Bigdata-Facilitated Two-Party Authenticated Key Exchange for IoT

“…The framework transforms any post-quantum secure KE scheme with session key security and weak perfect forward secrecy into an AKE scheme with the following security properties: Perfect forward secrecy (PFS) which guarantees that previous session keys remain secure even if both parties' long-term keys have been compromised; Key compromise impersonation (KCI) resilience which guarantees that even if an attacker has obtained one party's long-term private key then it still cannot impersonate the other party to this party; Server compromise impersonation (SCI) resilience which guarantees that even if an attacker has compromised the server then it still cannot impersonate the server to the IoT device. Similar to Liu et al [34], our framework supports two authentication factors, namely long-term secret keys and big data. We further prove the security of our framework in the post-quantum setting, and propose an instantiation of the framework based on two main building blocks, a post-quantum secure KE scheme and post-quantum secure IND-CCA2 public-key encryption (PKE) scheme.…”

“…Based on the work of Liu et al [34] which is not postquantum secure, we propose a modular framework for constructing post-quantum secure AKE schemes in the clientserver setting where the client is an IoT device. The framework transforms any post-quantum secure KE scheme with session key security and weak perfect forward secrecy into an AKE scheme with the following security properties: Perfect forward secrecy (PFS) which guarantees that previous session keys remain secure even if both parties' long-term keys have been compromised; Key compromise impersonation (KCI) resilience which guarantees that even if an attacker has obtained one party's long-term private key then it still cannot impersonate the other party to this party; Server compromise impersonation (SCI) resilience which guarantees that even if an attacker has compromised the server then it still cannot impersonate the server to the IoT device.…”

“…In Section II, we recap the existing KE schemes and benchmark their efficiency. In Section III, we recap the AKE scheme from [34] and analyse its security in the post-quantum setting. In Sections IV and V, we present our modular framework and analyse its security respectively.…”

“…In 2021, Liu et al proposed a bigdata-facilitated two-party AKE for IoT [34], where the security is proven based on Computational Diffie-Hellman (CDH) and Strong Diffie-Hellman (SDH) assumptions in a bounded retrieval model [49], [50]. In this section, we first recap the scheme and then analyse it in the post-quantum setting.…”

“…In our security analysis, we use the same security model as that from [34]. This security model defines four types of security properties: session key security, PFS, KCI resilience, SCI resilience.…”

Modular Framework for Constructing IoT-Server AKE in Post-Quantum Setting

“…The framework transforms any post-quantum secure KE scheme with session key security and weak perfect forward secrecy into an AKE scheme with the following security properties: Perfect forward secrecy (PFS) which guarantees that previous session keys remain secure even if both parties' long-term keys have been compromised; Key compromise impersonation (KCI) resilience which guarantees that even if an attacker has obtained one party's long-term private key then it still cannot impersonate the other party to this party; Server compromise impersonation (SCI) resilience which guarantees that even if an attacker has compromised the server then it still cannot impersonate the server to the IoT device. Similar to Liu et al [34], our framework supports two authentication factors, namely long-term secret keys and big data. We further prove the security of our framework in the post-quantum setting, and propose an instantiation of the framework based on two main building blocks, a post-quantum secure KE scheme and post-quantum secure IND-CCA2 public-key encryption (PKE) scheme.…”

“…Based on the work of Liu et al [34] which is not postquantum secure, we propose a modular framework for constructing post-quantum secure AKE schemes in the clientserver setting where the client is an IoT device. The framework transforms any post-quantum secure KE scheme with session key security and weak perfect forward secrecy into an AKE scheme with the following security properties: Perfect forward secrecy (PFS) which guarantees that previous session keys remain secure even if both parties' long-term keys have been compromised; Key compromise impersonation (KCI) resilience which guarantees that even if an attacker has obtained one party's long-term private key then it still cannot impersonate the other party to this party; Server compromise impersonation (SCI) resilience which guarantees that even if an attacker has compromised the server then it still cannot impersonate the server to the IoT device.…”

“…In Section II, we recap the existing KE schemes and benchmark their efficiency. In Section III, we recap the AKE scheme from [34] and analyse its security in the post-quantum setting. In Sections IV and V, we present our modular framework and analyse its security respectively.…”

“…In 2021, Liu et al proposed a bigdata-facilitated two-party AKE for IoT [34], where the security is proven based on Computational Diffie-Hellman (CDH) and Strong Diffie-Hellman (SDH) assumptions in a bounded retrieval model [49], [50]. In this section, we first recap the scheme and then analyse it in the post-quantum setting.…”

“…In our security analysis, we use the same security model as that from [34]. This security model defines four types of security properties: session key security, PFS, KCI resilience, SCI resilience.…”

Modular Framework for Constructing IoT-Server AKE in Post-Quantum Setting

Exploring the Future of Key Management and Authentication in Public Key Infrastructures

Deeper Insight Into Why Authentication Schemes in IoT Environments Fail to Achieve the Desired Security