Abstract
Network communications are expanding rapidly in many fields, including telecommunications, the Internet of Things, space, consumer electronics, and the military, with different privacy and security issues at stake in each of these areas. The Internet of Things (IoT) has drawn increased attention from academic and industrial researchers over the last few decades. In this environment, keys are routinely exchanged through a public protocol to support the highly secure IoT domain and thwart security threats from unauthorized parties. The environment for IoT devices is subject to numerous limitations, including those related to processing, memory, and energy. These devices need to pass through a gateway or sink to connect to the network. Additionally, the environment must enable secure communication between gateways and IoT devices, even when the devices are disconnected from the rest of the network. In this paper, a lightweight key exchange protocol for IoT environments is presented, allowing the gateway and the IoT device to communicate over an open channel. Our proposed protocol improves security by utilizing noncommutative structures and polynomials over noncommutative rings. The underlying idea is to use the generalized decomposition problem associated with noncommutative rings. Furthermore, how the suggested protocol can achieve key certification and perfect onward secrecy is addressed. Results show this protocol is a strong candidate for key sharing and secure communication between IoT devices. We put our methodology into practice and the results of our experiments demonstrate enhancement of security levels. Finally, the performance analysis of the suggested protocol is compared with some other protocols, in terms of security, communication, and computing overhead.
1 Introduction
The Internet-of-Things (IoT) is an environment that enables interconnected devices and human beings to communicate and send one another information. The use of the IoT environment is growing and is increasingly prevalent in our lives. Many applications depend on functionalities that use information collected from IoT devices: monitoring patient health records, for example. Sometimes it is necessary to send large amounts of data over open wireless channels, such as heavy videos or large image files. In all these situations, the communication of data must be secured and authenticated.
In the IoT environment, the gateway/sink is the main object through which the rest of the environment’s devices communicate. We thus require secure and authenticated communication between the IoT device and the gateway/sink. However, traditional key exchange protocols cannot be employed for this purpose due to several constraints. These constraints involve dependence on a trusted third party (TTP) and high processing requirements. It is also essential for IoT environments to be capable of operating even in disconnected mode, without access to a TTP.
The authentication and key exchange processes between two entities without a TTP requires a prior shared secret. Additionally, it is important to eradicate the chance of disclosure of that secret in the environment. We therefore look for more than one secret key, each of which is used for a different purpose. The most important requirement for the implementation of a protocol is to have Perfect Forward Secrecy (PFS). PFS is a feature of a key exchange protocol that ensures the secrecy of all previous session communications in the event of any leakage of a long-term private key. This situation can be controlled by using a different key for every session. If the cryptanalyst can somehow extract the session key, that key does not contain any information about further sessions. This is one of the motivations for our proposed key exchange protocol for the IoT environment. The digital certification of IoT devices depicting the authentication is another salient feature of the IoT environment, which our proposal also addresses.
There is a vast literature suggesting various new techniques, as well as case studies of new technologies and solutions (Ko et al., 2000; Sakalauskas and Burba, 2003; Cheikhrouhou et al., 2020; Zhongjun et al., 2022). In 2017, the National Institute of Standards and Technology (NIST) started an evaluation procedure of cryptographic techniques that can resist quantum attacks. Most of today’s cryptosystems currently relying on integer factorization (Rivest et al., 1978) and discrete logarithms (ElGamal, 1985) will become obsolete because of the Shor algorithm (Shor, 1997). Given the quantum threats, there is an increasing trend toward developing new technologies known as quantum key distribution (QKD) (Bennett and Brassard, 1984; Center, 2021; Lizama-P´erez et al., 2021). Seven algorithms have been selected by NIST: four are public key cryptosystems and concern key establishment, and three are related to digital signature algorithms. That is why the active area of research is now noncommutative algebraic cryptography (Anshel et al., 1999; Ko et al., 2000; Paeng et al., 2001; Sakalauskas and Burba, 2003; Inam and Ali, 2016; Kanwal and Ali, 2016). The main focus of this area is to develop and analyze cryptographic protocols over noncommutative structures.
The use of noncommutative structures for public key exchange has been examined by several authors. Here we provide a brief overview of these protocols. In their proposals, Anshel et al. (1999) and Ko et al. (2000) suggested using braid groups as the underlying structure for achieving a good level of security. Thomas and Lal (2008) then proposed a public key cryptographic protocol whose security depends on the discrete log problem (DLP) of the inner automorphism. The main strength of this protocol is the difficulty of finding the conjugate element in a noncommutative group.
The use of a public key cryptographic model was highlighted by Shpilrain and Ushakov (2006), who introduced the difficulty of solving the symmetrical decomposition problem. Thomas and Lal (2008) then proposed a cryptosystem based on the symmetric decomposition problem and conjugacy search problems over a noncommutative structure. For their part, Anjaneyulu and Sanyasirao (2014) generated a common key or group key using the polynomial symmetric decomposition problem. Their proposal was based on the polynomial symmetric decomposition problem over noncommutative division semi-rings.
