Next Article in Journal
Performance of Strengthened, Reinforced Concrete Shear Walls with Opening
Next Article in Special Issue
A Novel Edge-Computing-Based Framework for an Intelligent Smart Healthcare System in Smart Cities
Previous Article in Journal
A Scoping Review of the Relationship of Big Data Analytics with Context-Based Fake News Detection on Digital Media in Data Age
Previous Article in Special Issue
Lattice-Based Verifiably Encrypted Signature Scheme without Gaussian Sampling for Privacy Protection in Blockchain
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Sustainability
Volume 14
Issue 21
10.3390/su142114367
Review Report
sustainability-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Provable Secure Authentication Protocol in Fog-Enabled Smart Home Environment

Sustainability 2022, 14(21), 14367; https://doi.org/10.3390/su142114367
by Qi Xie *, Jinming Han and Zixuan Ding
Reviewer 1: Anonymous
Sustainability 2022, 14(21), 14367; https://doi.org/10.3390/su142114367
Submission received: 30 September 2022 / Revised: 26 October 2022 / Accepted: 29 October 2022 / Published: 2 November 2022
(This article belongs to the Special Issue Sustainable Cybersecurity: Information Technology and Education)

Round 1

Reviewer 1 Report

1.        The structure of the paper is good. First, the introduction presents the theme briefly. Then, the paper has a literature review section and a problem description section.

2.        The objective and contribution could be written more clearly in the introduction section.

3.        The literature analysis presented in the paper can be improved. It was prepared briefly and does not take into account all the aspects relevant to the scope of research included in the article.

4.        I propose to include articles from the MDPI publishing house in the literature analysis.

5.        The literature review could show the contribution of the paper. However, it is not clear what the paper's main contribution is.

6.        Literature research should take into account all aspects relevant to the research topic.

7.        The conclusions were not supported by the research results.

Author Response

Revision Statement

Dear Editor,

Thank you for your letter and for the reviewers’ comments concerning our manuscript entitled “Provable secure authentication protocol in fog-enabled smart home environment”(Manuscript ID: sustainability-1973635). Those comments are valuable and very helpful for improving our paper. We have studied comments carefully and have made corrections as follows.

 

Reviewer 1

  1. The structure of the paper is good. First, the introduction presents the theme briefly. Then, the paper has a literature review section and a problem description section.

Response: Thank you for your comments.

  1. The objective and contribution could be written more clearly in the introduction section.

Response: Thank you very much for your good suggestions. We've described the motivation and contribution more clearly as follows, please refer to Section 1.1.

 According to the analysis of the existing protocols for smart home, we found that most of them have one or more security flaws, which cannot achieve perfect forward secrecy, privacy protection, etc. Especially, almost all the existing protocols for smart home cannot resist gateway compromised attacks, the adversary can not only know user’s identity, but also launch impersonation attacks. How to design a provable secure authentication protocol avoids all known attacks including gateway compromised attack for smart home is a challenge. The contributions of this paper are as follows:

1)We pointed out that Guo et al.’s protocol in fog-enabled smart home is vulnerable to smart gateway compromised attack, desynchronization attack, mobile device lost/stolen attack and it is traceability and has no perfect forward secrecy.

2)We propose the first secure and privacy-preserving authentication protocol in fog-enabled smart home avoids gateway compromised attack. We adopt Physical Unclonable Function (PUF) to resist gateway compromised attack, and adopt Elliptic Curve Diffie–Hellman Key Exchange Protocol (ECDH) to achieve perfect forward secrecy, and redesign the process to provide privacy- preserving and makes it resistant to desynchronization attack and mobile device lost/stolen attack.

3) We prove the security of the proposed protocol formally under the random oracle model. According to the comparisons with some related protocols, the proposed protocol has better security and transmission efficiency with the same computation cost level.

 

  1. The literature analysis presented in the paper can be improved. It was prepared briefly and does not take into account all the aspects relevant to the scope of research included in the article.

