Biometric Based User Authentication Protocol in Smart Homes

Document Type : Original Article


1 Tarbiat Modares University

2 Department of Computer Engineering, Shahed University


The smart home is an important Internet of Things applications. Due to the smartphones development, expansion of their network, and growing the data transfer rate, security in personal life has become a dramatic challenge. Therefore, it is essential to secure such a system to create a sense of relaxation in the lives of users and homeowners to deal with possible occurrences. The integration of technologies for the automation of home affairs with the Internet of things means that all physical objects can be accessed on cyberspace; therefore, the concerns raised by users about the lack of privacy and security are serious arguments that science and technology should answer. Therefore, addressing security issues is a crucial necessity for the development of the smart homes. Although authentication protocols have been proposed based on smart cards for multi-server architectures, their schemes cannot protect the system against stolen smart cards and dictionary attacks in the login phase and do not satisfy perfect forward secrecy. To overcome these limitations, this paper proposes an anonymous, secure protocol in connected smart home environments, using solely lightweight operations. The proposed protocol in this paper provides efficient authentication, key agreement, and enables the anonymity of devices and unlinkability. It is demonstrated that the computation complexity of the protocol is low as compared to the existing schemes, while security has been significantly improved. This protocol ensures that even if the stakeholder’s device or the IoT device is attacked, they are robust against them.


