PUF-Assisted Lightweight Group Authentication and Key Agreement Protocol in Smart Home

Xia, Yandong; Qi, Rongxin; Ji, Sai; Shen, Jian; Miao, Tiantian; Wang, Huaqun

doi:https://doi.org/10.1155/2022/8865158

Wireless Communications and Mobile Computing

On this page

Abstract Introduction Preliminaries System Model Conclusion Data Availability Disclosure Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Rethinking Authentication on Smart Mobile Devices 2020

View this Special Issue

Research Article | Open Access

Volume 2022 | Article ID 8865158 | https://doi.org/10.1155/2022/8865158

PUF-Assisted Lightweight Group Authentication and Key Agreement Protocol in Smart Home

Yandong Xia,^1,2Rongxin Qi,^1,2Sai Ji,^1,2Jian Shen ,^1,2,3Tiantian Miao,^1,2and Huaqun Wang⁴

Academic Editor: Yin Zhang

Received11 Aug 2020

Revised18 Jan 2021

Accepted25 Feb 2022

Published24 Mar 2022

Abstract

Various IoT-based applications such as smart home, intelligent medical, and VANETs have been put into practical utilization. The smart home is one of the most concerned environments, allowing users to access and control smart devices via the public network remotely. The smart home can provide many intelligent services for users through these smart devices. To securely access devices and obtain collected data over the public network, multifactor authentication protocols for smart home have gained wide attention. However, most of these protocols cannot withstand impersonation attack, smart device lost attack, privileged-insider attack, smart card lost attack, and so on. Besides, high communication and computational costs weaken the system performance, which leads to most authentication protocols are not suitable for resource-constrained smart devices. To mitigate the aforementioned drawbacks, we proposed a PUF-assisted lightweight group authentication and key agreement protocol to implement secure access to multiple devices in the smart home simultaneously using the Chinese Remainder Theorem and secret sharing technique. Our protocol also utilizes physical unclonable function (PUF) and fuzzy extractor technique to extract the digital fingerprint of the smart devices, which can uniquely validate smart devices and protect the secrets stored in their memory. Our protocol can support various security features and withstand the many well-known attacks in the smart home. The performance analysis indicates that the proposed protocol can efficiently reduce communication/computational costs when the user simultaneously accesses multiple devices.

1. Introduction

With the rapid development of the Internet of Things (IoT) technology, various IoT-based applications such as smart home, intelligent medical, and VANETs have emerged. In these applications, the smart home has gained wide attention in recent years due to its convenience, efficiency, and other properties, providing basic and practical home control services for users. The smart home is a dwelling that connects major appliances and services and permits them to be accessed via the public network [1]. In most existing schemes, the smart home is usually composed of user equipment (e.g., smartphone), home gateway (HG), and lots of smart devices (e.g., surveillance camera, lighting controller, and temperature sensors) [2]. The smart devices are interconnected to collect the data in the smart home and interact with users via the public network. HG acts as the communication medium between the user and smart devices.

Smart devices are generally easy to suffer from various attacks such as impersonation attack, physical device lost attack, and privileged-insider attack during the execution of the protocol. Once these devices are broken, user privacy will be compromised. For example, unauthorized users may access the surveillance cameras and control them to monitor smart home residents. In addition, most of these IoT devices such as sensors have limited resources to execute complex computational operations [3, 4]. In recent years, many Elliptic Curve Cryptography- (ECC-) based schemes [5, 6] have been proposed to enhance authentication security. However, these schemes generally require to perform complex computational operations, which are not suitable for resource-constrained devices. Some schemes also cannot provide most security features and functionalities such as user anonymity, perfect forward secrecy, and dynamic device addition. To solve the security and privacy issues in IoT environments, a large number of authentication schemes have been proposed [7–9]. In most of the existing schemes, the computational and communication costs are too high to be suitable for resource-constrained [8] devices. If the user wants to access multiple smart devices simultaneously, it is necessary to verify the authenticity of user identity frequently and send access requests to correspond with smart devices in a short time, which may lead to network delay and even congestion. Therefore, it is crucial to design an efficient and lightweight authentication scheme to establish the secure session key between the user and smart devices in the smart home. Group authentication schemes are put forward to solve aforementioned issues. Group authentication schemes based on secret sharing can authenticate multiple smart devices belonging to the same group simultaneously.

Besides, the traditional read-only memory- (ROM-) based authentication techniques have the characteristic of expensive power consumption and nonvolatile memory, which are vulnerable to external attacks [10]. Physical unclonable function is a promising hardware primitive that can be utilized for lightweight authentication and secret key storage, which extracts the unique physical property from the integrated circuits (IC) [11]. Each IC has different physical characteristics even if they are identical in function. The secrets derived from IC through PUF are actually different due to the variability in manufacturing. PUF can handle the inherent weaknesses successfully existing in the traditional ROM-based authentication techniques. PUF technique can be utilized to distinguish the smart devices and prevent them from being attacked, cloned, and forged by the adversary. However, changes in the environment around smart devices may affect the digital circuit, which leads to errors in the output of the PUF function. In order to improve the fault tolerance rate of the PUF function, the fuzzy extractor has been widely used to correct errors in the PUF function [12].

Considering the security of the parameters stored in the smart devices, PUF is utilized to prevent stolen device attack. PUF can be utilized to assist smart devices to generate a biometric key, which efficiently protects the security smart devices [12]. Therefore, we propose a PUF-assisted lightweight group authentication and key agreement protocol in the smart home. Our protocol supports many well-known features such as untraceability, user anonymity, and forward secrecy. The smart devices are allowed to join or leave the group dynamically.

1.1. Our Contributions

(i)A PUF-assisted lightweight group authentication and key agreement protocol in the smart home is presented in our paper. Our protocol is suitable for the resource-constrained smart devices only using lightweight operation and symmetric cryptography. The secret sharing technique and Chinese Remainder Theorem are utilized to establish the group session key between the user and smart devices(ii)The security of our protocol is proved under the widespread ROR model [13]. The formal security analysis shows that our protocol is semantically secure. Other discussions on security show that the proposed protocol can guarantee many security features such as untraceability and user anonymity and also can withstand most known attacks(iii)The dynamic joining and leaving of smart devices from deployed network are both supported by the proposed protocol. The illegitimate smart devices fail to attain the group key without the secret share. The new smart device just registers itself before joining the deployed network(iv)The physical security of smart devices is guaranteed by physical unclonable function technology. The output of PUF depends on the physical fingerprint of the physical device. PUF has the characteristics of tamper-resistant, unclonability, and unpredictability(v)The issue of repeated authentication of the same user who accesses the multiple smart devices simultaneously is solved. The performance analysis indicates that the protocol effectively reduces resource costs compared with other protocols

1.2. Related Work

1.2.1. Authentication

Smart home allows the authorized users to remotely access devices and obtain information collected by these devices. To address security and privacy issues in IoT, a large number of researchers [14–16] have studied many authentication schemes for the smart home.

