Nothing Special   »   [go: up one dir, main page]
Skip to main content

Advertisement

Springer Nature Link
Log in

Implicit Lightweight Proxy Based Key Agreement for the Internet of Things (ILPKA)

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Due to the heterogeneity of devices available in the Internet of Things and the limitations of the resources connected to it, simplifying and lightening the algorithms used in the Internet of Things is an interesting area of study for researchers. One of the critical areas in the Internet of Things is the secret key establishment in communicating parties to make secure communication. The importance of communication security, on the one hand, and the need to create lightweight algorithms in the Internet of Things, on the other hand, have created an additional incentive to establish a lightweight key agreement protocol. Therefore, we present a lightweight method for key agreement in this article, while specifying the requirements of an appropriate key agreement protocol. To reduce the communication overhead, we implicitly perform operations of establishing the agreed key by sending a message. The results of analyzing the proposed method show a relative decrease compared to other methods concerning the number of main operations. Furthermore, the evaluation of the proposed method using formal tools indicates the success of establishing the agreed key, authentication of the communication parties, and also resistance to the relevant attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Data Availability

Enquiries about data availability should be directed to the authors.

References

  1. Gupta, R., Tanwar, S., Tyagi, S., & Kumar, N. (2019). Tactile internet and its applications in 5g era: A comprehensive review. International Journal of Communication Systems, 32(14), e3981. https://doi.org/10.1002/dac.3981

    Article  Google Scholar 

  2. Sharma, S. K., Woungang, I., Anpalagan, A., & Chatzinotas, S. (2020). Toward tactile internet in beyond 5g era: Recent advances, current issues, and future directions. IEEE Access, 8, 56948–56991. https://doi.org/10.1109/access.2020.2980369

    Article  Google Scholar 

  3. Maqsood, F., Ahmed, M., Mumtaz, M. & Ali, M. Cryptography: A comparative analysis for modern techniques. International Journal of Advanced Computer Science and Applications 8(6) ( 2017). https://doi.org/10.14569/ijacsa.2017.080659

  4. Wazid, M., Das, A. K., K, V. B. & Vasilakos, A. V. LAM-CIoT: Lightweight authentication mechanism in cloud-based IoT environment. Journal of Network and Computer Applications, 150, 102496 (2020). https://doi.org/10.1016/j.jnca.2019.102496.

  5. Nguyen, K. T., Laurent, M., & Oualha, N. (2015). Survey on secure communication protocols for the internet of things. Ad Hoc Networks, 32, 17–31. https://doi.org/10.1016/j.adhoc.2015.01.006

    Article  Google Scholar 

  6. Braeken, A., Liyanage, M., & Jurcut, A. D. (2019). Anonymous lightweight proxy based key agreement for IoT (ALPKA). Wireless Personal Communications, 106(2), 345–364. https://doi.org/10.1007/s11277-019-06165-9

    Article  Google Scholar 

  7. Srinivas, J., Das, A. K., Wazid, M., & Kumar, N. (2020). Anonymous lightweight chaotic map-based authenticated key agreement protocol for industrial internet of things. IEEE Transactions on Dependable and Secure Computing, 17(6), 1133–1146. https://doi.org/10.1109/tdsc.2018.2857811

    Article  Google Scholar 

  8. Braeken, A. (2015). Efficient anonym smart card based authentication scheme for multi-server architecture. International Journal of Smart Home, 9(9), 177–184. https://doi.org/10.14257/ijsh.2015.9.9.19

    Article  Google Scholar 

  9. Kumar, A. (2012). Survey and taxonomy of key management protocols for wired and wireless networks. International Journal of Network Security and Its Applications, 4(3), 21–40. https://doi.org/10.5121/ijnsa.2012.4302

    Article  Google Scholar 

  10. Chen, C.-M., Xiang, B., Wu, T.-Y., & Wang, K.-H. (2018). An anonymous mutual authenticated key agreement scheme for wearable sensors in wireless body area networks. Applied Sciences, 8(7), 1074. https://doi.org/10.3390/app8071074

    Article  Google Scholar 

  11. Mo, J., & Chen, H. (2019). A lightweight secure user authentication and key agreement protocol for wireless sensor networks. Security and Communication Networks, 2019, 1–17. https://doi.org/10.1155/2019/2136506

    Article  Google Scholar 

  12. Santos-González, I., Rivero-García, A., Burmester, M., Munilla, J., & Caballero-Gil, P. (2020). Secure lightweight password authenticated key exchange for heterogeneous wireless sensor networks. Information Systems, 88, 101423. https://doi.org/10.1016/j.is.2019.101423

    Article  Google Scholar 

  13. Nguyen, K. T., Oualha, N. & Laurent, M. in Authenticated key agreement mediated by a proxy re-encryptor for the internet of things 339–358 (Springer International Publishing, 2016). https://doi.org/10.1007/978-3-319-45741-3_18.