Furthermore, Meshram et al. (2017) proposed a new IND-CCA2 secure public-key cryptographic protocol. They used the integral coefficient ring polynomial concept with the Suzuki 2-group as the underlying work structure. Odoni et al. (1984) previously discussed the DLP for the ring of matrices. Similarly, the Diffie-Hellman protocol for different matrix rings was presented in Stickel (2005) and Alvarez et al. (2009). In 2004, Stickel (2005) proposed a public key exchange scheme using matrices in a particular subgroup. However, Sramka (2022) highlighted some weaknesses in the scheme, and Shpilrain (2008) provided a cryptanalysis of the scheme, suggesting that it would be more secure to work with a semigroup of all matrices over some finite ring as a platform for the scheme. He also provided a modified method for exchanging a shared secret key. However, Mullan (2012) successfully mounted a linear algebra attack against Shpilrain’s modifications of Stickel’s scheme.
A broad literature is available concerning key exchange protocols for IoT and their weaknesses (Mano et al., 2016; Khan and Salah, 2018; Mutlag et al., 2019; Lizama-Perez and López, 2021). The first public key exchange was proposed by Diffie and Hellman (1976). After that, there followed an extensive list of public key exchange protocols, which can be found in the literature: for example, Menezes et al. (1996); Schneier (1996); Singh et al. (2017); and the references therein. Abdalla et al. (2005) proposed a three-party password-authenticated key exchange (3PAKE) protocol for wireless mobile communications. Lu and Cao (2007) modified the 3PAKE protocol, and Chung and Ku (2008) consequently indicated that these protocols were vulnerable to attack by impersonation.
Further, Guo et al. (2008) proved that Anjaneyulu and Sanyasirao (2014)’s improvement of the protocol of Chang et al. (2011) had no security against the replay attack. Chang et al. (2011) and Yoon and Yoo (2011) developed a protocol independent of a symmetrical type of algorithm. In this present study, an improved public key exchange protocol is proposed over the noncommutative ring for IoT devices. The main idea of our proposal is to take polynomials over a given noncommutative ring as useful for secure communication in the pre-and post-quantum age. It is also shown that the brute force attack leads to the solution of the generalized decomposition problem, rendering it infeasible. The rest of this manuscript is organized as follows:
Section 2 provides a brief overview of the security challenges and requirements of the IoT environment. Section 3 gives the basic definitions of related cryptographic problems over noncommutative structures. The proposed protocol is presented in Section 4. We also discuss security aspects of the proposed protocols. The guaranteed secrecy of the new session keys achieved by the perfect forward security method is described in Section 5. Section 6 describes a procedure to certify the public keys across inter-domain certificates. The experimental results and discussion of computational cost are covered in Section 7. Finally, the conclusion of the work is drawn in Section 8.
2 Security challenges of IoT environments
It is a highly challenging task to achieve proper levels of security in an IoT environment. These environments are vulnerable to potential attacks, such as user privacy and data integrity attacks. The physical failure of IoT devices and malicious invasions are other potential issues involved. The interconnected devices are usually resource-limited, with inadequate storage capability and energy, which is why IoT environments are sensitive to various threats. Thus, critical IoT data may be blocked and changed, with unrecoverable financial and security consequences. To protect the IoT against attacks, while keeping in mind the memory size and computation power of devices (Alohali and Vassialkis, 2015) in IoT environments, advanced protocols and algorithms need to be evolved. For robust security of the IoT environment, data integrity is also necessary, because a large amount of data has to be processed and managed, and therefore the security of data exposure is essential.
2.1 Security risks and secure design requirements for the IoT environment
The environment under consideration consists of a collection of wireless nodes (devices) having sensing elements. These devices, known as things, are structured into groups. There is a node called a gateway in each group responsible for connecting to the rest of the network. The gateway (GW) may connect with other gateways in the network, and all gateways may be connected to the main server. The data generated by different things are deposited on the main server. There are two main related risks. First, there is the risk of someone eavesdropping on the traffic of the data and of traffic analysis, which may result in the disruption of the whole network. To overcome this risk, secure communication is needed between the nodes. Second, there is always the risk of the physical destruction or imprisonment of nodes. Given these risks, the following security requirements are essential:
• The things should be authenticated when they request to join the network.
• The gateways should forward data only from authenticated things.
• There should be complete privacy of communication between the things and the server.
• If possible, confidential information should not be put on any one individual thing.
Figure 1 shows a simple example of an IoT environment. Note that a thing may connect or leave the network at any time. Our proposal is based on the needs described above. The main aim is to guarantee the authentication of a thing without significant effect on the network and the provided facilities.
FIGURE 1
3 Background definitions
This section describes different problems involved in the security of noncommutative group-based cryptography. For instance, Diffie and Hellman (1976) and the Birman et al. (1998) used the conjugator search problem in braid groups to develop their approach. A new Diffie-Hellman-like protocol and ElGamal-like cryptosystem were proposed in Cao et al. (2007). These proposals are based on the symmetric decomposition and generalized symmetric decomposition problems over noncommutative groups. The details of these problems are given as follows.
