HomeChain: A Blockchain-Based Secure Mutual Authentication System for Smart Homes

Increasingly, governments around the world, particularly in technologically advanced countries, are exploring or implementing smart homes, or the related smart facilities for the benefits of the society. The capability to remotely access and control Internet of Things (IoT) devices (e.g., capturing of images, audios, and other information) is convenient but risky, as vulnerable devices can be exploited to conduct surveillance or perform other nefarious activities on the users and organizations. This highlights the necessity of designing a secure and efficient remote user authentication solution. Most of the existing solutions for this problem are generally based on a single-server architecture, which has limitations in terms of privacy and anonymity (leading to users' daily activities being predicted), and integrity and confidentiality (resulting in an unreliable behavior auditing). While blockchain-based solutions may mitigate these issues, they still face some critical challenges (e.g., providing regulation of behaviors and privacy protection of access policy). Motivated by these facts, in this article, we construct a novel secure mutual authentication system, which can be applied in smart homes and other applications. Specifically, the proposed approach integrates blockchain, group signature, and message authentication code to provide reliable auditing of users' access history, anonymously authenticate group members, and efficiently authenticate home gateway, respectively. We also prove the security and privacy requirements, including anonymity, traceability, and confidentiality, that the proposed system satisfies, with an implementation and evaluation to demonstrate its practicality.