  14. Tschofenig, H., Arkko, J., Thaler, D. & McPherson, D. Architectural considerations in smart object networking. Tech. Rep. ( 2015). https://doi.org/10.17487/rfc7452.

  15. Green, M., & Ateniese, G. (2007). In Identity-based proxy re-encryption, pp. 288–306 Springer, Berlin Heidelberg. https://doi.org/10.1007/978-3-540-72738-5_19

  16. Nikooghadam, M., Jahantigh, R., & Arshad, H. (2016). A lightweight authentication and key agreement protocol preserving user anonymity. Multimedia Tools and Applications, 76(11), 13401–13423. https://doi.org/10.1007/s11042-016-3704-8

    Article  Google Scholar 

  17. Roustaei, R., Javadi, H. H. S. & Reshadi, M. Providing multi classifications of the keyagreement methods on the internet of things in the different aspects. Wireless Personal Communications, pp. 1–17 (2022). Status:Under review,WIRE-D-21-02415.

  18. Shin, S., & Kwon, T. (2019). A lightweight three-factor authentication and key agreement scheme in wireless sensor networks for smart homes. Sensors, 19(9), 2012. https://doi.org/10.3390/s19092012

    Article  Google Scholar 

  19. Wu, T.-Y., Wang, L., Guo, X., Chen, Y.-C., & Chu, S.-C. (2022). Sakap: Sgx-based authentication key agreement protocol in iot-enabled cloud computing. Sustainability, 14(17), 11054. https://doi.org/10.3390/su141711054

    Article  Google Scholar 

  20. Cui, W., Cheng, R., Wu, K., Su, Y., & Lei, Y. (2021). A certificateless authenticated key agreement scheme for the power iot. Energies, 14(19), 6317. https://doi.org/10.3390/en14196317

    Article  Google Scholar 

  21. Chen, C.-M., Deng, X., Gan, W., Chen, J., & Islam, S. (2021). A secure blockchain-based group key agreement protocol for iot. The Journal of Supercomputing, 77(8), 9046–9068. https://doi.org/10.1007/s11227-020-03561-y

    Article  Google Scholar 

  22. Yu, Y., Hu, L., & Chu, J. (2020). A secure authentication and key agreement scheme for iot-based cloud computing environment. Symmetry, 12(1), 150. https://doi.org/10.3390/sym12010150

    Article  Google Scholar 

  23. Safkhani, M., et al. (2020). Reseap: an ecc-based authentication and key agreement scheme for iot applications. IEEE Access, 8, 200851–200862. https://doi.org/10.1109/ACCESS.2020.3034447

    Article  Google Scholar 

  24. Alzahrani, B. A. (2021). Secure and efficient cloud-based iot authenticated key agreement scheme for e-health wireless sensor networks. Arabian Journal for Science and Engineering, 46(4), 3017–3032. https://doi.org/10.1007/s13369-020-04905-9

    Article  Google Scholar 

  25. Chen, C.-T., Lee, C.-C., & Lin, I.-C. (2020). Efficient and secure three-party mutual authentication key agreement protocol for wsns in iot environments. Plos One, 15(4), e0232277. https://doi.org/10.1371/journal.pone.0232277

    Article  Google Scholar 

  26. Secure multifactor authenticated key agreement scheme for industrial iot. https://doi.org/10.1109/JIOT.2020.3024703.

  27. Thakur, V., et al. (2022). Cryptographically secure privacy-preserving authenticated key agreement protocol for an iot network: A step towards critical infrastructure protection. Peer-to-Peer Networking and Applications, 15(1), 206–220. https://doi.org/10.1007/s12083-021-01236-w

    Article  Google Scholar 

  28. Rana, S., Obaidat, M. S., Mishra, D., Mishra, A., & Rao, Y. S. (2022). Efficient design of an authenticated key agreement protocol for dew-assisted iot systems. The Journal of Supercomputing, 78(3), 3696–3714. https://doi.org/10.1007/s11227-021-04003-z

    Article  Google Scholar 

  29. Braeken, A. (2022). Authenticated key agreement protocols for dew-assisted iot systems. The Journal of Supercomputing, pp. 1–21.

  30. Rostampour, S., et al. (2022). An authentication protocol for next generation of constrained iot systems. IEEE Internet of Things Journal. https://doi.org/10.1109/JIOT.2022.3184293

    Article  Google Scholar 

  31. Jr., M. A. S., Silva, M. V., Alves, R. C. & Shibata, T. K. Lightweight and escrow-less authenticated key agreement for the internet of things. Computer Communications, 98, 43–51 ( 2017). https://doi.org/10.1016/j.comcom.2016.05.002.

