Modified protocol for secure mutual authentication in IoT smart homes

Abstract

IoT platforms often face attacks as IoT platforms are generally resource-constrained and thus do not have enough computation power and memory to support standard security measures. In 2019, 'a secure lightweight mutual authentication and key exchange protocol for IoT smart home environment utilizing temporary identity keys and cumulative Keyed-hash chain' was proposed. A Cumulative Keyed-hash chain mechanism was introduced to ensure the sender's identity (through challenge-response). This authentication protocol emerged vulnerable to replay and parallel session attacks in the communication phase between controller and manufacturer nodes. This paper proposes a modified protocol which overcomes the vulnerabilities in authentication protocol and ensures secure mutual authentication between the nodes. Further, cryptanalysis of the old protocol and formal evaluation of the proposed protocol for vulnerabilities is done using the Automated Validation of Internet Security Protocols and Applications (AVISPA) toolkit to ensure the security of the proposed system. © 2021 IEEE.