Robust and Lightweight Remote User Authentication Mechanism for Next-Generation IoT-Based Smart Home

The IPv4 address architecture has been declared ended finally due to the fast growth of the Internet of Things (IoT). IPv6 is becoming a next-generation communication protocol and provides all the requirements that the industry needs. A smart home is an emerging technological revolution in which IoT-enabled smart physical objects such as smart TVs, smart refrigerators, smart locks, etc. are linked to the Internet to make human life more comfortable. There are several resource-constrained smart devices interconnecting with 6LoWPAN to control the smart home remotely. The communication channels used by cellular communication are vulnerable and increase security threats especially related to authentication. A reliable and portable remote authentication method is critical for ensuring safe communication in the next-generation smart home environment. Recently, many authentication schemes have been proposed but adopt complex mathematical techniques or protocols that are viewed as heavyweights in the context of computation and communication costs. This research proposes a lightweight and reliable remote authentication mechanism for the next generation of IoT-based smart homes. Informal and formal security assessments through the AVISPA tool determine the robustness of our proposed scheme. Moreover, we implemented our authentication scheme on a Linux-based client-server network model by using Android programming. In addition, we compared our proposed scheme with existing schemes based on computation and communication costs. Results show that our proposed mechanism reduced computation costs by up to 54.03 % and reduced communication costs by up to 25.28 % related to existing schemes. So, our proposed scheme is better, more secure, and most suitable for smart home ecosystems.


I. INTRODUCTION
DUE to the fast growth of the Internet of Things (IoT) and fast development in emerging technologies, the Internet is moving towards Next-Generation Networks (NGNs).A nextgeneration IoT is a packetized and digitized network that The associate editor coordinating the review of this manuscript and approving it for publication was Tawfik Al-Hadhrami .transports different types of traffic such as voice, video, or data at a very high speed [1].The billions of new smart devices have ended the IPv4 address architecture.The IPv6 address architecture satisfies all the requirements of NGN [2].Internet Services Providers (ISPs) are moving towards IPv6 with the help of emerging technologies [3].The improvement of 5G and 6G cellular technology has performed an essential role in the popularity of smart homes or smart cities concept [4].IoT introduces a home automation concept called smart home where physical objects called things such as smart TVs, smart security cameras, smart lights, smart ACs, smart locks, etc. have built-in sensors, limited processing ability, and short memory are connected to the Wireless Personal Area Network (WPAN) [5].The Low-Power Wireless Personal Area Network (6LoWPAN) is an IEEE 802.15.4 protocol standard to support IPv6 packets to be transmitted on top of low-power wireless networks [6].The major theory behind the invention of 6LoWPAN is providing a platform independent of the internet even on low-power devices that have inadequate processing resources and have to be capable to contribute in the IoT [7].Nextgeneration mobile communication networks, IPv6 address architecture, and IoT-enabled smart devices are crucial for smart city infrastructure [8].
A smart city concept is a modern urban area that is based on technology.In smart cities, different types of electronic smart devices such as IoT-based sensors are used to collect specific data and transfer the data to central systems.The data are collected from different citizens, devices, buildings, and assets.The data are used to analyze & monitor the traffic, manage transportation systems, monitor power plants, manage water supply networks, criminal investigations, weather stations, pollution monitors, vehicle networks, home automation systems, and other community services [9].The data helps to improve the operations across the city.
IoT-based smart home appliances are increasing the volume of the internet day by day.Based on Moore's law, it has been predicted that by the end of 2025, the number of IoT devices long go beyond 100 billion worldwide and distribute an average of more than 10 devices per person [10].These smart devices are controlled by users remotely through smartphones with the help of the internet.The user can turn on or off smart lights, open or close smart doors, increase or decrease the temperature, and check surveillance remotely by accessing the smart devices through 5G or 6G-enabled IPv6 portable devices.The communication channels between remote users and smart home devices are vulnerable [11].It increases security threats especially related to authentication.If an attacker finds the secret data, the adversary will misuse it for his purposes.Therefore, security and privacy are necessary for the smart home environment.Moreover, data should be exchanged between two parties confidential and without any change [12].
Although, the IPv6 address architecture provides a built-in security feature with the support of the extension header [13].Despite these improvements in IPv6, some malicious attempts such as man-in-the-middle (MITM) attacks, replay attacks, impersonation attacks, and denial-of-service (DoS) attacks affect both IPv4 and IPv6 architectures and do not discriminate by appearance [14].In an MITM attack, the adversary is involved between two communication parties secretly [15].The authentication between two communication parties is compromised due to the MITM attack.Authentication is a technique of verifying the identification of someone or device [16].Authentication is the top priority service in IoT-based sensor networks while other security services such as data confidentiality, and data integrity are also important in smart cities [17].There are several authentication types such as Kerbrose, password-based authentication, biometric authentication, hash-based authentication, digital certificates, multi-factor authentication, and token-based authentication to perform verification [18], [19], [20], [21].Smart cities or smart homes use IoT-enabled smart devices and sensors.Smart devices have short processing power and short memory.Therefore, smart devices demand lightweight and secure authentication protocols.

