A Mutual Authentication Method for Internet of Things

Today, we are witnessing the expansion of various Internet of Things (IoT) applications and services such as surveillance and health. These services are delivered to users via smart devices anywhere and anytime. Forecasts show that the IoT, which is controlled online in the user environment, will reach 25 billion devices worldwide by 2020. Data security is one of the main concerns in the IoT. The IoT is supposed to deal with a population of about billions of objects, so the number of malicious attacks can be very high and alarming given the global connection (anyone access) and the wide availability (access to any place at any time). However, users’ accesses can make security and privacy a critical issue in the IoT. Therefore, user authentication is one of the most significant issues in development of IoT environment. This paper propose a device-to-device or two-way authentication protocol without human intervention for the smart home network. This protocol is based on asymmetric encryption for authentication of devices, which have a shared private session key, along with hashing operations in the network. Also, to ensure the security of communications at each session, all devices have an one time  private session key. The session keys are changed regularly to ensure the security of session between devices. The proposed protocol is programmed by HLPSL and simulated and verified by the SPAN and AVISPA tools. The security analysis results demonstrate the proposed protocol can resist multiple attacks.