3.1 Definition 1: Conjugator search problem (CSP)
Let be a noncommutative group. Given two elements , the problem of finding an element , whereis known as the conjugator search problem.
3.2 Definition 2: Decomposition problem (DP)
Let be a noncommutative group and be the subset of . Given two elements , the problem of finding two elements , whereis known as the decomposition problem (Cao et al., 2007).
Generally, for a noncommutative group, the two problems CSP and DP are considered difficult enough given the cryptographic assumptions. More specifically, the DP is intractable, meaning that no probabilistic polynomial-time algorithm is used to solve the DP with nonnegligible accuracy.
3.3 Definition 3: Symmetric decomposition problem (SDP)
Let be a noncommutative group and . Given two elements , the problem of finding the element , where (Cao et al., 2007)is known as the symmetric decomposition problem.
3.4 Definition 4: Generalized symmetric decomposition problem (GSDP)
Let be a noncommutative group, a subset of and . Given two elements , the problem of finding the element , where (Cao et al., 2007)is known as the generalized symmetric decomposition problem.
Given these problems, we now define the following cryptographic problem over a noncommutative group .
3.5 Definition 5: Generalized decomposition problem (GDP)
Let be a noncommutative group, two subsets and of and . Given two elements , the problem of finding two elements and , whereis called the generalized decomposition problem.
Note that the GDP can be considered a special form of a constrained DP. If the size of sets and is taken to be sufficiently large, and assuming that extracting and from is impossible from the membership information of sets and , then it is believed that the GDP is at least as hard as the DP. It follows that the GD assumption states that the GDP is intractable, which means there is no probabilistic polynomial-time algorithm that can solve the GDP with nonnegligible accuracy.
We now give a variant of the GDP over a noncommutative ring R and name it as the polynomial generalized decomposition problem (PGDP).
3.6 Definition 6: Polynomial generalized decomposition problem (PGDP)
Let be a noncommutative ring, be the center of and be the polynomial ring over . For any random elements , consider the sets and defined asLet . Given two elements , the problem of finding two elements and , whereis known as the polynomial generalized decomposition problem.
So, the PGD (polynomial generalized decomposition) cryptographic assumption states that the PGDP over R is intractable, which means there is no probabilistic polynomial-time algorithm that can solve the PGDP with nonnegligible accuracy.
We are going to use the PGDP in our proposed key exchange protocols as described in the following section.
4 Proposed protocol for generation and distribution of keys
In order to increase security, we present a protocol that offers a novel authentication mechanism. It is more efficient and cost effective. The performance analysis of the suggested work is validated and compared with the current protocols in terms of security, communication, and computing overhead.
We now demonstrate the main structure of the proposed protocol for a group of IoT devices under a gateway . The nodes/devices are represented by The gateway manages key generation and distribution for the nodes by performing the following steps.
It selects a noncommutative ring
. Let
be the center of
and
be the polynomial ring over
. The elements
and
are the global parameters. For the
ith node/device, the gateway executes the following steps:
• A random polynomial such that , .
• Small numbers (for instance, less than 10 (Cao et al., 2007)) are chosen.
• The gateway generates the key for each device as follows:
• The is sent to the ith device .
The following steps would be executed for sharing a secret key between
and
jnode:
• node computes the shared secret key as follows:
• j node finds the shared secret key as follows:
The correctness of the proposed protocol is shown in Theorem 1.
Keeping in mind the specified notation, it follows that the shared secret keys obtained by both entities are the same, that is .
Proof
First, consider the expressionthat becomes by using (1),
Expression (3) givesSince the coefficients of the polynomials are from the center of the ring , they commute with every element of the ring. That is why, for any two polynomials and , the following holds:
Using this property successively, we haveGiven property (6), expressions (5) and (6) are the same.
It is obvious that for the proposed public key exchange protocol, the passive attack can be resisted with the PGD assumption over the noncommutative ring.
4.1 Device authentication
After getting the key by the gateway, the
device
announces its public key by the following:
• A random polynomial , such that ,
• Small numbers (for instance, less than 10 [9]) are chosen.
• The device generates the key as follows:
If
, the IoT device whose public key is
wants to communicate with the
device, and before communication,
wants to authenticate the device
of the same group, the device
will have to validate the
device, which is done by executing the following steps:
• The sender device sends
to the device
for validation, where
,
, and
• The device computes the following:
where
is the public key of device
Ifthen device will validate the device ; otherwise, it rejects the request.
4.2 Choice of parameters
Suppose we take the ring of matrices of order 2 over where is any large prime as the noncommutative ring. Care must be taken in the choice of a large value of prime, approximately of the order of 60 decimal digits.
