计算机科学

计算机科学 ›› 2025, Vol. 52 ›› Issue (7): 342-352.doi: 10.11896/jsjkx.250100098

• 信息安全 • 上一篇    下一篇

面向云辅助智能家居的轻量级认证和密钥协商协议

李江旭, 陈泽茂, 张立强   

  1. 武汉大学国家网络安全学院 武汉 430072
    武汉大学空天信息安全与可信计算教育部重点实验室 武汉 430072
  • 收稿日期:2025-01-15 修回日期:2025-05-02 发布日期:2025-07-17
  • 通讯作者: 陈泽茂(chenzemao@whu.edu.cn)
  • 作者简介:(lijiangxu@whu.edu.cn)
  • 基金资助:
    国家重点研发计划(2022YFC3102805);工业互联网数据安全检测响应与溯源系统(TC220H055)

Lightweight Authentication and Key Agreement Protocol for Cloud-assisted Smart Home Communication

LI Jiangxu, CHEN Zemao, ZHANG Liqiang   

  1. School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China
    Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, Wuhan 430072, China
  • Received:2025-01-15 Revised:2025-05-02 Published:2025-07-17
  • About author:LI Jiangxu,born in 1999,postgraduate.His main research interests include network security communication protocol and IoT security.
    CHEN Zemao,born in 1975,Ph.D,professor.His main research interests include information system security,trusted computing and equipment information security.
  • Supported by:
    National Key Research and Development Program of China(2022YFC3102805) and Industrial Internet Data Security Detection, Response, and Traceability System(TC220H055).

PDF (PC)

21

摘要: 随着智能家居设备的普及,其资源受限特性和多样化攻击威胁,给传统安全协议带来了严峻挑战。尤其是当下流行的基于云平台的智能家居物联网技术,在提升家居设备智能化程度和管理效率的同时,也带来了较以往更为复杂的控制模式,即用户可以在云平台上设置控制规则来令云平台自动化管理设备,或通过智能家居厂商提供的App来远程控制家庭设备。但在这两种控制模式下,如果没有对设备远程控制方身份进行验证并建立安全会话密钥,攻击者则可能向家庭设备发送恶意指令,从而危害家庭安全。而现有的一些安全方案并没有考虑这两种主流控制模式,且在计算开销、通信效率和安全性之间难以平衡,亟需一种轻量级且高效的认证和密钥协商协议。因此,提出了基于椭圆曲线算法的轻量级云平台与智能设备双向认证和密钥协商方案,以及用户与智能设备间双向认证和密钥协商方案,实现了远程控制方与家庭设备之间高效而安全的认证。采用形式化验证工具ProVerif和启发式分析方法对所提方案进行了安全性分析,并与同类方案进行了安全性和性能比较,结果表明所提方案能够在满足轻量级的前提下提供更多安全特性。

关键词: 云辅助智能家居, 双向认证, 密钥协商, 轻量级认证协议, 形式化验证

Abstract: With the widespread adoption of smart home devices,the resource-constrained nature of these devices and the diverse array of potential attack threats present significant challenges to traditional security protocols.In particular,the popular cloud-based smart home Internet of Things(IoT) technologies,while enhancing the intelligence and management efficiency of household devices,have also introduced more complex control models compared to previous systems.Specifically,users can set control rules on the cloud platform for automated device management or remotely control household devices via Apps provided by smart home manufacturers.However,in both control modes,if the identity of the remote controller is not authenticated and a secure session key is not established,attackers may send malicious commands to household devices,thus endangering home security.However,existing security solutions do not address these two mainstream control models and struggle to balance computational overhead,communication efficiency,and security.This highlights the need for a lightweight and efficient authentication and key negotiation protocol.Therefore,to address the security risks in these two control scenarios,this paper proposes a lightweight bidirectional authentication and key negotiation scheme based on elliptic curve cryptography for cloud platforms and smart devices,as well as a bidirectional authentication and key negotiation scheme between users and smart devices,enabling efficient and secure authentication between remote controllers and household devices.The security of the proposed schemes is analyzed using the formal verification tool ProVerif and heuristic methods.A comparison with similar solutions in terms of both security and performance de- monstrates that the proposed scheme can offer more security features while maintaining lightweight performance requirements.

