Anonymous Secure Framework in Connected Smart Home Environments Abstract
The smart home is an environment where heterogeneous electronic devices and appliances are networked together to provide smart services in an ubiquitous manner to the individuals. As the homes become smarter, more complex and technology dependent, the need for an adequate security mechanism with minimum individual’s intervention is growing. The recent serious security attacks have shown how the Internetenabled smart homes can be turned into very dangerous spots for various ill intentions, and thus lead the privacy concerns for the individuals. For instance, an eavesdropper is able to derive the identity of a particular device/appliance via public channels that can be used to infer in the life pattern of an individual within the home area network. This paper proposes an anonymous secure framework (ASF) in connected smart home environments, using solely lightweight operations. The proposed framework in this paper provides efficient authentication and key agreement, and enables devices (identity and data) anonymity and unlinkability. One-time session key progression regularly renews the session key for the smart devices and dilutes the risk of using a compromised session key in the ASF. It is demonstrated that computation complexity of the proposed framework is low as compared to the existing schemes, while security has been significantly improved
The main contributions are in three-fold, as follows. _ First, we present a novel ASF scheme that is very lightweight and efficient, reducing significantly computation and communication cost. To the best of our knowledge, the new ASF scheme is the first scheme that considers the anonymity and unlinkability in the smart homes. Inspired by the fact of smart home use-cases, which are of very sensitive and multidimensional nature, the ASF scheme utilizes hashing and symmetric cryptosystems to achieve device anonymity, efficient authentication and key agreement between two communicating devices within the home area network. Compared with the existing schemes, it leads to significantly reduced computation and communication cost. _ Second, we conduct simulation for formal security analysis of the security strength and anonymity of the new ASF scheme. In particular, we use AVISPA (automated verification of Internet security protocol and application) tool that has been widely used by the standardisation bodies (e.g., Internet Engineering Task Force (IETF)), and by the academic research to verify security of the protocols (e.g., , ).
Hoang-Pishva suggested a TOR-based anonymous communication approach to secure smart home appliances in . Usually the Internet users use TOR as an Internet browser, which operates as an anonymous browser where only those surfing activities done within the browser are anonymized, but authentication is not being performed. Moreover, the scheme utilizes public-key cryptography, which is quite expensive for resource hungry devices. Vaidya et al.  proposed a device authentication mechanism for smart energy home area networks. Based on elliptic curve cryptography (ECC), each device obtains an implicit certificate from the certificate authority. The mutual authentication is being performed and a session key is established between two involved entities, where devices’ identities are being used as a plain-text. Authors claimed their scheme is efficient compared to other existing schemes. However, security analysis did not provide details. Kumar et al  introduced lightweight and secure session key establishment scheme for smart home environments. A short authentication token is used to verify the legitimacy of the smart devices. Authors claimed that the scheme is secure against various popular attacks, such as denial-of-service and eavesdropping attacks. However, in , the home gateway is required to store the smart device secret keys in a table and anonymity and unlinkability are not considered. Santoso- Vun  suggested a strong security in IoT for smart home systems considering user convenience in operating the system. The protocol uses ECC due to its high security level per key size, while the use of pre-shared secret keys (K) removes the need to establish additional public key infrastructure for the system. After the authentication process is done, both parties (i.e., sender and receiver) can use the Elliptic Curve Diffie Hellman (ECDH) primitive to create a shared key for the subsequent symmetric encryption.
Connected smart home environments offer enriched services and information for individuals. Such homes are heterogeneous and dynamic: they contain smart devices to enable individuals to enjoy network based services, such as climate control, energy management, home healthcare, and so on. However, device anonymity and unlinkability are actual challenges, where an unauthorized entity can identify the home devices (e.g., appliances, etc.) identities, sensors presence, and data-collection activities by network tracking. This paper therefore defined a set of desirable properties for securing the smart home environments and presented an anonymous secure framework (ASF) for the connected smart homes. The proposed framework realized anonymity and unlinkability, authentication and integrity, established mutual trust relationships via the lightweight operations, and achieved session freshness dynamically. It indicated that the ASF is suitable for the next-generation smart home environments.
 Y. T. Lee, W. H. Hsiao, C. M. Huang, and S. C. T. Chou, “An integrated cloud-based smart home management system with community hierarchy,” IEEE Transactions on Consumer Electronics, vol. 62, no. 1, pp. 1–9, February 2016  J. E. Kim, G. Boulos, J. Yackovich, T. Barth, C. Beckel, and D. Mosse, “Seamless integration of heterogeneous devices and access control in smart homes,” in Proceedings of the 2012 Eighth International Conference on Intelligent Environments, ser. IE ’12, 2012, pp. 206–213.  C. Gomez and J. Paradells, “Wireless home automation networks: A survey of architectures and technologies,” IEEE Communications Magazine, vol. 48, no. 6, pp. 92–101, 2010.  A. Kailas, V. Cecchi, and A. Mukherjee, “A survey of communications and networking technologies for energy management in buildings and home automation,” Journal of Computer Networks and Communications, vol. 2012, 2012.  K. Gill, S.-H. Yang, F. Yao, and X. Lu, “A zigbee-based home automation system,” IEEE Transactions on Consumer Electronics, vol. 55, no. 2, pp. 422–430, 2009.  J. Kim, E. S. Jung, Y. T. Lee, and W. Ryu, “Home appliance control framework based on smart TV set-top box,” IEEE Transactions on Consumer Electronics, vol. 61, no. 3, pp. 279–285, Aug 2015.  B. C. Choi, S. H. Lee, J. C. Na, and J. H. Lee, “Secure firmware validation and update for consumer devices in home networking,” IEEE Transactions on Consumer Electronics, vol. 62, no. 1, pp. 39–44, February 2016.  “The Smart Home: intelligent home automation,” https://www.cleverism.com/smart-home-intelligent-home-automation/.  N. E. Petroulakis, I. G. Askoxylakis, and T. Tryfonas, “Life-logging in smart environments: challenges and security threats,” in 2012 IEEE International Conference on Communications (ICC). IEEE, 2012, pp. 5680–5684.  G. W. Hart, “Nonintrusive appliance load monitoring,” Proceedings of the IEEE, vol. 80, no. 12, pp. 1870–1891, Dec 1992.