Response: Thank you very much for your valuable comments. We have re-edited the literature analysis. Considering the importance of protocol security, privacy protection and perfect forward security, and the significant hidden danger of the gateway compromised attack to the system, we use PUF and ECDH to resist the gateway compromised attack and maintain perfect forward secrecy, respectively. Therefore, we analyzed some literatures from multiple aspects, including  smart home, fog-computing, authentication protocol, security, privacy- preserving, perfect forward secrecy, and PUF. Please refer to Section 1.

 

  1. I propose to include articles from the MDPI publishing house in the literature analysis.

Response: Thank you very much for your good suggestion. We have added literature analysis of MDPI articles: [7][8][9][10][22][28][29][23].

 

  1. The literature review could show the contribution of the paper. However, it is not clear what the paper's main contribution is.

Response: Thank you very much for your valuable comments. We have condensed the main contributions of our paper as follows:

1)We pointed out that Guo et al.’s protocol in fog-enabled smart home is vulnerable to smart gateway compromised attack, desynchronization attack, mobile device lost/stolen attack and it is traceability and has no perfect forward secrecy.

2)We propose the first secure and privacy-preserving authentication protocol in fog-enabled smart home avoids gateway compromised attack. We adopt Physical Unclonable Function (PUF) to resist gateway compromised attack, and adopt Elliptic Curve Diffie–Hellman Key Exchange Protocol (ECDH) to achieve perfect forward secrecy, and redesign the process to provide privacy- preserving and makes it resistant to desynchronization attack and mobile device lost/stolen attack.

3) We prove the security of the proposed protocol formally under the random oracle model. According to the comparisons with some related protocols, the proposed protocol has better security and transmission efficiency with the same computation cost level.

 

  1. Literature research should take into account all aspects relevant to the research topic.

Response: Thank you very much for your valuable comments. We've re-edited the literature research in Section I to introduce the researches about smart home, fog computing, PUF, the security of protocols, etc. Please refer to Section 1.

 

  1. The conclusions were not supported by the research results.

Response: Thank you very much for your valuable comments. We've re-edited the conclusions as follows, please refer to Section 9.

In this paper, we first pointed out that many existing authentication protocols for smart home have one or more security flaws, and further showed that almost all this type of protocols may suffer from gateway compromised attacks. Then we described that Guo et al.'s protocol in fog-enabled smart home is vulnerable to smart gateway compromised attack, desynchronization attack, mobile device lost/stolen attack and has no perfect forward secrecy and untraceability. To overcome the shortcomings of Guo et al.'s protocol, we adopt PUF to resist gateway compromised attack, and adopt ECDH to achieve perfect forward secrecy, and propose a secure and privacy-preserving authentication protocol avoids gateway compromised attack in fog-enabled smart home, and formally prove the security of the proposed protocol under random oracle model. Finally, we compare our protocol with some related protocols, the proposed protocol has better security and transmission efficiency with the same computation cost level.

 

Reviewer 2

I have gone through the manuscript “Provable secure authentication protocol in fog-enabled smart home environment”. The manuscript described the use of secure authentication protocol for smart home environment. There are many flaws in the manuscript. It needs major revision before final acceptance.

My concerns are given below:

 

Ø  Significance of study is missing and need to add in manuscript.

Response: Thank you very much for your valuable comments. We revised the Section 1 as follows:

We introduced the fog-computing and why use fog-computing in smart home, and pointed out that the security and privacy-preserving authentication protocol plays an important role for accessing the smart home. Then we analyzed some existing protocols for smart home, and showed that these protocols have one or more security flaws, and further pointed out that almost all existing this type of protocols may suffer from gateway compromised attack, and showed how to design a provable secure authentication protocol avoids gateway compromised attack for smart home is a challenge. After that, we presented the motivation and contribution more clearly.