A. CONTRIBUTION
The foremost contributions of the studies have a look at are concise as follows: 1) We introduce a lightweight authentication scheme by the usage of a hash-based method with a pre-shared session key to recognize the legitimacy of remote users in smart homes.2) We also propose a secure and lightweight key exchange algorithm for resource-constrained smart devices.3) We show the robustness of our proposed authentication scheme via informal and formal security analysis by using the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool.4) We implement our authentication scheme on Linux-based Ubuntu operating systems in client-server networks by using Android programming.5) Finally, We compare the performance of our recommended authentication scheme with other existing schemes based on communication overhead, computation cost, and security properties.

B. PAPER ORGANIZATION
The remainder of the research paper structured as: Section II describes associated works and compares this study with present research.Section III describes the IoT-based smart home network model and adversary model.Section IV presents a lightweight remote user authentication scheme for a smart home environment.Section V provides a formal and informal security analysis of the proposed scheme.Section VI compares the proposed scheme with the existing authentication schemes.Finally, section VII concludes the paper.

II. RELATED WORKS
A variety of available proposed mutual authentication schemes for IoT-based smart home environments are classified into asymmetric-key-based and symmetric-key-based groups.

A. ASYMMETRIC-KEY-BASED AUTHENTICATION SCHEMES
In asymmetric-key-based authentication schemes, keys are generated through asymmetric algorithms such as Elliptic Curve Cryptography (ECC) and Rivest Shamir Adleman 137900 VOLUME 11, 2023 Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
(RSA).The ECC and RSA are heavyweight in terms of computation and communication costs [22].So, ECC and RSA are not suitable for smart devices while smart devices demand lightweight due to low computation and communication powers [23].

