Cronfa - Swansea University Open Access Repository
_____________________________________________________________
This is an author produced version of a paper published in:
IEEE Transactions on Information Forensics and Security
Cronfa URL for this paper:
http://cronfa.swan.ac.uk/Record/cronfa49663
_____________________________________________________________
Paper:
Kumar, P., Braeken, A., Gurtov, A., Iinatti, J. & Ha, P. (2017). Anonymous Secure Framework in Connected Smart
Home Environments. IEEE Transactions on Information Forensics and Security, 12(4), 968-979.
http://dx.doi.org/10.1109/TIFS.2016.2647225
_____________________________________________________________
This item is brought to you by Swansea University. Any person downloading material is agreeing to abide by the terms
of the repository licence. Copies of full text items may be used or reproduced in any format or medium, without prior
permission for personal research or study, educational or non-commercial purposes only. The copyright for any work
remains with the original author unless otherwise specified. The full-text must not be sold in any format or medium
without the formal permission of the copyright holder.
Permission for multiple reproductions should be obtained from the original author.
Authors are personally responsible for adhering to copyright and publisher restrictions when uploading content to the
repository.
http://www.swansea.ac.uk/library/researchsupport/ris-support/
968 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 12, NO. 4, APRIL 2017
Anonymous Secure Framework in Connected
Smart Home Environments
Pardeep Kumar, Member, IEEE, An Braeken, Andrei Gurtov, Senior Member, IEEE,
Jari Iinatti, Senior Member, IEEE, and Phuong Hoai Ha
Abstract— The smart home is an environment, where
heterogeneous electronic devices and appliances are networked
together to provide smart services in a ubiquitous manner to
the individuals. As the homes become smarter, more complex,
and technology dependent, the need for an adequate security
mechanism with minimum individual’s intervention is growing.
The recent serious security attacks have shown how the Internet-
enabled smart homes can be turned into very dangerous spots
for various ill intentions, and thus lead the privacy concerns
for the individuals. For instance, an eavesdropper is able to
derive the identity of a particular device/appliance via public
channels that can be used to infer in the life pattern of an
individual within the home area network. This paper proposes an
anonymous secure framework (ASF) in connected smart home
environments, using solely lightweight operations. The proposed
framework in this paper provides efficient authentication and key
agreement, and enables devices (identity and data) anonymity
and unlinkability. One-time session key progression regularly
renews the session key for the smart devices and dilutes the risk
of using a compromised session key in the ASF. It is demonstrated
that computation complexity of the proposed framework is low
as compared with the existing schemes, while security has been
significantly improved.
Index Terms— Smart home, Internet of Things, anonymity,
key agreement, unlinkability.
I. INTRODUCTION
S
MART home is a technological advancement and concept
for monitoring and controlling home appliances through
intelligent and coordinated networks and technologies. Smart
spaces consist of a plethora of heterogeneous devices, for
instance, multiple cameras, microphones, sensors, actuators,
Manuscript received July 29, 2016; revised November 26, 2016; accepted
December 13, 2016. Date of publication January 2, 2017; date of current
version January 30, 2017. This work was supported in part by the Research
Council of Norway PREAPP Project, under Grant 231746/F20, in part
by the COST Action IC1303-Architectures, Algorithms and Platforms for
Enhanced Living Environments, and in part by the Academy of Finland
Project SECUREConnect under Grant 296693. The associate editor coordi-
nating the review of this manuscript and approving it for publication was
Dr. Sheng Zhong.
P. Kumar is with the Department of Computer Science, University of
Oxford, Oxford OX1 3QD, U.K. (e-mail: pardeep.kumar@cs.ox.ac.uk).
A. Braeken is with Industrial Engineering INDI, Vrije Universiteit Brussel,
1050 Ixelles, Belgium (e-mail: an.braeken@vub.ac.be).
A. Gurtov is with Linkoping University, SE-581 83 Linkoping, Sweden,
and also with ITMO University, 199034 Saint Petersburg, Russia (e-mail
gurtov@acm.org).
J. Iinatti is with University of Oulu, FI-90014 Oulu, Finland (e-mail:
ji@ee.oulu.fi).
P. H. Ha is with the Department of Computer Science, University of
Tromsø-The Arctic University of Norway, N-9037 Tromso, Norway (e-mail:
phuong.hoai.ha@uit.no).
