LiKe: Lightweight Certificateless Key Agreement for Secure IoT Communications

Pietro Tedeschi, Savio Sciancalepore, Areej Eliyan, Roberto Di Pietro

Research output: Contribution to journalArticleAcademicpeer-review

57 Citations (Scopus)

Abstract

Certificateless public-key cryptography (CL-PKC) schemes are particularly robust against the leakage of secret information stored on a trusted third party (TTP). These security features are particularly relevant for Internet of Things (IoT) domains, where the devices are typically preconfigured with secret keys, usually stored locally on the TTP for following maintenance tasks. Despite some contributions already proposed for the adoption of CL-PKC schemes in constrained IoT devices, current solutions generally require high message overhead, are computationally demanding, and place a high toll on the energy budget. To close this gap, we propose LiKe, a lightweight pairing-free certificateless key agreement protocol suitable for integration in the latest ZigBee 3.0 protocol stack and constrained IoT devices. LiKe is an authenticated key agreement protocol characterized by: 1) ephemeral cryptographic materials; 2) support for intermittent connectivity with the TTP; 3) lightweight rekeying operations; and 4) robustness against impersonation attacks, even when information stored on the TTP is leaked. LiKe has been thoroughly described, and its security properties have been proved via formal tools. Moreover, we have implemented and tested it on real IoT devices, in networks with up to 11 nodes - the source code has been released as an open source. Results are striking: on the OpenMote-b hardware platform, LiKe requires a total time of 3.259 s to establish session keys on each participating device, and at most 0.258% of the overall battery capacity, emerging as a lightweight and energy-friendly solution. Finally, comparisons with competing solutions do show the superior quality and viability of our proposal.

Original languageEnglish
Article number8901222
Pages (from-to)621-638
Number of pages18
JournalIEEE Internet of Things Journal
Volume7
Issue number1
DOIs
Publication statusPublished - Jan 2020
Externally publishedYes

Keywords

  • Device-to-device communication
  • Internet of Things (IoT)
  • key agreement protocol
  • secure communications

Fingerprint

Dive into the research topics of 'LiKe: Lightweight Certificateless Key Agreement for Secure IoT Communications'. Together they form a unique fingerprint.

Cite this