B. SYMMETRIC-KEY-BASED AUTHENTICATION SCHEMES
In symmetric-key-based authentication schemes, keys are exchanged through symmetric algorithms such as Diffie-Hellman (DH) and Elliptic Curve Diffie Hellman (EC-DH).EC-DH is an advanced version of DH with extra functions in terms of small key length.Both DH and EC-DH are nonauthenticated.Hence, DH and EC-DH are exposed to MITM attacks [24].In some research studies, researchers introduced their own key exchange methods.
In [25], researchers proposed an authentication model for smart homes.The proposed authentication model uses a DH key exchange algorithm between two parties.The researchers have evaluated the security strength of the proposed authentication model by using the AVISPA analyzer tool.However, the proposed model fails to provide security against MITM attacks because the DH protocol itself is a non-authentic protocol, fails to ensure message freshness, and may not withstand a known-key attack.The time complexity behavior of the DH key exchange algorithm is polynomial.Therefore, it increases computation time and communication overhead.So, this scheme is not recommended for resource-constrained smart devices.
In [26], authors proposed a lightweight authentication model for IoT-based smart homes.The scheme provides mutual authentication and identity assurance by using the concepts of temporary identity, keyed-hash chain mechanism, and fog computing.In this research study, the authors claimed that their scheme is secured against several known attacks.Unfortunately, the scheme may fail to provide complete confidentiality and protection against known key attacks.So, this scheme is not suitable for smart homes.
In [27], researchers proposed a privacy-preserving twofactor authentication scheme for IoT devices.The scheme uses Physically Unclonable Functions (PUF) authentication methodology to protect IoT devices against physical and cloning assaults.The authors said that their method resists impersonation, achieves untraced ability, and exhibits security traits including resistance to physical attacks and mutual authentication.Because of the extensive usage of hash operations, their system requires high computation.As a result, IoT-based applications may not be appropriate for the proposed strategy.
In [28], researchers extended the research work of other researchers and presented an upgraded authentication scheme for next-generation IoT-based infrastructure.According to this research study, the scheme is safe against conventional IoT-based smart home attacks such as impersonation attacks, offline/online password guessing attacks, replay attacks, DoS attacks, and MITM attacks.However, the proposed scheme has not been evaluated by any formal security analysis tool.Furthermore, the proposed scheme has become more complex, and its computation cost is very high.The proposed scheme is not suitable for the smart home environment.
Similarly, in [29], [30], [31], [32], and [33], researchers proposed authentication schemes for IoT-based smart home environments.The proposed schemes adopt very complex procedures for key exchange and authentication processes.Multiple times XOR, concatenation, and hashing functions are used to perform authentication.The proposed schemes increase computation time and communication overhead.In these schemes, heavy-size messages are exchanged during key exchange and authentication.The communication overhead increases delays.
Although, there are several proposed authentication schemes for IoT-based smart home environments.Most of the proposed schemes use heavyweight key exchange algorithms while some proposed schemes use complex mathematical operations.In contrast with existing studies, we introduce and implement a simple, robust, and lightweight remote user authentication mechanism for the next-generation IoT-based smart homes by using a pre-shared symmetric session key.

III. IOT-BASED SMART HOME ENVIRONMENT
The idea of a smart home has gained enormous popularity throughout the world because of the rapid growth of information and communication technologies (ICT) and the Internet of Everything (IoE).In a smart home automation system, IoT-enabled smart devices such as smart TVs, smart security cameras, smart lights, smart ACs, smart locks, etc. are connected through wireless technology.A variety of wireless technologies are available for connecting smart home devices but 6LoWPAN is the most suitable protocol for IPv6 to enable IPv6 packets to be carried on top of low-power wireless networks [34].Users utilize different services by accessing these smart devices either inside the network or outside the network.Users can control smart devices with an application, check the status of smart devices, and perform on or off services on various smart devices through smartphones.Users can control smart devices easily and remotely within a smart home by connecting to the smart home network.

A. SYSTEM MODEL
Mobile users, smart gadgets, a home gateway, and a registration authority are the typical components of a smart home automation system.Smart devices have limited resources, including low bandwidth, short memory, and short processing power.The home gateway or server facilitates communication between smart gadgets.The wireless access point serves as a bridge between the smart devices and a home gateway or server.Figure 1 depicts the system model of a smart home.
According to our suggested system paradigm, the gateway or server serves as a connection point between smart devices and remote users.It offers an interface for preserving connections.By connecting to a gateway or server using internet-capable mobile phones or tablets, mobile users operate smart devices remotely at any time and from any location [35].The proposed IoT-based smart system is composed of mobile users (MUs), smart devices (SDs), an access point (AP), and a home gateway (HGW).The home gateway performs multiple roles such as a registration authority (RA), server, virtual router, and virtual firewall.The server is responsible for initializing the system, providing an interface, registering MUs and SDs, and other communication services.MU, SD, and HGW are needed to register at RA. RA stores the information of each entity in its database.Additionally, RA keeps all the data necessary for the MU, SD, and HGW in the database.Before using the services of the smart home automation system, MU and HGW exchange symmetric session keys for mutual authentication procedures.The notation of this paper is described in Table 1.

