Anonymous Secure Framework in connected Smart Home Environments
Abstract:
The smart home is an environment where heterogeneous electronic devices and appliances are networked together to provide smart services in an ubiquitous manner to the individuals. As the homes become smarter, more complex and technology dependent, the need for an adequate security mechanism with minimum individual’s intervention is growing. The recent serious security attacks have shown how the Internetenabled smart homes can be turned into very dangerous spots for various ill intentions, and thus lead the privacy concerns for the individuals. For instance, an eavesdropper is able to derive the identity of a particular device/appliance via public channels that can be used to infer in the life pattern of an individual within the home area network. This paper proposes an anonymous secure framework (ASF) in connected smart home environments, using solely lightweight operations. The proposed framework in this paper provides efficient authentication and key agreement, and enables devices (identity and data) anonymity and unlinkability. One-time session key progression regularly renews the session key for the smart devices and dilutes the risk of using a compromised session key in the ASF. It is demonstrated that computation complexity of the proposed framework is low as compared to the existing schemes, while security has been significantly improved.
Existing system:
As a technological convergence, many of the home devices or appliances are always connected to the Internet over wireless communications, within the home area network (HAN). Connecting smart home appliances to wireless networks and to the Internet, however, makes individuals vulnerable to malicious attacks. If the smart devices (e.g., smart lights, appliances, smart watches, smart meters, smart fridge and many more) within a smart home are inadequately networked, that will open the occupant of smart home up to much wider range of security threats including identity theft, device counterfeiting, etc. In January 2014, it was, for instance, discovered that more than 750,000 consumer devices including home routers, televisions, fridges, thermostats, smart locks, televisions, and so on, had been compromised and/or spied on the individual [7]. Another research revealed 250 different security flaws, which equates to 25 vulnerabilities per smart device [8]. This is due to the weak security design of the proprietary technologies, and lack of capable security standards of smart objects [9].Here we conduct comparative performance analysis of the new ASF scheme, showing that the proposed ASF requires indeed lower computational and communicational costs than [17] [20].
Proposed system:
We simulate the proposed ASF for formal security verification using the widely-accepted security analyzer tool, i.e., automated verification of Internet security protocol and application (AVISPA) tool [33] [18] [19]; (b) we formally analyse, e.g., authentication, session-key establishment and freshness of the proposed ASF using the well-known BAN-logic [34]; and (c) we informally analyse the security properties of the proposed ASF. AVISPA is a push-button security analyzer tool for the automated validation of Internet security-sensitive protocols and applications. The AVISPA tool consists of independently developed verification backends, as shown in Fig. 3. The backends are named as on-the fly model-checker (OFMC), constraint-logic-based attack searcher (CL-AtSe), SAT-based model-checker (SATMC), and tree automata based on automatic approximations of the analysis of security protocols (TA4SP). The tool uses a high level protocol specification language (HLPSL) for security protocol specification. As shown in Fig. 3, AVISPA tool takes HLPSL script as an input and translates to intermediate format (IF) using a HLPSL2IF translator. The translated IF code is the input for the backends, and finally the backends generate the output format (OF). HLPSL is an expressive, modular, formal language that allows for the specification of control flow patterns, data structures, alternative intruder models, complex security properties, as well as different cryptographic primitives and their algebraic properties. These features make HLPSL well suited for specifying modern, industrial-scale protocols.
Conclusion:
Connected smart home environments offer enriched services and information for individuals. Such homes are heterogeneous and dynamic: they contain smart devices to enable individuals to enjoy network based services, such as climate control, energy management, home healthcare, and so on. However, device anonymity and unlinkability are actual challenges, where an unauthorized entity can identify the home devices (e.g., appliances, etc.) identities, sensors presence, and data-collection activities by network tracking. This paper therefore defined a set of desirable properties for securing the smart home environments and presented an anonymous secure framework (ASF) for the connected smart homes. The proposed framework realized anonymity and unlinkability, authentication and integrity, established mutual trust relationships via the lightweight operations, and achieved session freshness dynamically. It indicated that the ASF is suitable for the next-generation smart home environments.
References:
1] Y. T. Lee, W. H. Hsiao, C. M. Huang, and S. C. T. Chou, “An integrated cloud-based smart home management system with community hierarchy,” IEEE Transactions on Consumer Electronics, vol. 62, no. 1, pp. 1–9, February 2016.
[2] J. E. Kim, G. Boulos, J. Yackovich, T. Barth, C. Beckel, and D. Mosse, “Seamless integration of heterogeneous devices and access control in smart homes,” in Proceedings of the 2012 Eighth International Conference on Intelligent Environments, ser. IE ’12, 2012, pp. 206–213.
[3] C. Gomez and J. Paradells, “Wireless home automation networks: A survey of architectures and technologies,” IEEE Communications Magazine, vol. 48, no. 6, pp. 92–101, 2010.
[4] A. Kailas, V. Cecchi, and A. Mukherjee, “A survey of communications and networking technologies for energy management in buildings and home automation,” Journal of Computer Networks and Communications, vol. 2012, 2012.
[5] K. Gill, S.-H. Yang, F. Yao, and X. Lu, “A zigbee-based home automation system,” IEEE Transactions on Consumer Electronics, vol. 55, no. 2, pp. 422–430, 2009.
[6] J. Kim, E. S. Jung, Y. T. Lee, and W. Ryu, “Home appliance control framework based on smart TV set-top box,” IEEE Transactions on Consumer Electronics, vol. 61, no. 3, pp. 279–285, Aug 2015.
[7] B. C. Choi, S. H. Lee, J. C. Na, and J. H. Lee, “Secure firmware validation and update for consumer devices in home networking,” IEEE Transactions on Consumer Electronics, vol. 62, no. 1, pp. 39–44, February 2016.
[8] “The Smart Home: intelligent home automation,” https://www.cleverism.com/smart-home-intelligent-home-automation/.
[9] N. E. Petroulakis, I. G. Askoxylakis, and T. Tryfonas, “Life-logging in smart environments: challenges and security threats,” in 2012 IEEE International Conference on Communications (ICC). IEEE, 2012, pp. 5680–5684. [10] G. W. Hart, “Nonintrusive appliance load monitoring,” Proceedings of the IEEE, vol. 80, no. 12, pp. 1870–1891, Dec 1992.