Resilient Intermediary-Based Key Exchange Protocol for IoT
Article No.: 7, Pages 1 - 31
Abstract
Due to the limited resources of Internet of Things (IoT) devices, Symmetric Key Cryptography (SKC) is typically favored over resource-intensive Public Key Cryptography (PKC) to secure communication between IoT devices. To utilize SKC, devices need to execute a key exchange protocol to establish a session key before initiating communication. However, existing SKC-based key exchange protocols assume that communication devices have a pre-shared secret or there are trusted intermediaries between them; neither is always realistic in IoT.
We introduce a new SKC-based key exchange protocol for IoT devices. While also intermediary based, our protocol fundamentally departs from existing intermediary-based solutions in that intermediaries between two key exchange devices may be malicious, and moreover, our protocol can detect cheating behaviors and identify malicious intermediaries. We prove our protocol is secure under the universally composable model, and show that it can detect malicious intermediaries with probability 1.0. We implemented and evaluated our protocol on different IoT devices. We show that our protocol has significant improvements in computation time and energy cost. Compared to the PKC-based protocols ECDH, DH, and RSA, our protocol is 2.3 to 1,591 times faster on one of the two key exchange devices and 0.7 to 4.67 times faster on the other.
References
[1]
Arash Afshar, Zhangxiang Hu, Payman Mohassel, and Mike Rosulek. 2015. How to efficiently evaluate RAM programs with malicious security. In Advances in Cryptology—EUROCRYPT 2015. Lecture Notes in Computer Science, Vol. 9056. Springer, 702–729.
[2]
Godfrey Anuga Akpakwu, Bruno J. Silva, Gerhard P. Hancke, and Adnan M. Abu-Mahfouz. 2017. A survey on 5G networks for the Internet of Things: Communication technologies and challenges. IEEE Access 6 (2017), 3619–3647.
[3]
Haithem Al-Mefleh and Osameh Al-Kofahi. 2016. Taking advantage of jamming in wireless networks: A survey. Computer Networks 99 (2016), 99–124.
[4]
Giuseppe Ateniese, Giuseppe Bianchi, Angelo Capossele, and Chiara Petrioli. 2013. Low-cost standard signatures in wireless sensor networks: A case for reviving pre-computation techniques? In Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS ’13).
[5]
Luigi Atzori, Antonio Iera, and Giacomo Morabito. 2010. The Internet of Things: A survey. Computer Networks 54, 15 (2010), 2787–2805.
[6]
Elaine Barker, William Burr, William Polk, and Miles Smid. 2006. Recommendation for Key Management: Part 1: General. National Institute of Standards and Technology.
[7]
Mihir Bellare, Ran Canetti, and Hugo Krawczyk. 1998. A modular approach to the design and analysis of authentication and key exchange protocols. In Proceedings of the 30th Annual ACM Symposium on Theory of Computing (STOC ’98). 419–428. https://eprint.iacr.org/1998/009
[8]
Daniel J. Bernstein. 2006. Curve25519: New Diffie-Hellman speed records. In Public Key Cryptography. Springer, Berlin, Heidelberg, 207–228.
[9]
Ran Canetti. 2000. Universally composable security: A new paradigm for cryptographic protocols. In Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science. https://eprint.iacr.org/2000/067
[10]
Ran Canetti and Hugo Krawczyk. 2001. Analysis of key-exchange protocols and their use for building secure channels. In Advances in Cryptology—EUROCRYPT 2001. Lecture Notes in Computer Science, Vol. 2045. Springer, 453–474. https://eprint.iacr.org/2001/040
[11]
Ran Canetti and Hugo Krawczyk. 2002. Universally composable notions of key exchange and secure channels. In Advances in Cryptology—EUROCRYPT 2002. Lecture Notes in Computer Science, Vol. 2332. Springer, 337–351. https://eprint.iacr.org/2002/059
[12]
Craig Costello and Patrick Longa. 2015. FourQ: Four-dimensional decompositions on a Q-curve over the Mersenne prime. In Advances in Cryptology—ASIACRYPT 2015. Lecture Notes in Computer Science, Vol. 9452. Springer, 214–235.
[13]
Angelita Rettore de Araujo Zanella, Eduardo da Silva, and Luiz Carlos Pessoa Albini. 2020. Security challenges to smart agriculture: Current state, key issues, and future directions. Array 8 (2020), 100048.
[14]
Mario Di Raimondo and Rosario Gennaro. 2003. Provably secure threshold password-authenticated key exchange. In Advances in Cryptology—EUROCRYPT 2003. Lecture Notes in Computer Science, Vol. 2656. Springer, 507–523.
