LR-AKAP: A Lightweight and Robust Security Protocol for Smart Home Environments
Abstract
:1. Introduction
2. Motivations and Contributions
- We suggested an authentication protocol based on a symmetric key to protect the user–smart device connection. The system was created using a mobile device, biometrics, and a password.
- The security of the proposed work was analyzed by using an automated security tool AVISPA.
- The analysis showed that the suggested system could withstand known attacks and offered an excellent balance between security and effectiveness.
- The computation cost of the proposed protocol was less than that of the protocols with the smart devices as they were resource-constrained and had limited computational power.
- The proposed protocol evaded the clock synchronization issue in timestamp-based two-way authentication protocols.
- Our presented protocol was compared to others in a similar field, showing that the proposed protocol was better in terms of security and performance analysis.
3. Related Work
4. Proposed Protocol
4.1. Assumptions
- The is trusted and there is no energy restriction. Nevertheless, the sensor nodes (smart devices) are powered by batteries, and they have very limited resources [35].
- An may inaugurate only external attacks by employing powerful devices [36].
- The is under the user’s possession, and any wicked intruder cannot control it [37].
4.2. Adversarial Model
- 1.
- 2.
- Public/open channel communication fully controlled by the T.
- 3.
- can detain, retransmit, and modify the old message. can also cease or transmit a forged message.
- 4.
- 5.
- Any insider/privileged user or outsider can attempt to violate the privacy and security of the system.
- 6.
- The private key of the cannot be compromized.
4.3. Entities Involved in the Proposed Protocol
4.4. Proposed Protocol Processes
4.4.1. Initialization Process
4.4.2. Smart Device Enrolment Process
4.4.3. Gateway Node Enrollment Process
4.4.4. User Enrollment Process
- Step 1.
- picks and and computes and sends to the .
- Step 2.
- generates , and calculates . Save tuple in own database. Send , to through private channel.
- Step 3.
- On getting , computes , , , . replaces with in .
4.4.5. Login and Authentication Process
- Step 1.
- Insert SC and input . Calculate and check whether ; if true, further compute . chooses and and computes , , , . Sends to by public channel.
- Step 2.
- First of all, verifies the timeliness of the timestamp by inspecting the condition , if so, searches in database, if it exists, then fetches related and computes and checks if , and if true, then selects and , replaces the with , and computes , , , , . Sends message to through public channel. Also sends back to via open channel.
- Step 3.
- gets the from and checks if , if true, computes , created timestamp , and computed , . At the end, send message to the message to via open/insecure channel.
- Step 4.
- verifies the freshness of by examining the condition . If true, it selects and , checks if if true, then computes , , , , . At the end, sends the message to by public/insecure channel.
- Step 5.
- examines the freshness of the message by inspecting the condition , and if the condition is true, selects timestamp and sends the to via open channel.
- Step 6.
- Upon getting the , validates message freshness through condition . If true, compute , replace with , , . , if true, the session key is saved for secure communication.
4.4.6. Biometric and Password Update Process
- Step 1.
- User will be prompted to enter a new password biometric .
- Step 2.
- will compute , , , .
- Step 3.
- Finally, will replace with .
5. Security Analysis
5.1. Informal Security Analysis
5.1.1. Replay Attack
5.1.2. Session Key Freshness Property
5.1.3. User Anonymity and Untraceability
5.1.4. Smart Card Stolen Attack
5.1.5. Impersonation Attack
5.1.6. Man-in-the-Middle Attack
5.1.7. Perfect Forward Secrecy
5.2. AVISPA Tool Based Automated Formal Security Analysis
5.2.1. AVISPA Model Checkers
- On-the-fly model checker (OFMC): OFMC uses lazy data types to develop an efficient on-the-fly model for security protocols with limitless state spaces.
- Constraint-logic-based attack searcher (CL-AtSe): The input of (CL-AtSe) is a protocol stated as a set of restrictions that help identify security protocol assaults in the form of a collection of rewriting rules (IF format).
- SAT-based model checker (SATMC): Depending on the transitional state of the IF specification, creates a propositional formula. According to the propositional formula, every violation of security that might result in an attack is considered.
- “Tree automata-based on automatic approximations for the analysis of security protocols“ (TA4SP) model checker: By accurately estimating the attacker’s capabilities, it exposes the protocol’s weakness and predicts its accuracy.
