Skip to main content
SpringerLink
Log in

A secure authentication scheme for IoT application in smart home

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

The edge-based Internet of Things (IoT) computing provides a new value for the consumer where the smart devices, objects, and appliances connected over the internet. The data generated from the smart IoT devices need to be securely processed. With the increasing rate of smart IoT devices, the existing addressing schemes and security protocols do not guaranty to perform well in all situations. This paper proposed a smart card based secure addressing and authentication (SCSAA) scheme by modifying the standard IPv6 protocol to mitigate the security threats in the IoT network. The proposed scheme has two folds; firstly, this scheme provides a unique way of addressing by assigning unique 64-bit interface identifier (IID) to smart devices/appliances and uniquely authenticates them in IoT network. Secondly, this scheme uses the secret session key to prevent the network from unauthorized access. Additionally, this work also evaluates the informal security analysis, formal security analysis using ROR model and AVISPA tool. The overall security analysis proves that proposed scheme protect the smart home IoT network from various vulnerabilities and attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Azmoodeh A, Dehghantanha A, Choo K-KR (2019) Big data and internet of things security and forensics: challenges and opportunities, pp 1–4

  2. Hussain MM, Beg MS (2019) Using vehicles as fog infrastructures for transportation cyber-physical systems (t-cps): fog computing for vehicular networks. Int J Softw Sci Comput Intell 11:47–69

    Google Scholar 

  3. Cisco (2013) How many things are currently connected to the internet of things. Forbes

  4. Gupta R (2019) Resource provisioning and scheduling techniques of iot based applications in fog computing. Int J Fog Comput (IJFC) 2:57–0

    Google Scholar 

  5. Shen J, Yang H, Wang A, Zhou T, Wang C (2019) Lightweight authentication and matrix-based key agreement scheme for healthcare in fog computing. Peer-to-Peer Netw Appl 12(4):924–933

    Google Scholar 

  6. Ahuja SP, Wheeler N (2020) Architecture of fog-enabled and cloud-enhanced internet of things applications. Int J Cloud Appl Comput (IJCAC) 10(1):1–10

    Google Scholar 

  7. Kalra S, Sood SK (2015) Advanced password based authentication scheme for wireless sensor networks. J Inf Secur Appl 20:37–46

    Google Scholar 

  8. Kumari S, Karuppiah M, Das AK, Li X, Wu F, Kumar N (2018) A secure authentication scheme based on elliptic curve cryptography for iot and cloud servers. J Supercomput 74(12):6428–6453

    Google Scholar 

  9. Sharma G, Kalra S (2018) A lightweight multi-factor secure smart card based remote user authentication scheme for cloud-iot applications. J Inf Secur Appl 42:95–106

    Google Scholar 

  10. He D, Zeadally S, Kumar N, Lee J-H (2016) Anonymous authentication for wireless body area networks with provable security. IEEE Syst J 11(4):2590–2601

    Google Scholar 

  11. Gope P, Hwang T (2016) A realistic lightweight anonymous authentication protocol for securing real-time application data access in wireless sensor networks. IEEE Trans Ind Electron 63(11):7124–7132

    Google Scholar 

  12. Tewari A, Gupta B (2020) Security, privacy and trust of different layers in internet-of-things (iots) framework. Future Gener Comput Syst 108:909–920

    Google Scholar 

  13. Psannis KE, Stergiou C, Gupta BB (2019) Advanced media-based smart big data on intelligent cloud systems. IEEE Trans Sustain Comput 4(1):77–87

    Google Scholar 

  14. Tsai J-L, Lo N-W (2015) A privacy-aware authentication scheme for distributed mobile cloud computing services. IEEE Syst J 9(3):805–815

    Google Scholar 

  15. Jiang Q, Ma J, Wei F (2016) On the security of a privacy-aware authentication scheme for distributed mobile cloud computing services. IEEE Syst J 12(2):2039–2042

