Secure Onboarding and Key Management in Federated IoT Environments
Krzysztof Kanciak, Konrad Wrona, Michał Jarosz
Citation: Proceedings of the 17th Conference on Computer Science and Intelligence Systems, M. Ganzha, L. Maciaszek, M. Paprzycki, D. Ślęzak (eds). ACSIS, Vol. 30, pages 627–634 (2022)
Abstract. Many high-impact IoT scenarios, such as humanitarian assistance and disaster relief, public safety, and military operations, require the establishment of a secure federated IoT environment. One of the critical challenges in the implementation of federated IoT solutions involves establishing a secure and authenticated key management mechanism. We propose and validate in a laboratory environment a novel federated IoT onboarding and key management solution. Our dl-mOT protocol integrates an efficient identity-based mOT protocol with a distributed ledger in order to establish an anchor of trust between federation members.
- F. T. Johnsen, Z. Zieliński, K. Wrona, N. Suri, C. Fuchs, M. Pradhan, J. Furtak, B. Vasilache, V. Pellegrini, M. Dyk, M. Marks, and M. Krzysztoń, “Application of iot in military operations in a smart city,” in 2018 International Conference on Military Communications and Information Systems (ICMCIS), May 2018, pp. 1–8.
- E. Okamoto and K. Tanaka, “Key distribution system based on identification information,” IEEE Journal on Selected Areas in Communications, vol. 7, no. 4, pp. 481–485, May 1989.
- R. Gennaro, H. Krawczyk, and T. Rabin, “Okamoto-Tanaka revisited: Fully authenticated Diffie-Hellman with minimal overhead,” in Proc. of Applied Cryptography and Network Security (ACNS), vol. 6123 LNCS, 2010, pp. 309–328.
- B. Tian, F. Wei, and C. Ma, “mOT+: An efficient and secure identity-based diffie-hellman protocol over RSA group,” in INTRUST 2014: Revised Selected Papers of the 6th International Conference on Trusted Systems, vol. 9473, 2015, pp. 407–421.
- K. Kanciak and K. Wrona, “Towards an Auditable Cryptographic Access Control to High-value Sensitive Data,” Int. J. Electron. Telecommun., vol. 66, no. 3, pp. 449–458, 2020.
- A. Shamir, “Identity-Based Cryptosystems and Signature Schemes,” in Proc. of the Annual Int. Cryptology Conf. (Crypto), 1984.
- A. Kate and I. Goldberg, “Distributed Private-Key Generators for Identity-based Cryptography,” in Int. Conf. Secur. Cryptogr. Networks, 2010.
- X. Boyen and B. Waters, “Anonymous hierarchical identity-based encryption (Without random oracles),” in Adv. Cryptol. - CRYPTO, 2006.
- D. Boneh and M. Franklin, “Identity-Based Encryption from the Weil Pairing,” SIAM J. Comput., vol. 32, no. 3, pp. 586–615, 2003.
- R. Canetti and H. Krawczyk, “Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels,” Cryptology ePrint Archive, Report 2001/040, 2001, available at: https://eprint.iacr.org/2001/040.
- I. Damgård, M. Fitzi, E. Kiltz, J. B. Nielsen, and T. Toft, “Unconditionally Secure Constant-Rounds Multi-party Computation for Equality, Comparison, Bits and Exponentiation,” in Theory of Cryptography, S. Halevi and T. Rabin, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2006, pp. 285–304.
- C. Ning and Q. Xu, “Constant-rounds, linear multi-party computation for exponentiation and modulo reduction with perfect security,” in Advances in Cryptology – ASIACRYPT 2011, D. H. Lee and X. Wang, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2011, pp. 572–589.
- C. Ning and Q. Xu, “Multiparty computation for modulo reduction without bitdecomposition and a generalization to bit-decomposition,” in Advances in Cryptology - ASIACRYPT 2010, M. Abe, Ed. Berlin, Heidelberg: Springer Berlin Heidelberg, 2010, pp. 483–500.
- M. Brandenburger, C. Cachin, R. Kapitza, and A. Sorniotti, “Blockchain and Trusted Computing: Problems, Pitfalls, and a Solution for Hyperledger Fabric,” arxiv, 2018. [Online]. Available: http://arxiv.org/abs/1805.08541
- I. P. Zarko, S. Mueller, M. Plociennik, T. Rajtar, M. Jacoby, M. Pardi, G. Insolvibile, V. Glykantzis, A. Antonic, M. Kusek, and S. Soursos, “The symbIoTe solution for semantic and syntactic interoperability of cloud-based IoT platforms,” in Global IoT Summit, GIoTS 2019 - Proceedings. Aarhus, Denmark: IEEE, 2019, pp. 1–6.
