Logo PTI Logo FedCSIS

Proceedings of the 17th Conference on Computer Science and Intelligence Systems

Annals of Computer Science and Information Systems, Volume 30

Secure Onboarding and Key Management in Federated IoT Environments

, ,

DOI: http://dx.doi.org/10.15439/2022F173

Citation: Proceedings of the 17th Conference on Computer Science and Intelligence Systems, M. Ganzha, L. Maciaszek, M. Paprzycki, D. Ślęzak (eds). ACSIS, Vol. 30, pages 627634 ()

Full text

Abstract. Many high-impact IoT scenarios, such as humanitarian assistance and disaster relief, public safety, and military operations, require the establishment of a secure federated IoT environment. One of the critical challenges in the implementation of federated IoT solutions involves establishing a secure and authenticated key management mechanism. We propose and validate in a laboratory environment a novel federated IoT onboarding and key management solution. Our dl-mOT protocol integrates an efficient identity-based mOT protocol with a distributed ledger in order to establish an anchor of trust between federation members.


  1. F. T. Johnsen, Z. Zieliński, K. Wrona, N. Suri, C. Fuchs, M. Pradhan, J. Furtak, B. Vasilache, V. Pellegrini, M. Dyk, M. Marks, and M. Krzysztoń, “Application of iot in military operations in a smart city,” in 2018 International Conference on Military Communications and Information Systems (ICMCIS), May 2018, pp. 1–8.
  2. E. Okamoto and K. Tanaka, “Key distribution system based on identification information,” IEEE Journal on Selected Areas in Communications, vol. 7, no. 4, pp. 481–485, May 1989.
  3. R. Gennaro, H. Krawczyk, and T. Rabin, “Okamoto-Tanaka revisited: Fully authenticated Diffie-Hellman with minimal overhead,” in Proc. of Applied Cryptography and Network Security (ACNS), vol. 6123 LNCS, 2010, pp. 309–328.
  4. B. Tian, F. Wei, and C. Ma, “mOT+: An efficient and secure identity-based diffie-hellman protocol over RSA group,” in INTRUST 2014: Revised Selected Papers of the 6th International Conference on Trusted Systems, vol. 9473, 2015, pp. 407–421.
  5. K. Kanciak and K. Wrona, “Towards an Auditable Cryptographic Access Control to High-value Sensitive Data,” Int. J. Electron. Telecommun., vol. 66, no. 3, pp. 449–458, 2020.
  6. A. Shamir, “Identity-Based Cryptosystems and Signature Schemes,” in Proc. of the Annual Int. Cryptology Conf. (Crypto), 1984.
  7. A. Kate and I. Goldberg, “Distributed Private-Key Generators for Identity-based Cryptography,” in Int. Conf. Secur. Cryptogr. Networks, 2010.
  8. X. Boyen and B. Waters, “Anonymous hierarchical identity-based encryption (Without random oracles),” in Adv. Cryptol. - CRYPTO, 2006.
  9. D. Boneh and M. Franklin, “Identity-Based Encryption from the Weil Pairing,” SIAM J. Comput., vol. 32, no. 3, pp. 586–615, 2003.
  10. R. Canetti and H. Krawczyk, “Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels,” Cryptology ePrint Archive, Report 2001/040, 2001, available at: https://eprint.iacr.org/2001/040.
  11. I. Damgård, M. Fitzi, E. Kiltz, J. B. Nielsen, and T. Toft, “Unconditionally Secure Constant-Rounds Multi-party Computation for Equality, Comparison, Bits and Exponentiation,” in Theory of Cryptography, S. Halevi and T. Rabin, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2006, pp. 285–304.
  12. C. Ning and Q. Xu, “Constant-rounds, linear multi-party computation for exponentiation and modulo reduction with perfect security,” in Advances in Cryptology – ASIACRYPT 2011, D. H. Lee and X. Wang, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2011, pp. 572–589.
  13. C. Ning and Q. Xu, “Multiparty computation for modulo reduction without bitdecomposition and a generalization to bit-decomposition,” in Advances in Cryptology - ASIACRYPT 2010, M. Abe, Ed. Berlin, Heidelberg: Springer Berlin Heidelberg, 2010, pp. 483–500.
  14. M. Brandenburger, C. Cachin, R. Kapitza, and A. Sorniotti, “Blockchain and Trusted Computing: Problems, Pitfalls, and a Solution for Hyperledger Fabric,” arxiv, 2018. [Online]. Available: http://arxiv.org/abs/1805.08541