    Google Scholar 

  16. Stergiou C, Psannis KE, Gupta BB, Ishibashi Y (2018) Security, privacy & efficiency of sustainable cloud computing for big data & iot. Sustain Comput: Inf Syst 19:174–184

    Google Scholar 

  17. Bai TDP, Rabara SA (2015) Design and development of integrated, secured and intelligent architecture for internet of things and cloud computing. In: 2015 3rd International conference on future internet of things and cloud. IEEE, pp 817–822

  18. Agrawal M, Zhou J, Chang D (2019) A survey on lightweight authenticated encryption and challenges for securing industrial iot. In: Security and privacy trends in the industrial internet of things. Springer, pp 71–94

  19. Carpenter B, Jiang S (2014) Significance of ipv6 interface identifiers. IETF RFC

  20. Rasti MR (2012) Doing business without ssn, ein, and charge card numbers. US Patent 8,281,145

  21. Siddiqui AU, Singh MHK (2015) Aadhar management system. IITM J Manag IT 6(1):40–43

    Google Scholar 

  22. Rao M, Newe T, Grout I (2014) Secure hash algorithm-3 (sha-3) implementation on xilinx fpgas, suitable for iot applications. In: 8th International conference on sensing technology (ICST 2014), Liverpool John Moores University, Liverpool, United Kingdom, 2nd–4th September

  23. Stallings W (2006) Cryptography and network security, 4/E. Pearson Education India

  24. Johnson D, Perkins C, Arkko J et al (2004) Mobility support in ipv6

  25. Han Y-H, Hwang S-H (2006) Care-of address provisioning for efficient ipv6 mobility support. Comput Commun 29(9):1422–1432

    Google Scholar 

  26. Quittek J, Zseby T, Claise B, Zander S (2004) Requirements for ip flow information export (ipfix). Technical report, RFC 3917 (informational)

  27. Shah JL, Parvez J (2015) Optimizing security and address configuration in ipv6 slaac. Procedia Comput Sci 54:177–185

    Google Scholar 

  28. Hinden R, Deering S (2006) Ip version 6 addressing architecture. IETF RFC

  29. Hinden R, Haberman B (2005) Unique local IPv6 unicast addresses. IETF RFC 4193

  30. Gont F, et al. (2014) A method for generating semantically opaque interface identifiers with ipv6 stateless address autoconfiguration (slaac). IETF RFC 7217

  31. Narten T, Draves R, Krishnan S (2001) Privacy extensions for stateless address autoconfiguration in ipv6. Technical report

  32. Wang X, Qian H (2015) Dynamic and hierarchical ipv6 address configuration for a mobile ad hoc network. Int J Commun Syst 28(1):127–146

    Google Scholar 

  33. Narten T, Draves R, Krishnan S (2007) Privacy extensions for stateless address autoconfiguration in ipv6. IETF RFC 4941

  34. Dunlop M, Groat S, Urbanski W, Marchany R, Tront J (2012) The blind man’s bluff approach to security using ipv6. IEEE Secur Priv 10(4):35–43

    Google Scholar 

  35. Judmayer A, Ullrich J, Merzdovnik G, Voyiatzis AG, Weippl E (2017) Lightweight address hopping for defending the ipv6 iot. In: Proceedings of the 12th international conference on availability, reliability and security, pp 1–10

  36. Parne BL, Gupta S, Chaudhari NS (2019) Pse-aka: performance and security enhanced authentication key agreement protocol for iot enabled lte/lte-a networks. Peer-to-Peer Netw Appl 12(5):1156–1177

    Google Scholar 

  37. Li X, Ibrahim MH, Kumari S, Sangaiah AK, Gupta V, Choo K-KR (2017) Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks. Comput Netw 129:429–443

    Google Scholar 

  38. Li M, Yu S, Lou W, Ren K (2010) Group device pairing based secure sensor association and key management for body area networks. In: 2010 Proceedings IEEE INFOCOM. IEEE, pp 1–9

