Authenticated Key Agreement Mediated by a Proxy Re-encryptor for the Internet of Things

  • Kim Thuat Nguyen
  • Nouha Oualha
  • Maryline Laurent
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9879)


The Internet of Things (IoT) is composed of a wide range of heterogeneous network devices that communicate with their users and the surrounding devices. The secure communications between these devices are still essential even with little or no previous knowledge about each other and regardless of their resource capabilities. This particular context requires appropriate security mechanisms which should be well-suited for the heterogeneous nature of IoT devices, without pre-sharing a secret key for each secure connection.

In this work, we first propose a novel symmetric cipher proxy re-encryption scheme. Such a primitive allows a user to delegate her decryption rights to another with the help of a semi-trusted proxy, but without giving this latter any information on the transmitted messages and the user’s secret keys. We then propose AKAPR, an Authenticated Key Agreement mediated by a Proxy Re-encryptor for IoT. The mechanism permits any two highly resource-constrained devices to establish a secure communication with no prior trust relationship. AKAPR is built upon our proposed proxy re-encryption scheme. It has been proved by ProVerif to provide mutual authentication for participants while preserving the secrecy of the generated session key. In addition, the scheme benefits from the lightness of our proxy re-encryption algorithm as it requires no expensive cryptographic operations such as pairing or modular exponentiation.


Authenticated key agreement Proxy re-encryption Security Internet of Things 


  1. 1.
    Gartner inc., forecast: The internet of things, worldwide (2013)Google Scholar
  2. 2.
    Ateniese, G., Kevin, F., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. (TISSEC) 9(1), 1–30 (2006)CrossRefMATHGoogle Scholar
  3. 3.
    Barker, E.B., Kelsey, J.M.: Recommendation for random number generation using deterministic random bit generators (revised) (2007)Google Scholar
  4. 4.
    Basin, D., Mödersheim, S., Viganò, L.: An on-the-fly model-checker for security protocol analysis. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 253–270. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 62–73. ACM (1993)Google Scholar
  6. 6.
    Blanchet, B.: Automatic verification of correspondences for security protocols. J. Comput. Secur. 17(4), 363–434 (2009)CrossRefGoogle Scholar
  7. 7.
    Blaze, M., Bleumer, G., Strauss, M.J.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  8. 8.
    Boneh, D.: The decision Diffie-Hellman problem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 48–63. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  9. 9.
    Bormann, C., Ersue, M., Keranen, A.: Terminology for constrained-node networks. Internet Engineering Task Force (IETF), RFC, 7228 (2014)Google Scholar
  10. 10.
    Cadé, D., Blanchet, B.: Proved generation of implementations from computationally secure protocol specifications1. J. Comput. Secur. 23(3), 331–402 (2015)CrossRefMATHGoogle Scholar
  11. 11.
    Canetti, R., Hohenberger, S.: Chosen-ciphertext secure proxy re-encryption. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 185–194. ACM (2007)Google Scholar
  12. 12.
    Chow, S.S.M., Weng, J., Yang, Y., Deng, R.H.: Efficient unidirectional proxy re-encryption. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 316–332. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. 13.
    Cook, D.L., Keromytis, A.D.: Conversion functions for symmetric key ciphers. J. Inf. Assur. Secur. 2, 41–50 (2006)MathSciNetGoogle Scholar
  14. 14.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)MathSciNetCrossRefMATHGoogle Scholar
  15. 15.
    El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  16. 16.
    Eronen, P., Tschofenig, H.: Pre-shared key ciphersuites for transport layer security (TLS). Technical report, RFC 4279, December 2005Google Scholar
  17. 17.
    Fouladgar, S., Mainaud, B., Masmoudi, K., Afifi, H.: Tiny 3-TLS: a trust delegation protocol for wireless sensor networks. In: Buttyán, L., Gligor, V.D., Westhoff, D. (eds.) ESAS 2006. LNCS, vol. 4357, pp. 32–42. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Granjal, J., Monteiro, E., Silva, J.S.: End-to-end transport-layer security for internet-integrated sensing applications with mutual and delegated ECC public-key authentication. In: 2013 IFIP Networking Conference, pp. 1–9. IEEE (2013)Google Scholar
  19. 19.
    Green, M., Ateniese, G.: Identity-based proxy re-encryption. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 288–306. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  20. 20.
    Hummen, R., Shafagh, H., Raza, S., Voig, T., Wehrle, K.: Delegation-based authentication and authorization for the IP-based internet of things. In: 2014 Eleventh Annual IEEE International Conference on Sensing, Communication, and Networking (SECON), pp. 284–292. IEEE (2014)Google Scholar
  21. 21.
    Lafourcade, P., Terrade, V., Vigier, S.: Comparison of cryptographic verification tools dealing with algebraic properties. In: Degano, P., Guttman, J.D. (eds.) FAST 2009. LNCS, vol. 5983, pp. 173–185. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  22. 22.
    Matsuo, T.: Proxy re-encryption systems for identity-based encryption. In: Takagi, T., Okamoto, E., Okamoto, T., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 247–267. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  23. 23.
    Ray, S., Biswas, G.P.: Establishment of ECC-based initial secrecy usable for ike implementation. In: Proceedings of World Congress on Expert Systems (WCE) (2012)Google Scholar
  24. 24.
    Raza, S., Shafagh, H., Hewage, K., Hummen, R., Voigt, T.: Lithe: lightweight secure CoAP for the internet of things. IEEE Sens. J. 13(10), 3711–3720 (2013)CrossRefGoogle Scholar
  25. 25.
    Ben Saied, Y., Olivereau, A., Zeghlache, D., Laurent, M.: Lightweight collaborative key establishment scheme for the internet of things. Comput. Netw. 64, 273–295 (2014)CrossRefGoogle Scholar
  26. 26.
    Sciancalepore, S., Capossele, A., Piro, G., Boggia, G., Bianchi, G.: Key management protocol with implicit certificates for IoT systems. In: Proceedings of the 2015 Workshop on IoT Challenges in Mobile and Industrial Systems, pp. 37–42. ACM (2015)Google Scholar
  27. 27.
    Syalim, A., Nishide, T., Sakurai, K.: Realizing proxy re-encryption in the symmetric world. In: Abd Manaf, A., Zeki, A., Zamani, M., Chuprat, S., El-Qawasmeh, E. (eds.) ICIEIS 2011, Part I. CCIS, vol. 251, pp. 259–274. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  28. 28.
    Turuani, M.: The CL-Atse protocol analyser. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 277–286. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  29. 29.
    Van den Abeele, F., Vandewinckele, T., Hoebeke, J., Moerman, I., Demeester, P.: Secure communication in IP-based wireless sensor networks via a trusted gateway. In: 2015 IEEE Tenth International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), pp. 1–6. IEEE (2015)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Kim Thuat Nguyen
    • 1
  • Nouha Oualha
    • 1
  • Maryline Laurent
    • 2
  1. 1.CEA, LIST, Communicating Systems LaboratoryGif-sur-yvette CedexFrance
  2. 2.Institut Mines-Telecom, Telecom SudParis, UMR CNRS 5157 SAMOVAREvryFrance

Personalised recommendations