For a brute force attack, one has to check all the polynomials whose coefficients come from the set The cardinality of the set of polynomials having degree and coefficients from is . The feasibility of a brute force attack can be denied by taking or prime p which is sufficiently large to be good enough for security. For example, with the choice of and of about 60 decimal digits prime, the set of polynomials to be considered is of the order of . Although these parameters are not so high, the space for a brute force search can be made sufficiently large.
The values of for different values of α and p are shown in Table 1 and compared with the existing literature (Climent et al., 2012). We note that the number of possibilities of our proposal exceeds these drastically. The proposed protocol exhibits some kind of symmetry in the sense that the computation of public keys involves the same polynomial, which is multiplied with element c from both sides. This symmetry can be avoided by introducing two different polynomials for each user.
TABLE 1
| α (degree of the polynomial) | (prime number) | ||||||
|---|---|---|---|---|---|---|---|
| 2 | 3 | 5 | 7 | 11 | 13 | ||
| Proposed Protocol | 2 | 4 | 18 | 100 | 294 | 1210 | 2028 |
| Climent et al., 2012 | 12 | 27 | 75 | 147 | 363 | 507 | |
| Proposed Protocol | 3 | 8 | 500 | 2058 | 13310 | 26364 | 78608 |
| Climent et al., 2012 | 16 | 36 | 100 | 196 | 484 | 676 | |
| Proposed Protocol | 13 | 8192 | 3188646 | 4882812500 | 581334062442 | 345227121439310 | 3634501279107040 |
| Climent et al., 2012 | 56 | 126 | 350 | 686 | 1694 | 2366 | |
| Proposed Protocol | 20 | 1048576 | 6973568802 | 381469726562500 | 478753597785672000 | 6727499949325600000000 | 228059565298570000000000 |
| Climent et al., 2012 | 84 | 189 | 525 | 1029 | 2541 | 3549 | |
The size of the set of polynomials of different degrees and prime with the order of matrices
If the degrees of the two polynomials are , respectively, then the total number of possible polynomials for one user is . The feasibility of a brute force attack could be avoided by taking or a prime that is sufficiently large. For a prime of about 60 decimal digits (as in the case of the previous example), and and , the number of polynomials that an adversary has to consider is of the order of .
4.3 Security aspects of the proposed protocols
This section discusses the security analysis of the protocols proposed in Section 3. The security of the protocols depends on the solution of the generalized decomposition problem. For solving such a problem in a noncommutative ring, no polynomial-time algorithm is known. An adversary has to find the solution to the decomposition problems, which are expressed as the following system of equations:The adversary also knows the elements and . To break the protocol, the adversary has to find the elements . For this, the adversary tries to find out two polynomials )∈ Z(R)[X] and numbers such thatOne can then guarantee conditions (12) and (13). We note that the size of the space of the polynomials over is a set of all possible random choices. Also, the adversary has to verify conditions (14) and (15). By ensuring the space of the polynomials over is large enough, the brute force attack becomes infeasible. To make brute force infeasible, it is suggested choosing a prime p of the order of 60 decimal digits and polynomials of degree 20. As discussed earlier, the space for brute force attacks can be made large enough with these choices. The order of the matrices n can be chosen so that is a Mersenne prime. The choice of a Mersenne prime is recommended (Stickel, 2005).
4.3.1 Man-in-the-middle attack
In this attack scenario, the adversary has a man-in-the-middle position. He can breach the security of the key exchange protocol by intercepting the communication between Alice (ith device) and Bob (jth). The attacker manipulates the public keys of both parties and blocks the transmission of actual messages on either side. The proposed protocol can be immunized against this type of attack in the following way.
The gateway can use hashes and encrypt the private keys of each device using the admin key, which are then saved into a devices hash table.
When the devices calculate their secret shared keys, the gateway calculates the same. The gateway then hashes the shared key and keeps it in the device hash table. Alice (ith device) and Bob (jth) then hash their shared keys and ask the gateway for verification. The gateway checks the hashed shared keys with the hash table. If the hash value of the shared key matches, then communication may be allowed. Otherwise, the shared key is assumed to have been intercepted and manipulated by the attacker.
For authentication of the gateway, the device authentication mechanism described in Section 4.1 can also be implemented between an IoT device and gateway. Each IoT device and gateway pair can have a unique pair of keys specifically for authentication. Further, IoT devices and the gateway are authenticated using encryption and a hash of the keys during a session.
4.3.2 Privileged insider attack
To prevent this type of attack, the passwords can be managed at the time of registration of the users in the following way.
Each user chooses a username and password and provides this information to the web browser. The passwords can be encrypted by the public key, and their hashes can be stored in a password management table. The users are authenticated by their usernames and passwords. It is hard to get passwords because they are encrypted by public keys. The protocol’s security depends on the solution of Eqs 12–15 describing the generalized decomposition problem in a noncommutative ring. The insider finds it hard to guess a password.
