LMAS-SHS: A Lightweight Mutual Authentication Scheme for Smart Home Surveillance

The network-enabled smart objects are evolving everywhere in the modern era to solve numerous problems like real-world data collection from the environment, communication, analysis, and security. However, these objects (Internet-of-Things), in combination with low latency networks, are still not qualified for complex tasks and do not deliver efficient services due to the restriction of access and lack of secure authentication protocol. Because the data is collected by the embedded sensors inside the smart object in a real-time manner from the environment and communicated to the destination Centre (server) for intelligent decisions, are vulnerable to numerous threats, attention is required for the security and needs to be secure, as it transmits via an open network channel. This security issue can only be handled by designing a flawless, lightweight, and robust mutual authentication scheme. To do so, we have proposed a mutual authentication scheme using a simple hash cryptographic function, Elliptic Curve Cryptographic (ECC) technique, and XOR operations. The proposed scheme is lightweight, efficient, and effective in performance while offering secure transmission sessions among all the participants. The security of the proposed mechanism has been formally tested using GNY (Gong-Needham-Yahalon) logic, ProVerif2.03, and informally using propositions and realistic discussions. By comparing it with many of the existing authentication protocols, it has been demonstrated that our scheme is lightweight in terms of computation and communication metrics.


I. INTRODUCTION
The smart object is placed in a building, bridge, at home etc. and then connected to the internet for providing services to users at any time and from any location. This technology benefits various application sectors, including healthcare systems [1], transportation surveillance, infrastructure inspection, and home monitoring. In 2020 the estimated IoT device industry was round about 25 billion USD, while the prediction for 2025 is approximately 6 trillion USD [2]. In the smart home scenario, the user can enjoy a high level of convenience using IoT devices, such as if the user desires to turn on/off lights, open/close doors, increase/decrease temperature, check surveillance, etc., user can easily control these smart objects (IoT) from any comfort zone using a portable device. However, smart objects are inefficient in terms of computing storage and battery consumption.
The associate editor coordinating the review of this manuscript and approving it for publication was Xiangxue Li. A robust authentication system is difficult to establish since embedded devices have limited storage. In order to deploy smart objects for smart home monitoring, vigorous authentication and lightweight security system are required, and acceptable carefulness for user ease in managing the system [3] is needed. So that malicious entities cannot gain illegal access to the data sent towards the smart object (IoT) [3]. As many homes are now-a-days internet-connected and visible to the public and malicious actions could easily compromise a user's privacy. An intruder, for example, could eavesdrop on data exchanged between a user's mobile and a smart object(s), and by collecting data repeatedly, they could then estimate when the homeowner wakes up, leaves for work, sleeps, and even travels. An attacker may prepare more serious attacks based on the eavesdropped data, such as burglary, kidnapping, and theft [4]. Majority of smart homes' authentication techniques described in the literature are insecure against various attacks, including insider attacks, gateway node and smart object impersonation VOLUME 10, 2022 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ attacks, smart card theft attacks, and denial-of-service (DoS) attacks. The lifestyle of a layman has changed due to the recent development of high-speed internet and the increased use of IoT in homes, cities, healthcare, industries, and security and rescue operations. IoT devices communicate with each other and with a centralized control system for different functions remotely. However, the security and privacy of IoT devices are still a big issue for researchers because of their heterogeneous nature. In this regard, different researchers have designed numerous authentication mechanisms using diverse cryptographic techniques. So far, Zhang et al. [5] proposed a simple hash and XOR-based authentication and key agreement scheme (AKA) for Internet-of-Drones (IoD) in which Unmanned Aerial Vehicle (UAV) has been used for search and rescue operations. However, their scheme is vulnerable as it suffers from physical capture, side-channel, and time synchronization attacks and has design flaws. Jan et al. [6], [7] proposed Hash Message Authentication Code Secure Hash Algorithm (HMACSHA1) and Public Key Infrastructure (PKI)-based authentication schemes for securing IoD in which drones can be used for different activities like wildlife surveillance, pipe-line inspection, sidewalk monitoring and agricultural spraying. However, after analysis, it has been demonstrated that their protocols' computation and communication metrics are still not up to the mark, requiring more effort to make them lightweight.