  • Domb, "Smart home systems based on internet of things," in Internet of Things (IoT) for Automated and Smart Applications, IntechOpen, 2019.
  • Gaikwad, Pranay P and Gabhane, Jyotsna P and Golait, Snehal S, "A survey based on Smart Homes system using Internet-of-Things," in 2015 International Conference on Computation of Power, Energy, Information and Communication (ICCPEIC), IEEE, 2015, pp. 0330--0335.
  • Patil, Akash Suresh and Hamza, Rafik and Hassan, Alzubair and Jiang, Nan and Yan, Hongyang and Li, Jin, "Efficient privacy-preserving authentication protocol using PUFs with blockchain smart contracts," Computers \& Security, vol. 97, no. Elsevier, p. 101958, 2020.
  • Zheng, Serena and Apthorpe, Noah and Chetty, Marshini and Feamster, Nick, "User perceptions of smart home IoT privacy," Proceedings of the ACM on Human-Computer Interaction, vol. 2, no. ACM New York, NY, USA, pp. 1--20, 2018.
  • Yoo, Sang Guun and others, "Security over smart home automation systems: A survey," in International Conference of Research Applied to Defense and Security, Springer, 2018, pp. 87--96.
  • Shabani, Fateme and Gharaee, Hossein and Ghaffari, Fariba, "An intelligent RFID-enabled authentication protocol in VANET," in 2018 9th International Symposium on Telecommunications (IST), IEEE, 2018, pp. 587--591.
  • Fakroon, Moneer and Alshahrani, Mohammed and Gebali, Fayez and Traore, Issa, "Secure remote anonymous user authentication scheme for smart home environment," Internet of Things, vol. 9, no. Elsevier, p. 100158, 2020.
  • Braeken, "Efficient anonym smart card based authentication scheme for multi-server architecture," International Journal of Smart Home, vol. 9, pp. 177--184, 2015.
  • Braeken, An and Porambage, Pawani and Stojmenovic, Milos and Lambrinos, Lambros, "eDAAAS: Efficient distributed anonymous authentication and access in smart homes," International Journal of Distributed Sensor Networks, vol. 12, no. SAGE Publications Sage UK: London, England, p. 1550147716682037, 2016.
  • Kumar, Pankaj and Chouhan, Lokesh, "A secure authentication scheme for IoT application in smart home," Peer-to-Peer Networking and Applications, no. Springer, pp. 1--19, 2020.
  • Baruah, Khanjan Ch and Banerjee, Subhasish and Dutta, Manash P and Bhunia, Chandan T, "An improved biometric-based multi-server authentication scheme using smart card," international journal of security and its applications, vol. 9, pp. 397--408, 2015.
  • Wen, Fengtong and Susilo, Willy and Yang, Guomin, "Analysis and improvement on a biometric-based remote user authentication scheme using smart cards," Wireless Personal Communications, vol. 80, no. Springer, pp. 1747--1760, 2015.
  • Shayan, Mehranpoor and Naser, Mohammadzadeh and Hossein, Gharaee, "IoT-Based Anonymous Authentication Protocol Using Biometrics in Smart Homes," in 2019 16th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC), IEEE, 2019, pp. 114--121.
  • He, Debiao and Kumar, Neeraj and Lee, Jong-Hyouk and Sherratt, R Simon, "Enhanced three-factor security protocol for consumer USB mass storage devices," IEEE Transactions on Consumer Electronics, vol. 60, no. IEEE, pp. 30--37, 2014.
  • Shouran, Zaied and Ashari, Ahmad and Priyambodo, Tri, "Internet of things (IoT) of smart home: privacy and security," International Journal of Computer Applications, vol. 182, pp. 3--8, 2019.
  • Hern{\'a}ndez-Ramos, Jos{\'e} L and Bernabe, Jorge Bernal and Moreno, M and Skarmeta, Antonio F, "Preserving smart objects privacy through anonymous and accountable access control for a m2m-enabled internet of things," Sensors, vol. 15, no. Multidisciplinary Digital Publishing Institute, pp. 15611--15639, 2015.
  • Benenson, Zinaida and Gedicke, Nils and Raivio, Ossi, "Realizing robust user authentication in sensor networks," Real-World Wireless Sensor Networks (REALWSN), vol. 14, p. 52, 2005.
  • Banerjee, Satyajit and Mukhopadhyay, Debapriyay, "Symmetric key based authenticated querying in wireless sensor networks," in Proceedings of the first international conference on Integrated internet ad hoc and sensor networks, 2006, pp. 22--es.
  • Komninos, Nikos and Philippou, Eleni and Pitsillides, Andreas, "Survey in smart grid and smart home security: Issues, challenges and countermeasures," IEEE Communications Surveys \& Tutorials, vol. 16, no. IEEE, pp. 1933--1954, 2014.
  • Fan, "Analysis on the security architecture of zigbee based on ieee 802.15. 4," in 2017 IEEE 13th International Symposium on Autonomous Decentralized System (ISADS), IEEE, 2017, pp. 241--246.
  • Koyuncu, Murat and Pusatli, Tolga, "Security awareness level of smartphone users: An exploratory case study," Mobile Information Systems, no. Hindawi, 2019.
  • Yoon, Seokung and Park, Haeryong and Yoo, Hyeong Seon, "Security issues on smarthome in IoT environment," in Computer science and its applications, Springer, 2015, pp. 691--696.
  • Schwarz, "The Current State of Security in Smart Homes Systems," SEC Consult Vulnerability Lab, Vienna, 2016.
  • Kang, Won Min and Moon, Seo Yeon and Park, Jong Hyuk, "An enhanced security framework for home appliances in smart home," Human-centric Computing and Information Sciences, vol. 7, no. Springer, pp. 1--6, 2017.
  • Armando, Alessandro and Basin, David and Boichut, Yohan and Chevalier, Yannick and Compagna, Luca and Cu{\'e}llar, Jorge and Drielsma, P Hankes and H{\'e}am, Pierre-Cyrille and Kouchnarenko, Olga and Mantovani, Jacopo and others, "The AVISPA tool for the automated validation of internet security protocols and applications," in International conference on computer aided verification, Springer, 2005, pp. 281--285.
  • Burrows, Michael and Abadi, Martin and Needham, Roger Michael, "A logic of authentication," Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences, vol. 426, no. The Royal Society London, pp. 233--271, 1989.
  • Amin, Ruhul and Islam, SK Hafizul and Kumar, Neeraj and Choo, Kim-Kwang Raymond, "An untraceable and anonymous password authentication protocol for heterogeneous wireless sensor networks," Journal of network and computer applications, vol. 104, no. Elsevier, pp. 133--144, 2018.
  • Jung, Jaewook and Kim, Jiye and Choi, Younsung and Won, Dongho, "An anonymous user authentication and key agreement scheme based on a symmetric cryptosystem in wireless sensor networks," Sensors, vol. 16, no. Multidisciplinary Digital Publishing Institute, p. 1299, 2016.
  • "An energy efficient mutual authentication and key agreement scheme preserving anonymity for wireless sensor networks," Sensors, vol. 16, no. Multidisciplinary Digital Publishing Institute, p. 837, 2016.
  • Chang, Chin-Chen and Le, Hai-Duong, "A provably secure, efficient, and flexible authentication scheme for ad hoc wireless sensor networks," IEEE Transactions on wireless communications, no. IEEE, pp. 357--366, 2015.
  • He, Debiao and Zeadally, Sherali, "An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography," IEEE internet of things journal, vol. 2, no. IEEE, pp. 72--83, 2014.
  • Farash, Mohammad Sabzinejad and Turkanovi{\'c}, Muhamed and Kumari, Saru and H{\"o}lbl, Marko, "An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment," Ad Hoc Networks, vol. 36, no. Elsevier, pp. 152--176, 2016.


Hossein Gharaee received B.Sc. degree in electrical engineering from K.N. Toosi University of Technologhy in 1998, M.Sc., and Ph.D. degree in electrical engineering from Tarbiat Modares University, Tehran, Iran, in 2000 and 2009 respectively. Since 2009, he has been with the Department of Network Technology in ICT Research Institute (ITRC). His research interests include VLSI with emphasis on basic logic circuits for low-voltage low-power applications, DSP, crypto chip and Intrusion detection and prevention systems.