Comments on “ALAM: Anonymous Lightweight Authentication Mechanism for SDN Enabled Smart Homes”

Smart home is intended to be able to enhance home automation systems and achieves goals such as reducing operational costs and increasing comfort while providing security to mobile users. However, an attacker may attempt security attacks in smart home environments because he/she can inject, insert, intercept, delete, and modify transmitted messages over an insecure channel. Secure and lightweight authentication protocols are essential to ensure useful services in smart home environments. In 2020, Iqbal et al. presented an anonymous lightweight authentication protocol for software-defined networking (SDN) enabled smart home, called ALAM. They claimed that ALAM protocol could resist security threats, and also provide secure mutual authentication and user anonymity. This comment demonstrates that ALAM protocol is fragile to various attacks, including session key disclosure, impersonation, and man-in-the-middle attacks, and also their scheme cannot provide user anonymity and mutual authentication. We propose the essential security guidelines to overcome the security flaws of ALAM protocol.


I. INTRODUCTION
With the advances in wireless technologies and portable devices, users can access various services via mobile device in smart home environments. The smart home allows useful services for the mobile users, including humidity of the house, automatic checking of the temperature, controlling light bulbs, and so on. In general, the smart home comprises several indoor smart devices, gateways, users, and controllers. Mobile users are registered in the controller, and they can access various services. However, these services are susceptible to potential attacks because sensitive messages are exchanged via an insecure channel. If the data collected by smart devices is compromised, a malicious attacker can obtain the private information of users, The associate editor coordinating the review of this manuscript and approving it for publication was Remigiusz Wisniewski .
including habits and daily routines in smart home, and also utilize the information for criminal purposes. Therefore, a secure and lightweight authentication protocol is essential to provide mobile users with useful services in smart home environments.
In 2020, Iqbal et al. [1] designed an anonymous lightweight authentication protocol to provide secure services in smart home environments. They claimed that ALAM protocol could withstand security threats, such as desynchronization and replay attacks, and also ensure user anonymity and mutual authentication. However, this comment paper demonstrates that ALAM protocol suffers from many security threats, including impersonation, session key disclosure and man-in-the-middle (MITM) attacks. Moreover, ALAM protocol cannot also provide user anonymity and mutual authentication. Thus, we propose the necessary guidelines to overcome the security flaws of ALAM scheme [1].
The rest of this comment paper is organized as follows. In Section II and III, we review Iqbal et al.'s protocol and then show cryptanalysis of Iqbal et al.'s protocol, respectively. Section IV proposes some guidelines to overcome the security shortcomings of Iqbal et al.'s protocol. Finally, Section V summarizes and concludes the work.

A. ATTACKER MODEL
We present the widely-known Dolev-Yao (DY) model [2] to evaluate the security of ALAM protocol. The capabilities of an attacker in the DY model are as follows.
• Referring to DY model [2], a malicious adversary (MA) can replay, eavesdrop, modify, intercept, insert, and delete transmitted messages over an insecure channel.
• Software-defined networking (SDN) database modules and controllers are considered to be secure and cannot be compromised by MA. In other words, the controller's private key is not accessible to the MA [1].
• During a lost mobile device attack, MA obtains all secret credentials stored in mobile device by physical means, even if the mobile device has a certain degree of tamper resistance. Thus, MA can steal the legitimate user's mobile device and extract the secret credentials stored in memory by performing power analysis [3]- [5].

B. RESEARCH CONTRIBUTIONS AND MOTIVATION
The major goal of this comment paper is to identify the security flaws present in ALAM scheme. ALAM does not ensure the required security functionalities such as ''session key disclosure attack'', ''MITM attack'', ''impersonation attack'', ''mutual authentication'', and ''user anonymity'' in smart home environments. These facts motivated us to come up with the necessary security guidelines which can ensure security functionalities and overcome security threats and flaws that exist in smart home environments.

II. REVIEW OF IQBAL ET AL.'S PROTOCOL
We review ALAM scheme [1] for a smart home environment. ALAM scheme consists of three phases: a) user registration, b) smart device registration and c) mutual authentication. The notations used in this comment are presented in Table 1.

A. USER REGISTRATION PHASE
The mobile users (MU i ) must register with the SDN controller (CT ) to receive smart home services. We show the user registration phase of ALAM protocol, and the detailed steps are as follows:

B. SMART DEVICE REGISTRATION PHASE
The smart device (SD i ) must register with the SDN controller to ensure useful home services. We present the smart device registration phase of ALAM protocol, and the detailed steps are as below.
• SR-1: SD i chooses smart device identity SD ID and then sends {SD ID } to the CT over a secure channel.
• SR-2: Upon getting message {SD ID }, the CT generates controller identifier CID and random nonce C m . CT then computes CSP SD ID = h(SD ID ||C m ) and SID SD ID = E k c (SD ID , CSP SD ID , C m ). After that, the CT sends {SID SD ID , CID} to the smart device SD i over a secure channel. Finally, CT sends {SID SD ID , CSP SD ID } to the Reg.DB and Auth.DB.
• SR-3: After getting message {SID SD ID , CID} from the CT , SD i stores them in memory.
• SR-4: Upon getting message {SID SD ID , CSP SD ID }, Reg.DB and Auth.DB also store them in their secure database.