B. ADVERSARY MODEL
To assess the effectiveness and security of the suggested protocol, we consider the Dolev-Yao (DY) threat model [36].These are some examples of an adversary's capabilities.
1) Using a public channel, the adversary may listen in on, intercept, replay, inject, and change transmitted communications.The adversary can then launch MITM, replay, and impersonation attacks.2) By the use of a power analysis attack, the adversary can get the right of entry to a legitimate consumer's cellular or a smart device and get better any mystery credentials that are kept inside the memory.
3) The opponent has access to the session states, long-term keys, and short-term keys of each side.4) The attacker can steal the information that is exchanged across network components.5) The adversary can perform active and passive assaults.In addition, we developed a presumption for our scheme.Since the home gateway contains a secure database, the attacker cannot extract the data kept there.

IV. PROPOSED SCHEMEL
This section describes the proposed scheme.The scheme consists of the registration phase, login phase, key exchange phase, and authentication phase.

A. SMART DEVICE REGISTRATION PHASE
First, every smart device in the smart home system should be registered.At the registration phase, RA is assigned a unique ID SD to every smart device.The ID SD of the smart device and the status of the smart device are stored in the server's database.

B. USER REGISTRATION PHASE
All authorized users must be registered at RA.The user selects a unique username as an ID U , and password PSW U respectively.The user generates hash-based identity HID U and hash-based password HPSW U by using a hash function as described in Eq. ( 1) and Eq.(2).
The user's secret information is saved to the server's database secretly along with the user's email address and mobile number.

C. LOGIN PHASE
Remote user R U sends hash-based identity HID U along with hash-based password HPSW U to the server for verification.For security reasons, the identity and password are not sent in clear text.The server locates the HID U and HPSW U from databases and verifies them.If any of the given login information is incorrect, then the server immediately terminates the connection.In case of multiple failed login attempts which were mentioned then, the server blocks that identity temporarily to save time and bandwidth.If both HID U and HPSW U are matched with data saved in the server's database, then it verifies that the user is a registered user.The server picks two larger randomly generated numbers N 1 and N 2 respectively and sends them to the user for a specific period through an alternative channel.For security reasons, an alternative channel such as a registered mobile number of the user is adopted.These two larger random numbers are used to exchange the symmetric session key between the server and the remote user.If the remote user does not receive these two numbers N 1 and N 2 then the user sends a request for new numbers.

D. SESSION KEY EXCHANGE PHASE
After successful login, the symmetric session key exchange process starts by using our proposed symmetric session key exchange Algorithm 1.The remote user generates a larger random number of N U .The size of the random number should be 128 bits.The user multiplies the number N U with the N 1 number, adds the number N 1 , and computes Res U as shown in Eq. ( 3).
The user multiplies the result Res U with the second number N 2 , adds both numbers N 1 , N 2 , and calculates the final result FR U as shown in Eq. ( 4).
The user finally sends the final result FR U to the server.The result FR U is not a key and if the intruder captures it then he can't retrieve the actual key until he knows both secret numbers N 1 and N 2 respectively.When the server receives the result FR U by the remote user then the server extracts the number N U by using both numbers N 1 and N 2 respectively.The server subtracts the values of N 1 and N 2 and gets Res S as depicted in Eq. (5).
The server first multiplies N 1 and N 2 , divides Res S , subtracts one, and finally gets N U as presented in Eq. (6).
Similarly, the server generates a larger random number of N S and sends the result of FR S to the user by following the same procedure as shown in Eq. ( 3) and Eq. ( 4).At last, the server and the user compute bitwise XOR of N U with N S which were received on both sides, calculate mod with M, and get the final session key K S on both sides secretly as shown in Eq. (7).M is a variable that determines the size of the key.Initially, it stores the larger value of size 128 bits.It limits the size of the key to 128 bits.The larger size of the key minimizes the threats of brute-force attacks [24].
The same key K S has been exchanged between the server and the recognized remote user.On every newly established connection between the remote user and the server, the session key will be changed.The session key is used for authentication.