  32. Abdalla, M., Fouque, P.-A., & Pointcheval, D. (2005). Password-based authenticated key exchange in the three-party setting, pp. 65–84, Springer, Berlin Heidelberg. https://doi.org/10.1007/978-3-540-30580-4_6

  33. Zhang, Y., Luo, M., Choo, K.-K.R., & He, D. (2018). A general architecture for multiserver authentication key agreement with provable security. Security and Communication Networks, 2018, 1–9. https://doi.org/10.1155/2018/2462901

    Article  Google Scholar 

  34. Forsberg, D. Use cases of implicit authentication and key establishment with sender and receiver ID binding ( IEEE, 2007). https://doi.org/10.1109/wowmom.2007.4351769.

  35. Diffie, W., Oorschot, P. C. V., & Wiener, M. J. (1992). Authentication and authenticated key exchanges. Designs, Codes and Cryptography, 2(2), 107–125. https://doi.org/10.1007/bf00124891

    Article  MathSciNet  Google Scholar 

  36. Chen, L., & Kudla, C. (2003). Identity based authenticated key agreement protocols from pairings ( IEEE Comput. Soc. https://doi.org/10.1109/csfw.2003.1212715

    Article  Google Scholar 

  37. Law, L., Menezes, A., Qu, M., Solinas, J., & Vanstone, S. (2003). Designs. Codes and Cryptography, 28(2), 119–134. https://doi.org/10.1023/a:1022595222606

    Article  MathSciNet  Google Scholar 

  38. Dutta, R. & Barua, R. (2005). Overview of key agreement protocols. IACR Cryptol. ePrint Arch. 289. https://eprint.iacr.org/2005/289.pdf.

  39. Itkis, G. Forward security, adaptive cryptography: Time evolution (2004). http://www.cs.bu.edu/~itkis/pap/forward-secure-survey.pdf.

  40. Alzaid, H., Park, D., Nieto, J. G., Boyd, C. & Foo, E. in A forward & backward secure key management in wireless sensor networks for PCS/SCADA, pp. 41–60 ( IGI Global, 2011). https://doi.org/10.4018/978-1-60960-027-3.ch003.

  41. Rouse, M. (2018). Perfect forward secrecy. https://whatis.techtarget.com/definition/perfect-forward-secrecy.

  42. Jurcut, A. D., Coffey, T., & Dojen, R. (2014). Design guidelines for security protocols to prevent replay and parallel session attacks. Computers and Security, 45, 255–273. https://doi.org/10.1016/j.cose.2014.05.010

    Article  Google Scholar 

  43. Bin-Rabiah, A., Ramakrishnan, K. K., Liri, E. & Kar, K. (2018). A lightweight authentication and key exchange protocol for IoT (Internet Society, 2018). https://doi.org/10.14722/diss.2018.23004.

  44. Kilinc, H. H., & Yanik, T. (2014). A survey of sip authentication and key agreement schemes. IEEE Communications Surveys and Tutorials, 16(2), 1005–1023. https://doi.org/10.1109/SURV.2013.091513.00050

    Article  Google Scholar 

  45. Dojen, C. T., & R. A novel approach to the automation of logic-based security protocol verification. (2004). www.wseas.us/e-library/conferences/crete2004/papers/476-178.pdf. In: Paper presented at the WSEAS Transactions on Information Science and Applications, 1, 1243–1247.

  46. Jurcut, A. D., Coffey, T., & Dojen, R. (2013). Establishing and fixing security protocols weaknesses using a logic-based verification tool. Journal of Communications, 8(11), 795–805. https://doi.org/10.12720/jcm.8.11.795-805

    Article  Google Scholar 

  47. Jurcut, A. D. (2018). Automated logic-based technique for formal verification of security protocols. Journal of Advances in Computer Networks, pp. 77–85. https://doi.org/10.18178/jacn.2018.6.2.258.

  48. Jurcut, A. D., Coffey, T. & Dojen, R. (2014). In: On the prevention and detection of replay attacks using a logic-based verification tool, pp. 128–137 ( Springer International Publishing, 2014). https://doi.org/10.1007/978-3-319-07941-7_13.

  49. Modiri, V., Javadi, H. H. S., & Anzani, M. (2017). A novel scalable key pre-distribution scheme for wireless sensor networks based on residual design. Wireless Personal Communications, 96(2), 2821–2841. https://doi.org/10.1007/s11277-017-4326-9

Download references

Funding

The authors have no relevant financial or non-financial interests to disclose.

Author information

Author notes

  1. Rasoul Roustaei and Midia Reshadi have contributed equally to this work.

Authors and Affiliations

  1. Department of Computer Engineering, Science and Research Branch, Islamic Azad University, Tehran, Iran

    Rasoul Roustaei & Midia Reshadi

  2. Department of Computer Engineering, Shahed University, Tehran, Iran

    Hamid Haj Seyyed Javadi

Authors
  1. Rasoul Roustaei
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hamid Haj Seyyed Javadi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Midia Reshadi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hamid Haj Seyyed Javadi.

