Abstract
Smart homes are an emerging paradigm of Internet of Things (IoT) in which users can remotely control various home devices via the internet anytime and anywhere. However, smart home environments are vulnerable to security attacks because an attacker can inject, insert, intercept, delete, and modify transmitted messages over an insecure channel. Thus, secure and lightweight authentication protocols are essential to ensure useful services in smart home environments. In 2021, Kaur and Kumar presented a two-factor based user authentication protocol for smart homes using elliptic curve cryptosystems (ECC). Unfortunately, we demonstrate that their scheme cannot resist security attacks such as impersonation and session key disclosure attacks, and also ensure secure user authentication. Moreover, their scheme is not suitable in smart home environments because it utilizes public-key cryptosystems such as ECC. Hence, we design a secure and lightweight three-factor based privacy-preserving authentication scheme for IoT-enabled smart home environments to overcome the security problems of Kaur and Kumar’s protocol. We prove the security of the proposed scheme by using informal and formal security analyses such as the ROR model and AVISPA simulation. In addition, we compare the performance and security features between the proposed scheme and related schemes. The proposed scheme better provides security and efficiency compared with the previous schemes and is more suitable than previous schemes for IoT-enabled smart home environments.
Highlights
With the advances in 5G communication and portable device technologies, smart homes are emerging as an exciting new paradigm of Internet of Things (IoT) and it has attracted a lot of attention from both scientific and academic communities
The smart devices deployed in smart home environments are not suitable to apply public key cryptosystems (PKC) because it is resource-limited in terms of computation and communication overheads [5], [6]
We proved that Kaur and Kumar et al.’s scheme is insecure to various security attacks such as impersonation and session key disclosure attacks, and does not ensure mutual authentication
Summary
With the advances in 5G communication and portable device technologies, smart homes are emerging as an exciting new paradigm of Internet of Things (IoT) and it has attracted a lot of attention from both scientific and academic communities. We prove that Kaur and Kumar’s scheme [11] is still vulnerable to impersonation, session key disclosure attacks, and cannot provide mutual authentication Their scheme is not suitable for resource-limited devices because it utilizes ECC that generates high computation and communication overheads. Kaur and Kumar’s scheme [11] is not suitable for resource-constrained smart devices because it uses ECC, which generates high computation and communication overheads These facts motivated us to propose a new secure and lightweight authentication protocol, which can provide the necessary security functionalities and effective efficiency and resolve security flaws that exist in IoT-enabled smart home environments.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
