Abstract
AbstractSmart homes are a special use-case of the IoT paradigm, which is becoming more and more important in our lives. Although sensors, devices and applications make our daily lives easier, they often collect our sensitive data, which may lead to security problems (e.g., hacked devices, botnets, etc.). In several cases, the appropriate security mechanisms are missing within the devices. Therefore, security measures have become a central topic in the field of IoT. The most essential requirements are secure user–device authentication and confidentiality of transferred sensitive data. Passwords are the most widely used factors in various areas, such as user authentication, key establishment, and also secret sharing. Password-based protocols that are resistant to typical threats, such as offline dictionary, man-in-the-middle and phishing attacks, generate new session keys. The major aim of these solutions is to guarantee high-level security, even if a user applies a single low-entropy human memorable password for all their accounts. We introduce a threshold and password-based, distributed, mutual authenticated key agreement with key confirmation protocol for a smart home environment. The proposed protocol is a scalable and robust scheme, which forces the adversary to corrupt $$l-1$$
l
-
1
smart home devices, where l is the threshold, in order to perform an offline dictionary attack. The protocol is designed to achieve password-only setting, and end-to-end security if the chosen IoT devices are also authenticated besides the user. We also provide a security analysis of the protocol in AVISPA. We apply the on-the-fly model checker and the constraint-logic-based attack searcher to perform protocol verification for bounded numbers of sessions. We show that the proposed protocol provides session key secrecy and mutual authentication of the user and the device manager. Since efficiency is a crucial aspect, we implemented our protocol to measure the computation and communication costs and demonstrate that our solution is appropriate and eligible for smart homes.
Publisher
Springer Science and Business Media LLC
Subject
Computer Networks and Communications,Safety, Risk, Reliability and Quality,Information Systems,Software
Reference68 articles.
1. Acar, T., Belenkiy, M., Küpcü, A.: Single password authentication. Comput. Netw. 57(13), 2597–2614 (2013)
2. Alladi, T., et al.: Consumer IoT: security vulnerability case studies and solutions. IEEE Consum. Electron. Mag. 9(2), 17–25 (2020)
3. Arabi, K.: Mobile computing opportunities, challenges and technology drivers. In: IEEE DAC 2014 Keynote https://www.youtube.com/watch?v=vdwVcvE_OiI&ab_channel=DACTV. Accessed 31 Jan 2022
4. Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., Drielsma, P.H., Héam, P.C., Kouchnarenko, O., Mantovani, J., et. al.: The AVISPA tool for the automated validation of internet security protocols and applications. In: International Conference on Computer Aided Verification, pp 281–285. Springer (2005)
5. Armando, A., Compagna, L.: Abstraction-driven SAT-based analysis of security protocols. In: Proceedings of SAT’03, LNCS 2919, pp. 257–271. Springer (2003)
Cited by
11 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献