[15]
Othmane Friha, Mohamed Amine Ferrag, Lei Shu, Leandros Maglaras, and Xiaochan Wang. 2021. Internet of Things for the future of smart agriculture: A comprehensive survey of emerging technologies. IEEE/CAA Journal of Automatica Sinica 8, 4 (2021), 718–752.
[16]
Nikhil Handigol, Brandon Heller, Vimalkumar Jeyakumar, Bob Lantz, and Nick McKeown. 2012. Reproducible network experiments using container-based emulation. In Proceedings of the 8th International Conference on Emerging Networking Experiments and Technologies. 253–264.
[17]
Haowen Chan, A. Perrig, and D. Song. 2003. Random key predistribution schemes for sensor networks. In Proceedings of the Symposium on Security and Privacy. 197–213.
[18]
Zhangxiang Hu, Jun Li, Samuel Mergendahl, and Christopher Wilson. 2022. Toward a resilient key exchange protocol for IoT. In Proceedings of the 12th ACM Conference on Data and Application Security and Privacy.
[19]
R. Hummen, H. Shafagh, S. Raza, T. Voig, and K. Wehrle. 2014. Delegation-based authentication and authorization for the IP-based Internet of Things. In Proceedings of the 11th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON ’14). 284–292.
[20]
R. Impagliazzo and S. Rudich. 1989. Limits on the provable consequences of one-way permutations. In Proceedings of the 21st Annual ACM Symposium on Theory of Computing. 44–61.
[21]
M. A. Iqbal and M. Bayoumi. 2016. Secure end-to-end key establishment protocol for resource-constrained healthcare sensors in the context of IoT. In Proceedings of the International Conference on High Performance Computing Simulation (HPCS ’16). 523–530.
[22]
Bocheng Lai, Sungha Kim, and Ingrid Verbauwhede. 2002. Scalable session key construction protocol for wireless sensor networks. In Proceedings of the IEEE Workshop on Large Scale Real Time and Embedded Systems (LARTES ’02).
[23]
Sang-Gi Lee, Sei-Yoon Lee, and Jeong-Chul Kim. 2016. A study on security vulnerability management in electric power industry IoT. Journal of Digital Contents Society 2016 (2016), 499–507.
[24]
X. Liang, R. Peterson, and D. Kotz. 2020. Securely connecting wearables to ambient displays with user intent. Transactions on Dependable and Secure Computing 17, 4 (2020), 676–690.
[25]
Yehuda Lindell and Benny Pinkas. 2007. An efficient protocol for secure two-party computation in the presence of malicious adversaries. In Proceedings of the 26th Annual International Conference on Advances in Cryptology. 52–78.
[26]
Donggang Liu and Peng Ning. 2003. Establishing pairwise keys in distributed sensor networks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS ’03).
[27]
P. MacKenzie, Thomas Shrimpton, and M. Jakobsson. 2002. Threshold password-authenticated key exchange: Extended abstract. In Advances in Cryptology—CRYPTO 2002. Lecture Notes in Computer Science, Vol. 2442. Springer, 385–400.
[28]
Yuyi Mao, Changsheng You, Jun Zhang, Kaibin Huang, and Khaled B. Letaief. 2017. A survey on mobile edge computing: The communication perspective. IEEE Communications Surveys & Tutorials. Early Access, August 2017.
[29]
Boubakr Nour, Kashif Sharif, Fan Li, Sujit Biswas, Hassine Moungla, Mohsen Guizani, and Yu Wang. 2019. A survey of Internet of Things communication using ICN: A use case perspective. Computer Communications 142-143 (2019), 95–123.
[30]
Muslum Ozgur Ozmen and Attila A. Yavuz. 2017. Low-cost standard public key cryptography services for wireless IoT systems. In Proceedings of the Workshop on Internet of Things Security and Privacy. 65–70.
[31]
Timothy J. Pierson, Travis Peters, Ronald Peterson, and David Kotz. 2019. CloseTalker: Secure, short-range ad hoc wireless communication. In Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys ’19).340–352. DOI:
[32]
P. Porambage, A. Braeken, A. Gurtov, M. Ylianttila, and S. Spinsante. 2015. Secure end-to-end communication for constrained devices in IoT-enabled ambient assisted living systems. In Proceedings of the 2nd World Forum on Internet of Things (WF-IoT ’15). 711–714.
[33]
P. Porambage, A. Braeken, P. Kumar, A. Gurtov, and M. Ylianttila. 2015. Proxy-based end-to-end key establishment protocol for the Internet of Things. In Proceedings of the International Conference on Communication Workshop (ICCW ’15). 2677–2682.