 

Ø  The abstract is too general and need to update with specific information

Response: Thank you very much for your valuable comments. We have revised abstract as follows.

Abstract: People can access and obtain services from smart home devices conveniently through fog-enabled smart home environments, and the security and privacy-preserving authentication protocol plays an important role. However, many proposed protocols have one or more security flaws. Especially, almost all the existing protocols for smart home cannot resist gateway compromised attacks, the adversary can not only know user’s identity, but also launch impersonation attacks. How to design a provable secure authentication protocol avoids all known attacks for smart home is a challenge. Recently Guo et al. proposed an authentication scheme based on symmetric polynomials in the fog-enabled smart home environment. However, we found that their scheme suffers from gateway compromised attack, desynchronization attack, mobile device loss/stolen attack, and has no untraceability and perfect forward secrecy. Therefore, we adopt Physical Unclonable Function (PUF) to resist gateway compromised attack, and adopt Elliptic Curve Diffie–Hellman Key Exchange Protocol (ECDH) to achieve perfect forward secrecy, and propose a secure and privacy-preserving authentication protocol, which is provable secure under the random oracle model. According to the comparisons with some related protocols, the proposed protocol has better security and transmission efficiency with the same computation cost level.

 

Ø  Reference are inadequate and need to add some recent literature related to their study

Response: Thank you very much for your good suggestion. We have added 9 recent literatures: [6] [7][8][9] [10] [22][23][28][29].

 

Ø  Figures are not clear and need to add high resolution image

Response: Thank you very much for your valuable comments. We have revised them.

Ø  More detail discussion is required on the results.

Response: Thank you very much for your valuable comments. We have added comparison details of all related protocols, please refer to Section 8.

 

Ø  Authors have taken one study of Guo et al. and compare their study with him. It would useful to compare with multiple studies

Response: Thank you very much for your valuable comments. We selected some related protocols, such as Shuai et al., Kaur et al., Wazid et al., Guo et al. to compare with our scheme in terms of security properties and performance costs, and described all details.

 

Ø  Bench mark table should be added by giving the compression of current study with literature

Response: Thank you very much for your good suggestions. Examine the quality of a cryptographic protocol, safety is the first priority, and then efficiency. That is to say, efficiency is considered on the premise of ensuring safety first. All security properties are the bench mark table as Table 2. Tables 5 and 6 are the performance costs of related protocols.

 

Ø  Authors need to add detail of tests that have been performed for proposed protocol

Response: Thank you very much for your valuable comments. We have revised the Section 8 as follows.

 In terms of computing consumption, we have introduced the computing chip model of the simulated device, and given the statistical method and computing consumption of important algorithms. In terms of communication consumption, we have provided the size of the main parameters such as random number, identity, timestamp, hash, MAC, symmetric encryption block, and the point of ECC, and give the number of communication and the detailed consumption of each communication. In addition, we discussed the reasons for the defects of related protocols and calculated the details of the overhead. The persuasiveness of the conclusion is enhanced.

 

Ø  Conclusion section is not appropriate and should be revised with clear findings by giving numeric values

Response: Thank you very much for your valuable comments. Because Tables 5 and 6 described all numeric values. In addition, efficiency is considered on the premise of ensuring safety first, and our protocol can resist all known attacks and has better transmission efficiency with the same computation cost level. So, we re-edited the conclusions as follows:

In this paper, we first pointed out that many existing authentication protocols for smart home have one or more security flaws, and further showed that almost all this type of protocols may suffer from gateway compromised attacks. Then we described that Guo et al.'s protocol in fog-enabled smart home is vulnerable to smart gateway compromised attack, desynchronization attack, mobile device lost/stolen attack and has no perfect forward secrecy and untraceability. To overcome the shortcomings of Guo et al.'s protocol, we adopt PUF to resist gateway compromised attack, and adopt ECDH to achieve perfect forward secrecy, and propose a secure and privacy-preserving authentication protocol avoids gateway compromised attack in fog-enabled smart home, and formally prove the security of the proposed protocol under random oracle model. Finally, we compare our protocol with some related protocols, the proposed protocol has better security and transmission efficiency with the same computation cost level.

