AKAIoTs: authenticated key agreement for Internet of Things
- 379 Downloads
WSNs are one of the important components in the Internet of Things (IoTs), since they enable gathering and transmitting of data to the cloud server via the Internet medium. Designing an efficient secure cryptography scheme for the IoTs is a challenging task, since sensor node is a resource-constrained device. In this paper, an authentication key agreement scheme is proposed to build a secure channel between WSNs and a cloud server in the IoTs. The proposed scheme has two properties: (1) it has a lightweight computation, and (2) it provides various security properties of key agreement. In addition, it is proven to be secure under computation Diffe–Hellman assumption in the random oracle model. AKAIoTs is implemented using Contiki OS and use Z1 emulator to evaluate time overhead and memory usage. Three different curves; “BN-P158”, “SECG-P160” and “NIST-P192” are used. The implementation results verify that, the proposed scheme is computationally efficient and memory usage between 51 and 52% from total memory of ROM, and between 59 and 62% from total memory of RAM for three different security levels. As a result, curve SECG-P160 might be a good choice to supply security for the IoTs devices, since it consumes reasonable time which result in less power consumption than curve NIST-P192 and more secure than curve BN-P158. Compared with existing relevant schemes, the proposed AKAIoTs is efficient in terms of energy consumption. Moreover, two application scenarios are given to show how the proposed scheme can be applied in the IoTs applications.
KeywordsWireless sensor network (WSNs) Elliptic curve cryptography (ECC) Identity-based Authenticated key establishment (AKE) Internet of Things (IoTs)
The authors would like to thank NSFC (No. 51677020), Xihua University Project (No. szjj2016-093) and FP7 through CONHEALTH project www.conhealth.eu partially funding the research.
- 2.Miorandi, D., Sicari, S., De Pellegrini, F., & Chlamtac, I. (2012). Internet of things: Vision, applications and research challenges. Ad Hoc Networks, 10(7), 1497–1516.Google Scholar
- 3.Tokognon, C. A., Gao, B., Tian, G. Y., & Yan, Y. (2017). Structural health monitoring framework based on Internet of Things: A survey. IEEE Internet of Things Journal, 4(3), 619–635.Google Scholar
- 4.Montenegro, G., Kushalnagar, N., Hui, J., & Culler, D. (2007). RFC 4944: Transmission of IPv6 packets over IEEE 802.15.4 networks.Google Scholar
- 5.Roman, R., & Lopez, J. (2009). Integrating wireless sensor networks and the internet: A security analysis. Internet Research, 19(2), 246–259.Google Scholar
- 6.Palattella, M. R., Dohler, M., Grieco, A., Rizzo, G., Torsner, J., Engel, T., et al. (2016). Internet of things in the 5G era: Enablers, architecture, and business models. IEEE Journal on Selected Areas in Communications, 34(3), 510–527.Google Scholar
- 7.Condoluci, M., Araniti, G., Mahmoodi, T., & Dohler, M. (2016). Enabling the IoT machine age with 5G: Machine-type multicast services for innovative real-time applications. IEEE Access, 4, 5555–5569.Google Scholar
- 8.Wang, L., & Ranjan, R. (2015). Processing distributed internet of things data in clouds. IEEE Cloud Computing, 2(1), 76–80.Google Scholar
- 9.Mollah, M. B., Azad, M. A. K., & Vasilakos, A. (2017). Security and privacy challenges in mobile cloud computing: Survey and way ahead. Journal of Network and Computer Applications, 84, 38–54.Google Scholar
- 10.Go, J., & Kim, K. (2001). Wireless authentication protocol preserving user anonymity. SCIS 2001, Japan, January 23–26.Google Scholar
- 12.Miller, V. S. (1985). Use of elliptic curves in cryptography. In Conference on the theory and application of cryptographic techniques (pp. 417–426). Berlin: Springer.Google Scholar
- 15.Abi-Char, P. E., Mhamed, A., & Bachar, E. H. (2007, September). A fast and secure elliptic curve based authenticated key agreement protocol for low power mobile communications. In The 2007 international conference on next generation mobile applications, services and technologies, 2007. NGMAST’07 (pp. 235–240). IEEE.Google Scholar
- 16.Benenson, Z., Gedicke, N., & Raivio, O. (2005). Realizing robust user authentication in sensor networks. Real-World Wireless Sensor Networks (REALWSN), 14, 52.Google Scholar
- 17.Jiang, C., Li, B., & Xu, H. (2007, May). An efficient scheme for user authentication in wireless sensor networks. In 21st International conference on advanced information networking and applications workshops, 2007, AINAW’07 (Vol. 1, pp. 438–442). IEEE.Google Scholar