5.2.2. AVISPA Simulation Steps
- Firstly, the scheme was implemented through High-Level Protocols Specification Language (HLPSL) [33], next, the HLPSL2IF translator was employed to interpret HLPSL into Intermediate Format (IF).
5.2.3. Simulation Details
5.2.4. Simulation Result
6. Comparative Analysis
6.1. Functionality Comparison
6.2. Comparison of Communication Overhead
6.3. Computation Overhead Comparison
7. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Acknowledgments
Conflicts of Interest
References
- Hong, A.; Nam, C.; Kim, S. What will be the possible barriers to consumers’ adoption of smart home services? Telecommun. Policy 2020, 44, 101867. [Google Scholar] [CrossRef]
- Aman, A.H.M.; Hassan, W.H.; Sameen, S.; Attarbashi, Z.S.; Alizadeh, M.; Latiff, L.A. Iomt amid COVID-19 pandemic: Application, architecture, technology, and security. J. Netw. Comput. Appl. 2020, 174, 102886. [Google Scholar] [CrossRef] [PubMed]
- Aman, A.H.M.; Yadegaridehkordi, E.; Attarbashi, Z.S.; Hassan, R.; Park, Y.-J. A Survey on Trend and Classification of Internet of Things Reviews. IEEE Access 2020, 8, 111763–111782. [Google Scholar] [CrossRef]
- Hassan, R.; Qamar, F.; Hasan, M.K.; Aman, A.H.M.; Ahmed, A.S. Internet of Things and Its Applications: A Comprehensive Survey. Symmetry 2020, 12, 1674. [Google Scholar] [CrossRef]
- Sadeq, A.S.; Hassan, R.; Aman, A.H.M.; Sallehudin, H.; Allehaibi, K.; Albogami, N.; Prabuwono, A.S. MAC protocol with grouping awareness GMAC for large scale Internet-of-Things network. PeerJ Comput. Sci. 2021, 7, e733. [Google Scholar] [CrossRef]
- Aman, A.H.M.; Shaari, N.; Ibrahim, R. Internet of things energy system: Smart applications, technology advancement, and open issues. Int. J. Energy Res. 2021, 45, 8389–8419. [Google Scholar] [CrossRef]
- Bringhenti, D.; Valenza, F.; Basile, C. Toward Cybersecurity Personalization in Smart Homes. IEEE Secur. Priv. 2022, 20, 45–53. [Google Scholar] [CrossRef]
- Reig, S.; Fong, T.; Forlizzi, J.; Steinfeld, A. Theory and Design Considerations for the User Experience of Smart Environments. IEEE Trans. Hum.-Mach. Syst. 2022, 52, 522–535. [Google Scholar] [CrossRef]
- Pathy, B.; Sujatha, R. IoT Enabled Smart Connected Homes and Its Social Graces. In Internet of Things and Its Applications; Springer: Cham, Switzerland, 2022; pp. 477–496. [Google Scholar] [CrossRef]
- Zhang, S.; Rong, J.; Wang, B. A privacy protection scheme of smart meter for decentralized smart home environment based on consortium blockchain. Int. J. Electr. Power Energy Syst. 2020, 121, 106140. [Google Scholar] [CrossRef]
- Aubel, P.V.; Poll, E. Smart metering in the netherlands: What, how, and why. Int. J. Electr. Power Energy Syst. 2019, 109, 719–725. [Google Scholar] [CrossRef]
- Jin, M.; Jia, R.; Spanos, C.J. Virtual Occupancy Sensing: Using Smart Meters to Indicate Your Presence. IEEE Trans. Mob. Comput. 2017, 16, 3264–3277. [Google Scholar] [CrossRef]
- Jin, M.; Bekiaris-Liberis, N.; Weekly, K.; Spanos, C.J.; Bayen, A.M. Occupancy detection via environmental sensing. IEEE Trans. Autom. Sci. Eng. 2018, 15, 443–455. [Google Scholar] [CrossRef]
- Taccardi, B.; Rametta, P.; Carcagnì, P.; Leo, M.; Distante, C.; Patrono, L. An innovative AAL system based on neural networks and IoT-aware technologies to improve the quality of life in elderly people. Int. J. Intell. Syst. Technol. Appl. 2020, 19, 589–617. [Google Scholar] [CrossRef]