 

Thanks again for your good comments and suggestions. We hope the Editors and Reviewers will be satisfied with the revisions for the original manuscript.

 

Yours sincerely,

 

Qi XIE

Reviewer 2 Report

 

I have gone through the manuscript “Provable secure authentication protocol in fog-enabled smart home environment”. The manuscript described the use of secure authentication protocol for smart home environment. There are many flaws in the manuscript. It needs major revision before final acceptance.

My concerns are given below:

 

Ø  Significance of study is missing and need to add in manuscript.

Ø  The abstract is too general and need to update with specific information

Ø  Reference are inadequate and need to add some recent literature related to their study

Ø  Figures are not clear and need to add high resolution image

Ø  More detail discussion is required on the results.

Ø  Authors have taken one study of Guo et al. and compare their study with him. It would useful to compare with multiple studies

Ø  Bench mark table should be added by giving the compression of current study with literature

Ø

 

Ø  Authors need to add detail of tests that have been performed for proposed protocol

 

Ø  Conclusion section is not appropriate and should be revised with clear findings by giving numeric values

Author Response

Revision Statement

Dear Editor,

Thank you for your letter and for the reviewers’ comments concerning our manuscript entitled “Provable secure authentication protocol in fog-enabled smart home environment”(Manuscript ID: sustainability-1973635). Those comments are valuable and very helpful for improving our paper. We have studied comments carefully and have made corrections as follows.

 

Reviewer 1

  1. The structure of the paper is good. First, the introduction presents the theme briefly. Then, the paper has a literature review section and a problem description section.

Response: Thank you for your comments.

  1. The objective and contribution could be written more clearly in the introduction section.

Response: Thank you very much for your good suggestions. We've described the motivation and contribution more clearly as follows, please refer to Section 1.1.

 According to the analysis of the existing protocols for smart home, we found that most of them have one or more security flaws, which cannot achieve perfect forward secrecy, privacy protection, etc. Especially, almost all the existing protocols for smart home cannot resist gateway compromised attacks, the adversary can not only know user’s identity, but also launch impersonation attacks. How to design a provable secure authentication protocol avoids all known attacks including gateway compromised attack for smart home is a challenge. The contributions of this paper are as follows:

1)We pointed out that Guo et al.’s protocol in fog-enabled smart home is vulnerable to smart gateway compromised attack, desynchronization attack, mobile device lost/stolen attack and it is traceability and has no perfect forward secrecy.

2)We propose the first secure and privacy-preserving authentication protocol in fog-enabled smart home avoids gateway compromised attack. We adopt Physical Unclonable Function (PUF) to resist gateway compromised attack, and adopt Elliptic Curve Diffie–Hellman Key Exchange Protocol (ECDH) to achieve perfect forward secrecy, and redesign the process to provide privacy- preserving and makes it resistant to desynchronization attack and mobile device lost/stolen attack.

3) We prove the security of the proposed protocol formally under the random oracle model. According to the comparisons with some related protocols, the proposed protocol has better security and transmission efficiency with the same computation cost level.

 

  1. The literature analysis presented in the paper can be improved. It was prepared briefly and does not take into account all the aspects relevant to the scope of research included in the article.

Response: Thank you very much for your valuable comments. We have re-edited the literature analysis. Considering the importance of protocol security, privacy protection and perfect forward security, and the significant hidden danger of the gateway compromised attack to the system, we use PUF and ECDH to resist the gateway compromised attack and maintain perfect forward secrecy, respectively. Therefore, we analyzed some literatures from multiple aspects, including  smart home, fog-computing, authentication protocol, security, privacy- preserving, perfect forward secrecy, and PUF. Please refer to Section 1.

