

2.10 Forward Confidentiality

The attacker may obtain the session key calculated between Ui and SDj. However, the attacker cannot infer the previous session key based on the session key obtained this time. Because the random numbers ni and ns contained in them differ in each session of the proposed scheme. Therefore, the proposed scheme ensures forward security.

3 Performance Evaluation

In order to evaluate the performance of the proposed scheme, we compare it with other similar schemes in terms of computational cost and security features in this section.

3.1 Computation Cost

In this section, we compare the computation cost of the proposed scheme with several similar schemes [14,17,19,20] in recent years. According to Xia et al's scheme [19], we use Th, Tf, Tepm, Tpuf, and Ts to denote the consumption time of one-way Hash functions, fuzzy extractors, ECC point multiplication, physical unclonable functions (PUF), and symmetric key encryption/decryption, respectively as shown in Table 2.

Table 3 depicts the computational overhead of the different entities in the login and authentication phases of the proposed scheme compared with several other schemes. By calculation, the scheme of Zou etal[20] has the highest overhead of 11.980 8 ms, while the proposed scheme has a computational overhead of 2.074 8 ms. It is clear that the proposed scheme has a significant advantage over other solutions in terms of computation cost, satisfies the requirement of lightweight, and is suitable for resource-constrained smart home environments.

Table 2

Consumption times of different schemes

Table 3

Computational cost of the schemes

3.2 Security Features

As shown in Table 4, we have compared the security characteristics of the proposed scheme with other schemes. The result indicates that other schemes have one or more security vulnerabilities. For example, Yu et al's scheme[17] is not resistant to replay attacks and so on. Therefore, the proposed scheme also has an advantage regarding security features.

Table 4

Security features comparisons

4 Conclusion

This paper proposes a lightweight anonymous identity authentication scheme in the smart home environment. Security analysis shows that the proposed scheme is resistant to all known attacks. By comparing the proposed scheme with similar schemes in recent years in terms of computational cost and security features, the proposed scheme is shown to be a lightweight and efficient authentication scheme.

References

  1. Guo Y M, Zhang Z F, Guo Y J. SecFHome: Secure remote authentication in fog-enabled smart home environment[J]. Computer Networks, 2022, 207: 108818. [CrossRef] [Google Scholar]
  2. Bai L Y, Hsu C, Harn L, et al. A practical lightweight anonymous authentication and key establishment scheme for resource-asymmetric smart environments[J]. IEEE Transactions on Dependable and Secure Computing, 2022(1): 1-11. [Google Scholar]
  3. Pirayesh J, Giaretta A, Conti M, et al. A PLS-HECC-based device authentication and key agreement scheme for smart home networks[J]. Computer Networks, 2022, 216: 109077. [Google Scholar]
  4. Li R, Kang B Y, Mai K Q . Analysis and improvement on a Hash-based authentication scheme for multi-server architecture[J]. Wuhan University Journal of Natural Sciences, 2021, 26(5): 394-404. [Google Scholar]
  5. Sutrala A K, Obaidat M S, Saha S, et al. Authenticated key agreement scheme with user anonymity and untraceability for 5G-enabled softwarized industrial cyber-physical systems[J]. IEEE Transactions on Intelligent Transportation Systems, 2021, 23(3): 2316-2330. [Google Scholar]
  6. Abbas G, Tanveer M, Abbas Z H, et al. A secure remote user authentication scheme for 6LoWPAN-based Internet of Things[J]. PloS one, 2021, 16(11): e0258279. [Google Scholar]
  7. Chen C M, Deng X T, Kumar S, et al. Blockchain-based medical data sharing schedule guaranteeing security of individual entities[J]. Journal of Ambient Intelligence and Humanized Computing, 2021:1-10. [Google Scholar]
  8. Cho Y, Oh J, Kwon D, et al. A secure and anonymous user authentication scheme for IoT-enabled smart home environments using PUF[J]. IEEE Access, 2022, 10: 101330-101346. [CrossRef] [Google Scholar]
  9. Wang D, Wang P. Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks[J]. Ad Hoc Networks, 2014, 20: 1-15. [CrossRef] [Google Scholar]
  10. Du J Q, Kang B Y, Han Y B. Improvement on a biometric based user authentication scheme in wireless sensor networks using smart cards[J]. Wuhan University Journal of Natural Sciences, 2020, 25(2): 155-161. [Google Scholar]
  11. Lamport L. Password authentication with insecure communication[J]. Communications of the ACM, 1981, 24(11): 770-772. [CrossRef] [Google Scholar]
  12. Hwang M S, Li L H. A new remote user authentication scheme using smart cards[J]. IEEE Transactions on Consumer Electronics, 2000, 46(1): 28-30. [CrossRef] [Google Scholar]
  13. Jeong J, Chung M Y, Choo H. Integrated OTP-based user authentication scheme using smart cards in home networks[C]//Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008). New York: IEEE, 2008: 294-294. [Google Scholar]
  14. Shuai M X, Yu N H, Wang H X, et al. Anonymous authentication scheme for smart home environment with provable security[J]. Computers & Security, 2019, 86: 132-146. [Google Scholar]
  15. Xu M, Dong Q, Zhou M, et al. Security analysis on "anonymous authentication scheme for smart home environment with provable security"[J]. Wireless Communications and Mobile Computing, 2020, 2020: 1-4. [CrossRef] [Google Scholar]
  16. Kaur D, Kumar D. Cryptanalysis and improvement of a two-factor user authentication scheme for smart home[J]. Journal of Information Security and Applications, 2021, 58: 102787. [CrossRef] [Google Scholar]
  17. Yu S, Jho N, Park Y. Lightweight three-factor-based privacy-preserving authentication scheme for IoT-enabled smart homes[J]. IEEE Access, 2021, 9: 126186-126197. [NASA ADS] [CrossRef] [Google Scholar]
  18. Nyangaresi V O. Lightweight anonymous authentication protocol for resource-constrained smart home devices based on elliptic curve cryptography[J]. Journal of Systems Architecture, 2022, 133: 102763. [CrossRef] [Google Scholar]
  19. Xia Y D, Qi R X, Ji S, et al. PUF-assisted lightweight group authentication and key agreement protocol in smart home[J]. Wireless Communications and Mobile Computing, 2022, 2022: 1-15. [CrossRef] [Google Scholar]
  20. Zou S H, Cao Q, Wang C Y, et al. A robust two-factor user authentication scheme-based ECC for smart home in IoT[J]. IEEE Systems Journal, 2021, 16(3): 4938-4949. [Google Scholar]

All Tables

Table 1

Symbols and definition

Table 2

Consumption times of different schemes

Table 3

Computational cost of the schemes

Table 4

Security features comparisons

All Figures

thumbnail Fig. 1

User registration phase

In the text
thumbnail Fig. 2

Smart device registration phase

In the text
thumbnail Fig. 3

Login and authentication phase

In the text

Current usage metrics show cumulative count of Article Views (full-text article views including HTML views, PDF and ePub downloads, according to the available data) and Abstracts Views on Vision4Press platform.

Data correspond to usage on the plateform after 2015. The current usage metrics is available 48-96 hours after online publication and is updated daily on week days.

Initial download of the metrics may take a while.