It is evident that conventional IoT technologies, security protocols, and standards are unable to uphold privacy and security in smart homes
[11]. Several hacks and software flaws have led to a lack of public confidence in smart home networks. As such, the design of efficient and secure message authentication protocols is still an open challenge.
2. Energy Efficient Dynamic Symmetric Key in Smart Homes
Numerous security and privacy schemes have been developed to protect the packets exchanged over smart home networks. For instance, a 3-dimensional S-box scheduling algorithm is presented in
[27]. Although this scheme is efficient, its formal and informal security analyses are not carried out. In contrast, public key cryptosystems (PKC) based key agreement protocols are presented in
[28,29,30,31][28][29][30][31]. However, PKC-based techniques have high communication and computational overheads
[32]; hence they are unsuitable for ISDs. Although the protocol in
[31] is resilient against attacks, it can neither withstand known-key attacks nor offer confidentiality, freshness checks, and anonymity
[16,33][16][33]. Additionally, it incurs extremely high execution time and communication costs
[16]. Although the protocol in
[34] is robust against cloning, impersonation, traceability, and physical attacks, it involves extensive hashing operations and message exchanges which are not ideal for resource-constrained ISDs. Conversely, the device security protocol in
[35] cannot offer secure mutual authentication and is susceptible to impersonation, stolen smart devices, and session key disclosure attacks
[1].
To address the resource-constrained nature of ISDs, lightweight authentication protocols have been presented in
[36,37][36][37]. Although the security model in
[38] potentially protects user privacy, it has high power consumption due to the requirement for the installation of rechargeable batteries. Although the user authentication scheme in
[39] can alleviate this problem, it is susceptible to a privileged insider, gateway bypass, offline password guessing, and replay attacks
[40]. Therefore, a user authentication protocol has been proposed in
[40] to address these issues. On the other hand, the scheme based on identity, password, and digital signatures is developed in
[41]. However, it is based on PKI, which requires entities to maintain a pair of private and public keys, which increases its computation and communication complexities
[42]. The protocols in
[43,44,45][43][44][45] are efficient and can solve the problems in
[41].However, the scheme in
[43] cannot withstand de-synchronization attacks. In addition, it utilizes verification tables during authentication, which are susceptible to stolen verifier attacks
[40]. Similarly, the protocol in
[45] has some security issues that limit its applicability
[41]. On its part, the scheme in
[44] incurs low latency, storage costs, and power consumption, but its security analysis is not carried out.To boost efficiency and reliability, a smart card-based algorithm is developed in
[46]. Although this approach has low computation and communication overheads, it cannot resist gateway spoofing, session key disclosure, and impersonation attacks. In addition, it cannot provide anonymity and secure mutual authentication
[41]. The two-factor scheme in
[47] is anonymous and can address anonymity issues in
[46]. Unfortunately, it is vulnerable to password guessing, stolen user device, and impersonation attacks. In addition, it cannot provide mutual authentication
[40].
Even though the anonymous security technique developed in
[11] provides user anonymity and secure mutual authentication, it is susceptible to attacks such as impersonation, MitM, and session key disclosure
[2]. On the other hand, the protocol in
[48] assumes that the short-range channel between the ISDs and HGs is secure and that these devices are trustworthy. However, these assumptions are not viable as the open wireless channel is susceptible to a myriad of attacks, and the devices are not tamper-proof and may have inbuilt backdoors
[6]. To offer protection against malicious activities in distributed smart environments, a scheme based on implicit certificates is developed in
[16]. However, certificate revocation and storage require large memory and elongated execution time
[49]. Alternatively, a privacy-preserving scheme is introduced in
[50,51][50][51]. However, a single trusted third party is responsible for access control and authorization, which presents a single point of failure. In addition, these protocols have scalability issues
[19,52][19][52]. Biometric-based protocols have been introduced to overcome the shortcomings inherent in static credentials-based authentication schemes
[53,54][53][54]. Although these schemes have faster response times, many smart devices still lack inbuilt biometric authentication capabilities. In addition, they are not privacy–preserving
[55] and present challenges in revoking compromised biometric information. Moreover, many users regard biometric authentication as intrusive and a violation of their privacy. To offer secure communication, a robust protocol is developed in
[56]. Unfortunately, this protocol is vulnerable to stolen user devices and privileged insider attacks. The scheme in
[57] can solve this problem by upholding confidentiality and user and device authenticity. In addition, it prevents server spoofing, user impersonation, man-in-the-middle, replays, and offline password-guessing attacks. Unfortunately, it is vulnerable to de-synchronization attacks.
