LAKE-6SH: Lightweight User Authenticated Key Exchange for 6LoWPAN-Based Smart Homes

Ensuring security and privacy in the Internet of Things (IoT) while taking into account the resource-constrained nature of IoT devices is challenging. In smart home (SH) IoT applications, remote users (RUs) need to communicate securely with resource-constrained network entities through the public Internet to procure real-time information. While the 6LoWPAN adaptation-layer standard provides resource-efficient IPv6 compatibility to low-power wireless networks, the basic 6LoWPAN design does not include security and privacy features. A resource-efficient authenticated key exchange (AKE) scheme becomes imperative for 6LoWPAN-based resource-constrained networks to render indecipherable communication functionality. This article presents a lightweight user AKE scheme for 6LoWPAN-based SH networks (LAKE-6SH) to achieve authenticity of RUs and establish private session keys between the users and network entities by employing the SHA-256 hash function, exclusive-OR operation, and a simple authenticated encryption primitive. Informal security validation illustrates that LAKE-6SH is protected against different pernicious security attacks. The security is further validated formally through the random oracle model. Moreover, through Scyther validation, it is demonstrated that LAKE-6SH is secure. In addition, it is demonstrated that LAKE-6SH renders better security features aside from its low communication and computational overheads.