Skip to main content
SpringerLink
Log in

Anonymous Lightweight Proxy Based Key Agreement for IoT (ALPKA)

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

The Internet of Things (IoT) technologies interconnect a broad range of network devices, differing in terms of size, weight, functionality, and resource capabilities. The main challenge is to establish the required security features in the most constrained devices, even if they are unknown to each other and do not share common pre-distributed key material. As a consequence, there is a high need for scalable and lightweight key establishment protocols. In this paper, we propose a key agreement protocol between two IoT devices without prior trust relation, using solely symmetric key based operations, by relying on a server or proxy based approach. This proxy is responsible for the verification of the authentication and the key agreement between the IoT devices, without being capable of deriving the established session key. We propose two versions. The first version does not require interactive input from the key distribution center to the proxy, but is not resistant if a compromised user and proxy are collaborating. The second version on the other hand is collision resistant, but needs an interactive key distribution center. In addition, we add the interesting features of anonymity and unlinkability of the sender and receiver in both protocol versions. The security properties of the proposed protocol are verified by using formal verification techniques.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Atzori, L., Iera, A., & Morabito, G. (2010). The internet of things: A survey. Computer Networks, 54(15), 2787–2805.

    Article  MATH  Google Scholar 

  2. Miorandi, D., Sicari, S., Pellegrini, F. D., & Chlamtac, I. (2012). Internet of things: Vision, applications and research challenges. Ad Hoc Networks, 10(7), 1497?1516.

    Article  Google Scholar 

  3. Caron, X., Bosua, R., Maynard, S. B., & Ahmad, A. (2016). The internet of things (IoT) and its impact on individual privacy: An Australian perspective. Computer Law and Security Review, 29(32(1)), 4–15.

    Article  Google Scholar 

  4. Jurcut, A. D., Coffey, T., & Dojen, R. (2014). On the prevention and detection of replay attacks using a logic-based verification tool. In International conference on computer networks (pp. 128–137). Cham: Springer.

  5. Jurcut, A. D., Coffey, T., & Dojen, R. (2013). Establishing and fixing security protocols weaknesses using a logic-based verification tool. Journal of Communication, 8(11), 795–806. https://doi.org/10.12720/jcm.8.11.795-805.

    Article  Google Scholar 

  6. Jurcut, A. D., Coffey, T., & Dojen, R. (2014). Design guidelines for security protocols to prevent replay and parallel session attacks. Journal of Computers & Security, 45, 255273. https://doi.org/10.1016/j.cose.2014.05.010.

    Google Scholar 

  7. Tschofenig, H., & Fossati, T. (2013). A TLS/DTLS 1.2 profile for the internet of things. In IETF draft, RFC editor. http://tools.ietf.org/html/draft-ietf-dice-profile-09i. Accessed 11 Feb 2019.

  8. Kaufman, C. (2014). Internet key exchange (IKEv2) protocol. In IETF RFC 7296. http://tools.ietf.org/html/rfc7296i. Accessed 11 Feb 2019.

  9. Moskowitz, R. (2014). HIP diet exchange (DEX). In IETF draft, RFC editor. http://tools.ietf.org/html/draft-moskowitz-hip-dex-02i. Accessed 11 Feb 2019.

  10. Saied, Y., & Olivereau, A. (2012). D-HIP: A distributed keyexchange scheme for HIP-based internet of things. In Proceeding ofIEEE world of wireless, mobile and multimedia networks (WoWMoM) (pp. 1–7).

  11. Saied, Y. B., Olivereau, A., Zeghlache, D., & Laurent, M. (2014). Lightweight collaborative key establishment scheme for the internet of things. Computer Networks, 64, 273–295.

    Article  Google Scholar 

  12. Porambage, P., Braeken, A., Gurtov, A., Ylianttila, M., & Spinsante, S. (2015). Secure end-to-end communication forconstrained devices in IoT-enabled ambient assisted livingsystems. In IEEE 2nd world forum on internet of things (WF-IoT), Milan (pp 711–714).

  13. Porambage, P., Braeken, A., Kumar, P., Gurtov, A., & Ylianttila, M. (2015). Proxy-based end-to-end key establishment protocol for the internet of things. In Proceedings of IEEE ICC workshop on security and privacy for internet of things and cyber-physical systems.

  14. Canetti, R., & Hohenberger, S. (2007). Chosen-ciphertext secure proxy re-encryption. In Proceedings of the 14th ACM conference on computer and communications security (pp. 185–194).

  15. Chow, S. S. M., Weng, J., Yang, Y., & Deng, R. H. (2010). Efficient unidirectional proxy re-encryption. In Progress in cryptology AFRICACRYPT 2010 (pp. 316–332). Springer.