4.3.3 Impersonation attack
It is difficult to detect an impersonation attack. In our case, if the attacker impersonates the authenticated user and launches a login request, it is not easy to extract the user id and password because they are encrypted, as discussed in the previous section. Inverting the hash function and decrypting it without knowing the key that generalizes the decomposition problem of the polynomials over the noncommutative ring is computationally hard. The user-impersonation attack is thus resisted by our proposed protocol.
5 Perfect forward secrecy (PFS)
Based on the already shared secret key , Alice (ith device) and Bob (jth) may want to have a new secret key . However, if there arises a situation in which is compromised by an adversary, then perfect forward secrecy (PFS) is a property of key exchange protocols that assure the secrecy of previously used keys in such leakage. Figure 2 depicts our PFS key exchange protocols that yield new session secret keys. As the private keys of Alice and Bob remain secret, the adversary may get access to , but will not be found.
FIGURE 2
Stickel (2005) proposed that the order of matrices is a secured parameter, and the parameter (the order of finite field ) was not specified. But Shpilrain (2008) remarked in his paper that . Shpilrain’s attack revealed the shared key without knowledge of any private exponents, whereas Sramka’s (2022) attack concentrated on computing the private exponents of Stickel’s scheme.
Shpilrain modified Stickel’s scheme to prevent his linear algebra attack, suggesting that the publicly announced elements need not be invertible matrices in , for some finite ring R. But no specification about ring was made. Further, he suggested the use of polynomials in the form , where is a finite commutative ring, and then used the fact that all powers of a matrix commute in the expression of the form . This is a generalization of Stickel’s scheme, in which Alice and Bob choose polynomials instead of exponents of the public noninvertible matrices .
Mullan (2012) called Shpilrain’s modification the polynomial version of Stickel’s scheme. He offered a cryptanalysis of Shpilrain’s polynomial variant of Stickel’s scheme to discover the shared key. Cao et al. (2007) proposed a new scheme for devising a public key cryptosystem based on noncommutative rings. The main idea of their proposal was that for a noncommutative ring, the set of polynomials can be considered the underlying work structure. The Diffie-Helman-like key exchange protocol and consequently ElGamal-like cryptosystems were constructed using polynomials over the noncommutative ring. The authors also showed how to extend their method to noncommutative groups (or semi-groups). The main difference between Shpilrain’s polynomial version of the Stickel scheme and the key exchange protocol proposed by Cao et al. (2007) was in the use of the underlying structures. Shpilrain’s proposal was for commutative structures, whereas Cao et al. (2007) proposed the use of noncommutative structures.
The protocol proposed by Cao et al. (2007) deals with the polynomials having coefficients from the set of positive integers. In our proposal, polynomials with coefficients from the center of the respective underlying noncommutative structure are used. The advantage of using the coefficients from the center over integer coefficients is that these coefficients depend on the nature of the noncommutative structure used as a platform. That is why determining the values of coefficients is difficult when choosing a complex platform.
A random choice of the polynomial and , such that is the essential idea. An attacker has no way of determining a polynomial such that and , even with unlimited computational power. Keeping in mind the huge size of the set of polynomials, as discussed in previous sections, and consequently the huge number of elements of sets and , there is an insignificant probability of tracing the private key by an attacker. That is why, even with infinite computing power, the protocol is sound.
The proposed protocol meets the different kinds of requirements of lightweight mechanisms. As it is based on polynomials, it requires fewer bytes for manipulation over the network. Also, the computations involved in key exchange and authentication are fast and space efficient, which makes the protocol suitable for implementation in a lightweight scenario. The protocol can also resist various attacks. Table 2 summarizes the overall strengths of the proposal.
TABLE 2
| Protocols | |||||
|---|---|---|---|---|---|
| Security aspects | Proposed | Poomagal et al., 2020 | Wang et al., 2008 | Strangio, 2005 | Zhangxiang et al.; Hu et al., 2022 |
| Authentication | Yes | Yes | Yes | Yes | No |
| Perfect Forward Security | Yes | Yes | Yes | Yes | No |
| Impersonation Attack | Yes | Yes | Yes | No | No |
| Man-in-Middle Attack | Yes | No | No | No | Yes |
Comparison of security in some existing protocols.
6 Certified keys
A vital characteristic of public keys is authentication by a certification authority (CA). The keys of the proposed key exchange protocol can be certified using the CA’s private key as described in Table 3.
TABLE 3
| User | Public key | Certified key |
|---|---|---|
| Certification Authority | — | |
| ith device | ||
| jth device |
Certification Authority’s public database.
After getting their public certified keys from the web service, ith and jth device find the shared secret key as and , respectively.
7 Experimental results and performance analysis
For the implementation of our protocol, Python 3.6.9 with cryptography library Pycrpto 2.6.1 is used. The Mininet platform (Hu et al., 2022) is used for creating the networking environment. The communication cost of a protocol is affected by different attributes. By analyzing these attributes, the effects of the implementation of the protocol can be studied. The following are some parameters to be studied in this regard:
7.1 Passes overhead
The number of messages exchanged in the execution of the protocol is known as the number of passes. A key exchange protocol with a significant number of passes is considered more costly. The proposed protocol costs three passes in distributing and sharing keys, with the choice of parameters suggested in Section 4.2. Practically, the ith and jth nodes can generate their shared key simultaneously and need only one communication pass from either node without any further communications.