Key words: Cloud-assisted smart home, Mutual authentication, Key agreement, Lightweight authentication protocol, Formal verification

中图分类号: 

  • TP309
[1]DEEBAK B D,MEMON F H,KHOWAJA S A,et al.In the digital age of 5G networks:Seamless privacy-preserving authentication for cognitive-inspired internet of medical things[J].IEEE Transactions on Industrial Informatics,2022,18(12):8916-8923.
[2]REN Y,LENG Y,QI J,et al.Multiple cloud storage mechanism based onblockchain in smart homes[J].Future Generation Computer Systems,2021,115:304-313.
[3]WANG Z,LIU D,SUN Y,et al.A survey on IoT-enabled home automation systems:Attacks and defenses[J].IEEE Communications Surveys & Tutorials,2022,24(4):2292-2328.
[4]TAIWOO,EZUGWU A E.Internet of Things-Based Intelligent Smart Home Control System[J].Security and Communication Networks,2021,2021(1):9928254.
[5]AMRAOUI N,ZOUARI B.Securing the operation of SmartHome Systems:A literature review[J].Journal of Reliable Intelligent Environments,2022,8(1):67-74.
[6]POH G S,GOPE P,NING J.PrivHome:Privacy-Preserving Authenticated Communication in Smart Home Environment[J].IEEE Transactions on Dependable and Secure Computing,2021,18(3):1095-1107.
[7]MA Q,TAN H,ZHOU T.Mutual authentication scheme for smart devices in IoT-enabled smart home systems[J].Computer Standards & Interfaces,2023,86:103743.
[8]SRINIVAS J,DAS A K,WAZID M,et al.Designing secure user authentication protocol for 17big data collection in IoT-based intelligent transportation system[J].IEEE Internet of Things Journal,2021,8(9):7727-7744.
[9]JIANG Q,ZHANG N,NI J,et al.Unified biometric privacy preserving three-factor authentication and key agreement for cloud-assisted autonomous vehicles[J].IEEE Transactions on Vehicular Technology,2020,69(9):9390-9401.
[10]STOJKOSKA B L R,TRIVODALIEV K V.A review of Internet of Things for smart home:Challenges and solutions[J].Journal of Cleaner Production,2017,140:1454-1464.
[11]FARASH M S,TURKANOVI Ć M,KUMARI S,et al.An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment[J].Ad Hoc Networks,2016,36:152-176.
[12]VAIDYA B,PARK J H,YEO S,et al.Robust one-time password authentication scheme using smart card for home network environment[J].Computer Communications,2011,34(3):326-336.
[13]KUMAR P,GURTOV A,LINATTI J,et al.Lightweight and secure session-key establishment scheme in smart home environments[J].IEEE Sensors Journal 2016,16(1):254-264.
[14]WAZID M,DAS A K,ODELU V,et al.Design of Secure User Authenticated Key Management Protocol for Generic IoT Networks[J].IEEE Internet of Things Journal,2018,5(1):269-282.
[15]SHUAI M X,YU N H,WANG H X,et al.Anonymous authentication scheme for smart home environment with provable security[J].Computers & Security,2019,86:132-146.
[16]WAZID M,DAS A K,ODELU V,et al.Secure Remote User Authenticated Key Establishment Protocol for Smart Home Environment[J].IEEE Transactions on Dependable and Secure Computing,2017(2):391-406.
[17]CHAUDHRY S A,IRSHAD A,YAHYA K,et al.Rotating behind privacy:An improved lightweight authentication scheme for cloud-based IoT environment[J].ACM Transactions on Internet Technology,2021,21(3):1-19.
[18]GUO Y,ZHANG Z,GUO Y.SecFHome:Secure remote authentication in fog-enabled smart home environment[J].Computer Networks,2022,207:108818.
[19]WANG C,WANG D,DUAN Y,et al.Secure and lightweightuser authentication scheme for cloud-assisted internet of things[J].IEEE Transactions on Information Forensics and Security,2023,18:2961-2976.
[20]TOUQEER H,ZAMAN S,AMIN R,et al.Smart home security:challenges,issues and solutions at different IoT layers[J].The Journal of Supercomputing,2021,77(12):14053-14089.
[21]DOLEV D,YAO A.On the security of public key protocols[J].IEEE Transactions on information theory,1983,29(2):198-208.
[22]HE D,KUMAR N,KHAN M K,et al.Efficient Privacy-Aware Authentication Scheme for Mobile Cloud Computing Services[J].IEEE Systems Journal,2018,12(2):1621-1631.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发