| Authentication and session key negotiation protocols are important means to ensure smart home security and user privacy.The existing smart home authentication and session key negotiation protocols still have many problems.To address the problems of insufficient security,large computation and communication overheads,and performance constraints caused by the single-server architecture of existing protocols,this paper aims to design a secure and lightweight remote user authentication and session key negotiation protocol in the smart home environment to achieve smart home device security,smart home data security,and user privacy protection.The main contributions of this paper are shown as follows:(1)For the needs of smart home device security and user privacy protection and solving the problems of security flaws and high communication overhead,we propose a remote user authentication and session key negotiation protocol based on restricted application protocols.The proposed protocol combines SM4 algorithm and random numbers for message transmission with restricted application protocol,thus realizing authentication between user mobile devices and smart gateways and smart home devices.At the same time,the negotiation of session keys between user mobile devices and smart home devices is completed,which in turn protects smart home device security and user privacy.From the security analysis and performance analysis of the proposed protocol,it is clear that the proposed protocol has high security while reducing the communication overhead of smart home devices,and is a lightweight protocol that can be applied to smart home scenarios.(2)With the development of smart home,the traditional single-server architecture can no longer meet the needs of smart home,and may even restrict its performance.The introduction of multi-server architecture naturally solves this problem.However,there are various security flaws and high computational and communication overheads,which are still not effectively addressed in the current research.To address these issues,we propose an SM4 group server-based remote user authentication and session key negotiation protocol.The proposed protocol negotiates the authentication key by SM2 algorithm to ensure the security of the authentication key.And the SM4 algorithm is combined with random numbers to achieve authentication and session key negotiation for user mobile devices and group servers,thus protecting smart home data security and user privacy.At the same time,the transparent addition of group servers is realized.The security analysis and performance analysis show that the proposed protocol can resist common attacks such as privileged internal attack,man-in-the-middle attack,replay attack,user simulation attack,and password guessing attack,and reduce the computation overhead and communication overhead in the smart home authentication phase.In addition,it also solves the problems of traditional single-server architecture.Therefore,the proposed protocol can be applied to the smart home scenario. |
PDF Full Text Request