7.2 Communication cost
The total number of transmitted bits for optimized performance is known as communication overhead or communication cost. A protocol with a low communication overhead is considered more efficient. We take the key length of our key exchange protocol to be 128-bits, whereas the equivalent key lengths of the state-of-the-art protocols of RSA, Diffie-Hellman, and elliptic curve Diffie-Hellman are 3072-bits, 2048-bits, and 256-bits, respectively. Our proposed protocol performs better than these protocols because it uses polynomials over the noncommutative ring. When compared to the exponential operations used in RSA and Deffie-Hellman, and the elliptic curve operations used in elliptic curve based protocols, operations based on polynomials use less processing space and power. Figure 3 shows the comparison of the key lengths of the protocols.
FIGURE 3
7.3 Computational time
The total time consumed by the protocol is known as computation time. Some of the attributes of the computational cost are as follows:
For the execution of an algorithm, it is preferred that the total number of arithmetical operations is as low as possible, so as to enhance efficiency and reduce the computational cost. With the increase in the number of operations, the energy and running time of the algorithm may be compromised. The calculation of the computational time of the proposed protocol is based on the ring scalar multiplication, hash operation, and exponentiation operation. The calculated result is then compared with some recent protocols.
With the choice of parameters suggested in Section 4.2, the scalar multiplication involved in our proposed protocol requires 0.003432 s, the hash needs 0.00025 s, and the modular exponentiation operation takes 0.016121 s. The gateway performs six scalar multiplications and eight exponentiations, while three scalar multiplications, two exponentiation operations, and a hash function calculation are involved in the calculation of the key at each IoT device end. Therefore, 0.14956 and 0.042788 s are required for calculations on the gateway and each device, respectively. The total time cost is 0.192348.
The time for simple addition and multiplication operations can be neglected because it is negligible compared to other operations. Table 4; Figure 4 show the comprehensive result of the total computation time for all the operations of our protocols and other protocols. Notations , , and represent the computation time required for exponentiation, scalar multiplication, field inversion, and hash function, respectively. The protocol in Poomagal et al. (2020), Wang et al. (2008), and Strangio (2005) takes more time than the proposed algorithm. It also performs better than some existing protocols, as depicted in Table 4.
TABLE 4
| Protocols | ||||
|---|---|---|---|---|
| Parameters | Proposed | Poomagal et al., 2020 | Wang et al., 2008 | Strangio, 2005 |
| Total number of operations | 9+10+1 | 3+1 | 3.5+1+2 | 5+2 |
| computational cost (in seconds) | 0.192348 | 0.20845 | 0.228967 | 0.316015 |
Comparison of cost.
FIGURE 4
8 Conclusion
A lightweight, efficient, and secure key exchange protocol for secret communication in IoT environments is presented. The related features of key exchange protocol, such as PFS and key certification, are addressed in the proposal. The security aspects of the new protocol are discussed in detail. For the scheme’s implementation, the values of related parameters are suggested. It is shown that the proposed protocol enables secure communication between IoT devices in the future regime. Further, an ElGamal-like cryptosystem can also be constructed based on the proposed protocol.
Statements
Data availability statement
The original contributions presented in the study are included in the article/Supplementary Material; further inquiries can be directed to the corresponding author.
Author contributions
SK designed the model and the computational framework and analysed the data. SI and RA assisted with the measurements and wrote the paper with input from all authors. OC and AK contributed to the interpretation of the experimental results. AK provided critical feedback and helped shape the overall structure of the revised manuscript.
Acknowledgments
The authors would like to acknowledge the support of Prince Sultan University for paying the Article Processing Charges (APC) of this publication.
Conflict of interest
The authors declare that the research was conducted in the absence of any commercial or financial relationships that could be construed as a potential conflict of interest.
Publisher’s note
All claims expressed in this article are solely those of the authors and do not necessarily represent those of their affiliated organizations, or those of the publisher, the editors, and the reviewers. Any product that may be evaluated in this article, or claim that may be made by its manufacturer, is not guaranteed or endorsed by the publisher.
References
1
AbdallaM.FouqueP. A.PointchevalD. (2005). “Password-based authenticated key exchange in the three-party setting,” in International Workshop on Public Key Cryptography, 2005 Jan 23 (Berlin, Heidelberg: Springer), 65–84.
2
AlohaliB. A.VassialkisV. G. (2015). “Secure and energy-efficient multicast routing in smart grids,” in 2015 IEEE Tenth International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2015 Apr 7 (Singapore: IEEE), 1–6.