Color versions of one or more of the figures in this paper are available
online at http://ieeexplore.ieee.org.
Digital Object Identifier 10.1109/TIFS.2016.2647225
smart appliances, smart curtains and so on. Such a develop-
ment has been leading individuals to the new era of tech-
nology, and the era of the Internet of things (hereafter IoT)
where all the appliances and devices are getting tiny and
controllable via the Internet, thus enabling people to enjoy
network based services, such as home climate control, energy
management, video on demand, music on demand, remote
healthcare, e-commerce, remote control, and other similar
services [1], [2]. Moreover, the number of smart systems will
dramatically increase as the consumer IoT continues to evolve.
As a consequence, the individual will become more and more
dependent on smart systems.
However, the internal network of a smart environment
consists of a number of different communication and net-
work technologies. Examples of some popular standards and
protocols related to home automation include X10, UPB,
INSTEON, Z-Wave, and ZigBee [3]. X10 and UPB utilize
existing electricity, or a power-line network. INSTEON is
a dual-band mesh network topology employing AC-power
lines and a radio-frequency protocol to communicate with
devices. Particularly, Z-Wave [4] and ZigBee [5] are mostly
utilized technologies, having low-power wireless communica-
tion capability. ZigBee supports a specific home automation
profile, and Z-wave is optimized for the reliable low-latency
communication of small data packets with data rates of up
to 100 Kbps [6].
As a technological convergence, many of the home devices
or appliances are always connected to the Internet over wire-
less communications, within the home area network (HAN).
Connecting smart home appliances to wireless networks and
to the Internet, however, makes individuals vulnerable to
malicious attacks. If the smart devices (e.g., smart lights,
appliances, smart watches, smart meters, smart fridge and
many more) within a smart home are inadequately networked,
that will open the occupant of smart home up to much
wider range of security threats including identity theft, device
counterfeiting, etc. In January 2014, it was, for instance,
discovered that more than 750,000 consumer devices including
home routers, televisions, fridges, thermostats, smart locks,
televisions, and so on, had been compromised and/or spied
on the individual [7]. Another research revealed 250 different
security flaws, which equates to 25 vulnerabilities per smart
device [8]. This is due to the weak security design of the pro-
prietary technologies, and lack of capable security standards
of smart objects [9].
Moreover, the fine-grained data of smart devices (e.g., smart
lights, locks, thermostat, climate sensors, appliances, windows,
1556-6013 © 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
KUMAR et al.: ASF IN CONNECTED SMART HOME ENVIRONMENTS 969
smart television, smart meter information, etc.) are transmitted
via insecure wireless channels in a HAN. Such sensitive infor-
mation may be concealed, controlled and linked without users’
consent. For instance, a non-intrusive load monitoring (NILM)
algorithm could gather home appliances information and iden-
tification (e.g., device identity) from load profiles [10], [11].
In other words, an unauthorized user could take advantage
of NILM algorithm to analyse networked devices within
the home, and hence detect and/or link the individual life
patterns, daily routines, and habits for the sake of profit, theft
and advertisements. This raises, therefore, two main security
concerns: (i) how to network the smart devices/appliances
within a HAN without being identifiable (i.e., anonymity),
and (ii) how to network the smart devices/appliances without
being able to distinguish relationships between two devices
(i.e., unlinkability) in smart home over the public network.
Towards the smart home security, related work mainly
focuses on the device authentication in smart home use-cases
[12]–[18]. However, most of the proposed schemes incurred a
high amount of overhead for authentication [13]–[17]. None of
the schemes are considering anonymity and unlinkability in the
smart homes where the malicious attacker can easily disclose
(and link) the appliances and devices’ identities by utilizing the
NILM algorithm [10], [11], and so breach the home network
security and privacy. It therefore becomes necessary to design
an efficient security framework in connected smart homes
to realize its security protection (considering anonymity and
unlinkability) for the individuals.
In the design of a secure framework for the smart home
environments, providing mutual authentication and key agree-
ment are the required first steps to prevent illegal use of
home appliances and systems. Besides a secure and efficient
authentication, the security framework should satisfy the fol-
lowing merits: (i) Anonymity and unlinkability:Hideof
appliance identity, sensor presence and data-collection activity
from unauthorized tracking. Even a malicious device should
not be able to reveal the identity and relationship of devices
communicating within the home network. (ii) Authentication
and integrity: The source of the information can be corrob-
orated and it is ensured that the protocol information has not
been altered by unauthorized or unknown means. (iii) Low
communication cost and computation complexity: Usually,
a battery-powered smart device generally has severe resource
constraints on its ability to process and communicate data.