- Smys, S. A Survey on Internet of Things (IoT) based Smart Systems. J. ISMAC 2020, 2, 181–189. [Google Scholar] [CrossRef]
- Oliveira, R.N.; Roth, V.; Henzen, A.F.; Simao, J.M.; Nohama, P.; Wille, E.C.G. Notification Oriented Paradigm Applied to Ambient Assisted Living Tool. IEEE Lat. Am. Trans. 2018, 16, 647–653. [Google Scholar] [CrossRef]
- Dolev, D.; Yao, A. On the security of public key protocols. IEEE Trans. Inf. Theory 1983, 29, 198–208. [Google Scholar] [CrossRef]
- Eisenbarth, T.; Kasper, T.; Moradi, A.; Paar, C.; Salmasizadeh, M.; Shalmani, M.T.M. On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme. In Advances in Cryptology—CRYPTO 2008; Lecture Notes in Computer Science; Wagner, D., Ed.; Springer: Berlin/Heidelberg, Germany, 2008; pp. 203–220. [Google Scholar] [CrossRef]
- Yang, W.-H.; Shieh, S.-P. Password authentication schemes with smart cards. Comput. Secur. 1999, 18, 727–733. [Google Scholar] [CrossRef]
- Hölbl, M.; Welzer, T.; Brumen, B. An improved two-party identity-based authenticated key agreement protocol using pairings. J. Comput. Syst. Sci. 2012, 78, 142–150. [Google Scholar] [CrossRef] [Green Version]
- Kocher, P.; Jaffe, J.; Jun, B. Differential power analysis. In Advances in Cryptology—CRYPTO’ 99; Wiener, M., Ed.; Springer: Berlin/Heidelberg, Germany, 1999; pp. 388–397. [Google Scholar]
- Messerges, T.; Dabbish, E.; Sloan, R. Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 2002, 51, 541–552. [Google Scholar] [CrossRef]
- Banerjee, S.; Odelu, V.; Das, A.K.; Chattopadhyay, S.; Park, Y. An Efficient, Anonymous and Robust Authentication Scheme for Smart Home Environments. Sensors 2020, 20, 1215. [Google Scholar] [CrossRef]
- Farayez, A.; Reaz, M.B.I.; Arsad, N. SPADE: Activity Prediction in Smart Homes Using Prefix Tree Based Context Generation. IEEE Access 2018, 7, 5492–5501. [Google Scholar] [CrossRef]
- Shakeri, M.; Shayestegan, M.; Abunima, H.; Reza, S.S.; Akhtaruzzaman, M.; Alamoud, A.; Sopian, K.; Amin, N. An intelligent system architecture in home energy management systems (HEMS) for efficient demand response in smart grid. Energy Build. 2017, 138, 154–164. [Google Scholar] [CrossRef]
- Sciancalepore, S.; Piro, G.; Boggia, G.; Bianchi, G. Public Key Authentication and Key Agreement in IoT Devices With Minimal Airtime Consumption. IEEE Embed. Syst. Lett. 2016, 9, 1–4. [Google Scholar] [CrossRef]
- Hasan, M.K.; Shafiq, M.; Islam, S.; Pandey, B.; El-Ebiary, Y.A.B.; Nafi, N.S.; Rodriguez, R.C.; Vargas, D.E. Lightweight Cryptographic Algorithms for Guessing Attack Protection in Complex Internet of Things Applications. Complexity 2021, 2021, 5540296. [Google Scholar] [CrossRef]
- Alshahrani, M.; Traore, I. Secure mutual authentication and automated access control for IoT smart home using cumulative Keyed-hash chain. J. Inf. Secur. Appl. 2019, 45, 156–175. [Google Scholar] [CrossRef]
- Dey, S.; Hossain, A. Session-Key Establishment and Authentication in a Smart Home Network Using Public Key Cryptography. IEEE Sens. Lett. 2019, 3, 7500204. [Google Scholar] [CrossRef]
- Kumar, P.; Gurtov, A.; Iinatti, J.; Ylianttila, M.; Sain, M. Lightweight and Secure Session-Key Establishment Scheme in Smart Home Environments. IEEE Sens. J. 2015, 16, 254–264. [Google Scholar] [CrossRef]
- Kumar, P.; Braeken, A.; Gurtov, A.; Iinatti, J.; Ha, P.H. Anonymous Secure Framework in Connected Smart Home Environments. IEEE Trans. Inf. Forensics Secur. 2017, 12, 968–979. [Google Scholar] [CrossRef] [Green Version]
