Authenticated Key Agreement Mediated by a Proxy Re-encryptor for the Internet of Things
The Internet of Things (IoT) is composed of a wide range of heterogeneous network devices that communicate with their users and the surrounding devices. The secure communications between these devices are still essential even with little or no previous knowledge about each other and regardless of their resource capabilities. This particular context requires appropriate security mechanisms which should be well-suited for the heterogeneous nature of IoT devices, without pre-sharing a secret key for each secure connection.
In this work, we first propose a novel symmetric cipher proxy re-encryption scheme. Such a primitive allows a user to delegate her decryption rights to another with the help of a semi-trusted proxy, but without giving this latter any information on the transmitted messages and the user’s secret keys. We then propose AKAPR, an Authenticated Key Agreement mediated by a Proxy Re-encryptor for IoT. The mechanism permits any two highly resource-constrained devices to establish a secure communication with no prior trust relationship. AKAPR is built upon our proposed proxy re-encryption scheme. It has been proved by ProVerif to provide mutual authentication for participants while preserving the secrecy of the generated session key. In addition, the scheme benefits from the lightness of our proxy re-encryption algorithm as it requires no expensive cryptographic operations such as pairing or modular exponentiation.
KeywordsAuthenticated key agreement Proxy re-encryption Security Internet of Things
- 1.Gartner inc., forecast: The internet of things, worldwide (2013)Google Scholar
- 3.Barker, E.B., Kelsey, J.M.: Recommendation for random number generation using deterministic random bit generators (revised) (2007)Google Scholar
- 5.Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 62–73. ACM (1993)Google Scholar
- 9.Bormann, C., Ersue, M., Keranen, A.: Terminology for constrained-node networks. Internet Engineering Task Force (IETF), RFC, 7228 (2014)Google Scholar
- 11.Canetti, R., Hohenberger, S.: Chosen-ciphertext secure proxy re-encryption. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 185–194. ACM (2007)Google Scholar
- 16.Eronen, P., Tschofenig, H.: Pre-shared key ciphersuites for transport layer security (TLS). Technical report, RFC 4279, December 2005Google Scholar
- 18.Granjal, J., Monteiro, E., Silva, J.S.: End-to-end transport-layer security for internet-integrated sensing applications with mutual and delegated ECC public-key authentication. In: 2013 IFIP Networking Conference, pp. 1–9. IEEE (2013)Google Scholar
- 20.Hummen, R., Shafagh, H., Raza, S., Voig, T., Wehrle, K.: Delegation-based authentication and authorization for the IP-based internet of things. In: 2014 Eleventh Annual IEEE International Conference on Sensing, Communication, and Networking (SECON), pp. 284–292. IEEE (2014)Google Scholar
- 23.Ray, S., Biswas, G.P.: Establishment of ECC-based initial secrecy usable for ike implementation. In: Proceedings of World Congress on Expert Systems (WCE) (2012)Google Scholar
- 26.Sciancalepore, S., Capossele, A., Piro, G., Boggia, G., Bianchi, G.: Key management protocol with implicit certificates for IoT systems. In: Proceedings of the 2015 Workshop on IoT Challenges in Mobile and Industrial Systems, pp. 37–42. ACM (2015)Google Scholar
- 29.Van den Abeele, F., Vandewinckele, T., Hoebeke, J., Moerman, I., Demeester, P.: Secure communication in IP-based wireless sensor networks via a trusted gateway. In: 2015 IEEE Tenth International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), pp. 1–6. IEEE (2015)Google Scholar