Secure Authentication Schemes for Internet of Things (IoT)

Abstract

Smart home technology is an emerging application of Internet-of-Things (IoT) where the user can remotely control home devices. Since the user/home communication channel is insecure, an efficient and anonymous authentication scheme is required to provide secure communications in smart home environment. In this work, we propose a new scheme for user authentication that combines physical context awareness and transaction history. The new scheme offers two advantages: it does not maintain a verification table and avoids clock synchronization problem. Communication overhead and computational cost of the proposed scheme are analyzed and compared with other related schemes. The security of the scheme is evaluated using three different methods: (1) formal analysis using the Burrows-Abadi-Needham logic (BAN); (2) informal analysis; (3) model check using the automated validation of internet security protocols and applications (AVISPA) tool. Also, we aim to propose a new anonymous device to device mutual authentication and key exchange scheme. such scheme enables IoT devices to authenticate in the network and agree on a shared secret session key when communicating with each other via a trusted intermediary (home gateway).