- Gope, P.; Sikdar, B. Lightweight and Privacy-Preserving Two-Factor Authentication Scheme for IoT Devices. IEEE Internet Things J. 2018, 6, 580–589. [Google Scholar] [CrossRef]
- Wazid, M.; Das, A.K.; Odelu, V.; Kumar, N.; Susilo, W. Secure Remote User Authenticated Key Establishment Protocol for Smart Home Environment. IEEE Trans. Dependable Secur. Comput. 2017, 17, 391–406. [Google Scholar] [CrossRef]
- Shuai, M.; Yu, N.; Wang, H.; Xiong, L. Anonymous authentication scheme for smart home environment with provable security. Comput. Secur. 2019, 86, 132–146. [Google Scholar] [CrossRef]
- Lee, Y.S.; Lee, H.J.; Alasaarela, E. Mutual authentication in wireless body sensor networks (WBSN) based on Physical Unclonable Function (PUF). In Proceedings of the 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC), Sardinia, Italy, 1–5 July 2013; pp. 1314–1318. [Google Scholar] [CrossRef]
- Khernane, N.; Potop-Butucaru, M.; Chaudet, C. BANZKP: A secure authentication scheme using zero knowledge proof for WBANs. In Proceedings of the 2016 IEEE 13th International Conference on Mobile Ad Hoc and Sensor Systems (MASS), Brasilia, Brazil, 10–13 October 2016. [Google Scholar]
- Koya, A.M.; Deepthi, P.P. Anonymous hybrid mutual authentication and key agreement scheme for wireless body area network. Comput. Netw. 2018, 140, 138–151. [Google Scholar] [CrossRef]
- Armando, A.; Basin, D.; Boichut, Y.; Chevalier, Y.; Compagna, L.; Cuellar, J.; Drielsma, P.H.; Heám, P.C.; Kouchnarenko, O.; Mantovani, J.; et al. The AVISPA tool for the automated validation of internet security protocols and applications. In Computer Aided Verification; Springer: Berlin/Heidelberg, Germany, 2005; pp. 281–285. [Google Scholar] [CrossRef]
- Yu, B.; Li, H. Anonymous authentication key agreement scheme with pairing-based cryptography for home-based multi-sensor Internet of Things. Int. J. Distrib. Sens. Netw. 2019, 15, 1550147719879379. [Google Scholar] [CrossRef]
- Naoui, S.; Elhdhili, M.H.; Saidane, L.A. Novel smart home authentication protocol LRP-SHAP. In Proceedings of the 2019 IEEE Wireless Communications and Networking Conference (WCNC), Marrakesh, Morocco, 15–18 April 2019. [Google Scholar]
- Fakroon, M.; Alshahrani, M.; Gebali, F.; Traore, I. Secure remote anonymous user authentication scheme for smart home environment. Internet Things 2020, 9, 100158. [Google Scholar] [CrossRef]
- Eastlake, D., 3rd; Jones, P. US secure hash algorithm 1 (SHA1). RFC 2001, 3174, 1–22. [Google Scholar] [CrossRef]
- Turkanović, M.; Brumen, B.; Hölbl, M. A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion. Ad Hoc Netw. 2014, 20, 96–112. [Google Scholar] [CrossRef]
- Alotaibi, M. An Enhanced Symmetric Cryptosystem and Biometric-Based Anonymous User Authentication and Session Key Establishment Scheme for WSN. IEEE Access 2018, 6, 70072–70087. [Google Scholar] [CrossRef]
- Hussain, S.; Chaudhry, S.A.; Alomari, O.A.; Alsharif, M.H.; Khan, M.K.; Kumar, N. Amassing the Security: An ECC-Based Authentication Scheme for Internet of Drones. IEEE Syst. J. 2021, 15, 4431–4438. [Google Scholar] [CrossRef]
Symbols | Representations |
---|---|
users biometric and password, user’s identity | |
Temporary identity of a user | |
Smart sensor and its identity | |
Gateway node and its identity | |
Random numbers | |
Cryptographic one-way hash function | |
Current timestamps | |
Fuzzy extractor probabilistic generation and deterministic reproduction function | |
