Abstract
Smart home is intended to be able to enhance home automation systems and achieves goals such as reducing operational costs and increasing comfort while providing security to mobile users. However, an attacker may attempt security attacks in smart home environments because he/she can inject, insert, intercept, delete, and modify transmitted messages over an insecure channel. Secure and lightweight authentication protocols are essential to ensure useful services in smart home environments. In 2020, Iqbal et al. presented an anonymous lightweight authentication protocol for software-defined networking (SDN) enabled smart home, called ALAM. They claimed that ALAM protocol could resist security threats, and also provide secure mutual authentication and user anonymity. This comment demonstrates that ALAM protocol is fragile to various attacks, including session key disclosure, impersonation, and man-in-the-middle attacks, and also their scheme cannot provide user anonymity and mutual authentication. We propose the essential security guidelines to overcome the security flaws of ALAM protocol.
Highlights
With the advances in wireless technologies and portable devices, users can access various services via mobile device in smart home environments
If the data collected by smart devices is compromised, a malicious attacker can obtain the private information of users, The associate editor coordinating the review of this manuscript and approving it for publication was Remigiusz Wisniewski
CRYPTANALYSIS OF IQBAL ET AL.’S PROTOCOL This comment paper is about ‘‘ALAM: Anonymous Lightweight Authentication Mechanism for software-defined networking (SDN) Enabled Smart Homes’’ that is presented by Iqbal et al [1]
Summary
With the advances in wireless technologies and portable devices, users can access various services via mobile device in smart home environments. A secure and lightweight authentication protocol is essential to provide mobile users with useful services in smart home environments. In 2020, Iqbal et al [1] designed an anonymous lightweight authentication protocol to provide secure services in smart home environments. They claimed that ALAM protocol could withstand security threats, such as desynchronization and replay attacks, and ensure user anonymity and mutual authentication. UR-4: After getting message {SIDu, CSPMID , kuc, TFseq}, Reg.DB and Auth.DB store them in secure database. CRYPTANALYSIS OF IQBAL ET AL.’S PROTOCOL This comment paper is about ‘‘ALAM: Anonymous Lightweight Authentication Mechanism for SDN Enabled Smart Homes’’ that is presented by Iqbal et al [1]. We show that ALAM protocol fails to ensure ‘‘user anonymity’’ and ‘‘mutual authentication’’
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have