3
AlvarezR.TortosaL.VicentJ. F.ZamoraA. (2009). Analysis and design of a secure key exchange scheme. Inf. Sci.179, 2014–2021. 10.1016/j.ins.2009.02.008
4
AnjaneyuluG. S. G. N.SanyasiraoA. (2014). Distributed group key management protocol over non-commutative division semirings. Indian J. Sci. Technol.7 (6), 871–876. 10.17485/ijst/2014/v7i6.18
5
AnshelI.AnshelM.GoldfeldD. (1999). An algebraic method for public-key cryptography. Math. Res. Lett.6, 287–291. 10.4310/mrl.1999.v6.n3.a3
6
BennettH.BrassardG. (1984). “Quantum cryptography: Public key distribution and coin tossing,” in Int. Conf. on Computers, Systems and Signal Processing, Bangalore, India, Dec. 1984, 175–179.
7
BirmanJ.KoK.LeeS. J. (1998). A new approach to the word and conjugacy problems in the braid groups. Adv. Math. (N. Y).139, 322–353. 10.1006/aima.1998.1761
8
CaoZ.DongX.WangL. (2007). New public key cryptosystems using polynomials over non-commutative rings. Cryptology e-print Archive.
9
CenterC. S. R. (2021). Post-quantum cryptography standardization conference. Online; Accessed May 17, 2021.
10
ChangT. Y.HwangM. S.YangW. P. (2011). A communication-efficient three-party password authenticated key exchange protocol. Inf. Sci.181 (1), 217–226. 10.1016/j.ins.2010.08.032
11
CheikhrouhouO.KoubâaA.ZarradA. (2020). A cloud based disaster management system. J. Sens. Actuator Netw.9, 6. 10.3390/jsan9010006
12
ChungH. R.KuW. C. (2008). Three weaknesses in a simple three-party key exchange protocol. Inf. Sci.178 (1), 220–229. 10.1016/j.ins.2007.08.004
13
ClimentJ. J.NavarroP. R.TortosaL. (2012). Key exchange protocols over noncommutative rings. The case of End (Zp×Zp2). Int. J. Comput. Math.89 (13-14), 1753–1763. 10.1080/00207160.2012.696105
14
DiffieW. D.HellmanM. E. (1976). New directions in cryptography. IEEE Trans. Inf. Theory22 (6), 644–654. 10.1109/tit.1976.1055638
15
ElGamalT. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory31 (4), 469–472. 10.1109/tit.1985.1057074
16
GuoH.LiZ.MuY.ZhangX. (2008). Cryptanalysis of simple three-party key exchange protocol. Comput. Secur.27 (1-2), 16–21. 10.1016/j.cose.2008.03.001
17
HuZ.LiJ.MergendahlS.WilsonC. (2022). “Toward a resilient key exchange protocol for IoT,” in Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy (CODASPY '22), April 2022, 214–225.
18
InamS.AliR. (2016). A new ElGamal-like cryptosystem based on matrices over groupring. Neural Comput. Appl.10.1007/s00521-016-2745-2
19
KanwalS.AliR. (2016). A cryptosystem with noncommutative platform groups. Neural comput. Appl.29, 1273–1278. 10.1007/s00521-016-2723-8
20
KhanM. A.SalahK. (2018). IoT security: Review, blockchain solutions, and open challenges. Future gener. Comput. Syst.82, 395–411. 10.1016/j.future.2017.11.022
21
KoK. H. S.LeeJ.CheonJ. H.HanJ. W.KangJ. S.ParkC. (2000). “New public-key cryptosystem using braid groups,” in Advances in cryptology - crypto 2000, 1880. Lecture notes in computer science (Berlin: Springer-Verlag), 166–183.
22
Lizama-PerezL. A.LópezR., J. M. (2021). Non-invertible public key certificates. Entropy23, 226. 10.3390/e23020226
23
Lizama-P´erezL. A.L´opezR. J. M.SamperioE. H. (2021). Beyond the limits of shannon’s information in quantum key distribution. Entropy23, 229. 10.3390/e23020229
24
LuR.CaoZ. (2007). Simple three-party key exchange protocol. Comput. Secur.26 (1), 94–97. 10.1016/j.cose.2006.08.005
25
ManoL. Y.FaiçalB. S.NakamuraL. H.GomesP. H.LibralonG. L.MenegueteR. I.et al (2016). Exploiting IoT technologies for enhancing Health Smart Homes through patient identification and emotion recognition. Comput. Commun.89, 178–190. 10.1016/j.comcom.2016.03.010
26
MenezesA. J.Van OorschotP. C.VanstoneS. A. (1996). Handbook of applied cryptography. Boca Raton, FL: CRC Press.
27
MeshramA.MeshramC.KhobragadeN. W. (2017). An IND-CCA2 secure public key cryptographic protocol using Suzuki 2-group. Indian J. Sci. Technol.10 (12), 1–8. 10.17485/ijst/2017/v10i12/111588
28
MullanC. (2012). Some results in group-based cryptography. Technical report. London: Department of Mathematics, Royal Holloway, University of London.
