Article
A Secure and Lightweight Authentication Protocol for
IoT-Based Smart Homes
JiHyeon Oh
1
, SungJin Yu
1,2
, JoonYoung Lee
1
, SeungHwan Son
1
, MyeongHyun Kim
1
and YoungHo Park
1,3,
*
Citation: Oh, J.; Yu, S.; Lee, J.; Son, S.;
Kim, M.; Park, Y. A Secure and
Lightweight Authentication Protocol
for IoT-Based Smart Homes. Sensors
2021, 21, 1488. https://dx.doi.org/
10.3390/s21041488
Academic Editor: Sara Comai
Received: 15 January 2021
Accepted: 13 February 2021
Published: 21 February 2021
Publisher’s Note: MDPI stays neutral
with regard to jurisdictional claims in
published maps and institutional affil-
iations.
Copyright: © 2021 by the authors.
Licensee MDPI, Basel, Switzerland.
This article is an open access article
distributed under the terms and
conditions of the Creative Commons
Attribution (CC BY) license (https://
creativecommons.org/licenses/by/
4.0/).
1
School of Electronic and Electrical Engineering, Kyungpook National University, Daegu 41566, Korea;
chldlstnr071@knu.ac.kr (J.O.); darkskiln@knu.ac.kr (S.Y.); harry250@knu.ac.kr (J.L.);
sonshawn@knu.ac.kr (S.S.); kimmyeong123@knu.ac.kr (M.K.)
2
Electronics and Telecommunications Research Institute, Daejeon 34129, Korea
3
School of Electronics Engineering, Kyungpook National University, Daegu 41566, Korea
* Correspondence: parkyh@knu.ac.kr; Tel.: +82-53-950-7842
Abstract:
With the information and communication technologies (ICT) and Internet of Things (IoT)
gradually advancing, smart homes have been able to provide home services to users. The user
can enjoy a high level of comfort and improve his quality of life by using home services provided
by smart devices. However, the smart home has security and privacy problems, since the user
and smart devices communicate through an insecure channel. Therefore, a secure authentication
protocol should be established between the user and smart devices. In 2020, Xiang and Zheng
presented a situation-aware protocol for device authentication in smart grid-enabled smart home
environments. However, we demonstrate that their protocol can suffer from stolen smart device,
impersonation, and session key disclosure attacks and fails to provide secure mutual authentication.
Therefore, we propose a secure and lightweight authentication protocol for IoT-based smart homes
to resolve the security flaws of Xiang and Zheng’s protocol. We proved the security of the proposed
protocol by performing informal and formal security analyses, using the real or random (ROR) model,
Burrows–Abadi–Needham (BAN) logic, and the Automated Validation of Internet Security Protocols
and Applications (AVISPA) tool. Moreover, we provide a comparison of performance and security
properties between the proposed protocol and related existing protocols. We demonstrate that the
proposed protocol ensures better security and lower computational costs than related protocols, and
is suitable for practical IoT-based smart home environments.
Keywords: smart homes; IoT; authentication; BAN logic; ROR model; AVISPA
1. Introduction
With the development of information and communication technologies (ICT) and
Internet of Things (IoT), smart home automation systems are receiving a lot of attention.
The smart home is a networking environment that connects smart devices (e.g., IoT and
sensors) to each other. Based on these smart devices, users can utilize various home
services. When the user is inside the home, the user can control all smart devices with a
voice commands or applications, granting the user accesses to services such as turning the
TV on/off, choosing music, switching lights on/off, and so on. When the user is outside
the home, the user can monitor and control various smart devices by checking their status.
Thus, users can enjoy a high level of comfort and an increased quality of life through smart
home environments.
Generally, smart home environments consist of the user, smart devices, a home gate-
way, and a registration authority [
1
–
3
]. A remote user wants to use the data collected by
smart devices. However, smart devices are resource limited in terms of computational
power, amount of memory, and bandwidth [
4
]. For these reasons, smart devices communi-
cate through the home gateway. The home gateway acts as a bridge between smart devices
and remote users by providing short and long-distance wireless communication interfaces
Sensors 2021, 21, 1488. https://doi.org/10.3390/s21041488 https://www.mdpi.com/journal/sensors