As a result, the secure framework must take communication
and computation efficiency into consideration. (iv) Security
safeguard: The secure framework should have ability to resist
possible attacks (e.g., replay attack, impersonation attack) such
that it can be applied in the real home environments.
Considering the above mentioned security merits, we design
and implement an anonymous secure framework (ASF) for
the smart home environments. In the proposed ASF, the smart
devices/appliances can communicate with the home gateway
in a HAN, while providing the above mentioned security
services. The main contributions are in three-fold, as follows.
• First, we present a novel ASF scheme that is very light-
weight and efficient, reducing significantly computation
and communication cost. To the best of our knowledge,
the new ASF scheme is the first scheme that considers
the anonymity and unlinkability in the smart homes.
Inspired by the fact of smart home use-cases, which are
of very sensitive and multidimensional nature, the ASF
scheme utilizes hashing and symmetric cryptosystems to
achieve device anonymity, efficient authentication and key
agreement between two communicating devices within
the home area network. Compared with the existing
schemes, it leads to significantly reduced computation and
communication cost.
• Second, we conduct simulation for formal security analy-
sis of the security strength and anonymity of the new
ASF scheme. In particular, we use AVISPA (automated
verification of Internet security protocol and application)
tool that has been widely used by the standardisation
bodies (e.g., Internet Engineering Task Force (IETF)),
and by the academic research to verify security of the
protocols (e.g., [18], [19]). In addition, we use BAN logic
to formally verify that the smart devices within the HAN
are semantically achieve the security goals.
• Finally, we conduct comparative performance analysis of
the new ASF scheme, showing that the proposed ASF
requires indeed lower computational and communica-
tional costs than [17], [20].
The rest of this paper is organized as follows. Section II
reviews the related work in smart home use-cases security.
Section III presents the system model, assumptions, and nota-
tions, and Section IV presents the proposed anonymous secure
framework (ASF). Section V introduces security analysis
based on the AVISPA tool, the BAN-logic and informal analy-
sis, and Section VI discusses performance analysis. Finally,
in Section VII we draw the conclusion.
II. R
ELATED WORK
Hoang-Pishva suggested a TOR-based anonymous commu-
nication approach to secure smart home appliances in [12].
Usually the Internet users use TOR as an Internet browser,
which operates as an anonymous browser where only those
surfing activities done within the browser are anonymized, but
authentication is not being performed. Moreover, the scheme
utilizes public-key cryptography, which is quite expensive
for resource hungry devices. Vaidya et al. [17] proposed
a device authentication mechanism for smart energy home
area networks. Based on elliptic curve cryptography (ECC),
each device obtains an implicit certificate from the certificate
authority. The mutual authentication is being performed and a
session key is established between two involved entities, where
devices’ identities are being used as a plain-text. Authors
claimed their scheme is efficient compared to other existing
schemes. However, security analysis did not provide details.
Kumar et al [18] introduced lightweight and secure ses-
sion key establishment scheme for smart home environments.
A short authentication token is used to verify the legitimacy of
the smart devices. Authors claimed that the scheme is secure
against various popular attacks, such as denial-of-service and
eavesdropping attacks. However, in [18], the home gateway is
required to store the smart device secret keys in a table and
anonymity and unlinkability are not considered. Santoso and
970 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 12, NO. 4, APRIL 2017
Vun [20] suggested a strong security in IoT for smart home
systems considering user convenience in operating the system.
The protocol uses ECC due to its high security level per key
size, while the use of pre-shared secret keys (K) removes the
need to establish additional public key infrastructure for the
system. After the authentication process is done, both parties
(i.e., sender and receiver) can use the Elliptic Curve Diffie
Hellman (ECDH) primitive to create a shared key for the
subsequent symmetric encryption.
Ayday and Rajagopal [21] noticed that the existing HAN
technologies, for instance, ZigBee, Z-wave, and INSTEON
support security only up to a certain level. For the smart
grid-enabled HAN, authors introduced three different secure
device authentication mechanisms: (i) authentication mecha-
nism between the gateway and the smart meter; (ii) authen-
tication between the smart appliances and the HAN; and
(iii) authentication between the transient devices and the HAN.
