A Robust Two-Factor User Authentication Scheme-Based ECC for Smart Home in IoT

The unprecedented proliferation of smart home together with wireless sensor networks has enriched human's daily life. Inevitably, the smart home without the guard of authentication mechanism is bound to bring a series of security issues. Hence, a great number of authentication protocols have been designed to verify the user's identity and ensure that the data be accessed with authorization in smart home. Recently, (M. Shuai et al., 2019) (Computers & Security, 2019) proposed a two-factor anonymous authentication scheme for smart home and presented that their scheme can be immune to various attacks. However, by careful analysis, we found that (M. Shuai et al.'s, 2019) scheme needed further improvements in session key forward secrecy and against: type-I node capture attack and node impersonation attack. As a going step to this direction, here, we first design a robust two-factor user authentication also for smart home based on the elliptic curve cryptography. Second, we give security proofs to demonstrate that the construction of the proposed scheme can be of user anonymity, session key forward secrecy, and resist all attacks shown in this article. Third, performance comparisons covered in storage/network communication/computation costs are carried out to indicate that our scheme can be comparable to those newly designed schemes, especially, the user and gateway in our scheme need only 352 and 320 bits, respectively.