- 18.Shamir, A. (1984). Identity-based cryptosystems and signature schemes. In Workshop on the theory and application of cryptographic techniques (pp. 47–53). Berlin: Springer, Heidelberg.Google Scholar
- 19.Yang, J.-H., & Chang, C.-C. (2009). An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Computers & Security, 28(3), 138–143.Google Scholar
- 20.Yoon, E. J., & Yoo, K. Y. (2009). Robust id-based remote mutual authentication with key agreement scheme for mobile devices on ecc. In CSE’09, International conference on computational science and engineering, 2009 (Vol. 2, pp. 633–640). IEEE.Google Scholar
- 21.Truong, T. T., Tran, M. T., & Duong, A. D. (2012, March). Improvement of the more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on ECC. In 2012 26th international conference on advanced information networking and applications workshops (WAINA) (pp. 698–703). IEEE.Google Scholar
- 22.Debiao, H., Jianhua, C., & Jin, H. (2012). An ID-based client authentication with key agreement protocol for mobile clientserver environment on ECC with provable security. Information Fusion, 13(3), 223–230.Google Scholar
- 23.Seo, S. H., Won, J., Sultana, S., & Bertino, E. (2015). Effective key management in dynamic wireless sensor networks. IEEE Transactions on Information Forensics and Security, 10(2), 371–383.Google Scholar
- 24.Wang, C., & Zhang, Y. (2015). New authentication scheme for wireless body area networks using the bilinear pairing. Journal of Medical Systems, 39(11), 136.Google Scholar
- 25.Wu, L., Zhang, Y., Li, L., & Shen, J. (2016). Efficient and anonymous authentication scheme for wireless body area networks. Journal of Medical Systems, 40(6), 134.Google Scholar
- 26.He, D., Zeadally, S., Kumar, N., & Lee, J. H. (2017). Anonymous authentication for wireless body area networks with provable security. IEEE Systems Journal, 11(4), 2590–2601.Google Scholar
- 27.Shen, J., Chang, S., Shen, J., Liu, Q., & Sun, X. (2016). A lightweight multi-layer authentication protocol for wireless body area networks. Future Generation Computer Systems, 78, 956–963.Google Scholar
- 28.Mollah, M. B., Azad, M. A. K., & Vasilakos, A. (2017). Secure data sharing and Searching at the edge of cloud-assisted Internet of Things. IEEE Cloud Computing, 4(1), 34–42.Google Scholar
- 29.Bellare, M., & Rogaway, P. (1993). Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the 1st ACM conference on computer and communications security (pp. 62–73). ACM.Google Scholar
- 30.LaMacchia, B., Lauter, K., & Mityagin, A. (2007). Stronger security of authenticated key exchange. In Susilo, W., Liu, J. K., & Mu. Y. (Eds.) International conference on provable security (pp. 1–16). Berlin, Heidelberg: Springer.Google Scholar
- 31.Canetti, R., & Krawczyk, H. (2001). Analysis of key-exchange protocols and their use for building secure channels. In Advances in CryptologyEUROCRYPT 2001 (pp. 453–474). Berlin: Springer.Google Scholar
- 32.Blake-Wilson, S., Johnson, D., & Menezes, A. (1997). Key agreement protocols and their security analysis. In IMA international conference Crytography and coding (pp. 30–45). Berlin: Springer, Heidelberg.Google Scholar
- 33.Gorantla, M. C., Boyd, C., & Gonzlez Nieto, J. M. (2008). ID-based one-pass authenticated key establishment. In Proceedings of the sixth Australasian conference on Information security-Volume 81 (pp. 39–46). Australian Computer Society, Inc.Google Scholar
- 35.Certicom Corporation, Remarks on the Security of the Elliptic Curve Cryptosystem (2000), http://www.oocities.org/techphyre/whitepapers/the_elliptic_curve_cryptosystem.pdf.
- 36.Bao, F., Deng, R. H., & Zhu, H. (2003). Variations of diffie-hellman problem. In Qing. S., Gollmann. D., & Zhou, J. (Eds.) International conference on information and communications security (pp. 301–312). Berlin, Heidelberg: Springer.Google Scholar
- 38.Boldyreva, A., Goyal, V., & Kumar, V. (2008). Identity-based encryption with efficient revocation. In Proceedings of the 15th ACM conference on computer and communications security (pp. 417–426). ACM.Google Scholar
- 39.Seo, J. H., & Emura, K. (2013). Revocable identity-based encryption revisited: Security model and construction. In Public-key cryptography–PKC (pp. 216–234). Berlin, Heidelberg: Springer.Google Scholar
- 40.Crossbow, MICA2 datasheet. Available from http://www.cmtgmbh.de/Produkte/WirelessSensorNetworks/Datenblaetter/MICA2OEM Edition Datasheet.pdf. Accessed May 2017.