Ethics declarations

Conflict of interest

The authors have no conflicts of interest to declare that are relevant to the content of this article. No funds, grants, or other support was received.

Informed Consent

All authors consented to participate and for publication of the article.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendix A: The Implementation of the Proposed and Basic Algorithms

Appendix A: The Implementation of the Proposed and Basic Algorithms

In this section we present implementation of proposed and basic algorithms. this appendix contains supplementary information that may be helpful in providing a more comprehensive understanding of the research problem.these implementations formally verify the correctness of our proposed scheme by formally analyse the security goals of the scheme.

1.1 A.1: Basic Algorithm(ALPKA)

The ALPKA protocol [6] is a lightweight key agreement approach proposed in 2019 by Braeken et al. A formalized protocol consists of three components:

  1. 1.

    Initial assumptions (conditions that hold before the protocol starts);

  2. 2.

    Protocol steps (the messages exchanged between the principals);

  3. 3.

    Protocol goals (conditions that are expected to hold if the protocol terminates successfully).

1.1.1 A.1.1: Protocol Assumptions

$$\begin{aligned}{} & {} Express TTP possessions at time t0 \\{} & {} \quad Nx,Ny,Nz \end{aligned}$$
  1. A1:

    TTP possess at [0] Nx;

  2. A2:

    TTP know at [0] NOT (Zero possess at [0] Nx);

  3. A3:

    TTP possess at [0] Ny;

  4. A4:

    TTP know at [0] NOT (Zero possess at [0] Ny);

  5. A5:

    TTP possess at [0] Nz;

  6. A6:

    TTP know at [0] NOT (Zero possess at [0] Nz);

    $$\begin{aligned} Ai = H(Ui,Ny), Bi = H(Nz,Ny) XOR H(Ui,Ny), H(Nx) \end{aligned}$$
  7. A7:

    TTP possess at [0] H(Ui,Ny);

  8. A8:

    TTP know at [0] Ui possess at [0] H(H(Ui,Ny));

  9. A9:

    TTP possess at [0] XOR(H(Nz,Ny), H(Ui,Ny));

  10. A10:

    TTP know at [0] Ui possess at [0] XOR(H(Nz,Ny), H(Ui,Ny));

    $$\begin{aligned} si = H(H(Ui,Ny),Nz) \end{aligned}$$
  11. A11:

    TTP possess at [0] H(H(Ui,Ny),Nz);

  12. A12:

    TTP know at [0] Ui possess at [0] H(H(Ui,Ny),Nz);

    $$\begin{aligned} Aj = H(Uj,Ny), Bj = H(Nz,Ny) XOR H(Uj,Ny),H(Nx) \end{aligned}$$
  13. A13:

    TTP possess at [0] H(Uj,Ny);

  14. A14:

    TTP know at [0] Uj possess at [0] H(H(Uj,Ny));

  15. A15:

    TTP possess at [0] XOR(H(Nz,Ny), H(Uj,Ny));

  16. A16:

    TTP know at [0] Uj possess at [0] XOR(H(Nz,Ny), H(Uj,Ny));

    $$\begin{aligned} si = H(H(Uj,Ny),Nz) \end{aligned}$$
  17. A17:

    TTP possess at [0] H(H(Uj,Ny),Nz);

  18. A18:

    TTP know at [0] Uj possess at [0] H(H(Uj,Ny),Nz);

    $$\begin{aligned}{} & {} Express\; Ui\; possessions \;at \;time\; t0 \\{} & {} \quad Bi= XOR(H(Nz,Ny), \;H(Ui,Ny)), \;H(Ai)= H(H(Ui,Ny)),\; si= \\{} & {} \quad H(H(Ui,Ny),Nz); \end{aligned}$$
  19. A19:

    Ui possess at [0] Uj;

  20. A20:

    Ui possess at [0] Sk;

  21. A21:

    Ui possess at [0] XOR(H(Nz,Ny), H(Ui,Ny));

  22. A22:

    Ui possess at [0] H(H(Ui,Ny));

  23. A23:

    Ui possess at [0] H(H(Ui,Ny),Nz);

  24. A24:

    Ui possess at [0] H(Nx);

  25. A25:

    Ui possess at [0] Nt;

  26. A26:

    Ui know at [0] NOT (ZERO possess at [0] Nt);

    $$\begin{aligned}{} & {} Express \;Uj \;possessions \;at\; time \;t0 \\{} & {} \quad Bj= XOR(H(Nz,Ny), H(Uj,Ny)), \; H(Aj)= H(H(Uj,Ny)),\; sj= H(H(Uj,Ny),Ny); \end{aligned}$$
  27. A27:

    Uj possess at [0] Ui;

  28. A28:

    Uj possess at [0] Sk;

  29. A29:

    Uj possess at [0] XOR(H(Nz,Ny), H(Uj,Ny));

