Anonymous Lightweight Proxy Based Key Agreement for IoT (ALPKA)

  • An BraekenEmail author
  • Madhusanka Liyanage
  • Anca Delia Jurcut


The Internet of Things (IoT) technologies interconnect a broad range of network devices, differing in terms of size, weight, functionality, and resource capabilities. The main challenge is to establish the required security features in the most constrained devices, even if they are unknown to each other and do not share common pre-distributed key material. As a consequence, there is a high need for scalable and lightweight key establishment protocols. In this paper, we propose a key agreement protocol between two IoT devices without prior trust relation, using solely symmetric key based operations, by relying on a server or proxy based approach. This proxy is responsible for the verification of the authentication and the key agreement between the IoT devices, without being capable of deriving the established session key. We propose two versions. The first version does not require interactive input from the key distribution center to the proxy, but is not resistant if a compromised user and proxy are collaborating. The second version on the other hand is collision resistant, but needs an interactive key distribution center. In addition, we add the interesting features of anonymity and unlinkability of the sender and receiver in both protocol versions. The security properties of the proposed protocol are verified by using formal verification techniques.


Internet of Things Authentication Key establishment Proxy Resource-constrained devices Anonymity Formal verification 



This work has been performed under the framework of COST Action CA15127 (RECODIS) and CA16226 (SHELD-ON) projects.