In 2011, Vaidya et al. proposed a novel authentication and key establishment mechanism based on ECC. Although their scheme satisfies more security requirements compared to previous schemes, their scheme is not suitable for resource-constrained home area networks. Therefore, many schemes focus on providing more security features while they are not suitable for resource-constrained devices. To solve communication security issues in WSNs, Xue et al. [14] utilized temporary credentials to implement authentication between the user and sensing nodes for WSNs in 2013. Their scheme is lightweight to be suitable for the sensing nodes using hash function and bit-wise XOR operations. However, He et al. [15] thought their scheme fails to resist offline password guessing attack, impersonation attack, and tampering attack. In 2013, He et al. [17] proposed an improved authentication scheme that overcomes the security threats in Xue’s scheme and only increases little computational cost. In 2014, Turkanovic et al. [17] focused on a scenario where the user accessing a single targeted sensor in WSNs does not need to interact with HG. Meanwhile, Kalra and Sood [18] found that Xue’s scheme is vulnerable to smartcard lost attack. Kalra and Sood [18] proposed a novel authentication scheme based on password and smartcard, which can resist most known attacks and has a lower cost than other schemes. However, their scheme does not consider resisting sensing node capturing attack and privileged-insider attack. In 2018, Shen et al. [19] adopted the cloud to enhance the capabilities of devices and established a lightweight authentication scheme without certificates for WBANs.

The devices in the IoT environment have similar features to the sensing nodes in traditional WSNs. Due to the heterogeneity and dynamics of IoT devices, the higher security and privacy requirements need to be satisfied in the IoT environment. Kumar et al. [16] proposed an anonymous authentication framework for smart home only using hash function and symmetric cryptography. Kumar et al. firstly considered the features of anonymity and unlinkability for smart home, and their scheme can resist many known attacks. Challa et al. [20] proposed a novel signature-based authenticated key establishment scheme for the generic IoT environment. The user can not only communicate with smart devices but also with other users through HG. In 2018, Srinivas et al. [21] proposed an anonymous three-factor authentication and key agreement scheme which supports credentials update, user revocation, and new devices addition. However, Gope et al. [22] thought the sensitive information stored in the memory of smart devices may be compromised to the adversary by the side-channel attack. The adversary then obtains the sensitive information and traces all the access users in previous communications. Besides, most smart devices are not tamper-evident so that the adversary can intercept the communication messages and impersonate legitimate devices.

1.2.2. Group Authentication

The concept of group authentication is proposed to implement identity authentication among group members at a time. Many group-based authentication schemes are also proposed to improve the efficiency of group communication. In 2013, Harn [23] and Liu et al. [24] both proposed an improved group authentication protocol for group-oriented applications based on secret sharing. In 2016, Li et al. [25] thought that Harn’s protocol fails to support key agreement during the authentication process and cannot resist replay attack and man-in-middle attack. They proposed an improved group authentication and key agreement protocol for MTC in LTE-A networks, which supports dynamical policy updating and provides strong security properties compared to previous work. In 2019, Cui et al. [26] proposed an efficient signature-based group authentication scheme for vehicular ad hoc networks (VANETs). RSU can efficiently update the group key generated by two hash chains to exclude malicious vehicles from the group. In 2020, Zhang and Lee [27] provided an efficient group authentication scheme based on the group signature technique, which protects the integrity of blockchain-based mobile-edge computing (BMEC). In this paper, we propose a secure and efficient group authentication protocol for smart home based on the PUF and secret sharing technique. Currently, most of these protocols cannot withstand smart device lost attack and smart card lost attack. Besides, high communication and computational cost leads to most authentication protocols are not suitable for resource-constrained smart devices.

1.2.3. PUF Technology

Recently, PUF technology is introduced to resist the aforesaid issues. Most existing authentication protocols are designed based on tamper-evident PUF [28–35] to prevent the physical attack. Wallrabenstein [28] proposed an ideal PUF-based authentication protocol to provide cost-effective tamper resistance for resource-constrained devices in IoT, which minimizes the probability of private key disclosure. To resist denial and masquerading attacks, Chatterjee et al. [31] used PUF’s response to replace the public identity string used for message encryption and disabled the public key generator in the scheme, allowing the receiving node to generate its own public and private keys and the server to verify the public key. In order to solve the problems of man-in-the middle attack and replay attack under DY security model, Braeken [32] used elliptic curve addition and multiplication to replace bilinear pair operation and realized identity-based authentication. Chatterjee et al. [33] combined IBE, PUF, and message authentication code to propose a low-power, low-latency authentication, and key agreement protocol that solves the database storage overhead and successfully defies man-in-the-middle attacks. Gope et al. [29] proposed a lightweight anonymous authentication protocol based on ideal PUF. They subsequently took the effects of noise on PUF into account and enhanced the authentication protocol to support noisy PUF. They utilized other prestored pseudo identities and challenge-response pairs to ensure the security of the protocol when suffering from DoS attacks. Furthermore, Tiplea and Hristea [30] pointed that most existing PUF-based authentication protocols cannot protect security and privacy in IoT under corruption with temporary state disclosure, while some important temporary variables are not protected by PUF. Therefore, they proposed a general method to protect the temporary variables and utilized it to fix the flaws existing in the previous PUF-based authentication protocols. Li and Liu [34] optimized the existing RFID authentication protocol based on double PUF. They proposed a protocol that can meet the untraceable, successfully resist desynchronization attacks and tag impersonation attacks, and has better security and privacy. PUF-based authentication schemes are threatened by powerful machine learning attacks. Chen et al. [35] show that the “availability” and “reliability” features of Shamir’s secret sharing (SSS) can be applied to address the security issue. They presented a mutual authentication protocol where no response is exposed to the adversary and can avoid the use of cryptographic algorithms and error correcting codes. The current PUF-based authentication protocol can resist internal attacks, but it is still affected by external environment, resulting in PUF function output errors. How to improve the fault tolerance rate is an urgent problem to be solved.