- S. Sciancalepore, G. Piro, D. Caldarola, G. Boggia, and G. Bianchi, “On the Design of a Decentralized and Multiauthority Access Control Scheme in Federated and Cloud-Assisted Cyber-Physical Systems,” IEEE Internet of Things J., vol. 5, no. 6, pp. 5190–5204, 2018.
- S. Symington, W. Polk, and M. Souppaya, “Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management,” NIST, Working Paper, 2020.
- M. Sethi, B. Sarikaya, and D. Garcia-Carrillo, “Secure IoT Bootstrapping: A Survey,” IETF, Internet Draft, 2020.
- M. Vucinic, G. Selander, J. Mattsson, and D. Garcia, “Requirements for a Lightweight AKE for OSCORE,” IETF, Internet Draft, 2020.
- F. Palombini, L. Seitz, G. Selander, and M. Gunnarsson, “OSCORE Profile of the Authentication and Authorization for Constrained Environments Framework,” IETF, Internet Draft, 2020.
- M. A. Ferrag, M. Derdour, M. Mukherjee, A. Derhab, L. Maglaras, and H. Janicke, “Blockchain technologies for the internet of things: Research issues and challenges,” IEEE Internet of Things Journal, vol. 6, no. 2, pp. 2188–2204, 2019.
- M. Wu, K. Wang, X. Cai, S. Guo, M. Guo, and C. Rong, “A Comprehensive Survey of Blockchain: From Theory to IoT Applications and beyond,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8114–8154, 2019.
- W. Viriyasitavat, L. D. Xu, Z. Bi, and D. Hoonsopon, “Blockchain Technology for Applications in Internet of Things - Mapping from System Design Perspective,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8155–8168, 2019.
- A. Lei, H. Cruickshank, Y. Cao, P. Asuquo, C. P. Ogah, and Z. Sun, “Blockchain-Based Dynamic Key Management for Heterogeneous Intelligent Transportation Systems,” IEEE Internet of Things Journal, vol. 4, no. 6, pp. 1832–1843, 2017.
- F. Gandino, R. Ferrero, B. Montrucchio, and M. Rebaudengo, “Fast Hierarchical Key Management Scheme with Transitory Master Key for Wireless Sensor Networks,” IEEE Internet of Things Journal, vol. 3, no. 6, pp. 1334–1345, 2016.
- B. Chen and F. M. Willems, “Secret Key Generation over Biased Physical Unclonable Functions with Polar Codes,” IEEE Internet of Things Journal, vol. 6, no. 1, pp. 435–445, 2019.
- P. Gope and B. Sikdar, “Lightweight and Privacy-Preserving Two-Factor Authentication Scheme for IoT Devices,” IEEE Internet of Things Journal, vol. 6, no. 1, pp. 580–589, 2019.
- NATO STO IST-ET-104, “Physical Unclonable Functions (PUFs) in Military IoT,” NATO STO, Tech. Rep., 2019.
- M. Alaslani, F. Nawab, and B. Shihada, “Blockchain in IoT Systems: End-to-End Delay Evaluation,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8332–8344, 2019.
- O. Novo, “Blockchain Meets IoT: An Architecture for Scalable Access Management in IoT,” IEEE Internet of Things Journal, vol. 5, no. 2, pp. 1184–1195, 2018.
- O. Novo, “Scalable access management in IoT using blockchain: A performance evaluation,” IEEE Internet of Things Journal, vol. 6, no. 3, pp. 4694–4701, 2019.
- Y. Zhang, S. Kasahara, Y. Shen, X. Jiang, and J. Wan, “Smart contract-based access control for the Internet of Things,” IEEE Internet of Things Journal, vol. 6, no. 2, pp. 1594–1605, 2019.
- G. Fedrecheski, J. Rabaey, L. Costa, P. Ccori, W. Pereira, and M. Zuffo, “Self-Sovereign Identity for IoT environments: A Perspective,” in Global Internet of Things Summit (GIoTS), 2020.
- M. Sporny, D. Longley, and D. Chadwick, “Verifiable credentials data model 1.0,” W3C, Tech. Rep., 2019, https://www.w3.org/TR/2019/REC-vc-data-model-20191119/.