C. MUTUAL AUTHENTICATION PHASE
In this phase, a mobile user MU i requests authentication to the SDN controller to receive secure service. We describe the authentication phase of ALAM protocol as summarized in Fig. 1 and the detailed steps of this phase are as follows.
• AP-1: MU i generates a random nonce U n and a timestamp T 1 , computes U p = U n ⊕M ID and Auth u = h(SID u ||U p ||k uc ||T 1 ||U n ||TF seq ), and the sends the message M 1 = {Auth u , SID u , U p , T 1 } to the CT over an insecure channel.
• AP-2: Upon getting the message M 1 , the CT checks timestamp = M save ID . If it is valid, CT can come across two scenarios. In the following, we discuss the following two cases.
CT also chooses a timestamp T 4 and generates = Auth c . If it is valid, MU i is mutually authenticated successfully.

III. CRYPTANALYSIS OF IQBAL ET AL.'S PROTOCOL
This comment paper is about ''ALAM: Anonymous Lightweight Authentication Mechanism for SDN Enabled Smart Homes'' that is presented by Iqbal et al. [1]. Iqbal et al. claimed that ALAM scheme could resist various attacks and also ensure user anonymity and mutual authentication. However, we demonstrate that ALAM scheme is vulnerable to ''impersonation'', ''MITM'', and ''session key disclosure'' attacks. Furthermore, we show that ALAM protocol fails to ensure ''user anonymity'' and ''mutual authentication''.

A. IMPERSONATION ATTACK
MA may attempt to impersonate legitimate user. Referring to Section I-A, MA can extract the secret credentials {SID u , k uc } stored in mobile device. Moreover, MA can replay, intercept, modify, eavesdrop, insert, and delete transmitted messages over an insecure channel. The detailed steps of this attack are as follows.

IV. GUIDELINES ON ATTACKS RESILIENCE
In ALAM scheme [1], the major security issue is that the shared secret (long-term) key is stored in mobile device without any cryptographic methods. Because of this problem, an adversary can extract and obtain secret credentials using power analysis. According to Section III, we proved that ALAM scheme is vulnerable to various attacks, including VOLUME 9, 2021 ''session key disclosure'', ''MITM'', and ''impersonation'' attacks. In addition, their scheme fails to provide ''user anonymity'' and ''mutual authentication''. Thus, we propose the necessary guidelines to overcome the security flaws of ALAM scheme as also suggested in [8].
• Guideline 1. ALAM scheme adopts the two-factor authentication mechanism using the secret credentials and mobile device. However, referring to Section III, the MA is able to impersonate as a mobile user. Thus, ALAM should store the masked secret credentials with password and/or biometric using hash function and bitwise XOR operation to enhance the security level. This will increase the security level of the system.
• Guideline 2. In ALAM scheme, the mobile device can use the physical unclonable function (PUF) to prevent physical attacks. PUF-based authentication schemes can resist smart device physical capture attack because an attacker MA cannot access the PUF function even by stealing the smart device [9]- [11].
• Guideline 3. ALAM scheme may cause serious security problems in the future because the shared secret (long-term) key is not updated. Therefore, ALAM scheme should periodically update the shared secret (long-term) key to improve the security of the system.
• Guideline 4. All participants should securely encrypt and send messages using symmetric keys, because the attacker MA can modify, intercept, delete, and insert the exchanged messages during the mutual authentication phase.
It is worth to note that we do not claim that the guidelines suggested by us as a full-proof solution to the pointed-out drawback of ALAM scheme. However, it will definitely increase the complexity of the malicious adversary MA.
Iqbal et al. would have put best efforts to design a secure protocol for smart home applications. However, they would not have viewed their protocol from the point of view that we have analyzed and proved it. Thus, this comment paper will lead to the design of more secure and efficient authentication protocols for smart home applications.

V. CONCLUSION
This comment paper refers to ''ALAM: Anonymous Lightweight Authentication Mechanism for SDN Enabled Smart Homes'' presented by Iqbal et al. We proved that their scheme is vulnerable to potential attacks such as ''impersonation'', ''MITM'', and ''session key disclosure'' attacks. Moreover, their scheme cannot also provide ''user anonymity'' and ''mutual authentication'' functionality requirements. After stealing secret credentials stored in mobile device, an adversary can compute the session key between a legitimate user and the controller. Thus, we presented some guidelines to enhance the security flaws of ALAM protocol. Consequently, we can thwart the pointed out security problems not only in ALAM protocol, but we believe that these will be also helpful in other future authentication protocols. SUNGJIN