2. Preliminaries

2.1. Chinese Reminder Theorem [36]

It is assumed that there are prime positive integers . Let be the product of prime positive integers as and , where . Let be the modular multiplicative inverse of and satisfy . Then, let be any positive integers. Equation (1) has a unique general solution mod .

The general solution of Equation (1) is calculated in Equation (2).

2.2. Physical Unclonable Function [28]

PUF which is based on complex physical system is a function (). The challenges and their corresponding responses are called challenge-response pairs. PUF has the following properties: (1)Unclonable. For all , there is no function satisfying . The probability of duplicating function with a cloned function in probabilistic polynomial time (PPT) is negligible(2)Computable. It is feasible to compute in probabilistic polynomial time for all (3)Unpredictable. For all , the probability of the adversary correctly guessing response of the function corresponding to challenge in probabilistic polynomial time is negligible. The output of the function is a random string uniformly chosen from (4)Tamper-Proofing. For all , even the Hamming distance between and is equal to ( is sufficiently small) or less; the probability of outputting the similar results is negligible. Therefore, PUF is able to resist tampering attacks

2.3. Fuzzy Extractor [5]

The fuzzy extractor takes a low-entropy value containing noise as inputs and outputs the same uniform random value as long as inputs values are close. The fuzzy extractor is utilized to extract the user’s biometric information and the smart device’s information. It is assumed that fuzzy extractor is composed of two algorithms defined in a tuple .

Gen(): it is a probabilistic algorithm. The user takes his/her biometrics from the metric space as , and the algorithm outputs the biometric key and the public parameter .

Rep(): it is a deterministic algorithm. takes the biometrics , reproduction parameter , and as the input ( is the fault tolerance value and sufficiently small). The algorithm can reproduce the biometric key as , where the Hamming distance between twice inputs is or less.

3. System Model and Definitions

3.1. System Model

The authentication protocol in the smart home consists of the user , home gateway (HG), smart devices , and registration center (RC). All the entities are defined as shown in Figure 1. (i). RC is usually considered as a trusted registration center. It mainly has two functions including registering the user, HG, and smart devices and generating parameters for smart devices securely(ii). It is a trusted entity and cannot be compromised by the adversary . It acts as the communication medium between the user and smart devices in the smart home and is responsible for reconstructing secrets for smart devices during the authentication phase(iii). The user utilizes a smartphone or other smart devices which are referred to as user equipment . The user equipment has capability to extract ’s biometrics and verify the authenticity of ’s identity. can access smart devices after registering at the RC(iv). Smart devices can execute the commands and collect all kinds of information in the smart home. It is assumed that may attain authentication credentials stored in the smart devices through side-channel attack [21]. PUF technique can be utilized to identify the smart device due to the inherent physical characteristic. All the smart devices have the PUF module which protects them from device capturing attack. Therefore, each smart device cannot be forged physically by the adversary

3.2. Threat Model

It is assumed that the adversary in our protocol has same capabilities as the adversary in Dolev-Yao (DY) threat model [37–39]. The capabilities of in our protocol are enumerated as follows: (i) can eavesdrop, intercept, modify, inject, and delete all the messages transmitted via the public network(ii) can store or resend all the messages which are intercepted or forged(iii) can impersonate as the legitimate user or the smart device to participate in the authentication process during the execution of the protocol(iv) can obtain the credentials stored in the user equipment and launch various types of attacks on the protocol. However, the group session key cannot be compromised to the adversary during the execution of the protocol

In addition, the adversary also has partial abilities in CK-adversary model proposed by Canetti and Krawczyk [40, 41]. Under the CK-adversary model, the reveal of ephemeral state information or other sensitive information has no influence on the security of sessions and long-term secrets. It is necessary to be guaranteed that the security of other sessions cannot be broken even though ephemeral secrets are compromised.

4. Our Proposed Protocol

We firstly introduce an overview of the protocol. A detailed description of the protocol is then presented in this section.

4.1. Overview of the Protocol

We propose a PUF-assisted lightweight group authentication and key agreement protocol in the smart home. The proposed protocol mainly includes four types of entities: RC, HG, user equipment, and smart devices.

In our protocol, RC plays the role of registration center. RC is responsible for registering other devices. HG acts as an intermediate device between the user equipment and smart devices and reconstructs the secret for a group of smart devices. Each user has a smartphone or terminal equipment that can read and verify a user’s credential. During the login and authentication phase, the user sends the request to HG, and then, HG forwards the requests to a group of target smart devices. After a series of authentication, smart devices generate corresponding responses and send them to HG; HG encrypts the smart devices’ responses and forwards them to the user. The user’s shared group session key with a group of legal smart devices is securely established. Besides, the user has abilities to update personal password and biometrics locally. To resist replay attack, we assume that all the entities (i.e., users, HG, smart devices) are synchronized with the clock, and the maximum communication delay is .

The detailed notations and corresponding descriptions are summarized in Table 1.

4.2. Smart Device Registration Phase

The smart device registration is executed securely in the section. To prevent device capturing attack launched by the adversary, each smart device generates the physical fingerprint based on the physical unclonable function and fuzzy extractor to protect the credentials stored in its memory.

4.2.1. SDRP1

The smart device , utilizes the PUF and fuzzy extractor to extract the information to register itself. The smart device firstly selects a random nonce and compute . The digital circuits of the smart devices may be influenced by the changes in the external environment, which results in errors in the output of the PUF function. Therefore, the fuzzy extractor is utilized to reduce errors existing in the physical unclonable function. computes to generate secret and sends to RC securely.

4.2.2. SDRP2

When receiving the registration request from smart device , , RC chooses the identity for each smart device and randomly selects a polynomial of degree : , such that all the coefficients ., and are in finite field . RC computes and ( is public system information related to the smart device ). RC randomly selects a prime positive integer , corresponding to smart device . Then, RC computes , , ., and (, ). Finally, RC calculates , and sends to corresponding smart device securely.

4.3. User Registration Phase

The user must register himself at RC when he wants to access the smart home remotely through HG. As shown in Figure 2, the detailed registration process is executed in the following steps.

4.3.1. URP1

firstly chooses an identity and high entropy password and imprints personal biometric information using the fuzzy extractor in user equipment . adopts key generation algorithm to generate corresponding biometric key which acts as an element of three-factor authentication and public parameter as . To protect the and , randomly generates a nonce and takes personal credentials , and as input to compute . Finally, securely sends request to RC.