E. AUTHENTICATION PHASE
The primary goal of our proposed scheme is to authenticate the remote users over an IPv6 IoT-based smart home network so that the MITM's interception will fail.Authentication is the process of verifying the identity of a person, device, or service [37].Our proposed authentication scheme uses a Hash-based Message Authentication Code (HMAC) for the authentication process.The HMAC is a specific type of Server generates a larger random number as N S : N S ← rand() Server Sends R S to client : R S → Client Connection Terminate 28: end if fixed-length message authentication code that is generated by a hashing algorithm and a secret key [38].The size of the HMAC depends upon the hashing algorithm [39].SHA-1 generates a 160-bit (20-byte) long hash value and it consists of 40 digits long hexadecimal numbers [40].SHA-256 generates a fixed-size code of 256 bits long.In our proposed scheme, the IPv6 address of the host concatenates with a randomly generated number by the host, and the session key is used to generate a hash value through the SHA-256 algorithm as depicted in Eq. ( 8) and Eq.(9).
The HMAC calculated values sent to each other on both sides.HMAC values are re-calculated on both sides for cross-checking and verification with the received value.If the calculated HMAC and received HMAC are verified, then the authentication process is completed on both sides.After a successful authentication, the remote user grants access and control to smart devices.If the authentication process fails on any side, then the connection is terminated immediately on both sides and declared an adversary attack.The login, key exchange, and authentication processes are described in Fig. 2.

1) SIMPLE PRACTICAL EXAMPLE
A simple practical example of 8-bit key exchange and authentication is represented as follows for simplification.1) Suppose M = 256.
2) Suppose the server generates two larger random numbers N 1 = 11, N 2 = 13, and sends them to the remote user after login verification.

V. SECURITY ANALYSIS
In this section, we prove the robustness of our proposed scheme against different types of known attacks through formal and informal security analysis.
137904 VOLUME 11, 2023 Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.

A. INFORMAL SECURITY ANALYSIS
The strength of our proposed scheme with respect to the required security features is presented in [23].Informal security analysis shows how our proposed scheme meets security requirements against multiple attacks such as password guessing attacks, brute-force attacks, impersonate attacks, replay attacks, forgery attacks, denial of service attacks, MITM attacks, perfect forward secrecy, etc.

B. FORMAL SECURITY ANALYSIS THROUGH AVISPA
To test the proposed scheme's strength, we employed the AVISPA tool.When evaluating the security of various protocols and schemes that require messages to be sent between two or more entities, AVISPA is a trustworthy opensource tool.AVISPA uses High-Level Protocol Specification Language (HLPSL) scripting language.At the backend of the AVISPA, on-the-fly model checker (OFMC) compiles the results.The fact that communication between the entities takes place across a compromised channel (dy) is also noted.This means that the channel is open to all the assaults described in the Dolev-Yao (DY) adversary model III-B.A Security Protocol Animator (SPAN) tool is used for AVISPA [41].
The symmetric key sharing and authentication operations are programmed in HLPSL and tested on AVISPA to gauge the robustness of our suggested authentication strategy against well-known vulnerabilities like replay and MITM attacks.The essential tasks of nodes (Server and Client) include agent roles (S and C), crypto-operations, and local declarations.AVISPA code and simulation results are available on GitHub [42].

1) RESULTS THROUGH OFMC AND ATSE
The robustness of our proposed scheme against replay attacks and MITM attacks is verified by using the OFMC and CL-AtSe at the and is reported safe as shown in Fig. 3.

VI. IMPLEMENTATION AND PERFORMANCE ANALYSIS
We implemented our proposed scheme on Linux-based virtual machines (Ubuntu 18.04.2LTS) in a client-server IPv6 network model by using Android socket programming.The virtual machines installed on Oracle VM Virtual Box integrated to the GNS3 v2.1.16simulator with system specifications as Intel(R) Core, TM i3-M390 2.67 GHz processor, 6 GB DDR3 RAM, 3 MB cache memory with 64-bit Windows 10 Professional operating system.The experimental setup is described in Fig. 4. Table 2 displays the description of the devices.
In our next-generation IPv6 experimental setup, both virtual machines (client and server) are connected to different IPv6 networks.The server's IPv6 address is 2001:0:10::10/64 while the client's IPv6 address is 2001:0:1::1/64.An intruder is also connected to the network having full control over the network.The connectivity between the client and the server is shown in Fig. 5.