  30. A30:

    Uj possess at [0] XOR(H(Nz,Ny), H(Ui,Ny));

  31. A31:

    Uj possess at [0] H(H(Uj,Ny));

  32. A32:

    Uj possess at [0] H(H(Uj,Ny),Nz);

  33. A33:

    Uj possess at [0] H(Nx);

  34. A34:

    Uj possess at [0] H(H(H(Uj,Ny),Ny), XOR(H(Nz,Ny), H(Ui,Ny)));

    $$\begin{aligned} Express \;Sk \;possessions \;at \;time \;t0 \end{aligned}$$
  35. A35:

    Sk possess at [0] H(Nz,Ny);

  36. A36:

    Sk possess at [0] H(Sk,H(Nx));

  37. A37:

    Sk know at[0] ( Sk receive at [1] XOR(XOR(H(Nz,Ny), H(Ui,Ny)), H(H(Sk,H(Nx)), H(XOR(H(Nz,Ny), H(Ui,Ny)),NtH(H(H(Ui,Ny),Nz),XOR(H(Nz,Ny), H(Uj,Ny)))))) IMPLY Ui send at [1] XOR(XOR(H(Nz,Ny), H(Ui,Ny)), H(H(Sk,H(Nx)), H(XOR(H(Nz,Ny), H(Ui,Ny)),NtH(H(H(Ui,Ny),Nz),XOR(H(Nz,Ny), H(Uj,Ny)))))));

  38. A38:

    Uj know at [0] (Uj receive at[2] XOR(H(XOR(H(Nz,Ny), H(Uj,Ny)), NtH(H(H(Uj,Ny),Ny),XOR(H(Nz,Ny), H(Ui,Ny)))), XOR(H(Nz,Ny), H(Ui,Ny))) IMPLY Sk send at[2] XOR(H(XOR(H(Nz,Ny), H(Uj,Ny)), NtH(H(H(Uj,Ny),Ny),XOR(H(Nz,Ny), H(Ui,Ny)))), XOR(H(Nz,Ny), H(Ui,Ny))));

  39. A39:

    Uj know at[0] ( Uj receive at [2] mH(Nt) IMPLY Ui send at [1] mH(Nt));

1.1.2 A.1.2: Protocol Steps

$$\begin{aligned} Step 1: C1, C2, C3, CIDi, C \end{aligned}$$
  1. S1:

    Sk receive at [1] XOR(H(Sk,H(Nx)),H(XOR(H(Nz,Ny), H(Ui,Ny)),NtH(H(H(Ui,Ny),Nz),XOR(H(Nz,Ny), H(Uj,Ny)))));

  2. S1:

    Sk receive at [1] XOR(H(H(H(Ui,Ny)),XOR(H(Sk,H(Nx)),H(XOR(H(Nz,Ny), H(Ui,Ny)),NtH(H(H(Ui,Ny),Nz),XOR(H(Nz,Ny), H(Uj,Ny)))))),NtH(H(H(Ui,Ny),Nz),XOR(H(Nz,Ny), H(Uj,Ny))));

  3. S1:

    Sk receive at [1] XOR(H(XOR(H(Sk,H(Nx)),H(XOR(H(Nz,Ny), H(Ui,Ny)),NtH(H(H(Ui,Ny),Nz),XOR(H(Nz,Ny), H(Uj,Ny))))), H(H(Ui,Ny))),XOR(H(Nz,Ny), H(Uj,Ny)));

  4. S1:

    Sk receive at [1] XOR(XOR(H(Nz,Ny), H(Ui,Ny)), H(H(Sk,H(Nx)), H(XOR(H(Nz,Ny), H(Ui,Ny)),NtH(H(H(Ui,Ny),Nz),XOR(H(Nz,Ny), H(Uj,Ny))))));

  5. S1:

    Sk receive at [1] mH(Nt);

    $$\begin{aligned} Step 2: C4, C5, C \end{aligned}$$
  6. S2:

    Uj receive at [2] XOR(H(H(H(Uj,Ny)), mH(Nt)),NtH(H(H(Uj,Ny),Ny),XOR(H(Nz,Ny), H(Ui,Ny))));

  7. S2:

    Uj receive at [2] XOR(H(XOR(H(Nz,Ny), H(Uj,Ny)), NtH(H(H(Uj,Ny),Ny),XOR(H(Nz,Ny), H(Ui,Ny)))), XOR(H(Nz,Ny), H(Ui,Ny)));

  8. S2:

    Uj receive at [2] mH(Nt);

1.1.3 Protocol Goals

$$\begin{aligned}{} & {} Verify \;if \;the \;establishment \;of\; the \;session\; keys\; is \;done \\{} & {} \quad correctly\; (i.e. \;secrecy\; of\; the \;keys \;components \;and \;their\; possessions \\{} & {} \quad by\; the \;legitimate\; users \end{aligned}$$
  1. G1:

    Sk possess at [1] H(XOR(H(Nz,Ny), H(Ui,Ny)),NtH(H(H(Ui,Ny),Nz),XOR(H(Nz,Ny), H(Uj,Ny))));

  2. G2:

    Sk possess at [1] XOR(H(Nz,Ny), H(Ui,Ny));

  3. G3:

    Sk possess at [1] H(Ui,Ny);

  4. G4:

    Sk possess at [1] H(H(H(Ui,Ny)),XOR(H(Sk,H(Nx)),H(XOR(H(Nz,Ny),H(Ui,Ny)),NtH(H(H(Ui,Ny),Nz),XOR(H(Nz,Ny), H(Uj,Ny))))));

  5. G5:

    Sk possess at [1] NtH(H(H(Ui,Ny),Nz),XOR(H(Nz,Ny), H(Uj,Ny)));

  6. G6:

    Uj possess at [2] H(H(H(Uj,Ny)), mH(Nt));

  7. G7:

    Uj possess at [2] NtH(H(H(Uj,Ny),Nz),XOR(H(Nz,Ny), H(Ui,Ny)));

  8. G8:

    Uj possess at [2] H(XOR(H(Nz,Ny), H(Uj,Ny)), NtH(H(H(Uj,Ny),Nz),XOR(H(Nz,Ny), H(Ui,Ny))));

  9. G9:

    Uj possess at [2] H(H(H(Uj,Ny),Nz),XOR(H(Nz,Ny), H(Ui,Ny)));

  10. G10:

    Uj possess at [2] Nt;

  11. G11:

    Uj possess at [2] m;

    $$\begin{aligned}{} & {} authentication \;of \;users \\{} & {} \quad Sk \;authenticate\; Ui \end{aligned}$$
  12. G12:

    Sk know at [1] Ui send at [1] XOR(XOR(H(Nz,Ny), H(Ui,Ny)), H(H(Sk,H(Nx)), H(XOR(H(Nz,Ny), H(Ui,Ny)),NtH(H(H(Ui,Ny),Nz),XOR(H(Nz,Ny), H(Uj,Ny))))));

  13. G13:

    Uj know at [2] Sk send at [2] XOR(H(XOR(H(Nz,Ny), H(Uj,Ny)), NtH(H(H(Uj,Ny),Nz),XOR(H(Nz,Ny), H(Ui,Ny)))), XOR(H(Nz,Ny), H(Ui,Ny))); Uj authenticate Ui

  14. G14:

    Uj know at [2] Ui send at [1] mH(Nt);

  15. G15:

    AttackDetection;

1.2 A.2: The Implementation of Proposed Algorithm

The ILPKA protocol is a implicit lightweight proxy based key agreement for the Internet of Things. A formalized protocol consists of three components:

  1. 1.

    Initial assumptions (conditions that hold before the protocol starts);

  2. 2.

    Protocol steps (the messages exchanged between the principals);

  3. 3.

    Protocol goals (conditions that are expected to hold if the protocol terminates successfully).

1.2.1 A.2.1: Protocol Assumptions

$$\begin{aligned}{} & {} Express TTP(KDC) possessions at time t0 \\{} & {} \quad (Nx,Ny,Nz,rij,Ai,Bi,si,Aj,Bj,sj) \\ \end{aligned}$$
  1. A1:

    TTP possess at [0] Nx;

  2. A2:

    TTP know at [0] NOT (Zero possess at [0] Nx);

  3. A3:

    TTP possess at [0] Ny;

  4. A4:

    TTP know at [0] NOT (Zero possess at [0] Ny);

  5. A5:

    TTP possess at [0] Nz;

  6. A6:

    TTP know at [0] NOT (Zero possess at [0] Nz);

  7. A7:

    TTP possess at [0] XOR(H(H(H(Ui,Ny),Nz), XOR(H(Nz,Ny), H(Uj,Ny))),H(H(H(Uj,Ny),Nz), XOR(H(Nz,Ny), H(Ui,Ny))));

  8. A8:

    TTP know at [0] Sk possess at [1] XOR(H(H(H(Ui,Ny),Nz), XOR(H(Nz,Ny), H(Uj,Ny))),H(H(H(Uj,Ny),Nz), XOR(H(Nz,Ny), H(Ui,Ny))));

    $$\begin{aligned}{} & {} Components Produced by KDC for each Entity \\{} & {} \quad Ai = H(Ui,Ny), Bi = H(Nz,Ny) XOR H(Ui,Ny),H(Nx),si = H(H(U,Ny),Nz) \end{aligned}$$
  9. A9:

    TTP possess at [0] H(Ui,Ny);

  10. A10:

    TTP know at [0] Ui possess at [0] H(H(Ui,Ny));

  11. A11:

    TTP possess at [0] XOR(H(Nz,Ny), H(Ui,Ny));

