DTLS-HIMMO: Achieving DTLS Certificate Security with Symmetric Key Overhead

  • Oscar Garcia-MorchonEmail author
  • Ronald Rietman
  • Sahil Sharma
  • Ludo Tolhuizen
  • Jose Luis Torre-Arce
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9326)


Billions of devices are being connected to the Internet creating the Internet of Things (IoT). The IoT not only requires strong security, like current Internet applications, but also efficient operation. The recently introduced HIMMO scheme enables lightweight and collusion-resistant identity-based key sharing in a non-interactive way, so that any pair of Internet-connected devices can securely communicate.

This paper firstly reviews the HIMMO scheme and introduces two extensions that e.g. enable implicit credential verification without the need of traditional digital certificates. Then, we show how HIMMO can be efficiently implemented even in resource-constrained devices, enabling combined key agreement and credential verification more efficiently than using ECDH-ECDSA. We further explain how HIMMO helps to secure the Internet and IoT by introducing the DTLS-HIMMO operation mode. DTLS, the datagram version of TLS, is becoming the standard security protocol in the IoT, although it is very frequently discussed that it does not offer the right performance for IoT scenarios. Our design, implementation, and evaluation show that DTLS-HIMMO operation mode achieves the security properties of the DTLS-Certificate security suite while exhibiting the overhead of symmetric-key primitives without requiring changes in the DTLS standard.


HIMMO Lightweight (D)TLS Quantum TTP infrastructure. 


  1. 1.
    HP report: Internet of Things Research Study. Accessed 21 August 2014
  2. 2.
  3. 3.
    NIST workshop on cybersecurity in a post-quantum world (2015).
  4. 4.
    Blundo, C., de Santis, A., Herzberg, A., Kutten, S., Vaccaro, U., Yung, M.: Perfectly secure key distribution for dynamic conferences. Inf. Comput. 146, 1–23 (1998)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard), August 2008. Updated by RFCs 5746, 5878, 6176Google Scholar
  6. 6.
    Eronen, P., Tschofenig, H.: Pre-Shared Key Ciphersuites for Transport Layer Security (TLS). RFC 4279 (Proposed Standard), December 2005Google Scholar
  7. 7.
    García-Morchón, O., Gómez-Pérez, D., Gutiérrez, J., Rietman, R., Tolhuizen, L.: The MMO problem. In: Proceedings of ISSAC 2014, pp. 186–193. ACM (2014)Google Scholar
  8. 8.
    García-Morchón, O., Rietman, R., Shparlinski, I.E., Tolhuizen, L.: Interpolation and approximation of polynomials in finite fields over a short interval from noisy values. Exp. Math. 23, 241–260 (2014)MathSciNetCrossRefGoogle Scholar
  9. 9.
    García-Morchón, O., Gómez-Pérez, D., Gutiérrez, J., Rietman, R., Schoenmakers, B., Tolhuizen, L.: HIMMO - A Lightweight, Fully Colluison Resistant Key-Predistribution Scheme. Cryptology ePrint Archive, Report 2014/698 (2014).
  10. 10.
    Garcia-Morchón, O., Tolhuizen, L., Gomez, D., Gutierrez, J.: Towards full collusion resistant ID-based establishment of pairwise keys. In: Extended abstracts of the Third Workshop on Mathematical Cryptology (WMC 2012) and the Third International Conference on Symbolic Computation and Cryptography (SCC 2012), pp. 30–36 (2012)Google Scholar
  11. 11.
    Liu, A., Ning, P.: Tinyecc: a configurable library for elliptic curve cryptography in wireless sensor networks. In: Proceedings of the 7th International Conference on Information Processing in Sensor Networks, IPSN 2008, pp. 245–256. IEEE Computer Society, Washington, DC (2008)Google Scholar
  12. 12.
    Matsumoto, T., Imai, H.: On the key predistribution system: a practical solution to the key distribution problem. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 185–193. Springer, Heidelberg (1988) Google Scholar
  13. 13.
    McGrew, D., Bailey, D.: AES-CCM Cipher Suites for Transport Layer Security (TLS). RFC 6655 (Proposed Standard), July 2012Google Scholar
  14. 14.
    Nguyen, P.Q., Vallée, B. (eds.): The LLL Algorithm - Survey and Applications. Springer, Heidelberg (2010)zbMATHGoogle Scholar
  15. 15.
  16. 16.
    Shelby, Z., Hartke, K., Bormann, C.: The Constrained Application Protocol (CoAP). RFC 7252 (Proposed Standard), June 2014Google Scholar
  17. 17.
    Tschofenig, H.: A Datagram Transport Layer Security (DTLS) 1.2 Profile for the Internet of Things, August 2014Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 2.5 International License (, which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Authors and Affiliations

  • Oscar Garcia-Morchon
    • 1
    Email author
  • Ronald Rietman
    • 1
  • Sahil Sharma
    • 1
  • Ludo Tolhuizen
    • 1
  • Jose Luis Torre-Arce
    • 1
  1. 1.Philips Group Innovation, ResearchEindhovenThe Netherlands

Personalised recommendations