A Novel Multi-factor Authentication Protocol for Smart Home Environments

User authentication plays an important role in smart home environments in which devices are interconnected through the Internet and security risks are high. Most of the existing research works for remote user authentication in smart homes fail in one way or the other in combating common attacks specifically smartphone capture attack. Robust authentication method which can uniquely identify the smartphones of users can thwart unauthorized access through the physical capture of smartphones. Existing studies demonstrate that Photo Response Non-Uniformity (PRNU) of a smartphone can be used to uniquely identify the device with an error rate less than 0.5%. Based on these results, we propose a multi-factor user authentication protocol based on Elliptic Curve Cryptography (ECC) and secret sharing for smart home environments. We leverage face biometric and PRNU to make it resilient to common attacks. Moreover, the proposed protocol achieves mutual authentication among all participating entities and thereby ensures the legitimacy of all the participating entities. Subsequently, a session key is established for secure communication between the users and the devices. Our analysis of the proposed protocol shows that it provides significantly better security than the existing schemes with a reasonable overhead. In addition, it provides better usability by alleviating the burden of users from memorizing passwords and carrying additional mechanisms such as smart cards.