To execute authentication, the schemes are depending on
Internet service provider [21]. Logue et al [22], proposed
a multi-tiered authentication method for facilitating secure
communication amongst smart home devices and cloud-based
server. The scheme exploits the client-server architecture
where the remote server may provide or refuse access to the
client device based on a level of authentication of the client
device. Here, level of authentication means the client device
may authenticate its identity using different device credentials
or other characteristics/relationships. For details, the reader
may refer to [22].
A dynamic and energy aware authentication scheme for
smart home appliances in Internet of Things (DAoT) is
presented in [23]. DAoT focuses on authentication of iden-
tification of Internet of Things (loT) device for accessing
loT network. Authors find key operations for authentication:
key establishment (KE), message authentication code (MAC)
operation and handshake. The KE operation securely derives
confidential keys for cryptographic mechanisms. The MAC
verifies integrity and authentication using the secret keys
and cryptographic mechanisms [23]. However, anonymity and
unlinkability are not the focus of the Kim et al scheme [23].
Premarathne [24] proposed a novel context-aware multi-
attribute continuous authentication model for secure energy
utilization management in smart homes. The scheme uses
location and the critical nature of the tasks as the contextual
information for supporting information allowing the selection
of authentication attributes. The usefulness of the proposed
solution is validated using real-world data sets.
A framework for maintaining security and preserving pri-
vacy for analysis of sensor data from smart homes is proposed
in [25]. The main focus of Chakravorty et al [25] is the
data security instead of the device anonymity. Ryu and Kwak
[26] proposed a secure data access control scheme for smart
homes. The scheme [26] authenticates all devices registered
to a smart home and provides safe access control of the
data while excluded the unlinkability. Moreover, the traditional
authentication protocols [27]–[30] use two/three factor based
authentication. However, the main focuses of the traditional
authentication schemes are the human interventions by means
of the password and/or biometric utilizations. The difference
Fig. 1. System model for Home area network (HAN).
between these [27]–[30] protocols and smart home setting is
that the authentication procedure needs to be automatically
activated by the devices (for instance, the appliances, sensors,
actuators, etc. ), which does not involve any human interaction.
III. SYSTEM MODEL,ATTACK MODEL AND ASSUMPTIONS
In this section, we formalize the system model for the smart
home, notations and the assumptions used in the ASF.
A. System Model
A smart home is a tiny intelligent world that provides
services to the inhabitants. Our system model is similar to the
scheme proposed in [18], [20], and [31]. As shown in Fig. 1,
we consider a typical home area network (HAN), which com-
prises of a number of heterogeneous devices (e.g., device A,
device B, and so on) connected to a common gateway.
1) Home Area Network (HAN): This involves mainly three
entities, the device (A), the home gateway (HG), and the
service provider (SP), as follows.
• The device A (smart object and/or smart appliance) is
integrated with the sensor network functionality. The
device A is often restricted in terms of computational
power, bandwidth, and memory, requiring very efficient
operations from the side of the device.
• The home gateway (HG) is connected with a large num-
ber of smart devices, appliances, and with the outer world
via the Internet. The HG, mainly performs two functions:
aggregation and relaying. The aggregation component
is responsible for collecting sensor data and controlling
home devices, while the relaying component helps to
transmit the device data to the individuals, when they are
out of the home. For ease in notation, we here consider
the situation that there is only one HG responsible for
all the devices. Nevertheless, the protocol is described in
such a way that extension is easily possible in the HAN
use-cases since the identity of the HG is involved.
• As in [18], the security service provider (SP) is a trusted
server, and is responsible for generating, distributing the
secret keying material and cyrptosystems to the smart
home devices and the HG.
2) Communication Model: In the HAN, typically, the
smart device communicates to the HG through the HAN
protocol, e.g., ZigBee. Whereas, the HG utilizes mainly
two wireless interfaces: (i) a short-range wireless interface
(e.g., IEEE 802.15.4) maintains the connection with in the
internal (smart) devices, and (ii) a long-range communication
KUMAR et al.: ASF IN CONNECTED SMART HOME ENVIRONMENTS 971
TABLE I
SYMBOLS AND DESCRIPTIONS
interface (e.g., Wi-Fi/GPRS) maintains a connection with the
outer world via the Internet [18].
