A Certificate-Less Key Exchange Protocol for IoT

  • Ivan Marco Lobe KomeEmail author
  • Nora Cuppens-BoulahiaEmail author
  • Frédéric CuppensEmail author
  • Vincent FreyEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11391)


Diffie-Hellman key exchange is a popular cryptographic algorithm that allows Internet protocols to agree on a shared key and negotiate a secure connection. It is used in many protocols including SSH, IPsec, SMTPS, and protocols that rely on TLS. In the Internet of Things (IoT), we cannot rely on the PKI architecture to secure communications due to the growing number of connected things. We are proposing to decentralize the encryption keys management while maintaining the property of authentication and secrecy. We use the ability of each node to build a private channel to create a shared key, safe from the eye of an attacker. Our solution provides a solution to build a certificate-less trusted ecosystem for IoT.


IoT Diffie-Hellman Private channel Ad hoc networks WPS Encryption Wireless security 


  1. 1.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)MathSciNetzbMATHCrossRefGoogle Scholar
  2. 2.
    Smart, N.P.: The discrete logarithm problem on elliptic curves of trace one. J. Cryptol. 12(3), 193–196 (1999)MathSciNetzbMATHCrossRefGoogle Scholar
  3. 3.
    Nyberg, K., Rueppel, R.A.: Message recovery for signature schemes based on the discrete logarithm problem. In: De Santis, A. (ed.) Workshop on the Theory and Application of of Cryptographic Techniques. LNCS, pp. 182–193. Springer, Heidelberg (1994). Scholar
  4. 4.
    Velvindron, L., Baushke, M.: Increase the secure shell minimum recommended Diffie-Hellman modulus size to 2048 bits (2017)Google Scholar
  5. 5.
    Bormann, C., Ersue, M., Keranen, A.: Terminology for constrained-node networks. Technical report (2014)Google Scholar
  6. 6.
    Gura, N., Patel, A., Wander, A., Eberle, H., Shantz, S.C.: Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 119–132. Springer, Heidelberg (2004). Scholar
  7. 7.
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986). Scholar
  8. 8.
    Gupta, R., Murty, M.R.: Primitive points on elliptic curves. Compos. Math. 58(1), 13–44 (1986)MathSciNetzbMATHGoogle Scholar
  9. 9.
    Koblitz, N.I.: Introduction to Elliptic Curves and Modular Forms, vol. 97. Springer, Heidelberg (2012). Scholar
  10. 10.
    Boneh, D.: The decision Diffie-Hellman problem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 48–63. Springer, Heidelberg (1998). Scholar
  11. 11.
    Delsarte, P.: Bilinear forms over a finite field, with applications to coding theory. J. Comb. Theory Ser. A 25(3), 226–241 (1978)MathSciNetzbMATHCrossRefGoogle Scholar
  12. 12.
    Adrian, D., et al.: Imperfect forward secrecy: how Diffie-Hellman fails in practice. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 5–17. ACM (2015)Google Scholar
  13. 13.
    Lenstra, A.K., Lenstra, H.W., Manasse, M.S., Pollard, J.M.: The number field sieve. In: Lenstra, A.K., Lenstra, H.W. (eds.) The development of the number field sieve. LNM, vol. 1554, pp. 11–42. Springer, Heidelberg (1993). Scholar
  14. 14.
    Housley, R., Ford, W., Polk, W., Solo, D.: Internet x. 509 public key infrastructure certificate and CRL profile. Technical report (1998)Google Scholar
  15. 15.
    Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. & Priv. 9(3), 49–51 (2011)CrossRefGoogle Scholar
  16. 16.
    Kelley, M.B.: The Stuxnet attack on Irans nuclear plant was far more dangerous than previously thought. Bus. Insid. 20 (2013)Google Scholar
  17. 17.
    Ellison, C., Schneier, B.: Ten risks of PKI: What you’re not being told about public key infrastructure. Comput. Secur. J. 16(1), 1–7 (2000)Google Scholar
  18. 18.
    Nat Sakimura, John Bradley, Mike Jones, Breno de Medeiros, and Chuck Mortimore. Openid connect core 1.0 incorporating errata set 1. The OpenID Foundation, specification, 2014Google Scholar
  19. 19.
    Hardt, D.: The OAuth 2.0 Authorization Framework.
  20. 20.
    Bradley, J., Denniss, W.: OAuth 2.0 for native apps (2017).
  21. 21.
    Viehbck, S.: Brute forcing wi-fi protected setup. When poor design meets poor implementation (2011).
  22. 22.
    Murphy, B.F.: Network penetration testing and research (2013)Google Scholar
  23. 23.
    Lueg, L.: The twilight of wi-fi protected access (2013).
  24. 24.
    Lueg, L.: Pyrit code source (2013).
  25. 25.
    Espressif Systems. Espressif systems SoCs.
  26. 26.
    Damien George. Micropython.
  27. 27.
    Matsumoto, T., Takashima, Y., Imai, H.: On seeking smart public-key-distribution systems (1976–1990). IEICE Trans. 69(2), 99–106 (1986)Google Scholar
  28. 28.
    Wang, S., Cao, Z., Strangio, M.A., Wang, L.: Cryptanalysis and improvement of an elliptic curve Diffie-Hellman key agreement protocol. IEEE Commun. Lett. 12(2) (2008)Google Scholar
  29. 29.
    Krawczyk, H.: HMQV: a high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005). Scholar
  30. 30.
    Blake-Wilson, S., Menezes, A.: Authenticated Diffe-Hellman key agreement protocols. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 339–361. Springer, Heidelberg (1999). Scholar
  31. 31.
    Scott, M.: Authenticated id-based key exchange and remote log-in with simple token and pin number. IACR Cryptology ePrint Archive 2002/164 (2002)Google Scholar
  32. 32.
    Smart, N.P.: Identity-based authenticated key agreement protocol based on weil pairing. Electron. Lett. 38(13), 630–632 (2002)zbMATHCrossRefGoogle Scholar
  33. 33.
    Shim, K.: Efficient ID-based authenticated key agreement protocol based on weil pairing. Electron. Lett. 39(8), 653–654 (2003)MathSciNetCrossRefGoogle Scholar
  34. 34.
    Chen, L., Cheng, Z., Smart, N.P.: Identity-based key agreement protocols from pairings. Int. J. Inf. Secur. 6(4), 213–241 (2007)CrossRefGoogle Scholar
  35. 35.
    Shelby, Z., Hartke, K., Bormann, C.: The Constrained Application Protocol (CoAP).
  36. 36.
    Raza, S., Trabalza, D., Voigt, T.: 6LoWPAN compressed DTLS for CoAP. In: 2012 IEEE 8th International Conference on Distributed Computing in Sensor Systems, pp. 287–289. IEEE (2012)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.IMT AtlantiqueCesson SévignéFrance
  2. 2.Orange LabsCesson SévignéFrance

Personalised recommendations