Maximum allowable transmission delay | |
Concatenation and bitwise XOR operators | |
An adversary, intruder, and privileged insider |
computes | |
in own database. | |
into memory. |
computes | |
in own database. | |
into memory. |
. | |
. | |
. | |
tuple in own DB. | |
, | |
, | |
, | |
. | |
. |
Insert SC, , Calculate , , , , , , , . | |||
in database. If exists, , . true, continue. | |||
, and compute , , , . | |||
, , , . | |||
, , , , . . | |||
, if true. , | |||
, , . | |||
[23] | [29] | [34] | [39] | [40] | [41] | Our | |
---|---|---|---|---|---|---|---|
Fua | ✓ | × | ✓ | ✓ | ✓ | ✓ | ✓ |
Fsna | ✓ | × | ✓ | ✓ | ✓ | ✓ | ✓ |
Fu | ✓ | × | ✓ | ✓ | ✓ | ✓ | ✓ |
Fpara | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Fsas | ✓ | × | ✓ | ✓ | ✓ | ✓ | ✓ |
Fra | ✓ | × | × | ✓ | × | × | ✓ |
Ffopga | ✓ | − | × | ✓ | × | × | ✓ |
Fsia | ✓ | − | × | ✓ | × | × | ✓ |
Fepd | × | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Frpca | ✓ | − | × | ✓ | × | ✓ | ✓ |
F3fa | ✓ | × | × | ✓ | × | × | ✓ |
Fpska | × | × | × | ✓ | × | ✓ | ✓ |
Fsgvvn | × | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Fsva | × | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Fuia | × | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Fgwn | × | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Fsdi | × | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Fgwnia | × | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Ffasv | ✓ | ✓ | ✓ | × | ✓ | ✓ | ✓ |
Protocol | # of Messages | # of Bytes |
---|---|---|
[23] | 4 | (68 + 40 + 56 + 72) = 236 |
[29] | 5 | (132 + 132 + 52 + 52 + 52) = 420 |
[34] | 4 | (132 + 64 + 40 + 68) = 304 |
[39] | 8 | (84 + 124 + 164 + 164) × 2 = 1072 |
[40] | 3 | (104 + 52 + 56) = 212 |
[41] | 4 | (100 + 52 + 52 + 84) = 288 |
Our | 6 | (76 + 112 + 16 + 72 + 60 + 44) = 380 |
Notation | Operation | Mobile Device | Gateway/TA | Smart Device |
---|---|---|---|---|
Hash function | 0.009 | 0.006 | ||
ECC multiplication | 5.116 | 0.926 | 4.107 | |
Symmetric enc/dec | 0.017 | 0.008 | 0.013 | |
bilinear pairing | 17.36 | 12.52 |
Protocol | Total Cost | ||||
---|---|---|---|---|---|
[23] | |||||
≈5.206 ms | − | ≈0.04 ms | ≈0.024 ms | ≈5.27 ms | |
[34] | |||||
≈5.17 ms | − | ≈5.114 ms | ≈0.018 ms | ≈10.302 ms | |
[39] | |||||
≈71.687 ms | − | ≈33.794 ms | ≈57.54 ms | ≈163.021 ms | |
[40] | |||||
≈10.391 ms | − | ≈1.936 ms | ≈0.019 ms | ≈12.346 ms | |
[41] | |||||
≈0.036 ms | − | ≈0.02 ms | ≈0.144 ms | ≈0.2 ms | |
[29] | |||||
≈10.319 ms | − | − | ≈8.271 ms | ≈18.59 ms | |
Our | |||||
5.152 ms | ≈0.024 ms | ≈0.012 ms | ≈0.036 ms | ≈5.224 ms |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Haseeb-ur-rehman, R.M.A.; Liaqat, M.; Aman, A.H.M.; Almazroi, A.A.; Hasan, M.K.; Ali, Z.; Ali, R.L. LR-AKAP: A Lightweight and Robust Security Protocol for Smart Home Environments. Sensors 2022, 22, 6902. https://doi.org/10.3390/s22186902
Haseeb-ur-rehman RMA, Liaqat M, Aman AHM, Almazroi AA, Hasan MK, Ali Z, Ali RL. LR-AKAP: A Lightweight and Robust Security Protocol for Smart Home Environments. Sensors. 2022; 22(18):6902. https://doi.org/10.3390/s22186902
Chicago/Turabian StyleHaseeb-ur-rehman, Rana Muhammad Abdul, Misbah Liaqat, Azana Hafizah Mohd Aman, Abdulwahab Ali Almazroi, Mohammad Kamrul Hasan, Zeeshan Ali, and Rana Liaqat Ali. 2022. "LR-AKAP: A Lightweight and Robust Security Protocol for Smart Home Environments" Sensors 22, no. 18: 6902. https://doi.org/10.3390/s22186902