Scalable, password-based and threshold authentication for smart homes

Abstract Smart homes are a special use-case of the IoT paradigm, which is becoming more and important in our lives. Although sensors, devices applications make daily lives easier, they often collect sensitive data, may lead to security problems (e.g., hacked devices, botnets, etc.). In several cases, appropriate mechanisms missing within devices. Therefore, measures have become central topic field IoT. The most essential requirements secure user–device authentication confidentiality transferred data. Passwords widely used factors various areas, such as user authentication, key establishment, also secret sharing. Password-based protocols that resistant typical threats, offline dictionary, man-in-the-middle phishing attacks, generate new session keys. major aim these solutions guarantee high-level security, even if applies single low-entropy human memorable password for all their accounts. We introduce threshold password-based, distributed, mutual authenticated agreement with confirmation protocol smart home environment. proposed scalable robust scheme, forces adversary corrupt $$l-1$$ l - 1 where l threshold, order perform an dictionary attack. designed achieve password-only setting, end-to-end chosen besides user. provide analysis AVISPA. apply on-the-fly model checker constraint-logic-based attack searcher verification bounded numbers sessions. show provides secrecy device manager. Since efficiency crucial aspect, we implemented measure computation communication costs demonstrate solution eligible homes.