  16. Green, M., & Ateniese, G. (2007). Identity-based proxy re-encryption. In Applied cryptography and network security (pp. 288–306). Springer.

  17. Matsuo, T. (2007). Proxy re-encryption systems for identity-based encryption. In Pairing-based cryptography, Pairing 2007 (pp. 247–267). Springer.

  18. Cook, D. L., & Keromytis, A. D. (2006). Conversion functions for symmetric key ciphers. Journal of Information Assurance and Security, 2, 41–50.

    MathSciNet  Google Scholar 

  19. Syalim, A., Nishide, T., & Sakurai, K. (2011). Realizing proxy re-encryption in the symmetric world. In Informatics engineering and information science (pp. 259–274). Springer.

  20. Nguyen, K. T., Oualha, N., & Laurent, M. (2016). Authenticated key agreement mediated by a proxy re-encryptor for the internet of things. In 21st European symposium on research in computer security (ESORICS 2016).

  21. Wazid, M., Conti, M., & Jo, M. (2017). Design of secure user authenticated key management protocol for generic IoT network. IEEE Internet of Things Journal, 5(1), 269–282.

    Article  Google Scholar 

  22. Baruah, K. C. H., Banerjee, S., Dutta, M. P., & Bhunia, C. T. (2015). An improved biometric-based multi server authentication scheme using smart card. International Journal of Security and Its Application, 9(1), 397–408.

    Article  Google Scholar 

  23. Wen, F., Susilo, W., & Yang, G. (2015). Analysis and improvement on a biometric-based user authentication scheme using smart cards. Wireless Personal Communications, 80, 1747–1760.

    Article  Google Scholar 

  24. Braeken, A. (2015). Efficient anonym smart card based authentication scheme for multi-server architecture. International Journal of Smart Home, 9(9), 177–184.

    Article  Google Scholar 

  25. Blaze, M., Bleumer, G., & Strauss, M. (1998). Divertible protocols and atomic proxy cryptography. In Advances in cryptology EUROCRYPT 98 (pp. 127–144). Springer.

  26. Jurcut, A. D., Liyanage, M., Chen, J., Gyorodi, C., & He, J. (2018). On the security verification of a short message service protocol. In 2018 IEEE wireless communications and networking conference (WCNC), Barcelona, Spain. https://doi.org/10.1109/WCNC.2018.8377349.

  27. Coffey, T., & Saidha, P. (1997). Logic for verifying public-key cryptographic protocols. IEE Proceedings-Computers and Digital Techniques, 144, 28–32.

    Article  MATH  Google Scholar 

  28. Jurcut, A. D., Coffey, T., & Dojen, R. (2017). A novel security protocol attack detection logic with unique fault discovery capability for freshness attacks and interleaving session attacks. In IEEE transactions on dependable and secure computing. IEEE Xplore, Print ISSN: 1545-5971, Online ISSN: 1545-5971, 10.1109/TDSC.2017.2725831, available under the “Early Access” on IEEEXplore.

  29. Dojen, R., & Coffey, T. (2005). Layered proving trees: A novel approach to the automation of logic-based security protocol verification. ACM Transactions on Information and System Security (TISSEC), 8(3), 287–311.

    Article  Google Scholar 

  30. Malina, L., Hajny, J., Fudiak, R., & Hosek, J. (2016). On perspective of security and privacy-preserving solutions for the internet of things. Computer Networks, 19, 83–95.

    Article  Google Scholar 

Download references

Acknowledgements

This work has been performed under the framework of COST Action CA15127 (RECODIS) and CA16226 (SHELD-ON) projects.

Author information

Authors and Affiliations

  1. Industrial Sciences Department (INDI), Vrije Universiteit Brussel, Brussels, Belgium

    An Braeken

  2. School of Computer Science, University College Dublin, Ireland, Dublin, Ireland

    Madhusanka Liyanage

  3. Centre for Wireless Communications, University of Oulu, Oulu, Finland

    Madhusanka Liyanage

  4. School of Computer Science, University College Dublin, Dublin, Ireland

    Anca Delia Jurcut

Authors
  1. An Braeken
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Madhusanka Liyanage
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Anca Delia Jurcut
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to An Braeken.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Braeken, A., Liyanage, M. & Jurcut, A.D. Anonymous Lightweight Proxy Based Key Agreement for IoT (ALPKA). Wireless Pers Commun 106, 345–364 (2019). https://doi.org/10.1007/s11277-019-06165-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-019-06165-9

Keywords

Search

Navigation