LAKE-6SH: Lightweight User Authenticated Key Exchange for 6LoWPAN-Based Smart Homes

Ensuring security and privacy in the Internet of Things (IoT) while taking into account the resource-constrained nature of IoT devices is challenging. In smart home (SH) IoT applications, remote users (RUs) need to communicate securely with resource-constrained network entities through the public Internet to procure real-time information. While the 6LoWPAN adaptation-layer standard provides resource-efficient IPv6 compatibility to low-power wireless networks, the basic 6LoWPAN design does not include security and privacy features. A resource-efficient authenticated key exchange (AKE) scheme becomes imperative for 6LoWPAN-based resource-constrained networks to render indecipherable communication functionality. This article presents a lightweight user AKE scheme for 6LoWPAN-based SH networks (LAKE-6SH) to achieve authenticity of RUs and establish private session keys between the users and network entities by employing the SHA-256 hash function, exclusive-OR operation, and a simple authenticated encryption primitive. Informal security validation illustrates that LAKE-6SH is protected against different pernicious security attacks. The security is further validated formally through the random oracle model. Moreover, through Scyther validation, it is demonstrated that LAKE-6SH is secure. In addition, it is demonstrated that LAKE-6SH renders better security features aside from its low communication and computational overheads.

Automated summary

This article introduces a lightweight user AKE scheme (LAKE-6SH) for smart home networks, which establishes private session keys between users and network entities to achieve authenticity of RUs using the SHA-256 hash function, exclusive-OR operation, and a simple authenticated encryption primitive. The scheme has been informally validated to be secure against various security attacks, and further validated formally through the random oracle model and Scyther validation. Additionally, LAKE-6SH is shown to provide better security features with low communication and computational overheads.