Abstract
Authenticated Key Exchange (AKE) protocols, by definition, guarantee both session key secrecy and entity authentication. Informally, session key secrecy means that only the legitimate parties learn the established key and mutual authentication means that one party can assure itself the session key is actually established with the other party. Today, an important application area for AKE is Internet of Things (IoT) systems, where an IoT device runs the protocol to establish a session key with a remote server. In this paper, we identify two additional security requirements for IoT-oriented AKE, namely Key Compromise Impersonation (KCI) resilience and Server Compromise Impersonation (SCI) resilience. These properties provide an additional layer of security when the IoT device and the server get compromised respectively. Inspired by Chan et al.’s bigdata-based unilateral authentication protocol, we propose a novel AKE protocol which achieves mutual authentication, session key secrecy (including perfect forward secrecy), and the above two resilience properties. To demonstrate its practicality, we implement our protocol and show that one execution costs about 15.19 ms (or, 84.73 ms) for the IoT device and 2.44 ms (or, 12.51 ms) for the server for security parameter \(\lambda =128\) (or, \(\lambda =256\)). We finally propose an enhanced protocol to reduce the computational complexity on the end of IoT by outsourcing an exponentiation computation to the server. By instantiating the signature scheme with NIST’s round three alternate candidate Picnic, we show that one protocol execution costs about 14.44 ms (or, 58.45 ms) for the IoT device and 12.78 ms (or, 46.34 ms) for the server for security parameter \(\lambda =128\) (or, \(\lambda =256\)).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Source code is available at https://github.com/n00d1e5/Demo_Bigdata-facilitated_Two-party_AKE_for_IoT.
- 2.
Source code of both schemes picnic-L1-full for 128-bit security and picnic-L5-full for 256-bit security is available at https://github.com/IAIK/Picnic.
References
Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143–158. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45353-9_12
Alwen, J., Dodis, Y., Wichs, D.: Leakage-Resilient public-key cryptography in the bounded-retrieval model. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 36–54. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_3
Aumann, Y., Ding, Y.Z., Rabin, M.O.: Everlasting security in the bounded storage model. IEEE Trans. Inf. Theory 48(6), 1668–1680 (2002)
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_21
Blake-Wilson, S., Menezes, A.: Authenticated Diffie-Hellman key agreement protocols. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 339–361. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48892-8_26
Boyd, C., Mathuria, A., Stebila, D.: Protocols for Authentication and Key Establishment. Springer, Heidelberg (2020). https://doi.org/10.1007/978-3-662-58146-9
Brainard, J., Juels, A., Rivest, R.L., Szydlo, M., Yung, M.: Fourth-factor authentication: somebody you know. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 168–178 (2006)
Byun, J.W.: A generic multifactor authenticated key exchange with physical unclonable function. Secur. Commun. Networks 2019 (2019)
Byun, J.W.: An efficient multi-factor authenticated key exchange with physically unclonable function. In: 2019 International Conference on Electronics, Information, and Communication (ICEIC), pp. 1–4. IEEE (2019)
Byun, J.W.: End-to-end authenticated key exchange based on different physical unclonable functions. IEEE Access 7, 102951–102965 (2019)
Byun, J.W.: PDAKE: a provably secure PUF-based device authenticated key exchange in cloud setting. IEEE Access 7, 181165–181177 (2019)
Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_28
Challa, S., et al.: Secure signature-based authenticated key establishment scheme for future IoT applications. IEEE Access 5, 3028–3043 (2017)
Chan, A.C.-F., Wong, J.W., Zhou, J., Teo, J.: Scalable two-factor authentication using historical data. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9878, pp. 91–110. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45744-4_5