  39. Liu J, Zhang Z, Chen X, Kwak KS (2013) Certificateless remote anonymous authentication schemes for wirelessbody area networks. IEEE Trans Parallel Distrib Syst 25(2):332–342

    Google Scholar 

  40. Yoon E-J, Yoo K-Y (2013) Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. J Supercomput 63(1):235–255

    Google Scholar 

  41. Benssalah M, Djeddou M, Drouiche K (2017) A provably secure rfid authentication protocol based on elliptic curve signature with message recovery suitable for m-health environments. Trans Emerg Telecommun Technol 28(11):e3166

    Google Scholar 

  42. Chou J-S (2014) An efficient mutual authentication rfid scheme based on elliptic curve cryptography. J Supercomput 70(1):75–94

    MathSciNet  Google Scholar 

  43. Chang C-C, Le H-D (2015) A provably secure, efficient, and flexible authentication scheme for ad hoc wireless sensor networks. IEEE Trans Wirel Commun 15(1):357–366

    Google Scholar 

  44. Jo HJ, Paik JH, Lee DH (2013) Efficient privacy-preserving authentication in wireless mobile networks. IEEE Trans Mob Comput 13(7):1469–1481

    Google Scholar 

  45. Tseng Y-M, Huang S-S, Tsai T-T, Ke J-H (2015) List-free id-based mutual authentication and key agreement protocol for multiserver architectures. IEEE Trans Emerg Top Comput 4(1):102–112

    Google Scholar 

  46. Wu F, Li X, Xu L, Kumari S, Karuppiah M, Shen J (2017) A lightweight and privacy-preserving mutual authentication scheme for wearable devices assisted by cloud server. Comput Electr Eng 63:168–181

    Google Scholar 

  47. Das AK, Wazid M, Kumar N, Khan MK, Choo K-KR, Park Y (2017) Design of secure and lightweight authentication protocol for wearable devices environment. IEEE J Biomed Health Inform 22(4):1310–1322

    Google Scholar 

  48. Adavoudi-Jolfaei A, Ashouri-Talouki M, Aghili SF (2019) Lightweight and anonymous three-factor authentication and access control scheme for real-time applications in wireless sensor networks. Peer-to-Peer Netw Appl 12(1):43–59

    Google Scholar 

  49. Das AK (2017) A secure and effective biometric-based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor. Int J Commun Syst 30(1):29–33

    Google Scholar 

  50. Wu F, Xu L, Kumari S, Li X (2017) A privacy-preserving and provable user authentication scheme for wireless sensor networks based on internet of things security. J Ambient Intell Humaniz Comput 8 (1):101–116

    Google Scholar 

  51. Alamr AA, Kausar F, Kim J, Seo C (2018) A secure ecc-based rfid mutual authentication protocol for internet of things. J Supercomput 74(9):4281–4294

    Google Scholar 

  52. Yaseen Q, Aldwairi M, Jararweh Y, Al-Ayyoub M, Gupta B (2018) Collusion attacks mitigation in internet of things: a fog based model. Multimed Tools Appl 77(14):18249–18268

    Google Scholar 

  53. Akbarzadeh A, Bayat M, Zahednejad B, Payandeh A, Aref MR (2019) A lightweight hierarchical authentication scheme for internet of things. J Ambient Intell Humaniz Comput 10(7):2607–2619

    Google Scholar 

  54. Nikravan M, Reza A (2020) A multi-factor user authentication and key agreement protocol based on bilinear pairing for the internet of things. Wirel Pers Commun 111(1):463–494

    Google Scholar 

  55. Das ML, Kumar P, Martin A (2020) Secure and privacy-preserving rfid authentication scheme for internet of things applications. Wirel Pers Commun 110(1):339–353

    Google Scholar 

  56. Wazid M, Das AK, Bhat V, Vasilakos AV (2020) Lam-ciot: lightweight authentication mechanism in cloud-based iot environment. J Netw Comput Appl 150:102496