Based on digital certificates, a security protection scheme is introduced in
[58]. In this approach, subsequent session keys are derived using some master keys and hence cannot assure forward key secrecy upon disclosure of these keys. In addition, a malfunctioning key derivation function (KDF) may lead to connection termination. On the other hand, the security technique in
[59] is noted to be vulnerable to de-synchronization attacks
[60]. To curb this challenge, a novel security preservation scheme is presented in
[60]. Although the approach employed by the authors in
[14] can uphold data confidentiality, it is unable to sustain authentication parameters privacy
[61]. This problem is solved by the blockchain-based protocols in
[62,63][62][63]. However, the deployed blockchain technology incurs heavy computation and storage overheads
[64].
On its part, the temporal identity-based solution presented in
[65] is vulnerable to attacks such as known-key and DoS. This is because it uses static parameters during the session key generation process. Due to computationally intensive cryptographic operations and heavy signaling during the authentication procedures, this approach incurs high communication and computation costs. A scheme based on fuzzy extraction is introduced in
[66]. However, vulnerability to traceability attacks and inability to provide identity protection, as well as session key agreement, are its major challenges
[67]. Conversely, the scheme in
[8] dynamically renews the session key to thwart replay attacks. However, this approach has high computation costs due to a myriad of cryptographic operations involved.
Table 1 presents a summary of the cons and pros of some of these schemes.
Table 1.
Pros and cons of current schemes.
In summary, the current authentication and key agreement protocols cannot offer complete security and privacy protection at low energy, execution time, and communication overheads. For instance, the asymmetric key protocols in
[31,33][31][33] have higher costs compared with their symmetric counterparts in
[14,59,60][14][59][60]. However, the communication and computation complexities of these symmetric protocols are still unsuitable for smart home devices such as sensors and smart switches. Although LoRaWAN and NB-IoT technologies can address the inefficiency issues in current schemes, these technologies have numerous security challenges. For instance, LoRaWAN is susceptible to attacks such as bit-flipping and replay. As explained in
[25], LoRaWAN authentication procedures are vulnerable to network flooding, man-in-the-middle, eavesdropping, sinkhole, jamming, replay, and spoofing. On the other hand, the schemes in
[8,11,14,16][8][11][14][16] have been shown to have numerous security and performance issues. High communication and computation costs are the performance limitations of the majority of these schemes. On the other hand, lack of forward key secrecy and anonymity, coupled with susceptibility to impersonation, MitM, and DoS, are serious security and privacy issues in these protocols. In contrast,
ouresearcher
s' protocol deploys transient parameters such as nonces, timing information, and secret values during the derivation of the session key to preserve forward key secrecy. In addition, shared secret keys are deployed to encrypt user and device identities to uphold their anonymity. This enciphering and re-computation of user identity using random nonces and exclusive OR operation with mobile device identity renders it hard for an attacker to eavesdrop on these identities for any possible impersonation attempt. To curb MitM attacks, the contents of the authentication verification beacons are concatenated before being hashed. This makes it computationally infeasible for the attacker to reverse the one-way hash to obtain these parameters for launching MitM attacks. Regarding the DoS attack,
ourresearchers' scheme derives the verification token and sends it to the trusted authority. Here, this token is re-computed and compared with its received equivalent. If these parameters are not equivalent, the communication process is immediately terminated.