Anonymous Lightweight Proxy Based Key Agreement for IoT (ALPKA)
The Internet of Things (IoT) technologies interconnect a broad range of network devices, differing in terms of size, weight, functionality, and resource capabilities. The main challenge is to establish the required security features in the most constrained devices, even if they are unknown to each other and do not share common pre-distributed key material. As a consequence, there is a high need for scalable and lightweight key establishment protocols. In this paper, we propose a key agreement protocol between two IoT devices without prior trust relation, using solely symmetric key based operations, by relying on a server or proxy based approach. This proxy is responsible for the verification of the authentication and the key agreement between the IoT devices, without being capable of deriving the established session key. We propose two versions. The first version does not require interactive input from the key distribution center to the proxy, but is not resistant if a compromised user and proxy are collaborating. The second version on the other hand is collision resistant, but needs an interactive key distribution center. In addition, we add the interesting features of anonymity and unlinkability of the sender and receiver in both protocol versions. The security properties of the proposed protocol are verified by using formal verification techniques.
KeywordsInternet of Things Authentication Key establishment Proxy Resource-constrained devices Anonymity Formal verification
This work has been performed under the framework of COST Action CA15127 (RECODIS) and CA16226 (SHELD-ON) projects.
- 2.Miorandi, D., Sicari, S., Pellegrini, F. D., & Chlamtac, I. (2012). Internet of things: Vision, applications and research challenges. Ad Hoc Networks, 10(7), 1497?1516.Google Scholar
- 3.Caron, X., Bosua, R., Maynard, S. B., & Ahmad, A. (2016). The internet of things (IoT) and its impact on individual privacy: An Australian perspective. Computer Law and Security Review, 29(32(1)), 4–15.Google Scholar
- 4.Jurcut, A. D., Coffey, T., & Dojen, R. (2014). On the prevention and detection of replay attacks using a logic-based verification tool. In International conference on computer networks (pp. 128–137). Cham: Springer.Google Scholar
- 7.Tschofenig, H., & Fossati, T. (2013). A TLS/DTLS 1.2 profile for the internet of things. In IETF draft, RFC editor. http://tools.ietf.org/html/draft-ietf-dice-profile-09i. Accessed 11 Feb 2019.
- 8.Kaufman, C. (2014). Internet key exchange (IKEv2) protocol. In IETF RFC 7296. http://tools.ietf.org/html/rfc7296i. Accessed 11 Feb 2019.
- 9.Moskowitz, R. (2014). HIP diet exchange (DEX). In IETF draft, RFC editor. http://tools.ietf.org/html/draft-moskowitz-hip-dex-02i. Accessed 11 Feb 2019.
- 10.Saied, Y., & Olivereau, A. (2012). D-HIP: A distributed keyexchange scheme for HIP-based internet of things. In Proceeding ofIEEE world of wireless, mobile and multimedia networks (WoWMoM) (pp. 1–7).Google Scholar
- 11.Saied, Y. B., Olivereau, A., Zeghlache, D., & Laurent, M. (2014). Lightweight collaborative key establishment scheme for the internet of things. Computer Networks, 64, 273–295.Google Scholar
- 12.Porambage, P., Braeken, A., Gurtov, A., Ylianttila, M., & Spinsante, S. (2015). Secure end-to-end communication forconstrained devices in IoT-enabled ambient assisted livingsystems. In IEEE 2nd world forum on internet of things (WF-IoT), Milan (pp 711–714).Google Scholar
- 13.Porambage, P., Braeken, A., Kumar, P., Gurtov, A., & Ylianttila, M. (2015). Proxy-based end-to-end key establishment protocol for the internet of things. In Proceedings of IEEE ICC workshop on security and privacy for internet of things and cyber-physical systems.Google Scholar
- 14.Canetti, R., & Hohenberger, S. (2007). Chosen-ciphertext secure proxy re-encryption. In Proceedings of the 14th ACM conference on computer and communications security (pp. 185–194).Google Scholar
- 15.Chow, S. S. M., Weng, J., Yang, Y., & Deng, R. H. (2010). Efficient unidirectional proxy re-encryption. In Progress in cryptology AFRICACRYPT 2010 (pp. 316–332). Springer.Google Scholar
- 16.Green, M., & Ateniese, G. (2007). Identity-based proxy re-encryption. In Applied cryptography and network security (pp. 288–306). Springer.Google Scholar
- 17.Matsuo, T. (2007). Proxy re-encryption systems for identity-based encryption. In Pairing-based cryptography, Pairing 2007 (pp. 247–267). Springer.Google Scholar
- 19.Syalim, A., Nishide, T., & Sakurai, K. (2011). Realizing proxy re-encryption in the symmetric world. In Informatics engineering and information science (pp. 259–274). Springer.Google Scholar
- 20.Nguyen, K. T., Oualha, N., & Laurent, M. (2016). Authenticated key agreement mediated by a proxy re-encryptor for the internet of things. In 21st European symposium on research in computer security (ESORICS 2016).Google Scholar
- 21.Wazid, M., Conti, M., & Jo, M. (2017). Design of secure user authenticated key management protocol for generic IoT network. IEEE Internet of Things Journal, 5(1), 269–282.Google Scholar
- 22.Baruah, K. C. H., Banerjee, S., Dutta, M. P., & Bhunia, C. T. (2015). An improved biometric-based multi server authentication scheme using smart card. International Journal of Security and Its Application, 9(1), 397–408.Google Scholar
- 23.Wen, F., Susilo, W., & Yang, G. (2015). Analysis and improvement on a biometric-based user authentication scheme using smart cards. Wireless Personal Communications, 80, 1747–1760.Google Scholar
- 24.Braeken, A. (2015). Efficient anonym smart card based authentication scheme for multi-server architecture. International Journal of Smart Home, 9(9), 177–184.Google Scholar
- 25.Blaze, M., Bleumer, G., & Strauss, M. (1998). Divertible protocols and atomic proxy cryptography. In Advances in cryptology EUROCRYPT 98 (pp. 127–144). Springer.Google Scholar
- 26.Jurcut, A. D., Liyanage, M., Chen, J., Gyorodi, C., & He, J. (2018). On the security verification of a short message service protocol. In 2018 IEEE wireless communications and networking conference (WCNC), Barcelona, Spain. https://doi.org/10.1109/WCNC.2018.8377349.
- 28.Jurcut, A. D., Coffey, T., & Dojen, R. (2017). A novel security protocol attack detection logic with unique fault discovery capability for freshness attacks and interleaving session attacks. In IEEE transactions on dependable and secure computing. IEEE Xplore, Print ISSN: 1545-5971, Online ISSN: 1545-5971, 10.1109/TDSC.2017.2725831, available under the “Early Access” on IEEEXplore.Google Scholar
- 29.Dojen, R., & Coffey, T. (2005). Layered proving trees: A novel approach to the automation of logic-based security protocol verification. ACM Transactions on Information and System Security (TISSEC), 8(3), 287–311.Google Scholar
- 30.Malina, L., Hajny, J., Fudiak, R., & Hosek, J. (2016). On perspective of security and privacy-preserving solutions for the internet of things. Computer Networks, 19, 83–95.Google Scholar