29
MutlagA. A.Abd GhaniM. K.ArunkumarN. A.MohammedM. A.MohdO. (2019). Enabling technologies for fog computing in healthcare IoT systems. Future Gener. Comput. Syst.90, 62–78. 10.1016/j.future.2018.07.049
30
OdoniR. K.VaradharajanV.SandersP. W. (1984). Public key distribution in matrix rings. Electron. Lett.20, 386–387. 10.1049/el:19840267
31
PaengS. H.HaK. C.KimJ. H.CheeS.ParkC. (2001). “New public key cryptosystem using finite non abelian groups,” in Advances in cryptology - crypto 2001, 2139. Lecture notes in computer science (Berlin: Springer-Verlag), 470–485.
32
PoomagalC. T.S. KumarG. A.MehtaD. (2020). Multi level key exchange and encryption protocol for internet of things (iot). Comput. Syst. Sci. Eng.35 (1), 51–63. 10.32604/csse.2020.35.051
33
RivestR. L.ShamirA.AdlemanL. (1978). A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM21 (2), 120–126. 10.1145/359340.359342
34
SakalauskasE.BurbaT. (2003). Basic semigroup primitive for cryptographic session key exchange protocol. Inf. Technol. Control28 (3), 76–80.
35
SchneierB. (1996). Applied cryptography. Second edition. New York, NY: John Wiley & Sons.
36
ShorP. W. (1997). Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput.26 (5), 1484–1509. 10.1137/s0097539795293172
37
ShpilrainV. (2008). Cryptanalysis of Stickel’s key exchange scheme. Proc. Comput. Sci. Russ.5010, 283–288.
38
ShpilrainV.UshakovA. (2006). A new key exchange protocol based on the decomposition problem. Contemp. Math.418, 161–167.
39
SinghS. R.KhanA. K.SinghT. S. (2017). A new key management scheme for wireless sensor networks using an elliptic curve. Indian J. Sci. Technol.10 (13), 1–7. 10.17485/ijst/2017/v10i13/108661
40
SramkaM. (2022). On the security of Stickels key exchange scheme. Available at: http://crisesdeim.urv.cat/msramka/pubs/sramka-stickelkesecurity.pdf.
41
StickelE. (2005). “A new method for exchanging secret key,” in Proceedings of the Third International Conference on Information Technology and Applications (ICITA’05), Sidney, Australia, 426–430.
42
StrangioM. A. (2005). “Efficient Diffie–Hellmann two-party key agreement protocols based on elliptic curves,” in Proc. 20th ACM Symposium on Applied Computing (SAC), 324–331.
43
ThomasT.LalA. K. (2008). A zero-knowledge undeniable signature scheme in nonabelian group setting. Int. J. Netw. Secur.6 (3), 265–269.
44
WangS.CaoZ.StrangioM. A.WangL. (2008). Cryptanalysis and improvement of an elliptic curve diffie-hellman key agreement protocol. IEEE Commun. Lett.12 (2), 149–151. 10.1109/lcomm.2008.071307
45
YoonE. J.YooK. Y. (2011). Cryptanalysis of a simple three-party password-based key exchange protocol. Int. J. Commun. Syst.24 (4), 532–542. 10.1002/dac.1168
46
ZhongjunT.ShahS. K.AhmadM.MustafaS. (2022). Modeling consumer’s switching intentions regarding 5G Technology in China. Int. J. Innov. Technol. Manag.19. 10.1142/s0219877022500110
Summary
Keywords
discrete log problem, public key exchange protocol, public key cryptography, noncommutative ring, polynomial, Internet of Things (IoT)
Citation
Kanwal S, Inam S, Ali R, Cheikhrouhou O and Koubaa A (2022) Lightweight noncommutative key exchange protocol for IoT environments. Front. Environ. Sci. 10:996296. doi: 10.3389/fenvs.2022.996296
Received
17 July 2022
Accepted
31 August 2022
Published
23 September 2022
Volume
10 - 2022
Edited by
Muhammad Tayyab Sohail, Xiangtan University, China
Reviewed by
Aamir Akbar, Abdul Wali Khan University Mardan, Pakistan
Tengyue Hao, University of Malaya, Malaysia
Updates
Copyright
© 2022 Kanwal, Inam, Ali, Cheikhrouhou and Koubaa.
This is an open-access article distributed under the terms of the Creative Commons Attribution License (CC BY). The use, distribution or reproduction in other forums is permitted, provided the original author(s) and the copyright owner(s) are credited and that the original publication in this journal is cited, in accordance with accepted academic practice. No use, distribution or reproduction is permitted which does not comply with these terms.
*Correspondence: Shamsa Kanwal, shams_kanwal@hotmail.com
This article was submitted to Environmental Informatics and Remote Sensing, a section of the journal Frontiers in Environmental Science.
Disclaimer
All claims expressed in this article are solely those of the authors and do not necessarily represent those of their affiliated organizations, or those of the publisher, the editors and the reviewers. Any product that may be evaluated in this article or claim that may be made by its manufacturer is not guaranteed or endorsed by the publisher.