Smart home is a latest technology in the field of Internet of Things (IoT) through which one can manage the smart devices at home using internet. This communication takes place via insecure channel which makes it vulnerable to many attacks. Hence, a secure authentication protocol is required to transfer sensitive data within smart home. Recently Shuai et al. have designed two factor user authentication protocol for smart home environment. In this paper, it has been discussed that this protocol is vulnerable to offline password guessing attack, insider attack, replay attack, gateway bypass attack and insecure session key agreement problem. To overcome these attacks, a user authentication protocol has been proposed. Its formal security analysis and verification is given using random oracle model and ProVerif tool, respectively. In performance analysis, the proposed scheme is compared with other related scheme to show that it is more reliable and secure than them.

智能家居是物联网（IoT）领域的最新技术，通过它人们可以使用Internet在家里管理智能设备。这种通信是通过不安全的渠道进行的，这使其很容易受到许多攻击。因此，需要安全的身份验证协议来在智能家居中传输敏感数据。最近Shuai等。为智能家居环境设计了两因素用户认证协议。在本文中，已经讨论了该协议容易受到脱机密码猜测攻击，内部人员攻击，重播攻击，网关旁路攻击和不安全的会话密钥协商问题的攻击。为了克服这些攻击，已经提出了一种用户认证协议。分别使用随机Oracle模型和ProVerif工具进行了正式的安全性分析和验证。