Loading [a11y]/accessibility-menu.js
Lightweight 0-RTT Session Resumption Protocol for Constrained Devices | IEEE Journals & Magazine | IEEE Xplore

Lightweight 0-RTT Session Resumption Protocol for Constrained Devices


Abstract:

With the growing popularity of various Internet of Things (IoT) applications, securing data transmission over these networks become critical. The authenticated key exchan...Show More

Abstract:

With the growing popularity of various Internet of Things (IoT) applications, securing data transmission over these networks become critical. The authenticated key exchange (AKE) protocol is a fundamental cryptographic primitive that achieves this goal by creating a shared session key. However, since IoT end devices are usually resource-constrained, devising secure and efficient AKE protocols for IoT applications remains challenging. In this paper, we investigate the design of zero round-trip time (0-RTT) session resumption protocols based on pre-shared keys, which enables an end device to send encrypted data to a server without prior key exchange. Specifically, we first propose a new construction of puncturable pseudo-random function (PRF), and prove its security under the RSA assumption. Then, based on the proposed puncturable PRF and authenticated encryption with associated data, we put forward a new construction of 0-RTT session resumption protocol that simultaneously provides forward security and resistance against replay attacks. We further demonstrate how to combine the proposed 0-RTT session resumption protocol with other symmetric AKE protocols for IoT applications. Both theoretical comparisons and experimental results indicate that our proposal has significant advantages in terms of computation and storage costs for practical parameter settings. Thus, it is especially desirable for constrained devices.
Page(s): 221 - 233
Date of Publication: 13 November 2024

ISSN Information:

Funding Agency:


References

References is not available for this document.