    Google Scholar 

  57. Yadav VK, Batham S, Jain M, Sharma S (2014) An approach to electronic voting system using UIDAI. In: 2014 International conference on electronics and communication systems (ICECS), pp 1–4

  58. AVISPA T, 2015 Automated validation of internet security protocols and applications

  59. Gupta R, Tanwar S, Tyagi S, Kumar N (2020) Machine learning models for secure data analytics: a taxonomy and threat model. Comput Commun 153:406–440

    Google Scholar 

  60. Abdalla M, Fouque P-A, Pointcheval D (2005) Password-based authenticated key exchange in the three-party setting. In: International workshop on public key cryptography. Springer, pp 65–84

  61. Bellare M, Rogaway P (1993) Random oracles are practical: A paradigm for designing efficient protocols. In: Proceedings of the 1st ACM conference on computer and communications security. ACM, pp 62–73

  62. Odelu V, Das AK, Goswami A (2015) A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans Inf Forensics Secur 10(9):1953–1966

    Google Scholar 

  63. Von Oheimb D (2005) The high-level protocol specification language hlpsl developed in the eu project avispa. In: Proceedings of APPSEM 2005 workshop, pp 1–17

  64. Amin R, Islam SH, Biswas G, Khan MK, Leng L, Kumar N (2016) Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks. Comput Netw 101:42–62

    Google Scholar 

  65. Dhillon PK, Kalra S (2017) Secure multi-factor remote user authentication scheme for internet of things environments. Int J Commun Syst 30(16):33–23

    Google Scholar 

  66. Xu L, Wu F (2019) A lightweight authentication scheme for multi-gateway wireless sensor networks under iot conception. Arab J Sci Eng 44(4):3977–3993

    Google Scholar 

  67. Luo M, Luo Y, Wan Y, Wang Z (2018) Secure and efficient access control scheme for wireless sensor networks in the cross-domain context of the iot. Secur Commun Netw 2018

  68. Li F, Han Y, Jin C (2016) Practical access control for sensor networks in the context of the internet of things. Comput Commun 89:154–164

    Google Scholar 

  69. Malani S, Srinivas J, Das AK, Srinathan K, Jo M (2019) Certificate-based anonymous device access control scheme for iot environment. IEEE Internet Things J 6(6):9762–9773

    Google Scholar 

  70. Liu S, Hu S, Weng J, Zhu S, Chen Z (2016) A novel asymmetric three-party based authentication scheme in wearable devices environment. J Netw Comput Appl 60:144–154

    Google Scholar 

  71. Liu W, Liu H, Wan Y, Kong H, Ning H (2016) The yoking-proof-based authentication protocol for cloud-assisted wearable devices. Pers Ubiquitous Comput 20(3):469–479

    Google Scholar 

  72. Wu F, Li X, Xu L, Vijayakumar P, Kumar N (2020) A novel three-factor authentication protocol for wireless sensor networks with iot notion. IEEE Syst J :1–10

  73. Shin S, Kwon T (2020) A privacy-preserving authentication, authorization, and key agreement scheme for wireless sensor networks in 5g-integrated internet of things. IEEE Access 8:67555–67571

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National Institute of Technology, Hamirpur, HP, India

    Pankaj Kumar & Lokesh Chouhan

Authors
  1. Pankaj Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lokesh Chouhan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pankaj Kumar.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article belongs to the Topical Collection: Special Issue on P2P Computing for Beyond 5G Network and Internet-of-Everything

Guest Editors: Prakasam P, Ajayan John, Shohel Sayeed

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kumar, P., Chouhan, L. A secure authentication scheme for IoT application in smart home. Peer-to-Peer Netw. Appl. 14, 420–438 (2021). https://doi.org/10.1007/s12083-020-00973-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-020-00973-8

Keywords

Search

Navigation