A two-factor authentication scheme against FDM attack in IFTTT based Smart Home System

Baruah, Barnana; Dhal, Subhasish

doi:10.1016/j.cose.2018.03.004

Cited by 28 publications

(20 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Generally, smart home environments consist of the user, smart devices, a home gateway, and a registration authority [ 1 , 2 , 3 ]. A remote user wants to use the data collected by smart devices.…”

Section: Introductionmentioning

confidence: 99%

A Secure and Lightweight Authentication Protocol for IoT-Based Smart Homes

Lee

et al. 2021

Sensors

View full text Add to dashboard Cite

With the information and communication technologies (ICT) and Internet of Things (IoT) gradually advancing, smart homes have been able to provide home services to users. The user can enjoy a high level of comfort and improve his quality of life by using home services provided by smart devices. However, the smart home has security and privacy problems, since the user and smart devices communicate through an insecure channel. Therefore, a secure authentication protocol should be established between the user and smart devices. In 2020, Xiang and Zheng presented a situation-aware protocol for device authentication in smart grid-enabled smart home environments. However, we demonstrate that their protocol can suffer from stolen smart device, impersonation, and session key disclosure attacks and fails to provide secure mutual authentication. Therefore, we propose a secure and lightweight authentication protocol for IoT-based smart homes to resolve the security flaws of Xiang and Zheng’s protocol. We proved the security of the proposed protocol by performing informal and formal security analyses, using the real or random (ROR) model, Burrows–Abadi–Needham (BAN) logic, and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Moreover, we provide a comparison of performance and security properties between the proposed protocol and related existing protocols. We demonstrate that the proposed protocol ensures better security and lower computational costs than related protocols, and is suitable for practical IoT-based smart home environments.

show abstract

Section: Introductionmentioning

confidence: 99%

A Secure and Lightweight Authentication Protocol for IoT-Based Smart Homes

Lee

et al. 2021

Sensors

View full text Add to dashboard Cite

show abstract

“…As smart devices and high speed networks continue to grow rapidly, the Internet of Things (IoT) has gained wide acceptance and popularity [1]. Smart Home is an emerging keyelement of the IoT [5]. The global smart home market is expected to grow from USD 76.6 billion in 2018 to USD 151.4 billion by 2024, at a CAGR of 12.02% [6].…”

Section: Introductionmentioning

confidence: 99%

“…These schemes may be classified into three categories: third party authentication, smart devices authentication, and home gateway authentication. Third party authentication was the first proposed, which relies on a third server to authenticate a remote user to access a Smart Home [5], [20], [31]. For example, Vaidya and Park [20] and Jeong et al [31] introduced an integrated authentication server (IAS) to authenticate a remote user and to send a ticket (including the session key with a home gateway) to him.…”

Section: Introductionmentioning

confidence: 99%

“…On the other end, a type of Internet services, IFTTT (IF This Then That), which acts as an interface between a user's phone and the smart home devices [5], [18], [32], has attracted significant attentions recently. IFTTT makes it convenient for a user to remotely manipulate the smart devices and configure the smart home through various IFTTT recipes.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Remotely Access “My” Smart Home in Private: An Anti-Tracking Authentication and Key Agreement Scheme

et al. 2019

View full text Add to dashboard Cite

Smart home is one of the key applications of the Internet of Things (IoT), which allows users to control the smart devices in their houses through the Internet. However, a smart home system also faces severe challenges in terms of privacy and confidentiality when users are allowed to remotely access it. Despite the recent research efforts on authentication schemes to improve the security aspects of a smart home, there are still unsolved problems. On the one hand, most of the existing schemes focus on secure authentication and communication via a trusted third party without taking its privacy leakage into consideration. On the other hand, many protocols enable the users to directly authenticate themselves to a large number of smart devices in the smart home network, which is often inefficient and inconvenient. To cope with these issues, we propose a smart home system model based on Internet services, like if this then that (IFTTT), and design an anti-tracking mutual authentication scheme with a key agreement element in it. Specifically, our scheme introduces an IFTTT home gateway as the control commands' executor and the security guard to allow a user to remotely access a smart home system privately. The proposed scheme employs the elliptic curves' cryptography (ECC) algorithm, nonces, XOR, and cryptographical hash functions to achieve mutual authentication with security features, such as anonymity and perfect forward security. The security analysis and performance comparison results demonstrate that the proposed scheme achieves secure and private authentication.INDEX TERMS Smart home, user authentication, anti-tracking, key agreement, BAN-logic.

show abstract

“…. The setup includes a common home Internet router (2) with a WiFi LAN for WiFi-enabled devices(3)(4)(5)(6)(7)13) and a ZigBee gateway(8) for Zigbee devices(9)(10)(11)(12) connected to the home router via Ethernet. Remote connectivity to WiFi and ZigBee devices is facilitated by respective cloud services via the Internet.…”

mentioning

confidence: 99%

Self-Configurable Cyber-Physical Intrusion Detection for Smart Homes Using Reinforcement Learning

Heartfield

Loukas

Bezemskij

et al. 2021

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

The modern Internet of Things (IoT)-based smart 1 home is a challenging environment to secure: devices change, 2 new vulnerabilities are discovered and often remain unpatched, 3 and different users interact with their devices differently and 4 have different cyber risk attitudes. A security breach's impact is 5 not limited to cyberspace, as it can also affect or be facilitated 6 in physical space, for example, via voice. In this environment, 7 intrusion detection cannot rely solely on static models that 8 remain the same over time and are the same for all users.9We present MAGPIE, the first smart home intrusion detection 10 system that is able to autonomously adjust the decision function 11 of its underlying anomaly classification models to a smart home's 12 changing conditions (e.g., new devices, new automation rules and 13 user interaction with them). The method achieves this goal by 14 applying a novel probabilistic cluster-based reward mechanism 15 to non-stationary multi-armed bandit reinforcement learning. 16 MAGPIE rewards the sets of hyperparameters of its underlying 17 isolation forest unsupervised anomaly classifiers based on the 18 cluster silhouette scores of their output. 19 Experimental evaluation in a real household shows that MAG-20 PIE exhibits high accuracy because of two further innovations: 21 it takes into account both cyber and physical sources of data; 22 and it detects human presence to utilise models that exhibit the 23 highest accuracy in each case. MAGPIE is available in open-24 source format, together with its evaluation datasets, so it can 25 benefit from future advances in unsupervised and reinforcement 26 learning and be able to be enriched with further sources of data 27 as smart home environments and attacks evolve.

show abstract

A two-factor authentication scheme against FDM attack in IFTTT based Smart Home System

Cited by 28 publications

References 12 publications

A Secure and Lightweight Authentication Protocol for IoT-Based Smart Homes

A Secure and Lightweight Authentication Protocol for IoT-Based Smart Homes

Remotely Access “My” Smart Home in Private: An Anti-Tracking Authentication and Key Agreement Scheme

Self-Configurable Cyber-Physical Intrusion Detection for Smart Homes Using Reinforcement Learning

Contact Info

Product

Resources

About