ES-HAS: ECC-Based Secure Handover Authentication Scheme for Roaming Mobile User in Global Mobility Networks

The design and implementation of two-factor schemes designed for roaming mobile users for global mobility networks in smart cities requires attention to protect the scheme from various security attacks, such as the replay attack, impersonation attack, man-in-the-middle attack, password-guessing attack and stolen-smart-card attack. In addition to these attacks, the scheme should achieve user anonymity, unlinkability and perfect forward secrecy. In the roaming scenario, as mobile users are connected to the foreign network, mobile users must provide authentication details to the foreign network to which they are connected. The foreign network forwards the authentication messages received from the mobile users to their home network. The home network validates the authenticity of the mobile user. In the roaming scenario, all communication between the three entities is carried over an insecure channel. It is assumed that the adversary has the capabilities to intercept the messages transmitted over an insecure channel. Hence, the authentication scheme designed must be able to resist the above-mentioned security attacks and achieve the security goals. Our proposed scheme ES-HAS (elliptic curve-based secure handover authentication scheme) is a two-factor authentication scheme in which the mobile user possesses the password, and the smart card resists the above-mentioned security attacks. It also achieves the above-mentioned security goals. We also extended our two-factor authentication to a multi-factor authentication scheme using the fingerprint biometric technique. The formal security analysis using BAN logic and the formal security verification of the proposed scheme using the widely accepted AVISPA (automated validation of internet security protocols and applications) tool is presented in this article. In comparison with the related schemes, the proposed scheme is more efficient and robust. This makes the proposed scheme suitable for practical implementation.

Inconsistency Detection-Based LOD in Smart Homes

The emergence of the internet of things in the smart homes has given rise to many services to meet the user's expectations. It is possible to control the temperature, the brightness, the sound system, and even the security of the house via a smartphone, at the request of the inhabitant or by scheduling it. This growing number of “things” must deal with material constraints such as home network infrastructure, but also applicative due to the number of proposed services. The heterogeneity of users' preferences often creates conflicts between them like turn on and off light or using a heater and an air conditioner in the same time. To manage these conflicts, the authors proposed a solution based on linked open data (LOD). The LOD allows defining the relation between the different services and things in the house and a better exploitation of the attributes of the inhabitant's profile and services. It consists to find inconsistency relation between the equipment using the antonym thesaurus.

A Secure Internet of Things Smart Home Network: Design and Configuration

Many home IoT devices are joining IoT networks by gaining access to some home gateway that configures smart, multimedia, and home networks. To enable secure IoT-based home networking services, (1) an IoT network should be effectively designed and configured with a IoT server, (2) a messaging protocol is required to exchange information between the IoT server and IoT devices, and (3) the home gateway should monitor all safety aspects in both inbound and outbound traffic of the home network. However, not all home network users put in consideration the need for an adequate security posture. Instead, many users still rely on the minimum home network security by setting an easiest-to-guess password to restrict unauthorized access to their home gateway. In this paper, we propose a network design and configuration that enables secure IoT services with MQTT messaging protocol for home networks. With the proposed network design, a home network is interconnected to external networks through a home gateway. To separate the IoT-subnet from other parts of home network, the home gateway subdivides a home network into an inside-subnet and an IoT-subnet with a private IP address using subnet masking. The IoT server, located in the IoT-subnet can be implemented with either a general HTTP server or a security server that acts as an MQTT broker. The secure communications among network entities are governed by a home gateway operating a well-configured extended access control. The effectiveness of the proposed design and configuration is verified through a simulation by showing that it does not impose any significant performance degradation for reinforced security. We expect the proposed configuration to help facilitate interconnection among heterogeneous network entities.