 

  1. I propose to include articles from the MDPI publishing house in the literature analysis.

Response: Thank you very much for your good suggestion. We have added literature analysis of MDPI articles: [7][8][9][10][22][28][29][23].

 

  1. The literature review could show the contribution of the paper. However, it is not clear what the paper's main contribution is.

Response: Thank you very much for your valuable comments. We have condensed the main contributions of our paper as follows:

1)We pointed out that Guo et al.’s protocol in fog-enabled smart home is vulnerable to smart gateway compromised attack, desynchronization attack, mobile device lost/stolen attack and it is traceability and has no perfect forward secrecy.

2)We propose the first secure and privacy-preserving authentication protocol in fog-enabled smart home avoids gateway compromised attack. We adopt Physical Unclonable Function (PUF) to resist gateway compromised attack, and adopt Elliptic Curve Diffie–Hellman Key Exchange Protocol (ECDH) to achieve perfect forward secrecy, and redesign the process to provide privacy- preserving and makes it resistant to desynchronization attack and mobile device lost/stolen attack.

3) We prove the security of the proposed protocol formally under the random oracle model. According to the comparisons with some related protocols, the proposed protocol has better security and transmission efficiency with the same computation cost level.

 

  1. Literature research should take into account all aspects relevant to the research topic.

Response: Thank you very much for your valuable comments. We've re-edited the literature research in Section I to introduce the researches about smart home, fog computing, PUF, the security of protocols, etc. Please refer to Section 1.

 

  1. The conclusions were not supported by the research results.

Response: Thank you very much for your valuable comments. We've re-edited the conclusions as follows, please refer to Section 9.

In this paper, we first pointed out that many existing authentication protocols for smart home have one or more security flaws, and further showed that almost all this type of protocols may suffer from gateway compromised attacks. Then we described that Guo et al.'s protocol in fog-enabled smart home is vulnerable to smart gateway compromised attack, desynchronization attack, mobile device lost/stolen attack and has no perfect forward secrecy and untraceability. To overcome the shortcomings of Guo et al.'s protocol, we adopt PUF to resist gateway compromised attack, and adopt ECDH to achieve perfect forward secrecy, and propose a secure and privacy-preserving authentication protocol avoids gateway compromised attack in fog-enabled smart home, and formally prove the security of the proposed protocol under random oracle model. Finally, we compare our protocol with some related protocols, the proposed protocol has better security and transmission efficiency with the same computation cost level.

 

Reviewer 2

I have gone through the manuscript “Provable secure authentication protocol in fog-enabled smart home environment”. The manuscript described the use of secure authentication protocol for smart home environment. There are many flaws in the manuscript. It needs major revision before final acceptance.

My concerns are given below:

 

Ø  Significance of study is missing and need to add in manuscript.

Response: Thank you very much for your valuable comments. We revised the Section 1 as follows:

We introduced the fog-computing and why use fog-computing in smart home, and pointed out that the security and privacy-preserving authentication protocol plays an important role for accessing the smart home. Then we analyzed some existing protocols for smart home, and showed that these protocols have one or more security flaws, and further pointed out that almost all existing this type of protocols may suffer from gateway compromised attack, and showed how to design a provable secure authentication protocol avoids gateway compromised attack for smart home is a challenge. After that, we presented the motivation and contribution more clearly.

 

Ø  The abstract is too general and need to update with specific information

Response: Thank you very much for your valuable comments. We have revised abstract as follows.

