{"title":"A puf-based three-party authentication key establishment scheme for fog-enabled smart home","authors":"Huan Yang , Yajun Guo , Yimin Guo","doi":"10.1016/j.pmcj.2023.101843","DOIUrl":null,"url":null,"abstract":"<div><p>With the rise of Internet of Things<span><span> (IoT), the smart home is another emerging concept and application of IoT, where security and private data of devices are important. In this paper, fog computing<span><span> is applied to the smart home environment, where fog can provide many smart features and services to the smart home. Fog computing has many advantages, such as low latency and real-time interaction. However, when fog computing is combined with smart home, it also faces some security threats: first, some fog nodes and smart home devices are deployed in public places, vulnerable to damage or theft by attackers, not considered fully trusted, and vulnerable to device loss/theft attacks, impersonation attacks, and message tampering attacks, etc. These threats can lead to adversaries controlling devices in the smart home or modifying messages to make smart home devices execute wrong commands, causing irreparable damage; Second, the </span>smart home system<span> should have good real-time interaction, and the authentication process using the low latency feature of fog computing should not be involved by the cloud. Considering these, it is necessary to design a secure and effective fog-enabled smart home </span></span></span>authentication system<span><span> that is secure against various known attacks, especially when the fog node is not fully trusted or the smart home device is captured as well. Finally, the authentication scheme should also be lightweight due to the limited resources of many smart home devices. To address these issues, this paper proposes a lightweight authentication scheme for the fog-enabled smart home system. It also employs a physical unclonable function to achieve mutual authentication among three parties: smart home devices, fog nodes and users. Formal security analysis under the Real-Or-Random model shows that this scheme is </span>provably secure. And informal security analysis shows that our scheme is robust against various known attacks. At the same time, the proposed scheme requires less computation cost (8.239 ms) and is approximately 40% to 390% faster than existing related schemes. Although the communication cost is slightly higher (4512 bits), it is reasonable because the proposed scheme implements fog/gateway node compromised attack that has not been achieved by any other existing related schemes.</span></span></p></div>","PeriodicalId":49005,"journal":{"name":"Pervasive and Mobile Computing","volume":"95 ","pages":"Article 101843"},"PeriodicalIF":3.0000,"publicationDate":"2023-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Pervasive and Mobile Computing","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1574119223001013","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
With the rise of Internet of Things (IoT), the smart home is another emerging concept and application of IoT, where security and private data of devices are important. In this paper, fog computing is applied to the smart home environment, where fog can provide many smart features and services to the smart home. Fog computing has many advantages, such as low latency and real-time interaction. However, when fog computing is combined with smart home, it also faces some security threats: first, some fog nodes and smart home devices are deployed in public places, vulnerable to damage or theft by attackers, not considered fully trusted, and vulnerable to device loss/theft attacks, impersonation attacks, and message tampering attacks, etc. These threats can lead to adversaries controlling devices in the smart home or modifying messages to make smart home devices execute wrong commands, causing irreparable damage; Second, the smart home system should have good real-time interaction, and the authentication process using the low latency feature of fog computing should not be involved by the cloud. Considering these, it is necessary to design a secure and effective fog-enabled smart home authentication system that is secure against various known attacks, especially when the fog node is not fully trusted or the smart home device is captured as well. Finally, the authentication scheme should also be lightweight due to the limited resources of many smart home devices. To address these issues, this paper proposes a lightweight authentication scheme for the fog-enabled smart home system. It also employs a physical unclonable function to achieve mutual authentication among three parties: smart home devices, fog nodes and users. Formal security analysis under the Real-Or-Random model shows that this scheme is provably secure. And informal security analysis shows that our scheme is robust against various known attacks. At the same time, the proposed scheme requires less computation cost (8.239 ms) and is approximately 40% to 390% faster than existing related schemes. Although the communication cost is slightly higher (4512 bits), it is reasonable because the proposed scheme implements fog/gateway node compromised attack that has not been achieved by any other existing related schemes.
期刊介绍:
As envisioned by Mark Weiser as early as 1991, pervasive computing systems and services have truly become integral parts of our daily lives. Tremendous developments in a multitude of technologies ranging from personalized and embedded smart devices (e.g., smartphones, sensors, wearables, IoTs, etc.) to ubiquitous connectivity, via a variety of wireless mobile communications and cognitive networking infrastructures, to advanced computing techniques (including edge, fog and cloud) and user-friendly middleware services and platforms have significantly contributed to the unprecedented advances in pervasive and mobile computing. Cutting-edge applications and paradigms have evolved, such as cyber-physical systems and smart environments (e.g., smart city, smart energy, smart transportation, smart healthcare, etc.) that also involve human in the loop through social interactions and participatory and/or mobile crowd sensing, for example. The goal of pervasive computing systems is to improve human experience and quality of life, without explicit awareness of the underlying communications and computing technologies.
The Pervasive and Mobile Computing Journal (PMC) is a high-impact, peer-reviewed technical journal that publishes high-quality scientific articles spanning theory and practice, and covering all aspects of pervasive and mobile computing and systems.