  12. A12:

    TTP know at [0] Ui possess at [0] XOR(H(Nz,Ny), H(Ui,Ny));

  13. A13:

    TTP possess at [0] H(Nx);

  14. A14:

    TTP know at [0] Ui possess at [0] H(Nx);

  15. A15:

    TTP possess at [0] H(H(Ui,Ny),Nz);

  16. A16:

    TTP know at [0] Ui possess at [0] H(H(Ui,Ny),Nz);

    $$\begin{aligned} Aj = H(Uj,Ny), Bj = H(Nz,Ny) XOR H(Uj,Ny),H(Nx),sj = H(H(Uj,Ny),Nz) \end{aligned}$$
  17. A17:

    TTP possess at [0] H(Uj,Ny);

  18. A18:

    TTP know at [0] Uj possess at [0] H(H(Uj,Ny));

  19. A19:

    TTP possess at [0] XOR(H(Nz,Ny), H(Uj,Ny));

  20. A20:

    TTP know at [0] Uj possess at [0] XOR(H(Nz,Ny), H(Uj,Ny));

  21. A21:

    TTP know at [0] Uj possess at [0] H(Nx);

  22. A22:

    TTP possess at [0] H(H(Uj,Ny),Nz);

  23. A23:

    TTP know at [0] Uj possess at [0] H(H(Uj,Ny),Nz);

    $$\begin{aligned}{} & {} Express Ui possessions at time t0 \\{} & {} \quad Bi= XOR(H(Nz,Ny),H(Ui,Ny)), Bj,Sk H(Ai)= H(H(Ui,Ny)), si= H(H(Ui,Ny),Nz) \end{aligned}$$
  24. A24:

    Ui possess at [0] Sk;

  25. A25:

    Ui possess at [0] XOR(H(Nz,Ny), H(Ui,Ny));

  26. A26:

    Ui possess at [0] H(H(Ui,Ny));

  27. A27:

    Ui possess at [0] H(H(Ui,Ny),Nz);

  28. A28:

    Ui possess at [0] XOR(H(Nz,Ny), H(Uj,Ny));

  29. A29:

    Ui possess at [0] H(Nx);

  30. A30:

    Ui know at [0] TTP possess at [0] H(Nx);

  31. A31:

    Ui possess at [0] Nt;

  32. A32:

    Ui know at [0] NOT (ZERO possess at [0] Nt);

  33. A33:

    Ui know at [0] Uj possess at [0] XOR(H(Nz,Ny), H(Ui,Ny));

  34. A34:

    Ui know at [0] Uj possess at [0] XOR(H(Nz,Ny), H(Uj,Ny));

  35. A35:

    Ui know at [0] Uj possess at [0] Sk;

  36. A36:

    Ui know at [0] Sk possess at [0] XOR(H(Nz,Ny), H(Ui,Ny));

  37. A37:

    Ui know at [0] Sk possess at [0] H(Sk,H(Nx));

  38. A38:

    Ui know at [0] Sk possess at [0] H(H(Ui,Ny));

    $$\begin{aligned}{} & {} Express Uj possessions at time t0 \\{} & {} \quad Bj= XOR(H(Nz,Ny), H(Uj,Ny)), H(Aj)= H(H(Uj,Ny)), sj= H(H(Uj,Ny),Nz); \end{aligned}$$
  39. A39:

    Uj possess at [0] Sk;

  40. A40:

    Uj possess at [0] XOR(H(Nz,Ny), H(Uj,Ny));

  41. A41:

    Uj possess at [0] H(H(Uj,Ny));

  42. A42:

    Uj possess at [0] H(H(Uj,Ny),Nz);

  43. A43:

    Uj possess at [0] H(Nx);

  44. A44:

    Uj know at [0] TTP possess at [0] H(Nx);

  45. A45:

    Uj know at [0] Ui possess at [0] XOR(H(Nz,Ny), H(Ui,Ny));

  46. A46:

    Uj know at [0] Ui possess at [0] XOR(H(Nz,Ny), H(Uj,Ny));

  47. A47:

    Uj know at [0] Ui possess at [0] Sk;

  48. A48:

    Uj know at [0] Sk possess at [0] XOR(H(Nz,Ny), H(Uj,Ny));

  49. A49:

    Uj know at [0] Sk possess at [0] H(Sk,H(Nx));

  50. A50:

    Uj know at [0] Sk possess at [0] H(H(Uj,Ny));

    $$\begin{aligned} Express Sk(Proxy) possessions at time t0 \end{aligned}$$
  51. A51:

    Sk possess at [0] H(Sk,H(Nx));

  52. A52:

    Sk possess at [0] H(Nz,Ny);

  53. A53:

    Sk possess at [1] XOR(H(H(H(Ui,Ny),Nz), XOR(H(Nz,Ny), H(Uj,Ny))),H(H(H(Uj,Ny),Nz), XOR(H(Nz,Ny), H(Ui,Ny))));

