A Secure Smart Home Authentication Scheme for Remote Users

Abstract

Internet of Things (IoT) technologies have permeated many of the devices used in daily life. Nowhere is this more evident than in smart homes, where regular home appliances are now connected to the internet to gain additional functionality, control and automation of routine tasks. However, like most technologies, convenience often comes at the price of risking user privacy. This paper aims to remedy this security risk by providing the user with a scheme to verify their identity in an anonymous manner. The solution needs to be lightweight and fast since smart home devices are resource constraint. The proposed scheme uses two stages to authenticate remote users, the first is using biometric fingerprints locally on the user’s mobile device and the second relies on user identity (username and password) that are sent to the smart home gateway over a secure VPN tunnel between the mobile device and the gateway. The security of the proposed scheme is verified using the scyther tool which finds security flaws in internet protocols. The performance of the scheme is compared with similar existing schemes in terms of computational cost, and it was found that the proposed scheme achieves a computational cost of 0.02 ms and outperforms all previous schemes in those metrics.