Won et al. [8] presented three certificateless cryptographic schemes for real-world environmental monitoring using smart objects placed at different buildings, bridges and stations. They claimed that their first efficient certificateless signcryption tag key encapsulation mechanism (eCLSC-TKEM) is operational when data transmission is performed between smart objects and drones. Their [8] second certificateless multi-recipient encryption scheme (CL-MRES) is applicable when services are delivered from a drone to many smart objects. Their [8] last certificateless data aggregation (CLDA) protocol's functioning when broadcasting is performed among many small objects towards a drone. However, these schemes are difficult to implement due to aggregate data verification instead of one-to-one. Wazid et al. [9] designed an Elliptic Curve Cryptographic (ECC) based authentication scheme for IoD deployment in the civilian domain, but their plan could also not be implemented practically due to less power in the smart objects and increased processing of data.
Furthermore, some available security protocols are weak against desynchronization and stolen verifier attacks. For example, in 2020, Hong et al. [10] demonstrated a security mechanism for reconnaissance and attacking drones equipped with many smart objects and are deployed in clusters for real-world environment monitoring. The [10] claimed that the airborne control and command platform (AC2P) establishes information broadcasting for reconnaissance and attacking drones, communicating real-time information collected from the environment to the centralized control system for an intelligent decision. After an extensive analysis of their [10] protocol, it has shown that their security mechanism is suffering from desynchronization, stolen-verifier, and privileged insider attacks. An improved protocol suite presented by Jan et al. [11] for IoD deployment military drones using the concept of pairing cryptography and identity authentication. They [11] have significantly tackled the weaknesses of [10] and claimed that a drone alone could not perform a complex tactical task; drones must be operationalized in many clusters subject to collaboration and coordination among them. However, the performance analysis of [11] still needs more effort for modification. Using the notion of symmetric-key cryptosystems, [12] introduced a lightweight authentication protocol for vehicle-to-infrastructure communication (V2I) in which successful authentication with the trusted third party (TA), the system distributed a secret key among the car and the roadside unit (RSU) or many smart objects to allow them to communicate with the server for real-time traffic monitoring. Although their [12] strategy used lightweight operations like hash and XOR function but is still insufficient for the restricted resources to make the system credible. Their scheme [12] also wastes a significant amount of storage space when storing the secret internal parameters among all the participants. Another disadvantage of their [12] method is that it does not accomplish reachability security features.
Similarly, the smart objects are also used to collect the most relevant environmental and climatic data for agricultural land to determine the amount of water pumped to the crop. Humidity, rain, soil moisture, soil pH, light, and temperature sensors are among the sensors used [13] for operating smart objects in these activities. Then, the system and analyzer servers transmit and analyze the said environmental and climatic data and forward the processed results to the responsible agriculture expert, who can then issue instantaneous commands to the water pumping actuators. Also, by using various machine learning methods, the system analyzer server can assess the arriving environmental and meteorological data to estimate the required water level. Again, most existing smart objects have used the Internet of Things (IoT) and Wireless Sensor Network (WSN) technologies in agriculture development to establish communication channels amongst stakeholders for onward decisions regarding productive crop output [14]. The said sensitive activities require a fast CPU and large memory space in the smart object/sensors, which is impossible for such a tiny device. A security mechanism with less computation/communication costs and robust security is the only solution for achieving the earlier goals related to agricultural land.
Finally, as stated above, most of the security protocols available in the literature are either unprotected in maintaining traceability and user anonymity or having high costs due to modular exponentiation. An insider threat is noted in these schemes in which an attacker uses the power analysis technique to steal the users' confidential credentials, such as identification, private certificates, and password. While in an impersonation attack, the intruder may produce genuine messages and send them to the appropriate smart object, causing the messages to be treated as legitimate but later on show severe damage to the whole system. An attacker could also utilize the extracted information from a stolen smart object to deduce the user's secret credentials and later use it for malicious deeds. Therefore, LMAS-SHS has been presented here in this article to address these drawbacks. The key contributions are as under: 1. LMAS-SHS is an ECC-based lightweight security mechanism, which requires less power consumption due to reduced computation costs due to compressed message size. 2. LMAS-SHS is secure; the security of LMAS-SHS has been scrutinized on two methods: i. GNY Logic is used for checking the hash values and the security of random numbers exchanged among participants. ii. A programming verification toolkit, ProVerif2.03, has been used for checking the session key secrecy, confidentiality, and reachability. 3. LMAS-SHS is lightweight, efficient, and effective in performance while offering secure transmission sessions among all the participants.

