Secure mutual authentication and automated access control for IoT smart home using cumulative Keyed-hash chain

IoT platforms face huge challenge in deploying robust authentication mechanisms due to the fact that edge devices and resource-constrained devices may not have enough compute and storage capability to deploy and run existing mechanisms, which involve in general complex computations. In this paper, we propose a secure lightweight mutual authentication and key exchange protocol for IoT smart home environment based on temporary identity and cumulative Keyed-hash chain. Nodes can anonymously authenticate and establish session with the controller node using dynamic identities and symmetric keys in an unlinkable manner. Moreover, the enforcement of security policy between nodes is ensured by setting up a virtual domain segregation and restricting nodes capabilities of sending and receiving instructions and commands to or from other nodes. Cumulative Keyed-hash chain mechanism is introduced as a way to ensure the identity of the sender (through challenge-response). In addition, we capitalize on fog computing concept to improve identity assurance. Finally, we formally evaluate and prove the security of our protocol by using the Burrows-Abadi-Needham (BAN) logic and the Automated Validation of Internet Security Protocols and Applications (AVISPA) toolkit. (C) 2019 Elsevier Ltd. All rights reserved.