Lightweight and escrow-less authenticated key agreement for the internet of things

Simplício, Marcos A.; Silva, Marcos V.M.; Alves, Renan C. A.; Shibata, Tiago K.C.

doi:10.1016/j.comcom.2016.05.002

Cited by 68 publications

(44 citation statements)

References 47 publications

(72 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…During the key agreement process, the TTP can be involved or not. In the case when the TTP is not involved, the most efficient identity based authentication and key agreement protocol proposed in literature can be found in [20], which only requires two phases and is also based on the ECQV key establishment protocol. We also mention in this context the standard key agreement scheme in IoT, called the Datagram Transport Layer Security (DTLS) protocol [21] with raw public keys, which has as a main difference the usage of less efficient certificates.…”

Section: Key Agreement Between Two Iot Devicesmentioning

confidence: 99%

PUF Based Authentication Protocol for IoT

Braeken

2018

Symmetry

130

View full text Add to dashboard Cite

Key agreement between two constrained Internet of Things (IoT) devices that have not met each other is an essential feature to provide in order to establish trust among its users. Physical Unclonable Functions (PUFs) on a device represent a low cost primitive exploiting the unique random patterns in the device and have been already applied in a multitude of applications for secure key generation and key agreement in order to avoid an attacker to take over the identity of a tampered device, whose key material has been extracted. This paper shows that the key agreement scheme of a recently proposed PUF based protocol, presented by Chatterjee et al., for Internet of Things (IoT) is vulnerable for man-in-the-middle, impersonation, and replay attacks in the Yao-Dolev security model. We propose an alternative scheme, which is able to solve these issues and can provide in addition a more efficient key agreement and subsequently a communication phase between two IoT devices connected to the same authentication server. The scheme also offers identity based authentication and repudiation, when only using elliptic curve multiplications and additions, instead of the compute intensive pairing operations.

show abstract

Section: Key Agreement Between Two Iot Devicesmentioning

confidence: 99%

PUF Based Authentication Protocol for IoT

Braeken

2018

Symmetry

130

View full text Add to dashboard Cite

show abstract

“…The literature offers identitybased schemes as an alternative; however it has the drawback of key escrow. In addition, security flaws were discovered in special pairing-friendly curves required by those schemes [32].…”

Section: Security Notesmentioning

confidence: 99%

“…Traditional Public Key Infrastructure (PKI) schemes used in the Internet are not suitable due to large certificates and heavy processing requirements [32].…”

Section: Security Notesmentioning

confidence: 99%

“…Therefore we choose an implicitly certified paradigm, the iSMQV protocol, in particular [32], which combines both escrow-less capability and performance efficiency.…”

Section: Security Notesmentioning

confidence: 99%

“…The Key Generation Center (KGC) is a trusted entity responsible for generating authenticated key pairs for the SDN entities by using an Implicitly Certified Authenticated Key Agreement protocol (such as iSMQV [32]). Note that although the KGC participates in the key generation procedure, the key pairs are not subject to escrow.…”

Section: System Entitiesmentioning

confidence: 99%

See 2 more Smart Citations

WS³N: Wireless Secure SDN-Based Communication for Sensor Networks

Alves

Oliveira

Pereira

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

The Software Defined Networking (SDN) paradigm can provide flexible routing and potentially support the different communication patterns that exist in Wireless Sensor Networks (WSN). However applying this paradigm to resource-constrained networks is not straightforward, especially if security services are a requirement. Existing SDN-based approaches for WSN evolved over time, addressing resource-constrained requirements. However, they do not integrate security services into their design and implementation. This work's main contribution is a secure-by-design SDN-based framework for Wireless Sensors Networks. Secure node admission and end-to-end key distribution to support secure communication are considered key services, which the framework must provide. We describe its specification, design, implementation, and experiments considering device and protocol constraints. The results indicate that our approach has achieved such goals with acceptable overheads up to medium sized networks.

show abstract