A. COMPUTATION COSTS COMPARISON
We compare the anticipated computing costs of our proposed scheme to those of current schemes in the computation cost comparison.In Table 3, we specified the expected unit time costs of several activities that were completed during a  simulation on an Intel(R) Core, TM i7-4710 HQ 2.50 GHz computer with 8 GB of memory and the 64-bit Windows 8 operating system [22].6 shows the assessment outcomes of computational costs among our proposed scheme and other related schemes.The results show that our proposed scheme including the key exchange process consumed less estimated computational time as compared to other existing schemes.Our proposed scheme reduced computation costs by up to 54.03 % compared to [32].

B. COMMUNICATION OVERHEAD COMPARISONS
When comparing the anticipated communication overhead of our proposed scheme with other relevant schemes, we call this comparison the communication cost comparison.The amount of data transmitted through the communication lines in packets and its size in bits per second are calculated as communication costs.An ECC point is assumed to be 320 bits in size, a hash digest to be 160 bits (assuming the 137906 VOLUME 11, 2023 Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.SHA-1 hashing technique is used for all schemes), 128 bits for random numbers, 512 bits for encryption and decryption, 32 bits for timestamp, and 128 bits for identification to compare communication costs.Our suggested scheme

Algorithm 1 3 : 4 :
Proposed Key Exchange Algorithm Require: M is a variable that stores the value of size 128 bits.Server saved the hash-based identity and hash-based password of the clients HID C and HPSW C 1: Client Sends HID C and HPSW C to Server : (HID C , HPSW C ) → Server 2: if HID C = HID C AND HPSW C = HPSW C then Server generates N 1 , N 2 and sends to client on mobile number: N 1 and N 2 → Client Client generates a larger random number as N C : N C ← rand()

20 :[
Client performs the same process from 11 to 12] 21: /* Client and Server compute the same Key as */ 22: Set K S = (N C ⊕ N S ) mod M

3 )
The remote user generates a larger random number N U = 180.The user calculates FR U = ((((180 × 11) + 11) × 13) + 11 + 13) = 25907 and sends final results FR U = 25907 to the server.4) The server generates a larger random number of N S = 240.Server calculates FR S = ((((240 × 11) + 11) × 13) + 11 + 13) = 34487 and sends final results FR S = 34487 to the remote user.5) The server and the user extract N S and N U from FR S and FR U respectively.The symmetric session key K S is shared on both sides as K S = (180 ⊕ 240) mod 256.The symmetric key value K S = 68 has been shared between the server and the remote user.The binary value of 68 is ''1000100''.6) The remote user calculates HMAC U by using the SHA-256 hash function with its IPv6 address = 2001:0:1::1, randomly generated number N U = 180, and session key K S = 68 as SHA-256 (2001:0:1::1 ∥ 180, 68) = ''9f7a878074e73a2f4e96067609ba8e23bb0b05f af37f21a20eed9fd24dc67c3e'', and sends it to the server for verification.7) Similarly, the server calculates HMAC S by using the SHA-256 hash function with its IPv6 address = 2001:0:10::10, randomly generated number N S = 240, and session key K S = 68 as SHA-256 (2001:0:10::10 ∥ 240, 68) = ''ba2dc7db02d732e6e19b1bb39478f35900d1 ce48ee8fc1efd9c8416f992b79dc'', and sends it to the remote user for verification.8) The server and the remote user generate HMAC values by using each other IPv6 addresses, random numbers, and K S for cross-checking.9) Both sides compare calculated results with the values received by each other.10) After verification, the server grants access to remote users.If the verification fails, the connection with the remote user is cut off immediately.

FIGURE 2 .
FIGURE 2. Key Exchange and Authentication Process.

FIGURE 5 .
FIGURE 5. Connectivity between Client and Server.

TABLE 2 .
Devices and their Description.

TABLE 3 .
Estimated Simulation Time of Various Operations.