  1. 1.
    Atzori, L., Iera, A., & Morabito, G. (2010). The internet of things: A survey. Computer Networks, 54(15), 2787–2805.zbMATHGoogle Scholar
  2. 2.
    Miorandi, D., Sicari, S., Pellegrini, F. D., & Chlamtac, I. (2012). Internet of things: Vision, applications and research challenges. Ad Hoc Networks, 10(7), 1497?1516.Google Scholar
  3. 3.
    Caron, X., Bosua, R., Maynard, S. B., & Ahmad, A. (2016). The internet of things (IoT) and its impact on individual privacy: An Australian perspective. Computer Law and Security Review, 29(32(1)), 4–15.Google Scholar
  4. 4.
    Jurcut, A. D., Coffey, T., & Dojen, R. (2014). On the prevention and detection of replay attacks using a logic-based verification tool. In International conference on computer networks (pp. 128–137). Cham: Springer.Google Scholar
  5. 5.
    Jurcut, A. D., Coffey, T., & Dojen, R. (2013). Establishing and fixing security protocols weaknesses using a logic-based verification tool. Journal of Communication, 8(11), 795–806. Scholar
  6. 6.
    Jurcut, A. D., Coffey, T., & Dojen, R. (2014). Design guidelines for security protocols to prevent replay and parallel session attacks. Journal of Computers & Security, 45, 255273. Scholar
  7. 7.
    Tschofenig, H., & Fossati, T. (2013). A TLS/DTLS 1.2 profile for the internet of things. In IETF draft, RFC editor. Accessed 11 Feb 2019.
  8. 8.
    Kaufman, C. (2014). Internet key exchange (IKEv2) protocol. In IETF RFC 7296. Accessed 11 Feb 2019.
  9. 9.
    Moskowitz, R. (2014). HIP diet exchange (DEX). In IETF draft, RFC editor. Accessed 11 Feb 2019.
  10. 10.
    Saied, Y., & Olivereau, A. (2012). D-HIP: A distributed keyexchange scheme for HIP-based internet of things. In Proceeding ofIEEE world of wireless, mobile and multimedia networks (WoWMoM) (pp. 1–7).Google Scholar
  11. 11.
    Saied, Y. B., Olivereau, A., Zeghlache, D., & Laurent, M. (2014). Lightweight collaborative key establishment scheme for the internet of things. Computer Networks, 64, 273–295.Google Scholar
  12. 12.
    Porambage, P., Braeken, A., Gurtov, A., Ylianttila, M., & Spinsante, S. (2015). Secure end-to-end communication forconstrained devices in IoT-enabled ambient assisted livingsystems. In IEEE 2nd world forum on internet of things (WF-IoT), Milan (pp 711–714).Google Scholar
  13. 13.
    Porambage, P., Braeken, A., Kumar, P., Gurtov, A., & Ylianttila, M. (2015). Proxy-based end-to-end key establishment protocol for the internet of things. In Proceedings of IEEE ICC workshop on security and privacy for internet of things and cyber-physical systems.Google Scholar
  14. 14.
    Canetti, R., & Hohenberger, S. (2007). Chosen-ciphertext secure proxy re-encryption. In Proceedings of the 14th ACM conference on computer and communications security (pp. 185–194).Google Scholar
  15. 15.
    Chow, S. S. M., Weng, J., Yang, Y., & Deng, R. H. (2010). Efficient unidirectional proxy re-encryption. In Progress in cryptology AFRICACRYPT 2010 (pp. 316–332). Springer.Google Scholar
  16. 16.
    Green, M., & Ateniese, G. (2007). Identity-based proxy re-encryption. In Applied cryptography and network security (pp. 288–306). Springer.Google Scholar
  17. 17.
    Matsuo, T. (2007). Proxy re-encryption systems for identity-based encryption. In Pairing-based cryptography, Pairing 2007 (pp. 247–267). Springer.Google Scholar
  18. 18.
    Cook, D. L., & Keromytis, A. D. (2006). Conversion functions for symmetric key ciphers. Journal of Information Assurance and Security, 2, 41–50.MathSciNetGoogle Scholar
  19. 19.
    Syalim, A., Nishide, T., & Sakurai, K. (2011). Realizing proxy re-encryption in the symmetric world. In Informatics engineering and information science (pp. 259–274). Springer.Google Scholar
  20. 20.
    Nguyen, K. T., Oualha, N., & Laurent, M. (2016). Authenticated key agreement mediated by a proxy re-encryptor for the internet of things. In 21st European symposium on research in computer security (ESORICS 2016).Google Scholar
  21. 21.
    Wazid, M., Conti, M., & Jo, M. (2017). Design of secure user authenticated key management protocol for generic IoT network. IEEE Internet of Things Journal, 5(1), 269–282.Google Scholar
  22. 22.
    Baruah, K. C. H., Banerjee, S., Dutta, M. P., & Bhunia, C. T. (2015). An improved biometric-based multi server authentication scheme using smart card. International Journal of Security and Its Application, 9(1), 397–408.Google Scholar
  23. 23.
    Wen, F., Susilo, W., & Yang, G. (2015). Analysis and improvement on a biometric-based user authentication scheme using smart cards. Wireless Personal Communications, 80, 1747–1760.Google Scholar
  24. 24.
    Braeken, A. (2015). Efficient anonym smart card based authentication scheme for multi-server architecture. International Journal of Smart Home, 9(9), 177–184.Google Scholar
  25. 25.
    Blaze, M., Bleumer, G., & Strauss, M. (1998). Divertible protocols and atomic proxy cryptography. In Advances in cryptology EUROCRYPT 98 (pp. 127–144). Springer.Google Scholar
  26. 26.
    Jurcut, A. D., Liyanage, M., Chen, J., Gyorodi, C., & He, J. (2018). On the security verification of a short message service protocol. In 2018 IEEE wireless communications and networking conference (WCNC), Barcelona, Spain.
  27. 27.
    Coffey, T., & Saidha, P. (1997). Logic for verifying public-key cryptographic protocols. IEE Proceedings-Computers and Digital Techniques, 144, 28–32.zbMATHGoogle Scholar
  28. 28.
    Jurcut, A. D., Coffey, T., & Dojen, R. (2017). A novel security protocol attack detection logic with unique fault discovery capability for freshness attacks and interleaving session attacks. In IEEE transactions on dependable and secure computing. IEEE Xplore, Print ISSN: 1545-5971, Online ISSN: 1545-5971, 10.1109/TDSC.2017.2725831, available under the “Early Access” on IEEEXplore.Google Scholar
  29. 29.
    Dojen, R., & Coffey, T. (2005). Layered proving trees: A novel approach to the automation of logic-based security protocol verification. ACM Transactions on Information and System Security (TISSEC), 8(3), 287–311.Google Scholar
  30. 30.
    Malina, L., Hajny, J., Fudiak, R., & Hosek, J. (2016). On perspective of security and privacy-preserving solutions for the internet of things. Computer Networks, 19, 83–95.Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Industrial Sciences Department (INDI)Vrije Universiteit BrusselBrusselsBelgium
  2. 2.School of Computer ScienceUniversity College Dublin, IrelandDublinIreland
  3. 3.Centre for Wireless CommunicationsUniversity of OuluOuluFinland
  4. 4.School of Computer ScienceUniversity College DublinDublinIreland

Personalised recommendations