3) Attack Model: We consider the Dolev-Yao attack
model [32], where the attacker is able to eavesdrop on the
traffic, inject new messages, replay and change messages, or
spoof other identities. In addition, the attacker may come
from inside or outside the network. However, their goals
might be to obtain illegitimate data access or control to the
smart home devices, to perform service degradation or denial
of service. It must be mentioned that a complete protection
against these types of attacks is inherently very difficult.
A minimal requirement is that detection mechanisms should
be incorporated.
4) Assumptions:
• Consider a typical use-case in a smart home environment,
where a climate sensor needs to provide its sensing
information to the HG on a temporary basis or when
substantial changes are notified.
• The SP and the HG are trusted entities and have no
restrictions with respect to computation power and mem-
ory. In addition, both (the HG and SP) are considered to
be tamper proof.
• The HG and the device A are having identical symmetric
cryptographic systems, which are assumed to be secured
(e.g., encryption, decryption and hash function).
Table I shows the notations and descriptions, which are used
throughout the paper.
IV. ANONYMOUS SECURE FRAMEWORK (ASF)
This section proposes an anonymous secure framework for
connected smart home. Different phases are distinguished:
system setup, installation of devices, and the actual key
establishment phase. We now discuss the construction of each
of them into more detail, as follows.
A. System Setup Phase
This phase invokes offline. Let x and y be two high entropy
secrets chosen by the SP. For a given HG with identity
id
G
, the SP computes H (xy), H (id
G
H (x)). Finally, the SP
stores secret parameters y, id
G
, H (xy), H (id
G
H (x)) to the
memory of the HG.
B. Installation Phase of the Devices
Before deploying a smart device (e.g., Device A) into the
HAN, it (Device A) should be registered and obtained secret
credentials at the SP. In any other case, for a given device A
with identity id
A
, the SP computes
K = H (yH (id
G
H (x))α)
A
i
= E
K
(id
A
N)
B
i
= H (xy) ⊕ A
i
Here, α is an unique authentication token and N denotes the
number of times a device A with identity id
A
requests an
installation. If this number reaches a threshold, the SP may
decide to refuse an installation. However, the basic idea behind
this construction of the parameters A
i
and B
i
is that A
i
should
be only computable by the legitimate HG. The device A stores
the parameters B
i
and H (A
i
), which are used during the key
agreement. Given the parameter B
i
by the device A, the HG
can derive A
i
and thus also a shared value corresponding
to H (A
i
). The reason why A
i
is constructed by means of
akeyK , which compromises of information only known to
one particular HG, is to avoid that this HG would be able to
construct new devices for potentially other HGs in the field.
Finally, in order to conclude the installation phase, the
device stores the values id
G
, H (x), H (A
i
), B
i
,α,id
A
in mem-
ory. The SP also can keep track of the identity of the
device id
A
, together with the parameters α and N .
C. Key Establishment
The key establishment between the device A and the HG
consists of three steps, containing of two communication
passes and one final computation step. As assumed, the
initiation of the protocol starts from the device A.
1) A → HG : The device A generates a random number
R
A
and then it computes the following parameters.
V
1
= H (id
G
H (x)) ⊕ R
A
⊕ T 1
CID
i
= B
i
⊕ H (H (id
G
H (x))R
A
T 1)
TK = H ( A
i
) ⊕ R
A
C
1
= E
TK
[id
A
id
G
NαT 1]
Here the device A derives a temporary key (TK =
H (A
i
) ⊕ R
A
). T 1 is the current timestamp of the
device A. Next, A sends V
1
, CID
i
, C
1
, T 1 to the HG.
2) HG → A : Upon receiving the message, the HG starts
following operations:
(T 2 − T 1) ≤ T ; if not true then abort
R
A
= V
1
⊕ H (id
G
H (x)) ⊕ T 1
B
i
= CID
i
⊕ H (H (id
G
H (x))R
A
T 1)
A
i
= B
i
⊕ H (xy)
TK
∗
= H (A
i
) ⊕ R
A
D
TK
∗
[C
1
] and obtain id
∗
A
,
id
∗
G
, N
∗
,α
∗
, T 1
∗
Check if id
G
== id
∗
G
, T
1
== T 1
∗
Check id
∗
A
, N
∗
by A
i
== E
K
(id
∗
A
N
∗
)
If the checks on id
∗
A
, id
∗
G
, N
∗
, T 1
∗
are positive, the
device A with real identity id
A
is authenticated and