  15. I. P. Zarko, S. Mueller, M. Plociennik, T. Rajtar, M. Jacoby, M. Pardi, G. Insolvibile, V. Glykantzis, A. Antonic, M. Kusek, and S. Soursos, “The symbIoTe solution for semantic and syntactic interoperability of cloud-based IoT platforms,” in Global IoT Summit, GIoTS 2019 - Proceedings. Aarhus, Denmark: IEEE, 2019, pp. 1–6.
  16. S. Sciancalepore, G. Piro, D. Caldarola, G. Boggia, and G. Bianchi, “On the Design of a Decentralized and Multiauthority Access Control Scheme in Federated and Cloud-Assisted Cyber-Physical Systems,” IEEE Internet of Things J., vol. 5, no. 6, pp. 5190–5204, 2018.
  17. S. Symington, W. Polk, and M. Souppaya, “Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management,” NIST, Working Paper, 2020.
  18. M. Sethi, B. Sarikaya, and D. Garcia-Carrillo, “Secure IoT Bootstrapping: A Survey,” IETF, Internet Draft, 2020.
  19. M. Vucinic, G. Selander, J. Mattsson, and D. Garcia, “Requirements for a Lightweight AKE for OSCORE,” IETF, Internet Draft, 2020.
  20. F. Palombini, L. Seitz, G. Selander, and M. Gunnarsson, “OSCORE Profile of the Authentication and Authorization for Constrained Environments Framework,” IETF, Internet Draft, 2020.
  21. M. A. Ferrag, M. Derdour, M. Mukherjee, A. Derhab, L. Maglaras, and H. Janicke, “Blockchain technologies for the internet of things: Research issues and challenges,” IEEE Internet of Things Journal, vol. 6, no. 2, pp. 2188–2204, 2019.
  22. M. Wu, K. Wang, X. Cai, S. Guo, M. Guo, and C. Rong, “A Comprehensive Survey of Blockchain: From Theory to IoT Applications and beyond,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8114–8154, 2019.
  23. W. Viriyasitavat, L. D. Xu, Z. Bi, and D. Hoonsopon, “Blockchain Technology for Applications in Internet of Things - Mapping from System Design Perspective,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8155–8168, 2019.
  24. A. Lei, H. Cruickshank, Y. Cao, P. Asuquo, C. P. Ogah, and Z. Sun, “Blockchain-Based Dynamic Key Management for Heterogeneous Intelligent Transportation Systems,” IEEE Internet of Things Journal, vol. 4, no. 6, pp. 1832–1843, 2017.
  25. F. Gandino, R. Ferrero, B. Montrucchio, and M. Rebaudengo, “Fast Hierarchical Key Management Scheme with Transitory Master Key for Wireless Sensor Networks,” IEEE Internet of Things Journal, vol. 3, no. 6, pp. 1334–1345, 2016.
  26. B. Chen and F. M. Willems, “Secret Key Generation over Biased Physical Unclonable Functions with Polar Codes,” IEEE Internet of Things Journal, vol. 6, no. 1, pp. 435–445, 2019.
  27. P. Gope and B. Sikdar, “Lightweight and Privacy-Preserving Two-Factor Authentication Scheme for IoT Devices,” IEEE Internet of Things Journal, vol. 6, no. 1, pp. 580–589, 2019.
  28. NATO STO IST-ET-104, “Physical Unclonable Functions (PUFs) in Military IoT,” NATO STO, Tech. Rep., 2019.
  29. M. Alaslani, F. Nawab, and B. Shihada, “Blockchain in IoT Systems: End-to-End Delay Evaluation,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8332–8344, 2019.
  30. O. Novo, “Blockchain Meets IoT: An Architecture for Scalable Access Management in IoT,” IEEE Internet of Things Journal, vol. 5, no. 2, pp. 1184–1195, 2018.
  31. O. Novo, “Scalable access management in IoT using blockchain: A performance evaluation,” IEEE Internet of Things Journal, vol. 6, no. 3, pp. 4694–4701, 2019.
  32. Y. Zhang, S. Kasahara, Y. Shen, X. Jiang, and J. Wan, “Smart contract-based access control for the Internet of Things,” IEEE Internet of Things Journal, vol. 6, no. 2, pp. 1594–1605, 2019.
  33. G. Fedrecheski, J. Rabaey, L. Costa, P. Ccori, W. Pereira, and M. Zuffo, “Self-Sovereign Identity for IoT environments: A Perspective,” in Global Internet of Things Summit (GIoTS), 2020.
  34. M. Sporny, D. Longley, and D. Chadwick, “Verifiable credentials data model 1.0,” W3C, Tech. Rep., 2019, https://www.w3.org/TR/2019/REC-vc-data-model-20191119/.