Smart home is one of the key applications of the Internet of Things (IoT), which allows users to control the smart devices in their houses through the Internet. However, a smart home system also faces severe challenges in terms of privacy and confidentiality when users are allowed to remotely access it. Despite the recent research efforts on authentication schemes to improve the security aspects of a smart home, there are still unsolved problems. On the one hand, most of the existing schemes focus on secure authentication and communication via a trusted third party without taking its privacy leakage into consideration. On the other hand, many protocols enable the users to directly authenticate themselves to a large number of smart devices in the smart home network, which is often inefficient and inconvenient. To cope with these issues, we propose a smart home system model based on Internet services, like if this then that (IFTTT), and design an anti-tracking mutual authentication scheme with a key agreement element in it. Specifically, our scheme introduces an IFTTT home gateway as the control commands' executor and the security guard to allow a user to remotely access a smart home system privately. The proposed scheme employs the elliptic curves' cryptography (ECC) algorithm, nonces, XOR, and cryptographical hash functions to achieve mutual authentication with security features, such as anonymity and perfect forward security. The security analysis and performance comparison results demonstrate that the proposed scheme achieves secure and private authentication.INDEX TERMS Smart home, user authentication, anti-tracking, key agreement, BAN-logic.
Self-sovereign identity (SSI) is a new distributed method for identity management, commonly used to address the problem that users are lack of control over their identities. However, the excessive pursuit of self-sovereignty in the most existing SSI schemes hinders sanctions against attackers. To deal with the malicious behavior, a few SSI schemes introduce accountability mechanisms, but they sacrifice users’ privacy. In addition, the digital identities (static strings or updatable chains) in the existing SSI schemes are as inputs to a third-party executable program (mobile app, smart contract, etc.) to achieve identity reading, storing and proving, and users’ self-sovereignty are weakened. To solve the above problems, we present a new self-sovereign identity scheme to strike a balance between privacy and accountability and get rid of the dependence on the third-party program. In our scheme, one and only individual-specific executable code is generated as a digital avatar-i for each human to interact with others in cyberspace without a third-party program, in which the embedding of biometrics enhances uniqueness and user control over their identity. In addition, a joint accountability mechanism, which is based on the shamir (t, n) threshold algorithm and a consortium blockchain, is designed to restrict the power of each regulatory authority and protect users’ privacy. Finally, we analyze the security, SSI properties and conduct detailed experiments in terms of the cost of computation, storage, and blockchain gas. The analysis results indicate that our scheme resists the known attacks and fulfills all the six SSI properties. Compared with the state-of-the-art schemes, the extensive experiment results show that the cost is larger in server storage, blockchain storage, and blockchain gas, but is still low enough for practical situations.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.