[34]
Y. B. Saied and A. Olivereau. 2012. D-HIP: A distributed key exchange scheme for HIP-based Internet of Things. In Proceedings of the International Symposium on a World of Wireless, Mobile, and Multimedia Networks (WoWMoM ’12). 1–7.
[35]
Yogeesh Seralathan, Tae Tom Oh, Suyash Jadhav, Jonathan Myers, Jaehoon Paul Jeong, Young Ho Kim, and Jeong Neyo Kim. 2018. IoT security vulnerability: A case study of a web camera. In Proceedings of the 20th International Conference on Advanced Communication Technology (ICACT ’18). 172–177.
[36]
Stefaan Seys and Bart Preneel. 2002. Key establishment and authentication suite to counter DoS attacks in distributed sensor networks. Unpublished Manuscript.
[37]
Adi Shamir. 1979. How to share a secret. Communication 22, 11 (Nov. 1979), 612–613.
[38]
Benjamin K. Sovacool and Dylan D. Furszyfer Del Rio. 2020. Smart home technologies in Europe: A critical review of concepts, benefits, risks and policies. Renewable and Sustainable Energy Reviews 120 (2020), 109663.
[39]
Wen Tao, Liang Zhao, Guangwen Wang, and Ruobing Liang. 2021. Review of the Internet of Things communication technologies in smart agriculture and challenges. Computers and Electronics in Agriculture 189 (2021), 106352.
[40]
Xing Yang, Lei Shu, Jianing Chen, Mohamed Amine Ferrag, Jun Wu, Edmond Nurellari, and Kai Huang. 2021. A survey on smart agriculture: Development modes, technologies, and security and privacy challenges. IEEE/CAA Journal of Automatica Sinica 8, 2 (2021), 273–302.
[41]
Attila Altay Yavuz and Muslum Ozgur Ozmen. 2019. Ultra lightweight multiple-time digital signature for the Internet of Things devices. IEEE Transactions on Services Computing. Early Access, July 2019.
[42]
J. Zhang, Z. Wang, Z. Yang, and Q. Zhang. 2017. Proximity based IoT device authentication. In Proceedings of the Conference on Computer Communications. 1–9.
[43]
Zhi-Kai Zhang, Michael Cheng Yi Cho, Chia-Wei Wang, Chia-Wei Hsu, Chong-Kuan Chen, and Shiuhpyng Shieh. 2014. IoT security: Ongoing challenges and research opportunities. In Proceedings of the IEEE 7th International Conference on Service-Oriented Computing and Applications. 230–234.
[44]
Yue Zheng and Chip-Hong Chang. 2021. Secure mutual authentication and key-exchange protocol between PUF-embedded IoT endpoints. In Proceedings of the 2021 IEEE International Symposium on Circuits and Systems (ISCAS ’21).
[45]
Yue Zheng, Wenye Liu, Chongyan Gu, and Chip-Hong Chang. 2022. PUF-based mutual authentication and key exchange protocol for peer-to-peer IoT applications. IEEE Transactions on Dependable and Secure Computing. Early Access, January 2022.
Index Terms
- Resilient Intermediary-Based Key Exchange Protocol for IoT
Recommendations
Toward a Resilient Key Exchange Protocol for IoT
CODASPY '22: Proceedings of the Twelfth ACM Conference on Data and Application Security and PrivacyIn order for resource-constrained Internet of Things (IoT) devices to set up secure communication channels to exchange confidential messages, Symmetric Key Cryptography (SKC) is usually preferred to resource-intensive Public Key Cryptography (PKC). At ...
Simple three-party key exchange protocol
Three-party authenticated key exchange protocol is an important cryptographic technique in the secure communication areas, by which two clients, each shares a human-memorable password with a trusted server, can agree a secure session key. Over the past ...
An novel three-party authenticated key exchange protocol using one-time key
Three-party authenticated key exchange protocol (3PAKE) is an important cryptographic technique for secure communication which allows two parties to agree a new secure session key with the help of a trusted server. In this paper, we propose a new three-...
Comments
Information & Contributors
Information
Published In
February 2024
181 pages
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Journal Family
Publication History
Published: 13 January 2024
Online AM: 20 November 2023
Accepted: 23 October 2023
Revised: 31 August 2023
Received: 20 March 2023
Published in TIOT Volume 5, Issue 1
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- Ripple Graduate Fellowship
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 178Total Downloads
- Downloads (Last 12 months)88
- Downloads (Last 6 weeks)4
Reflects downloads up to 03 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in