A. NETWORK MODEL
The proposed model for the network consisted of three main entities, i.e., mobile user (M), gateway (trusted entity), and smart object (having low power capability and less memory). The smart object sends real-time information to the gateway node. The mobile user is connected with the gateway node to disseminate real-time information fusion to the gateway node, as shown in Fig, 1. It is worth mentioning that the smart home must be equipped with smart objects for measuring different conditions like proximity, humidity, temperature, and the entire IoT installed devices like air conditions, fans, doors, locks, refrigerators, etc. Secondly, the service of the gateway node must be in control of home appliances on system architecture. The mobile user can use the managing service to regulate the operations of smart actuators connected to home equipment like lamps and fans. Finally, there must be a robust mutual authentication and lightweight crossverification protocol that can access the entire entities having authorized people's identification characteristics.

B. ADVERSARY MODEL
Modelling the role of attackers is essential in cyber defense since it helps to guarantee that security assessments are scientifically sound, especially for conceptual contributions that are difficult to test or where comprehensive testing is impossible. In a computer or networked system, an adversary model is a formalization of an attacker. Depending on how extensive this formalization is, the opponent might be an algorithm or a collection of affirmations about skills and discretions. This umbrella confines a variety of techniques in many domains of computer security. Therefore, keeping in view the adversary model, an adversary interacts with our smart home security architecture by representing themselves as a malicious user through gateway node in the following manner.
1. An adversary may extract stored data from gateway memory and use it to verify the secret credentials of a legitimate user for malicious deeds. 2. An adversary may alter, erase, upgrade, corrupt, or insert false information in the transmitted data over a public network channel. 3. An Adversary may replay, alter, or erase beneficial information exchanged between participants over a private channel. 4. An adversary may achieve the goal of entering the internal sensitive credential from a stolen smart object or mobile device. 5. An adversary might shape the memory of a stolen or misplaced smart object using reverse engineering approaches or key tags in offline mode, but not both simultaneously. Therefore, to make the system efficient and effective, a cryptographic-based protocol is mandatory for adequately achieving integrity, confidentiality, authentication, and nonrepudiation, ensuring perfect forward secrecy in unfavourable channels between participants. Regardless of who is involved, all legal parties in a session must trust one another to meet specific information security-related goals, which are the aim of this research.

C. ELLIPTIC CURVE CRYPTOGRAPHY (ECC)
Mathematicians and cryptographers introduced ECC for cryptosystem (a public key cryptographic method). It is lightweight based on an algebraic pattern of a curve over a finite field. It can deliver better security, faster computation, and network broadcasting. ECC is used for key controlling and authentication and can be defined in the following equation: i. Suppose P and Q are two points in eq: (1), then its addition can be represented as P + Q = R whereas P = Q. In the curve, the lines via P and Q intersect at R. ii. Suppose Q = −P, then P + Q = P + (−P) = P − P = 0, which means P and −P interest the cure at Q, called the point of infinity. iii. Suppose P is itself taken like P + P = 2P = Q, which means P intersects −Q and is reflected over the x-axis at Q. iv. Suppose a point is added to the curve is k means k. P = P + P + P . . . P (k times) = whereas k ∈ Z * p in the cyclic group G. v. ECC is smaller, as RSA occupies 1024 bits of memory, while ECC is just 160 bits of space.  vi. An ECC-based key solution is almost impossible. It requires steps to be solved, whereas P means cardinality of the curve (a large prime number). vii. Require less power consumption due to smaller computation and compressed message size; therefore, ECC is recommended for the resource-constrained environment.

II. PROPOSED SCHEME
We propose an ECC-based, lightweight, and secure mutual authentication scheme for smart home surveillance called LMAS-SHS. The LMAS-SHS consists of i) setup phase, ii) registration phase, and iii) mutual authentication phase. These phases are described under the following headings, while the different notations used for designing LMAS-SHS are shown in Table 1.

A. SETUP PHASE
The gateway node selects a curve E(F q ) of equation y 2 = x 3 + ax + b whereas a, b F q . Suppose all the three participants, i.e., mobile device (M), gateway node (GW), and smart object (SO), select their secret keys s, compute public key K M = s.P, K G = s.P, and K SO = s.P, whereas P means a point in the curve.

B. REGISTRATION PHASE
This phase of LMAS-SHS is completed in the following two sub-phases:

III. SECURITY ANALYSIS
This section analyzes the cryptographic protocol's trust, freshness, and robustness and designates a protocol's correctness. Also, it tells the readers why widespread authentication protocol attacks occur, and then it addresses the robustness based on trustworthiness and freshness. Therefore, keeping in view the goals mentioned above, we will scrutinize the security of LMAS-SHS formally using: a) Gong-Needham-Yahalon called GNY logic [15], b) programming verification software toolkit ProVerif2.03; and informally using sensible explanation and arguments.

