LAUSR

This article introduces the design of a secure sign-on protocol, SSP, for smart homes built on named data networking (NDN). Instead of depending on cloud services, NDN supports a new smart home model where each home IoT system is identified by a unique name and has a local trust anchor. To securely sign into such a home, a new device must acquire two certificates to secure its communications thereafter: the local trust anchor's certificate, whereby the device can cryptographically authenticate others in the same home, and its own certificate signed by the trust anchor to certify the device's identity and authenticity. SSP is designed for resource-constrained devices and built on NDN's security framework and Interest/Data exchange communication semantics, and is able to automate the process for a device to obtain those two certificates based on a piece of pre-shared information between the anchor and the device. Our security analysis and prototype implementation show that SSP offers strong protection against attacks even if the preshared secret is leaked later. We also discuss how SSP can be simplified and further enhanced for more resourceful devices.