A two-factor authentication scheme against FDM attack in IFTTT based Smart Home System

Smart Home is an emerging key-element of the advantages of Internet of Things (IoT), which facilitates an individual to have control over the smart devices of his house through the Internet. However, its control should be confined to the legitimate user only, which can refrain from malicious activities. Internet services like IFTTT (If This Then That) integrate heterogeneous Smart Home devices and allow the user to customize Smart Home configurations via IFTTT recipes. Earlier researches have suggested an attack scenario based on Feature Distributed Malware (FDM), where the malware can compromise the victim's IFTTT account and as a result the attacker can manipulate the recipes from his own device. This paper proposes a secure IFTTT-based Smart Home framework by incorporating suitable captchabased One Time Password (OTP) authentication scheme and Physical Unclonable Function (PUF). A suitable adversarial model has been used to evaluate the security of the framework. (C) 2018 Elsevier Ltd. All rights reserved.