- 41.Koblitz, N. (1991). CM-curves with good cryptographic properties. In Annual international cryptology conference (pp. 279–287). Berlin, Heidelberg: Springer.Google Scholar
- 42.Oliveira, L. B., et al. (2012). Secure-TWS: Authenticating node to multi-user communication in shared sensor networks. The Computer Journal, 55(4), 384–396.Google Scholar
- 45.Oliveira, L. B., Aranha, D. F., Gouva, C. P., Scott, M., Cmara, D. F., Lpez, J., et al. (2011). TinyPBC: Pairings for authenticated identity-based non-interactive key distribution in sensor networks. Computer Communications, 34(3), 485–493.Google Scholar
- 46.Gura, N., Patel, A., Wander, A., Eberle, H., & Shantz, S. C. (2004). Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In CHES (Vol. 4, pp. 119–132).Google Scholar
- 47.Shim, K.-A., Lee, Y.-R., & Park, C.-M. (2013). EIBAS: An efficient identity-based broadcast authentication scheme in wireless sensor networks. Ad Hoc Networks, 11(1), 182–189.Google Scholar
- 48.Shim, K.-A. (2014). S 2 DRP: Secure implementations of distributed reprogramming protocol for wireless sensor networks. Ad Hoc Networks, 19, 1–8.Google Scholar
- 49.Xiong, H. (2014). Cost-effective scalable and anonymous certificateless remote authentication protocol. IEEE Transactions on Information Forensics and Security, 9(12), 2327–2339.Google Scholar
- 50.Cao, X., Kou, W., Dang, L., & Zhao, B. (2008). IMBAS: Identity-based multi-user broadcast authentication in wireless sensor networks. Computer Communications, 31(4), 659–667.Google Scholar
- 51.Barreto, P. S. L. M., & Naehrig, M. (2006). Pairing-friendly elliptic curves of prime order. In Preneel, B., Tavares, S. (Eds.) Selected Areas in Cryptography SAC 2005, volume 3897 of Lecture notes in computer science (pp. 319–331). Berlin, Heidelberg: Springer.Google Scholar
- 52.Certicom Research. Standards for efficient cryptography, SEC 1: Elliptic curve cryptography, September 2000. Version 1.0. http://www.secg.org/SEC1-Ver-1.0.pdf. Accessed March 2017.
- 53.National Institute of Standards and Technology. Recommended elliptic curves for federal government use. http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf. Accessed March 2017.
- 54.Zolertia, Z1 product, http://zolertia.com/products/z1. Accessed March 2017.
- 55.Dunkels, A., & Eriksson, N. The Contiki operating system. Available: http://www.contiki-os.org. Accessed February 2017.
- 56.Aranha, D. F., & Gouvêa, C. P. L. Relic is an efficient library for Cryptography. (2013). Cryptography. http://github.com/relic-toolkit/relic.
- 58.Gellings, C. W. (2009). The smart grid: Enabling energy efficiency and demand response, Lilburn. Lilburn: Fairmont Press.Google Scholar
- 59.MSP430 for Utility Metering Applications, available at Texas Instruments, http://focus.ti.com/mcu/docs/mcuorphan.tsp?contentId=31498.
- 60.Fouda, M. M., Fadlullah, Z. M., Kato, N., Lu, R., & Shen, X. S. (2011). A lightweight message authentication scheme for smart grid communications. IEEE Transactions on Smart Grid, 2(4), 675–685.Google Scholar
- 61.So, H. K. H., Kwok, S. H., Lam, E. Y., & Lui, K. S. (2010, October). Zero-configuration identity-based signcryption scheme for smart grid. In 2010 First IEEE International Conference on smart grid communications (SmartGridComm) (pp. 321–326). IEEE.Google Scholar
- 62.Lim, H. W., & Paterson, K. G. (2011). Identity-based cryptography for grid security. International Journal of Information Security, 10(1), 15–32.Google Scholar
- 63.Baek, J., Vu, Q. H., Liu, J. K., Huang, X., & Xiang, Y. (2015). A secure cloud computing based framework for big data information management of smart grid. IEEE Transactions on Cloud Computing, 3(2), 233–244.Google Scholar
- 64.Wang, J., Jiang, C., Zhang, K., Quek, T. Q., Ren, Y., & Hanzo, L. (2018). Vehicular sensing networks in a smart city: Principles, technologies and applications. IEEE Wireless Communications, 25(1), 122–132.Google Scholar