在現今的社會中，智慧裝置為我們的生活帶來很大的便利，許多旅館業者透過引入 IoT 設備嘗試為旅客帶來更好的住宿體驗，而這些設備通常採用閘道管理架構，但在這樣的管理架構上有資訊安全的隱憂，當閘道故障或遭受攻擊者入侵時，將會導致設備失去控制。攻擊者也可以透過分析通訊訊息並在不入侵閘道的情況下蒐集使用者的隱私，因此使用者的安全與隱私會受到很大的威脅。
我們建議將閘道從網路架構中移除，然而這樣的做法將促使我們選擇更適當的存取管理架構。我們透過 Kerberos 這個經典的去集中化權限管理協定 將認證與授權的工作從 IoT 設備上分離，但 Kerberos 並沒有考慮匿名性，所以會以明文來傳輸通訊對象的資訊，為此我們利用預先交換的秘密資訊來組成臨時識別名稱，使得裝置在每一次的通訊中過程中都有不同的識別名稱，藉此達到匿名效果，避免被攻擊者探測與蒐集資訊。
我們透過 AVISPA 來驗證我們的協定是否有弱點，並且在 Arduino Uno 上進行實作藉此測量傳輸與計算消耗，實驗的結果證明我們的協議能夠在資源受限的IoT設備上運作。

Smart devices make our lives more convenient, and the hoteliers are trying to improve the comfort of travellers with smart devices. Although IoT makes comfort and convenience be enhanced, but there are many information security issues. In order to make the devices easy to manage, most hotels choose to use gateway architecture for unified management. The advantage of this structure is increased in convenience of management, but if gateway being compromised, the harm will be extended from a single room to all rooms. Under this architecture, attacker can harass other customers, compromise the profit of hotel. In addition to Gateway being compromised, attacker can collect the information and identity of device and even intrude privacy of customer without hacking the gateway.
We argue that removing Gateway from architecture, however, the choice will lead us to choose the appropriate access management architecture. Through the classic decentralized access control protocol, Kerberos, we separate the certification and authorization from IoT device. Kerberos does not consider anonymity, therefore, it will transfer the information of communication object by plain text. In order to that, we use pre-shared secrets to form a temporary identification name. It makes device having different identification name in each session, to achieve anonymous effects.
We exploit AVISPA to verify the correctness of proposed mechanism, where no vulnerability reveals. Moverover, we implement the mechanism on Arduino Uno so that we can evaluate the communication and computation cost in realistic fashion. The experiment shows that our mechanism has acceptable cost for the resource constrained IoT devices.

1. “Bluetooth - legacy specifications - core version 4.0,” https://www:bluetooth:com/specifications/adopted-specifications/legacyspecifications, accessed: 2017-06-20.
2. J. Granjal, E. Monteiro, and J. Silva, “Security for the Internet of Things: A survey of existing protocols and open research issues,” IEEE Commun. Surveys Tuts., vol. 17, pp. 1294–1312, Jul. 2015.
3. F. K. Santoso and N. C. H. Vun, “Securing iot for smart home system,” in 2015 International Symposium on Consumer Electronics (ISCE), June 2015, pp. 1–2.
4. J. MOLINA, “Learn how to control every room at a luxury hotel remotely: The dangers of insecure home automation deployment,” https://www:blackhat:com/docs/us-14/materials/us-14-Molina-Learn-How-To-Control-Every-Room-At-A-Luxury-Hotel-Remotely-The-Dangers-Of-Insecure-Home-Automation-Deployment:pdf, 2008.
5. G. W. Hart, “Nonintrusive appliance load monitoring,” Proceedings of the IEEE, vol. 80, no. 12, pp. 1870–1891, 1992.
6. Z. Wang and G. Zheng, “Residential appliances identification and monitoring by a nonintrusive method,” IEEE transactions on Smart Grid, vol. 3, no. 1, pp. 80–92, 2012.