Abstract: People can access and obtain services from smart home devices conveniently through fog-enabled smart home environments, and the security and privacy-preserving authentication protocol plays an important role. However, many proposed protocols have one or more security flaws. Especially, almost all the existing protocols for smart home cannot resist gateway compromised attacks, the adversary can not only know user’s identity, but also launch impersonation attacks. How to design a provable secure authentication protocol avoids all known attacks for smart home is a challenge. Recently Guo et al. proposed an authentication scheme based on symmetric polynomials in the fog-enabled smart home environment. However, we found that their scheme suffers from gateway compromised attack, desynchronization attack, mobile device loss/stolen attack, and has no untraceability and perfect forward secrecy. Therefore, we adopt Physical Unclonable Function (PUF) to resist gateway compromised attack, and adopt Elliptic Curve Diffie–Hellman Key Exchange Protocol (ECDH) to achieve perfect forward secrecy, and propose a secure and privacy-preserving authentication protocol, which is provable secure under the random oracle model. According to the comparisons with some related protocols, the proposed protocol has better security and transmission efficiency with the same computation cost level.

 

Ø  Reference are inadequate and need to add some recent literature related to their study

Response: Thank you very much for your good suggestion. We have added 9 recent literatures: [6] [7][8][9] [10] [22][23][28][29].

 

Ø  Figures are not clear and need to add high resolution image

Response: Thank you very much for your valuable comments. We have revised them.

Ø  More detail discussion is required on the results.

Response: Thank you very much for your valuable comments. We have added comparison details of all related protocols, please refer to Section 8.

 

Ø  Authors have taken one study of Guo et al. and compare their study with him. It would useful to compare with multiple studies

Response: Thank you very much for your valuable comments. We selected some related protocols, such as Shuai et al., Kaur et al., Wazid et al., Guo et al. to compare with our scheme in terms of security properties and performance costs, and described all details.

 

Ø  Bench mark table should be added by giving the compression of current study with literature

Response: Thank you very much for your good suggestions. Examine the quality of a cryptographic protocol, safety is the first priority, and then efficiency. That is to say, efficiency is considered on the premise of ensuring safety first. All security properties are the bench mark table as Table 2. Tables 5 and 6 are the performance costs of related protocols.

 

Ø  Authors need to add detail of tests that have been performed for proposed protocol

Response: Thank you very much for your valuable comments. We have revised the Section 8 as follows.

 In terms of computing consumption, we have introduced the computing chip model of the simulated device, and given the statistical method and computing consumption of important algorithms. In terms of communication consumption, we have provided the size of the main parameters such as random number, identity, timestamp, hash, MAC, symmetric encryption block, and the point of ECC, and give the number of communication and the detailed consumption of each communication. In addition, we discussed the reasons for the defects of related protocols and calculated the details of the overhead. The persuasiveness of the conclusion is enhanced.

 

Ø  Conclusion section is not appropriate and should be revised with clear findings by giving numeric values

Response: Thank you very much for your valuable comments. Because Tables 5 and 6 described all numeric values. In addition, efficiency is considered on the premise of ensuring safety first, and our protocol can resist all known attacks and has better transmission efficiency with the same computation cost level. So, we re-edited the conclusions as follows:

In this paper, we first pointed out that many existing authentication protocols for smart home have one or more security flaws, and further showed that almost all this type of protocols may suffer from gateway compromised attacks. Then we described that Guo et al.'s protocol in fog-enabled smart home is vulnerable to smart gateway compromised attack, desynchronization attack, mobile device lost/stolen attack and has no perfect forward secrecy and untraceability. To overcome the shortcomings of Guo et al.'s protocol, we adopt PUF to resist gateway compromised attack, and adopt ECDH to achieve perfect forward secrecy, and propose a secure and privacy-preserving authentication protocol avoids gateway compromised attack in fog-enabled smart home, and formally prove the security of the proposed protocol under random oracle model. Finally, we compare our protocol with some related protocols, the proposed protocol has better security and transmission efficiency with the same computation cost level.

 

Thanks again for your good comments and suggestions. We hope the Editors and Reviewers will be satisfied with the revisions for the original manuscript.

 

Yours sincerely,

 

Qi XIE

Round 2

Reviewer 1 Report

The manuscript is revised according to my comments.

Reviewer 2 Report

The changes are satisfactory, therefore I recommend this article for publication

Back to TopTop