4.3.2. URP2

When getting the request from , RC firstly generates a 1024-bit long-term secret value and calculates , . Then, RC generates the anonymous identity corresponding to and securely sends the information to . Finally, RC deletes the information and from its database.

4.3.3. URP3

Upon receiving the response from RC, computes , , , . is a medium integer that defines the ability to withstand online guessing attack using “fuzzy-verifier” [42]. Then, stores in its memory. Finally, deletes from so as to prevent user equipment from compromising sensitive information.

4.4. Home Gateway Registration Phase

HG chooses an identity and sends the registration request to RC. Upon receiving the request from HG, RC issues a long-term secret key , the user identity , corresponding temporal identity , , and other public parameters to HG securely.

4.5. Login and Authentication Phase

Figure 3 gives the summary of login and authentication phase which could be divided into seven steps.

4.5.1. LAP1

firstly inputs and high entropy password and imprints personal biometrics into . computes by the reproduction algorithm if the hamming distance between two biometrics is or less. Then, calculates , , . verifies the authenticity of the inputs , , and by checking whether is equal to the stored . After verifying the user’s identity successfully, calculates symmetric key . randomly generates a nonce and the current timestamp . then calculates , . sends to HG via an open channel.

4.5.2. LAP2

Upon receiving the login request, HG firstly checks the freshness of the timestamp . If it is true, HG retrieves and ; computes , , and ; and checks if . If it is invalid, the session is terminated immediately. Then, HG randomly generates a nonce and a timestamp and computes . HG calculates , . Finally, HG broadcasts the message to a group of smart devices via the open channel.

4.5.3. LAP3

Upon receiving the message, firstly checks the freshness of the message by timestamp . If it is valid, calculates , , , , (, is called as a shared key of a group of legitimate smart devices). Then, decrypts as using shared group key and computes . Then, checks whether . If it is invalid, terminates the session immediately. Otherwise, generates a timestamp and calculates , . Finally, sends message to HG.

4.5.4. LAP4

After receiving from smart devices HG checks the freshness of timestamp . If it is valid, HG can obtain by decrypting and compute . HG also checks whether . If it is true, continues the session. Otherwise, HG computes and verifies the authenticity of corresponding by checking whether . If it matches, the message is from valid . Otherwise, HG marks as invalid smart devices and terminates the session. Then, HG computes . Finally, HG sends to all legitimate smart devices in the group.

4.5.5. LAP5

Upon receiving the message , each smart device firstly extracts by decrypting the using shared group key , computes , and checks whether . If it is valid, each computes , . Finally, each sends the message to HG.

4.5.6. LAP6

HG encrypts parameters as and generates a timestamp , a new anonymous identity . HG calculates . Finally, HG sends the message to .

4.5.7. LAP7

firstly checks the freshness of timestamp when receiving the message . then utilizes long-term secret key to decrypt and obtains . verifies the consistency of the session by checking whether . If it matches, calculates . checks if . If it matches, the group session key is established successfully. Finally, replaces temporal identity as .

4.6. Biometrics and Password Update Phase

In this section, can update the password and biometrics in the following steps.

4.6.1. BPUP1

provides personal credentials , , and to . computes biometrics key as and calculates , , , and . validates the authenticity of by checking whether . If it matches, the user can update personal password and biometrics. Otherwise, terminates the update phase.

4.6.2. BPUP2

enters new password and imprints biometrics into the user equipment . computes as and calculates , , , , and . Finally, replaces , and with , and without the help of RC, respectively.

4.7. Dynamic Smart Devices Joining and Revoking Phase

Some new smart devices may be added to the smart home after the initial deployment or some deployed smart devices may leave the smart home for some reasons. Therefore, to revoke the defunct device or add the new device into the smart home, it is necessary to update the status of smart devices in real-time. The detailed joining and leaving process is executed in the following steps.

4.7.1. Joining

When joining the smart home, a new smart device must firstly register itself as RC. randomly chooses a challenge value and generates its physical fingerprint based on PUF and fuzzy extractor technique. Then, a new smart device sends to RC securely. RC generates a unique identity and legitimate share and computes . Then, RC adds to as . During the execution of authentication and key agreement phase, only the legitimate smart devices can calculate secret as . Finally, the new smart devices can be accessed by user .

4.7.2. Revoking

To protect the session security, HG should update the status of smart devices. A smart device that wants to leave the group or is marked as an illegal device will be revoked by HG. The HG subtracts corresponding from as . The HG generates a new temporal secret and broadcasts it to a group of smart devices. The revoked smart device will fail to compute secret and decrypt the message due to the update of .

5. Security Analysis

The widespread Real-or-Random (ROR) model proposed by Abdalla et al. [13] is adopted to establish our security model in this section.

5.1. Formal Security Analysis

(1)Participants. Let , , and represent instances , , and of participant , , and HG, respectively(2)Partnering. If the following conditions are satisfied, the instances and are said to be partners [37]. (i)Both instances and are accepted(ii)Both instances and authenticate each other(iii)The instance and the instance are only partners each other(3)Freshness. The instance or is fresh if the session key SK is not compromised to (4)Adversary. has all the capabilities as the adversary in Dolev-Yao (DY) threat model [37–39] and also has some capabilities defined in CK-adversary model [40, 41]. Moreover, can make queries as , , , , , and to challenger to obtain the sensitive information. These queries are utilized to construct a series of games. After games, guesses a bit and wins the game only if . represents that wins the game. The advantage of in breaking the IND-CPA of our protocol in probabilistic polynomial time is . The proposed protocol is secure under the ROR model when is negligible

Theorem 1. Let be the adversary running in the polynomial time against our authentication protocol in the random oracle. Let , , , , , , , and represent the a uniformly distributed password dictionary, the number of oracles, the number of oracle, the number of oracles, the space of hash function, the size of , the bit length of biometrics key , and the bit length of the random nonce, respectively. The advantage of in breaking protocol in probabilistic polynomial time is defined as follows:

Proof. The games , where is defined in this section. Let represent the event that succeeds in guessing in the .
the game simulates the real attack in our protocol by in ROR sense. At the beginning of , guesses . By definition, it follows the game simulates the adversary’s eavesdropping attack by asking oracle. At the end of the game, queries oracle and then distinguishes whether the output of oracle is either a real session key SK or a random string in the same domain. The group session key is calculated as in our protocol. To calculate the GSK, has to obtain and . Additionally, , and are not compromised to . Therefore, the probability of winning for is not increased by launching eavesdropping attacks. It is clear that there exists some differences between and ; the simulations of and oracles are added to the . The game simulates an active attack in which tries to fool the participant into accepting the forged messages. is able to query oracle many times to find collisions. Since all the exchanged messages are associated with participant’s identity, random nonce, and timestamps, the probability of finding the collision of secret key for symmetric cryptography is according to the birthday paradox. Besides, the probability of finding the collision of random nonce is defined as . It is clear that by adding the simulation of querying the oracle and smartphone lost attack, the is transformed into . may obtain password and the biometrics key using online, offline dictionary attack, and physical device attack, respectively. The fuzzy extractor is utilized to extract the bits of biometric information, and the probability of guessing the for is approximately . Additionally, it is supposed that the number of password inputs is strictly limited. The user-chosen passwords tend to be low entropy and are far different distribution from uniform distribution. The size of the password space is limited in practical, and users usually only use a part of the password space. The probability of guessing the password is defined as [43]; and are the parameters of the Zipf model. Therefore, it is clear that this game adds the simulation of oracle compared to . can physically capture the smart devices and obtain the information prestored into the memory of smart device in the registration phase. However, this information is encrypted by the physical fingerprint based on PUF and fuzzy extractor technique. It is hard to obtain the secret share and forge the device even if grabs the device. Let can eavesdrop all the exchanged messages. tries to obtain the sensitive information by decrypting the message . Due to the Chinese Remainder Theorem, any illegitimate participant is unable to obtain the temporary group key and without the secret share . Even if wants to reconstruct secret, it is hard for to capture at least legal smart devices. The probability of forging the appropriate pair of values is . Additionally, it is difficult for to decrypt the as is unknown to . can not compute due to the lacking of and . The proposed protocol is secure. It is concluded that All the oracles have been simulated in the game. guesses after querying oracle. It is clear that .
Therefore, from formulas (4) to (8), we have

5.2. Other Discussions on Security Features

5.2.1. Untraceability and User Anonymity

It is assumed that has capability of intercepting all the messages during the execution of the authentication phase over the public channel. The user’s identity is protected by hash function and symmetric cryptography. It is computationally infeasible for to attain identity without secret parameters . Therefore, our protocol guarantees the feature of user anonymity. Moreover, the transmitted message generally involves the current timestamp and random nonce, and temporary identity is updated when the session is completed successfully. Therefore, it is also computationally infeasible for to track the user’s activity in each session. In conclusion, the untraceability and user anonymity are both guaranteed in our protocol.

5.2.2. Replay Attack

It is assumed that is capable of intercepting all the messages between the user, HG, and smart devices. The transmitted messages usually involve random nonces and timestamps. Even if intercepts the messages and replays these messages shortly after, they can not pass the verification of timestamps due to maximum communication delay . Thus, our protocol can resist replay attack.

5.2.3. Smart Device Impersonation Attack

It is supposed that intercepts the transmitted message during the execution of the protocol. needs to generate valid information. However, does not know the sensitive parameters to obtain the authentication parameters. Furthermore, the smart device is protected by PUF, which cannot be forged on hardware. It is computationally infeasible to impersonate the smart device in probabilistic polynomial time. Therefore, our protocol can withstand smart device impersonation attack.

5.2.4. HG Impersonation Attack

It is supposed that intercepts the message during the execution of the protocol and tries to generate other messages to impersonate HG. However, without the knowledge of the secret parameters , it is computationally infeasible to impersonate HG in probabilistic polynomial time. Thus, our protocol can withstand HG impersonation attack.

5.2.5. Smartphone Lost Attack

Supposed that the ’s smartphone is lost or stolen by . By the threat model, is capable of extracting all the information stored in the memory of using the power analysis attack [44]. In order to retrieve from the extracted information needs to attain the secrets . The possibility of guessing the user’s biometrics key as well as is negligible. The adversary may launch the password guessing attack. The password guessing attack is mainly divided into online and offline password guessing attack [45]. The online password guessing attack can be effectively prevented by limiting the number of illegal requests from users. In our paper, the “fuzzy verifier” is utilized to guarantee the security under offline password guessing attack. The password verifier is computed . Even if other two authentication factors are compromised, the adversary has to guess , , and . Furthermore, it is assumed that has got the , , and which satisfying ; the login request will be rejected due to the “fuzzy verifier.” Therefore, our protocol can effectively withstand online and offline guessing attack. The user’s identity credentials are not compromised to . So, our protocol can resist smartphone lost attack.

5.2.6. Privileged-Insider Attack

It is assumed that is a privileged-insider user of trusted RC. tries to attain the credentials of the authorized user and all the information from . obtains the registration information of which is sent to RC. Meanwhile, is able to extract all the information stored in the . Without knowing of random nonce and biometrics key , it is computationally infeasible to retrieve in probabilistic polynomial time due to . Thus, our protocol can withstand privileged-insider attack.

5.2.7. Ephemeral Secret Leakage Attack

In our protocol, a secure group session key is established between a user and smart devices during the login and authentication phase. is composed of long-term secret and short-term secret . In particular, the secret is computed by secret reconstruction algorithm of secret sharing technology. In addition, are the long-term secrets, and is a short-term secret. On the one hand, it is assumed that the short-term secrets are revealed to . However, it is computationally infeasible to compute the GSK due to the lack of long-term secrets. On the other hand, it is assumed that can obtain the long-term secrets. Even though obtains some secret shares from the smart devices, it is computationally infeasible to construct the secret and then calculate the message . The short-term secrets are randomly generated by the HG and . It is also hard for to compute GSK without the short-term secrets . Therefore, cannot compute the current session key unless both all the long-term secrets and short-term secrets are compromised simultaneously. Our protocol can thwart the ephemeral secret leakage attack.

5.2.8. Perfect Forward Secrecy

It is supposed that the adversary obtains the secret keys of a user and the smart devices. Furthermore, the adversary intercepts all the messages transmitted among them during the group authentication process. The adversary computes to get the group session key. However, the adversary cannot obtain the parameters and reconstruct correctly the secret with given shares to compute the group session key. Therefore, the proposed protocol can provide the perfect forward secrecy.