A. GNY LOGIC ANALYSIS
This section analyses our proposed scheme using GNY logic [15]. First, we introduce statements and formulae used in GNY logic; after that, we define the goals and assumptions of our proposed protocol. In the end, we verify the security of our proposed scheme using GNY logic [15].

1) GNY LOGIC FORMULAS AND STATEMENTS
The formulae used in GNY logic are as follows a) (W, ←→ Y : P believes that S K is a suitable secret key for X and Y g) X| ⇒W: P has jurisdiction over X h) X * W: X is told that formula X which did not convey previously in the current run. To apt the GNY logic with the LMAS-SHS, we make several notations' changes as under: ( In order to achieve Goal 4, the M recognizes K S and applies R1 Therefore, all the three entities securely transmit the different credentials with each other and its honesty is confirmed by applying GNY logic.

B. PROVERIF2.03 SIMULATION
The issues of confidentiality, reachability, integrity, and the secrecy of all the credentials (secret keys, identity, random numbers, parameters, and timestamp) have been tested by using well-known software verification toolkit ProVerif2.03 [20]. The code and result are shown in appendix of the article.

C. INFORMAL SECURITY ANALYSIS
The security analysis of LMAS-SHS will informally be demonstrated as under:

1) RESISTS INSIDER ATTACK
As we do not prefer a storage table inside the gateway for secret credentials storage, an attacker cannot access the internal secrets. Similarly, the identity is secretly transmitted over the public network channel if, for example, an adversary copies a message from the open line due to random numbers different for each session, collision-free hash function, XOR operations, and nonce; they cannot theft any credentials to reach internally and hijack the system. Therefore, LMAS-SHS is free of insider threats.

2) WITHSTANDS TRACEABILITY ATTACK
The mobile, smart object and gateway node have first extracted nonce randomly and concatenated it with other credentials to make it secure. Due to this, an attacker cannot trace different sessions of the same system at different times. Therefore, LMAS-SHS is safe against traceability attacks.

3) RESISTS DOS ATTACK
Confirmation steps have been introduced in each round trip of the proposed protocol, i.e., confirms h(Z 1 ||ID M ), h(Z 1 ||ID G ), and h(Z 1 |ID SO ). The checks can, in turn, mitigate denial of device attacks on the system. Similarly, after receiving the message by any participant, it first verifies the nonce received in, if successful, onward processing start, else, considered DoS attack from a potential attacker. Therefore, LMAS-SHS resists the DoS attack.

4) RESISTS REPLAY ATTACK
After receiving a message {J 1 , J 2 , T 1 } by a gateway, it first checks the timestamp (T 1 ) with the current timestamp (T c ) T 1 -T c ≤ T, and if it is out of the pre-defined time threshold, the gateway considers it a potential replay attack, discard the message and does not proceed for further computation. Furthermore, if an attacker diverts {M 1 , M 2 , T 5 , M 4 , M 5 , N G } message from the open network channel, the smart object also checks the timestamp (T 5 ) with its current time (Tc) to withstand with replay attack and vice versa, therefore, LMAS-SHS is safe against replay attacks.

5) WITHSTANDS MAN-IN-THE-MIDDLE ATTACK
Due to randomness in each transmitted message, the nonce is different for different sessions. Also, in the random extraction of large prime numbers, the adversary, if, for example, injects something new into the public network channel, they cannot do so due to no knowledge of N M , N G , and N SO . Therefore, LMAS-SHS is robust against a man-in-the-middle attack.

6) FREE FROM DE-SYNCHRONIZATION ATTACK
There is no need to update parameters on the SO or M sides in LMAS-SHS. In contrast, in the case of some changes, each participant validates it correspondingly. Therefore, the SO, GW and M do not require synchronization properties in LMAS-SHS.

7) SUPPORT ANONYMITY
In LMAS-SHS, the GW uses anonymous identities for both SO, M, and itself, which means that the identity is untraceable. Also, two sessions are not stated with the same credentials due to random selection of the nonce (NG, NM, NSO) and timestamps. Therefore, LMAS-SHS supports the anonymity feature.

