A Lightweight Authentication and Key Exchange Protocol for IoT

Security in IoT environments is critical, as there are many situations where IoT devices provide sensory information that needs to be shared securely. However, providing authenticated and secure communication for IoT devices can be a challenge. IoT devices have many constraints, including limitations in computation, power, memory and energy. Moreover, they often have to go through a gateway/sink to connect to the network. For secure communication to the rest of the network, the IoT device needs to trust the gateway/sink, and this requires a means for the device to authenticate the gateway and vice-versa. We also seek to support secure communication even when the IoT device and gateway are disconnected from the rest of the network. In this paper, we provide a lightweight authentication and key exchange protocol for such IoT environments where the IoT device and gateway are communicating over a wireless channel. Our protocol depends on each pair of devices having two unique keys, a master key and an initial session key, provided at configuration time. The session key is constantly changing, and is used as the key for exchanging frames securely during a session. The protocol is lightweight and uses only symmetric-key cryptography and Hashed Message Authentication Code (HMAC)-based key derivation function (HKDF) to provide authentication, key exchange, confidentiality and message integrity. The protocol does not depend on any Trusted Third Party (TTP), and is a good fit for disconnected IoT environments. The keys are never exchanged over the network, providing perfect forward secrecy. The protocol is efficient in the amount of computation required, memory and energy usage.

[1]  Donald F. Towsley,et al.  Secure Wireless Communication with Dynamic Secrets , 2010, 2010 Proceedings IEEE INFOCOM.

[2]  Philippas Tsigas,et al.  ContikiSec: A Secure Network Layer for Wireless Sensor Networks under the Contiki Operating System , 2009, NordSec.

[3]  Frédéric Valette,et al.  On the Security of the CCM Encryption Mode and of a Slight Variant , 2008, ACNS.

[4]  Biplab Sikdar,et al.  Secure Data Provenance for the Internet of Things , 2017, IoTPTS@AsiaCCS.

[5]  Ki-Hyung Kim,et al.  SAKES: Secure authentication and key establishment scheme for M2M communication in the IP-based wireless sensor network (6L0WPAN) , 2013, 2013 Fifth International Conference on Ubiquitous and Future Networks (ICUFN).

[6]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[7]  Andrei V. Gurtov,et al.  PAuthKey: A Pervasive Authentication Protocol and Key Establishment Scheme for Wireless Sensor Networks in Distributed IoT Applications , 2014, Int. J. Distributed Sens. Networks.

[8]  Maode Ma,et al.  A Mutual Authentication and Key Establishment Scheme for M2M Communication in 6LoWPAN Networks , 2016, IEEE Transactions on Industrial Informatics.

[9]  Prerna Mahajan,et al.  A Study of Encryption Algorithms AES, DES and RSA for Security , 2013 .

[10]  Srivaths Ravi,et al.  Analyzing the energy consumption of security protocols , 2003, ISLPED '03.

[11]  Hugo Krawczyk,et al.  Cryptographic Extraction and Key Derivation: The HKDF Scheme , 2010, IACR Cryptol. ePrint Arch..