5.2.9. Session Key Security

The session key GSK is calculated by both all the authenticated smart devices and the user . The message contains the session key. Supposed that intercepts the message and tries to forge by random nonces . However, does not know the parameters ; it is impossible for to compute GSK due to the collision resistance property of . Thus, our protocol guarantees session key security successfully.

6. Performance Analysis

We analyze the performance of our protocol from three aspects, including computational cost, communication cost, functionality, and security features, respectively. We also compare our protocols with other related protocols in the section.

6.1. Functionality and Features

We compare the functionality and security features of our protocol with other related protocols in Table 2. From Table 2, most protocols generally adopt a multifactor authentication mechanism to verify the authenticity of the user. Challa et al. [20] and Li et al. [9]’s protocol are insecure against HG impersonation attack and do not provide perfect forward secrecy. Although most authentication and key agreement protocols for the smart home declare they can resist many known attacks such as replay attack, privileged-insider attack, and man-in-the-middle attack, most protocols do not support all above features. It is obvious that the proposed protocol still provides more security functionalities and security features than other related protocols [46–48]. Yu and Li [46], Shuai et al. [47], and Banerjee et al. [48] all lack the security protection for the smart devices. The sensitive information stored in the smart devices may be compromised to the adversary while the adversary launch attacks on smart devices. Additionally, Yu and Li [46] and Shuai et al. [47] utilize pairing-based cryptography and ECC-based to implement authentication and establish session key between users and devices, respectively, which are not great for resource-constrained devices.

6.2. Communication Cost

We evaluate the communication and computational cost in our authentication protocol compared to other protocols [8, 9, 20, 46–48].

It is defined that the length of identity, random nonces, timestamps, and hash function operation is 128 bits, 128 bits, 32 bits, and 160 bits, respectively. It is also assumed that bits, bits, and AES-128 are adopted for symmetric cryptography, where denote the length of input and output of physical unclonable function, respectively. The messages in our protocol include , , , , , and ; the corresponding bit length of messages is 480 bits, 864 bits, 576 bits, 320 bits, 160 bits, and 896 bits, respectively. Table 3 summarizes the proposed protocol and other existing authentication protocols in terms of communication cost. The proposed protocol requires second highest communication cost among all the protocols when users launch the access request to single device in the smart home. However, it is obvious that the proposed protocol effectively reduces the communication cost when accessing multiple devices compared to other protocols.

6.3. Computational Cost

The proposed protocol is simulated using Pair-Based Cryptography (PBC) library and GNU Multiple Precision Arithmetic (GMP) library. C language is utilized on Ubuntu 16.04 with 2.50 GHz Intel(R) Core(TM) i5-4200M CPU and 8 GB of RAM.

We compare the total execution time with other protocols [8, 9, 20, 46–48] during the login and authentication phase. It is assumed that , , , , , , , , , and denote the computational cost required for a bilinear pairing, hash function, a symmetric cryptography using AES-128, a fuzzy extraction operation, a XOR operation, a point multiplication operation using ECC, a modular multiplication operation, a physical unclonable function operation, a message authentication code (MAC) operation, and a hashed MAC operation, respectively. As the computational cost of bit-wise XOR operation is much less than other operations, it is not considered in the evaluation. Besides, it is assumed that , in our experiment according to [8]. The above operations are performed one hundred times and take its average value. Based on the experimental results reported in [49], we have the computational cost of , , , , , , and which is 0.544 ms, 0.0026 ms, 0.00325 ms, 1.989 ms, 0.171 ms, 1.989 ms, and 0.12 ms (ms is the abbreviation of milliseconds), respectively. The computational cost of accessing single and multiple devices for the related protocol and our protocol is described in Table 4. It is clear that the proposed protocol has significantly reduced the computational cost compared to Challa et al. [20] and Shuai et al. [47]. By introducing the Chinese residual theorem and secret sharing, although the copu is performance in the case of single device access, the performance is significantly better in the case of multiple devices access.

Figure 4 shows the comparison of computational cost in the login and authentication phase. Viewed from Figure 4, the -axis represents the numbers of smart devices that users access simultaneously. The -axis represents the time cost to establish session key with smart devices, simultaneously. It is obvious that the computational cost of Yu and Li [46] is much more than that of other protocols. Compared to protocols of Challa et al. [20], Li et al. [9], and Shuai et al. [47], the protocols of Wazid et al. [8] and Banerjee et al. [48] and our proposed protocol have the similar computational cost when accessing smart devices. Obviously, according to Table 4, the computational complexity of previous schemes increases linearly according to the number of devices. In this scenario, the computation cost is . When is large, we believe that the constant term can be ignored, so our computation time also increases linearly with the number of devices. However, our protocol effectively supports more functionalities and security features at the cost of slightly increasing the communication and computational cost compared to Wazid et al. [8] and Banerjee et al. [48]’s protocols.

7. Conclusion

In this paper, we proposed a PUF-assisted lightweight group authentication and key agreement protocol in the smart home based on secret sharing technique and Chinese Remainder Theorem. The proposed protocol can withstand most of several known attacks, which is proved under the ROR model and other security discussions. Compared with other related protocols, our protocol can effectively reduce the resource cost during the login and authentication phase. In addition, our smart devices protected by the physical unclonable function are secure against smart device lost attack. Our protocol supports dynamic smart device joining and leaving, password, and biometrics update without the involvement of HG. Overall, the performance of our authentication protocol is better than other related protocols only using lightweight operations. Therefore, our protocol is more suitable for resource-constrained smart devices in the smart home. In future work, we will take tools such as AVISPA for further security analysis and verify the performance of the protocol in the smart home.

Data Availability

The related data used to support the findings of this study are included within the article.

Disclosure

The paper is extended from the one that is accepted in SPNCE 2020. The previous version can be found at the SPNCE 2020 proceedings.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This work is supported by the National Natural Science Foundation of China under Grant No. 61922045, No. U21A20465, No. 62172292, and No.61877034.