  54. A54:

    Sk know at [0] Ui possess at [0] H(Sk,H(Nx));

  55. A55:

    Sk know at [0] Uj possess at [0] H(Sk,H(Nx));

  56. A56:

    Sk know at [0] Ui possess at [0] H(Ui,Ny);

  57. A57:

    Sk know at [0] Uj possess at [0] H(Uj,Ny);

  58. A58:

    Sk know at [0] Ui possess at [0] H(H(Ui,Ny));

  59. A59:

    Sk know at [0] Uj possess at [0] H(H(Uj,Ny));

1.2.2 A.2.2 Protocol Steps

$$\begin{aligned} Step 1:Ui SEND (M1, M2, M3, M4, M5) to Proxy \end{aligned}$$
  1. S1:

    Sk receivefrom Ui at [1] XOR(XOR(H(Nz,Ny), H(Ui,Ny)), H(Sk,H(Nx)));

  2. S1:

    Sk receivefrom Ui at [1] XOR(XOR(Nt, H(H(H(Ui,Ny),Nz), XOR(H(Nz,Ny), H(Uj,Ny)))), H(H(Sk,H(Nx)),H(H(Ui,Ny))));

  3. S1:

    Sk receivefrom Ui at [1] H(XOR(H(Nz,Ny), H(Ui,Ny)),H(H(Ui,Ny)));

  4. S1:

    Sk receivefrom Ui at [1] XOR(XOR(H(Nz,Ny), H(Uj,Ny)), H(XOR(Nt, H(H(H(Ui,Ny),Nz), XOR(H(Nz,Ny), H(Uj,Ny)))),H(H(Ui,Ny))));

  5. S1:

    Sk receivefrom Ui at [1]mH(Nt);

    $$\begin{aligned} Step 2:Proxy SEND(M'1, M'2, M'3) to Uj \end{aligned}$$
  6. S2:

    Uj receivefrom Sk at [2] XOR(H(H(Uj,Ny)), XOR(Nt,H(H(H(Uj,Ny),Nz), XOR(H(Nz,Ny), H(Ui,Ny)))));

  7. S2:

    Uj receivefrom Sk at [2] XOR(H(H(H(Uj,Ny)), XOR(Nt,H(H(H(Uj,Ny),Nz), XOR(H(Nz,Ny), H(Ui,Ny))))), XOR(H(Nz,Ny), H(Ui,Ny)));

  8. S2:

    Uj receivefrom Sk at [2] mH(Nt);

1.2.3 A.2.3: Protocol Goals

$$\begin{aligned}{} & {} Verify if the establishment of the session keys is done \\{} & {} \quad correctly (i.e. secrecy of the keys components and their possessions \\{} & {} \quad by the legitimate users \end{aligned}$$
  1. G1:

    Sk possess at [1] H(H(Sk,H(Nx)), H(H(Ui,Ny)));

  2. G2:

    Sk possess at [1] XOR(H(Nz,Ny),H(Ui,Ny));

  3. G3:

    Sk possess at [1] H(H(Ui,Ny));

  4. G4:

    Sk possess at [1] XOR(Nt, H(H(H(Ui,Ny),Nz), XOR(H(Nz,Ny),H(Uj,Ny))));

  5. G5:

    Sk possess at [1] XOR(H(Nz,Ny),H(Uj,Ny));

  6. G6:

    Sk possess at [1] H(Uj,Ny);

  7. G7:

    Uj possess at [2] XOR(H(Nz,Ny), H(Ui,Ny));

  8. G8:

    Uj possess at [2] XOR(Nt,H(H(H(Uj,Ny),Nz), XOR(H(Nz,Ny), H(Ui,Ny))));

  9. G9:

    Uj possess at [2] H(H(Uj,Ny),Nz);

  10. G10:

    Uj possess at [2] (H(H(Uj,Ny),Nz), XOR(H(Nz,Ny), H(Ui,Ny)));

  11. G11:

    Uj possess at [2] H(H(H(Uj,Ny),Nz), XOR(H(Nz,Ny), H(Ui,Ny)));

  12. G12:

    Uj possess at [2] Nt;

  13. G13:

    Uj possess at [2] m;

  14. G14:

    Uj know at [2] Uj receivefrom Sk at [2] mH(Nt);

  15. G15:

    Sk know at [1] Sk receivefrom Ui at [1] mH(Nt);

  16. G16:

    AttackDetection;

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Roustaei, R., Javadi, H.H.S. & Reshadi, M. Implicit Lightweight Proxy Based Key Agreement for the Internet of Things (ILPKA). Wireless Pers Commun 130, 1833–1860 (2023). https://doi.org/10.1007/s11277-023-10360-0

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-023-10360-0

Keywords

Search

Navigation