8) RESISTS STOLEN VERIFIER ATTACK
LMAS-SHS does not store any random number. The verification and validation of every credential do not require any database or tables on the M/SO side. Thus, if an adversary tries to reach internally to access the necessary certificates, they cannot masquerade as M or SO to mislead the GW in the authentication process. Therefore, LMAS-SHS resists stolen verifier attacks.

9) FREE FROM MASQUERADE ATTACKS
If an attacker uses a fake identity of any participant (ID M , ID SO , or ID W ) and tries to gain authorized access of the public channel, due to nonce, random numbers, and timestamp, any illegal attempt of an adversary will be denied by the system because of multiple checks in different round trip of the protocol. Therefore, LMAS-SHS is free from masquerade attacks.

IV. PERFORMANCE ANALYSIS
This paper section can be examined by considering computation, communication, and comparison analysis. These different performance metrics are as under:

A. COMPUTATION COSTS
In this section, we calculate the LMAS-SHS computation cost and compare it with state of the art scheme. We refer to the work of [16], [22] and [23] for a detailed comparison. The execution time of ECC point multiplication T M is (∼7.3529), hash function T h is (∼0.0004), fuzzy extractor T R is (∼7.3529), and encryption/decryption T s is (∼0.1303). The calculation of LMAS-SHS computation cost and detailed comparison with other protocols are shown in Table 2 and graphically in Fig. 2.

B. COMMUNICATION COST
We calculated the LMAS-SHS communication cost in this section and compared it with other schemes. We consider the work done in [16], [22] and [23] that defined encryption/decryption, ECC point; random number, hash function, timestamp and identity are {256, 320, 160, 160, 32, and 128}.      Table 3 and Fig. 3.

C. FUNCTIONALITIES COMPARISON
Suppose we compare LMAS-SHS with different protocols like [16]- [20] in terms of varying security functionalities/attacks. In that case, the proposed scheme resists all known attacks and is better than these schemes, as shown in Table 4. Whereas means Secure means insecure.

V. CONCLUSION
In this paper, we have presented a lightweight mutual authentication scheme for smart home surveillance called LMAS-SHS. In LMAS-SHS, different smart objects are fixed in various places for real-time information exchange towards the nearest gateway node regarding the health of the infrastructure and monitoring of the home. The ECC technique is used to design LMAS-SHS, which is lightweight and provides robust security. The security of LMAS-SHS has formally been verified using GNY logic and ProVerif2.03 and informally using pragmatic explanation. The performance analysis of LMAS-SHS is measured by considering computation and communication metrics. Consequently, the researchers have proved that LMAS-SHS is robust, lightweight, free from insider, stolen verifier attacks, and has no design flaw. So this is a more efficient protocol and provides security for smart home surveillance and can also be utilized for infrastructure inspection of a big city. Also, if this protocol is implemented for disaster purposes, it can quickly communicate the health of the whole infrastructure with the centralized server. Also, it can install in drone technology equipped with different smart objects near workers and employees for effective monitoring them to increase their work output and as an effective tool in the real estate business. We plan to use Elliptic Curve Digital Signature Algorithm (ECDSA) to design a security mechanism for proving the transitional authentication of users in the teleworking environment. The security analysis of the said ECDSA-based transitional authentication scheme shall be manipulated via AVISPA (Automatic Validation of Internet Security Protocol Authentication). It is to mention that its performance will distress due to exponentiation in the discrete logarithmic function without affecting security.

APPENDIX
To check whether the session shared key is confidentiality communicated and whether it is reachable to each peer in an authentic manner, we used a verification toolkit ProVerif2.03. The result shows that an attacker at any stage could not crack the secrecy, confidentiality, and reachability of the session key.
IRSHAD AHMED ABBASI (Member, IEEE) received the M.S. degree in computer science from COMSATS University Islamabad, Pakistan, and the Ph.D. degree in computer science from Universiti Malaysia Sarawak, Malaysia. He worked as a Senior Lecturer at King Khalid University, Saudi Arabia, from 2011 to 2015. He is currently working as an Assistant Professor with the Computer Science Department, University of Bisha, Saudi Arabia. He was declared as the Best Teacher at the Faculty of Science and Arts Belqarn, University of Bisha, in 2016. He has over 12 years of research and teaching experience. He is the author of many articles published in top quality journals. His research interests include VANETs, MANETs, FANETs, mobile computing, the IoT, cloud computing, cybersecurity, soft computing, and drone security and authentication. He has received multiple awards, scholarships, and research grants. He is serving as an editor. He is also acting as a reviewer for many well reputed peer-reviewed international journals and conferences.