7. P. Kumar, A. Gurtov, J. Iinatti, M. Ylianttila, and M. Sain, “Lightweight and secure session-key establishment scheme in smart home environments,” IEEE Sensors Journal, vol. 16, no. 1, pp. 254–264, Jan 2016.
8. E. Ayday and S. Rajagopal, “Secure device authentication mechanisms for the smart grid-enabled home area networks,” Tech. Rep., 2013.
9. J. D. Logue, S. Supramaniam, O. B. Hardison, and J. A. Luxenberg, “Multitiered authentication methods for facilitating communications amongst smart home devices and cloud-based servers,” Jan. 12 2016, uS Patent 9,237,141.
10. S. P. Miller, B. C. Neuman, J. I. Schiller, and J. H. Saltzer, “Kerberos authentication and authorization system,” in In Project Athena Technical Plan. Citeseer, 1987.
11. M. B. Tamboli and D. Dambawade, “Secure and efficient coap based authentication and access control for internet of things (iot),” in 2016 IEEE International Conference on Recent Trends in Electronics, Information Communication Technology (RTEICT), May 2016, pp. 1245–1250.
12. P. P. Gaikwad, J. P. Gabhane, and S. S. Golait, “3-level secure kerberos authentication for smart home systems using iot,” in 2015 1st International Conference on Next Generation Computing Technologies (NGCT), Sept 2015, pp. 262–268.
13. S. Banerjee, M. P. Dutta, and C. Bhunia, “An improved smart card based anonymous multi-server remote user authentication scheme,” Int. J. smart home, vol. 9, no. 5, pp. 11–22, 2015.
14. A. Braeken, “Efficient anonym smart card based authentication scheme for multi-server architecture,” International Journal of Smart Home, vol. 9, no. 9, pp. 177–184, 2015.
15. F. Wen and D. Guo, “An improved anonymous authentication scheme for telecare medical information systems,” Journal of medical systems, vol. 38, no. 5, pp. 26, 2014.
16. M.-C. Chuang and M. C. Chen, “An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics,” Expert Systems with Applications, vol. 41, no. 4, pp. 1411–1418, 2014.
17. B. Vaidya, D. Makrakis, and H. T. Mouftah, “Device authentication mechanism for smart energy home area networks,” in Consumer Electronics (ICCE), 2011 IEEE International Conference on. IEEE, 2011, pp. 787–788.
18. Y.-P. Kim, S. Yoo, and C. Yoo, “Daot: Dynamic and energy-aware authentication for smart home appliances in internet of things,” in Consumer Electronics (ICCE), 2015 IEEE International Conference on. IEEE, 2015, pp. 196–197.
19. P. Kumar, A. Braeken, A. Gurtov, J. Iinatti, and P. H. Ha, “Anonymous secure framework in connected smart home environments,” IEEE Transactions on Information Forensics and Security, vol. 12, no. 4, pp. 968–979, April 2017.
20. D. Dolev and A. C. Yao, “On the security of public key protocols,” in 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981), Oct 1981, pp. 350–357.
21. J. Li, “Design of authentication protocols preventing replay attacks,” in 2009 International Conference on Future BioMedical Information Engineering (FBIE), Dec 2009, pp. 362–365.
22. C. J. F. Cremers, Scyther: Semantics and verification of security protocols. Eindhoven University of Technology Eindhoven, Netherlands, 2006.
23. L. Viganò, “Automated security protocol analysis with the avispa tool,” Electronic Notes in Theoretical Computer Science, vol. 155, pp. 61–86, 2006.
24. Y. Chevalier, R. Küsters, M. Rusinowitch, and M. Turuani, “An np decision procedure for protocol insecurity with xor,” Theoretical Computer Science, vol.338, no. 1-3, pp. 247–274, 2005.
25. “Arduino - ArduinoBoardUno,” https://www:arduino:cc/en/main/arduinoBoardUno, accessed: 2017-06-20.
26. P. E. Jones et al., “Us secure hash algorithm 1 (sha1),” 2001.
27. “The first collision for full sha-1,” https://shattered:it/static/shattered:pdf, accessed: 2017-06-20.