References

V. Ricquebourg, D. Menga, D. Durand, B. Marhic, L. Delahoche, and C. Loge, “The smart home concept: our immediate future,” in 2006 1ST IEEE International Conference on E-Learning in Industrial Electronics, pp. 23–28, Hammamet, Tunisia, 2006.
View at: Publisher Site | Google Scholar
L. Jiang, D. Liu, and B. Yang, “Smart home research,” in Proceedings of 2004 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.04EX826), vol. 2, pp. 659–663, Shanghai, China, 2004.
View at: Publisher Site | Google Scholar
M. Chiang and T. Zhang, “Fog and IoT: an overview of research opportunities,” IEEE Internet of Things Journal, vol. 3, no. 6, pp. 854–864, 2016.
View at: Publisher Site | Google Scholar
L. Jiang, C. Wang, and J. Shen, “Stereo storage structure assisted one-way anonymous auditing protocol in e-health system,” Journal of Surveillance, Security and Safety, vol. 1, pp. 61–78, 2020.
View at: Publisher Site | Google Scholar
V. Odelu, A. K. Das, and A. Goswami, “A secure biometrics-based multi-server authentication protocol using smart cards,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 9, pp. 1953–1966, 2015.
View at: Publisher Site | Google Scholar
X. Li, J. Niu, M. Z. A. Bhuiyan, F. Wu, M. Karuppiah, and S. Kumari, “A robust ECC-based provable secure authentication protocol with privacy preserving for industrial internet of things,” IEEE Transactions on Industrial Informatics, vol. 14, no. 8, pp. 3599–3609, 2018.
View at: Publisher Site | Google Scholar
X. Ye and J. Huang, “A framework for cloud-based smart home,” in Proceedings of 2011 International Conference on Computer Science and Network Technology, vol. 2, pp. 894–897, Harbin, 2011.
View at: Publisher Site | Google Scholar
M. Wazid, A. K. Das, V. Odelu, N. Kumar, M. Conti, and M. Jo, “Design of secure user authenticated key management protocol for generic IoT networks,” IEEE Internet of Things Journal, vol. 5, no. 1, pp. 269–282, 2018.
View at: Publisher Site | Google Scholar
X. Li, J. Peng, J. Niu, F. Wu, J. Liao, and K. R. Choo, “A robust and energy efficient authentication protocol for industrial Internet of Things,” IEEE Internet of Things Journal, vol. 5, no. 3, pp. 1606–1615, 2018.
View at: Publisher Site | Google Scholar
Y. Wen and Y. Lao, “Efficient fuzzy extractor implementations for PUF based authentication,” in 2017 12th International Conference on Malicious and Unwanted Software (MALWARE), pp. 119–125, IEEE Computer Society, Los Alamitos, CA, USA, 2017.
View at: Publisher Site | Google Scholar
C. Herder, M. D. Yu, F. Koushanfar, and S. Devadas, “Physical unclonable functions and applications: a tutorial,” Proceedings of the IEEE, vol. 102, no. 8, pp. 1126–1141, 2014.
View at: Publisher Site | Google Scholar
S. Banerjee, V. Odelu, A. K. Das, S. Chattopadhyay, J. J. P. C. Rodrigues, and Y. Park, “Physically secure lightweight anonymous user authentication protocol for Internet of Things using physically unclonable functions,” IEEE Access, vol. 7, pp. 85627–85644, 2019.
View at: Publisher Site | Google Scholar
M. Abdalla, P. Fouque, and D. Pointcheval, “Password-based authenticated key exchange in the three-party setting,” IEE Proceedings-Information Security, vol. 153, no. 1, pp. 27–39, 2006.
View at: Publisher Site | Google Scholar
K. Xue, C. Ma, P. Hong, and R. Ding, “A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks,” Journal of Network and Computer Applications, vol. 36, no. 1, pp. 316–323, 2013.
View at: Google Scholar
D. He, N. Kumar, and N. Chilamkurti, “A secure temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks,” in International Symposium on Wireless and pervasive Computing (ISWPC), pp. 1–6, 2013.
View at: Google Scholar
P. Kumar, A. Braeken, A. Gurtov, J. Iinatti, and P. H. Ha, “Anonymous secure framework in connected smart home environments,” IEEE Transactions on Information Forensics and Security, vol. 12, no. 4, pp. 968–979, 2017.
View at: Publisher Site | Google Scholar
M. Turkanovic, B. Brumen, and M. Holbl, “A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion,” Ad Hoc Networks, vol. 20, pp. 96–112, 2014.
View at: Publisher Site | Google Scholar
S. Kalra and S. K. Sood, “Advanced password based authentication scheme for wireless sensor networks,” Journal of information security and applications, vol. 20, pp. 37–46, 2015.
View at: Publisher Site | Google Scholar
J. Shen, Z. Gui, S. Ji, J. Shen, H. Tan, and Y. Tang, “Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks,” Journal of Network and Computer Applications, vol. 106, pp. 117–123, 2018.
View at: Publisher Site | Google Scholar
S. Challa, M. Wazid, A. K. Das et al., “Secure signature-based authenticated key establishment scheme for future IoT applications,” Ieee Access, vol. 5, pp. 3028–3043, 2017.
View at: Publisher Site | Google Scholar
J. Srinivas, A. K. Das, M. Wazid, and N. Kumar, “Anonymous lightweight chaotic map-based authenticated key agreement protocol for Industrial Internet of Things,” IEEE Transactions on Dependable and Secure Computing, vol. 17, no. 6, pp. 1133–1146, 2018.
View at: Publisher Site | Google Scholar
P. Gope, J. Lee, and T. Q. S. Quek, “Lightweight and practical anonymous authentication protocol for RFID systems using physically unclonable functions,” IEEE Transactions on Information Forensics and Security, vol. 13, no. 11, pp. 2831–2843, 2018.
View at: Publisher Site | Google Scholar
L. Harn, “Group authentication,” IEEE Transactions on Computers, vol. 62, no. 9, pp. 1893–1898, 2013.
View at: Publisher Site | Google Scholar
Y. Liu, C. Cheng, J. Cao, and T. Jiang, “An improved authenticated group key transfer protocol based on secret sharing,” IEEE Transactions on Computers, vol. 62, no. 11, pp. 2335-2336, 2013.
View at: Publisher Site | Google Scholar
J. Li, M. Wen, and T. Zhang, “Group-based authentication and key agreement with dynamic policy updating for MTC in LTE-A networks,” IEEE Internet of Things Journal, vol. 3, no. 3, pp. 408–417, 2016.
View at: Publisher Site | Google Scholar