Chevalier, C., Laguillaumie, F., Vergnaud, D.: Privately outsourcing exponentiation to a single server: cryptanalysis and optimal constructions. Algorithmica 83(1), 72–115 (2020). https://doi.org/10.1007/s00453-020-00750-2
Dang, V.B., Farahmand, F., Andrzejczak, M., Mohajerani, K., Nguyen, D.T., Gaj, K.: Implementation and benchmarking of round 2 candidates in the NIST post-quantum cryptography standardization process using hardware and software/hardware co-design approaches. Cryptology ePrint Archive: Report 2020/795 (2020)
Davies, S.G.: Touching Big Brother: how biometric technology will fuse flesh and machine. Inf. Technol. People 7(4), 38–47 (1994)
Di Crescenzo, G., Lipton, R., Walfish, S.: Perfectly secure password protocols in the bounded retrieval model. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 225–244. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_12
Dziembowski, S.: Intrusion-Resilience via the bounded-storage model. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 207–224. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_11
Fleischhacker, N., Manulis, M., Azodi, A.: A modular framework for multi-factor authentication and key exchange. In: Chen, L., Mitchell, C. (eds.) SSR 2014. LNCS, vol. 8893, pp. 190–214. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-14054-4_12
Guo, C., Chang, C.C.: Chaotic maps-based password-authenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer. Simul. 18(6), 1433–1440 (2013)
Hao, F., Clarke, D.: Security analysis of a multi-factor authenticated key exchange protocol. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 1–11. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31284-7_1
Kruger, C.P., Hancke, G.P.: Benchmarking Internet of Things devices. In: 2014 12th IEEE International Conference on Industrial Informatics (INDIN), pp. 611–616. IEEE (2014)
Krylovskiy, A.: Internet of things gateways meet linux containers: performance evaluation and discussion. In: 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT), pp. 222–227. IEEE (2015)
Lee, Y., Kim, S., Won, D.: Enhancement of two-factor authenticated key exchange protocols in public wireless LANs. Comput. Electr. Eng. 36(1), 213–223 (2010)
Li, Z., Yang, Z., Szalachowski, P., Zhou, J.: Building low-interactivity multi-factor authenticated key exchange for industrial Internet-of-Things. IEEE Internet of Things J. 8(2), 844–859 (2020)
Liu, B., Tang, Q., Zhou, J.: Bigdata-facilitated Two-party Authenticated Key Exchange for IoT (full paper) (2021). https://eprint.iacr.org/2021/1131. Accessed 10 Sept 2021
Liu, Yu., Xue, K.: An improved secure and efficient password and chaos-based two-party key agreement protocol. Nonlinear Dyn. 84(2), 549–557 (2015). https://doi.org/10.1007/s11071-015-2506-2
Microsoft: The Picnic Signature Algorithm. https://github.com/microsoft/Picnic/
MIRACL Ltd.: Multiprecision Integer and Rational Arithmetic Cryptographic Library – the MIRACL Crypto SDK (2019). https://github.com/miracl/MIRACL
Pointcheval, D., Zimmer, S.: Multi-factor authenticated key exchange. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 277–295. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68914-0_17
Shoup, V.: On Formal Models for Secure Key Exchange. Cryptology ePrint Archive, Report 1999/012 (1999). https://eprint.iacr.org/1999/012
Standards for Efficient Cryptography (SEC): SEC 2: Recommended elliptic curve domain parameters (2000)
Stebila, D., Udupi, P., Chang Shantz, S.: Multi-factor password-authenticated key exchange. Inf. Secur. 2010, 56–66 (2010)
Acknowledgement
This paper is supported in the context of the project CATALYST funded by Fonds National de la Recherche Luxembourg (FNR, reference 12186579).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Liu, B., Tang, Q., Zhou, J. (2021). Bigdata-Facilitated Two-Party Authenticated Key Exchange for IoT. In: Liu, J.K., Katsikas, S., Meng, W., Susilo, W., Intan, R. (eds) Information Security. ISC 2021. Lecture Notes in Computer Science(), vol 13118. Springer, Cham. https://doi.org/10.1007/978-3-030-91356-4_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-91356-4_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-91355-7
Online ISBN: 978-3-030-91356-4
eBook Packages: Computer ScienceComputer Science (R0)