Efficient, Flexible and Secure Group Key Management Protocol for Dynamic IoT Settings

Many Internet of Things (IoT) scenarios require communication to and data acquisition from multiple devices with similar functionalities. For such scenarios, group communication in the form of multicasting and broadcasting has proven to be effective. Group Key Management (GKM) involves the handling, revocation, updation and distribution of cryptographic keys to members of various groups. Classical GKM schemes perform inefficiently in dynamic IoT environments, which are those wherein nodes frequently leave or join a network or migrate from one group to another over time. Recently, the `GroupIt' scheme has been proposed for GKM in dynamic IoT environments. However, this scheme has several limitations such as vulnerability to collusion attacks, the use of computationally expensive asymmetric encryption and threats to the backward secrecy of the system. In this paper, we present a highly efficient and secure GKM protocol for dynamic IoT settings, which maintains forward and backward secrecy at all times. Our proposed protocol uses only symmetric encryption, and is completely resistant to collusion attacks. Also, our protocol is highly flexible and can handle several new scenarios in which device or user dynamics may take place, e.g., allowing a device group to join or leave the network or creation or dissolution of a user group, which are not handled by schemes proposed in prior literature. We evaluate the performance of the proposed protocol via extensive mathematical analysis and numerical computations, and show that it outperforms the GroupIt scheme in terms of the communication and computation costs incurred by users and devices.

[1]  Alex R. Pinto,et al.  Integration of Wireless Sensor Networks to the Internet of Things Using a 6LoWPAN Gateway , 2013, 2013 III Brazilian Symposium on Computing Systems Engineering.

[2]  Mohamed Abid,et al.  LNT: A logical neighbor tree secure group communication scheme for wireless sensor networks , 2012, Ad Hoc Networks.

[3]  Xinyu Yang,et al.  A Survey on Internet of Things: Architecture, Enabling Technologies, Security and Privacy, and Applications , 2017, IEEE Internet of Things Journal.

[4]  Jianqing Zhang,et al.  Performance evaluation of Attribute-Based Encryption: Toward data privacy in the IoT , 2014, 2014 IEEE International Conference on Communications (ICC).

[5]  J.A. Gutierrez,et al.  IEEE 802.15.4: a developing standard for low-power low-cost wireless personal area networks , 2001, IEEE Network.

[6]  Sugata Sanyal,et al.  Survey of Security and Privacy Issues of Internet of Things , 2015, ArXiv.

[7]  Mikael Gidlund,et al.  Lightweight Group-Key Establishment Protocol for IoT Devices: Implementation and Performance Analyses , 2018, 2018 Fifth International Conference on Internet of Things: Systems, Management and Security.

[8]  Burkhard Stiller,et al.  Group key establishment for secure multicasting in IoT-enabled Wireless Sensor Networks , 2015, 2015 IEEE 40th Conference on Local Computer Networks (LCN).

[9]  Shusen Yang,et al.  A survey on the ietf protocol suite for the internet of things: standards, challenges, and opportunities , 2013, IEEE Wireless Communications.

[10]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 1998, SIGCOMM '98.

[11]  Seung-Woo Seo,et al.  Topological Key Hierarchy for Energy-Efficient Group Key Management in Wireless Sensor Networks , 2010, Wirel. Pers. Commun..

[12]  Jorge Sá Silva,et al.  Security for the Internet of Things: A Survey of Existing Protocols and Open Research Issues , 2015, IEEE Communications Surveys & Tutorials.

[13]  Chang-Seop Park,et al.  A Secure and Efficient ECQV Implicit Certificate Issuance Protocol for the Internet of Things Applications , 2017, IEEE Sensors Journal.

[14]  Xiong Luo,et al.  Logical Tree Based Secure Rekeying Management for Smart Devices Groups in IoT Enabled WSN , 2019, IEEE Access.

[15]  Xiong Li,et al.  Provably secure user authentication and key agreement scheme for wireless sensor networks , 2016, Secur. Commun. Networks.

[16]  David Hutchison,et al.  A survey of key management for secure group communication , 2003, CSUR.

[17]  An Braeken,et al.  A performance comparison study of ECC and AES in commercial and research sensor nodes , 2013, Eurocon 2013.

[18]  Chin-Chen Chang,et al.  A Provably Secure, Efficient, and Flexible Authentication Scheme for Ad hoc Wireless Sensor Networks , 2016, IEEE Transactions on Wireless Communications.

[19]  Mikael Gidlund,et al.  Key Distribution Protocol for Industrial Internet of Things Without Implicit Certificates , 2019, IEEE Internet of Things Journal.

[20]  Roberto Di Pietro,et al.  Emergent properties: detection of the node-capture attack in mobile wireless sensor networks , 2008, WiSec '08.

[21]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[22]  Hsu-Chun Hsiao,et al.  GroupIt: Lightweight Group Key Management for Dynamic IoT Environments , 2018, IEEE Internet of Things Journal.

[23]  Sherali Zeadally,et al.  Lightweight Three-Factor Authentication and Key Agreement Protocol for Internet-Integrated Wireless Sensor Networks , 2017, IEEE Access.

[24]  Vanga Odelu,et al.  A Secure Smartcard-Based Anonymous User Authentication Scheme for Healthcare Applications Using Wireless Medical Sensor Networks , 2017, Wirel. Pers. Commun..

[25]  Rainer Steinwandt,et al.  Group key establishment with physical unclonable functions , 2018, Journal of Information and Optimization Sciences.

[26]  Radha Poovendran,et al.  Node capture attacks in wireless sensor networks: A system theoretic approach , 2010, 49th IEEE Conference on Decision and Control (CDC).

[27]  Christian Esposito,et al.  Distributed Group Key Management for Event Notification Confidentiality Among Sensors , 2020, IEEE Transactions on Dependable and Secure Computing.

[28]  Marko Hölbl,et al.  A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion , 2014, Ad Hoc Networks.

[29]  Rolf H. Weber,et al.  Internet of Things - New security and privacy challenges , 2010, Comput. Law Secur. Rev..

[30]  Luca Veltri,et al.  A novel batch-based group key management protocol applied to the Internet of Things , 2013, Ad Hoc Networks.