J. Cui, D. Wu, J. Zhang, Y. Xu, and H. Zhong, “An efficient authentication scheme based on semi-trusted authority in VANETs,” IEEE Transactions on Vehicular Technology, vol. 68, no. 3, pp. 2972–2986, 2019.
View at: Publisher Site | Google Scholar
S. Zhang and J. Lee, “A group signature and authentication scheme for blockchain-based mobile-edge computing,” IEEE Internet of Things Journal, vol. 7, no. 5, pp. 4557–4565, 2020.
View at: Publisher Site | Google Scholar
J. R. Wallrabenstein, “Practical and secure IoT device authentication using physical unclonable functions,” in 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), pp. 99–106, Vienna, Austria, 2016.
View at: Publisher Site | Google Scholar
P. Gope, A. K. Das, N. Kumar, and Y. Cheng, “Lightweight and physically secure anonymous mutual authentication protocol for real-time data access in industrial wireless sensor networks,” IEEE Transactions on Industrial Informatics, vol. 15, no. 9, pp. 4957–4968, 2019.
View at: Publisher Site | Google Scholar
F. L. Tiplea and C. Hristea, “PUF protected variables: a solution to RFID security and privacy under corruption with temporary state disclosure,” IEEE Transactions on Information Forensics and Security, vol. 16, pp. 999–1013, 2021.
View at: Publisher Site | Google Scholar
U. Chatterjee, R. S. Chakraborty, and D. Mukhopadhyay, “A PUF-based secure communication protocol for IoT,” ACM Transactions on Embedded Computing Systems (TECS), vol. 16, no. 3, pp. 1–25, 2017.
View at: Publisher Site | Google Scholar
A. Braeken, “PUF based authentication protocol for IoT,” Symmetry, vol. 10, no. 8, p. 352, 2018.
View at: Publisher Site | Google Scholar
U. Chatterjee, V. Govindan, R. Sadhukhan et al., “Building PUF based authentication and key exchange protocol for IoT without explicit CRPs in verifier database,” IEEE Transactions on Dependable and Secure Computing, vol. 16, no. 3, pp. 424–437, 2019.
View at: Publisher Site | Google Scholar
T. Li and Y. Liu, “A double PUF-based RFID authentication protocol,” Journal of Computer Research and Development, vol. 58, no. 8, pp. 1801–1810, 2021.
View at: Google Scholar
S. Chen, B. Li, Z. Chen, Y. Zhang, C. Wang, and C. Tao, “Novel strong-PUFbased authentication protocols leveraging Shamir's secret sharing,” IEEE Internet of Things Journal, 2021.
View at: Publisher Site | Google Scholar
J. Zhang, J. Cui, H. Zhong, Z. Chen, and L. Liu, “PA-CRT: Chinese remainder theorem based conditional privacy-preserving authentication scheme in vehicular ad-hoc networks,” IEEE Transactions on Dependable and Secure Computing, vol. 18, no. 2, pp. 722–735, 2021.
View at: Publisher Site | Google Scholar
D. Dolev and A. Yao, “On the security of public key protocols,” IEEE Transactions on Information Theory, vol. 29, no. 2, pp. 198–208, 1983.
View at: Publisher Site | Google Scholar
M. Hammi, B. Hammi, P. Bellot, and A. Serhrouchni, “Bubbles of trust: a decentralized blockchain-based authentication system for IoT,” Computers & Security, vol. 78, pp. 126–142, 2018.
View at: Publisher Site | Google Scholar
M. Shariq, K. Singh, M. Y. Bajuri, A. Pantelous, A. Ahmadian, and M. Salimi, “A secure and reliable RFID authentication protocol using digital schnorr cryptosystem for IoT-enabled healthcare in COVID-19 scenario,” Sustainable Cities and Society, vol. 75, article 103354, 2021.
View at: Publisher Site | Google Scholar
R. Canetti and H. Krawczyk, “Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels,” Advances in Cryptology|EUROCRYPT 2001, Springer, Berlin Heidelberg., pp. 453–474, 2001.
View at: Google Scholar
R. Canetti and H. Krawczyk, “Universally Composable Notions of Key Exchange and Secure Channels,” Advances in Cryptology|EURO-CRYPT 2002, Springer, Berlin Heidelberg, pp. 337–351, 2002.
View at: Google Scholar
Q. Jiang, N. Zhang, J. Ni, J. Ma, X. Ma, and K. K. R. Choo, “Unified biometric privacy preserving three-factor authentication and key agreement for cloud-assisted autonomous vehicles,” IEEE Transactions on Vehicular Technology, vol. 69, no. 9, pp. 9390–9401, 2020.
View at: Publisher Site | Google Scholar
S. Roy, A. K. Das, S. Chatterjee, N. Kumar, S. Chattopadhyay, and J. J. P. C. Rodrigues, “Provably secure fine-grained data access control over multiple cloud servers in mobile cloud computing based healthcare applications,” IEEE Transactions on Industrial Informatics, vol. 15, no. 1, pp. 457–468, 2019.
View at: Publisher Site | Google Scholar
T. S. Messerges, E. A. Dabbish, and R. H. Sloan, “Examining smart-card security under the threat of power analysis attacks,” IEEE transactions on computers, vol. 51, no. 5, pp. 541–552, 2002.
View at: Publisher Site | Google Scholar
X. Huang, X. Chen, J. Li, Y. Xiang, and L. Xu, “Further observations on smartcard- based password-authenticated key agreement in distributed systems,” IEEE Transactions on Parallel and Distributed Systems, vol. 25, no. 7, pp. 1767–1775, 2014.
View at: Publisher Site | Google Scholar
B. Yu and H. Li, “Anonymous authentication key agreement scheme with pairingbased cryptography for home-based multi-sensor Internet of Things,” International Journal of Distributed Sensor Networks, vol. 15, no. 9, 2019.
View at: Publisher Site | Google Scholar
M. Shuai, N. Yu, H. Wang, and L. Xiong, “Anonymous authentication scheme for smart home environment with provable security,” Computers and Security, vol. 86, pp. 132–146, 2019.
View at: Publisher Site | Google Scholar
S. Banerjee, V. Odelu, A. K. Das, S. Chattopadhyay, and Y. Park, “An efficient, anonymous and robust authentication scheme for smart home environments,” Sensors, vol. 20, no. 4, p. 1215, 2020.
View at: Publisher Site | Google Scholar
J. Zhao, W. Bian, D. Xu et al., “A secure biometrics and PUFs-based authentication scheme with key agreement for multiserver environments,” IEEE Access, vol. 8, pp. 45292–45303, 2020.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2022 Yandong Xia et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

832

Downloads

645

Citations