A lightweight security and privacy-enhancing key establishment for internet of things applications

Recent findings show that many mission critical Internet of Things (IoT) applications are exposed to increasing security risks. The complex and dynamic nature of the IoT and its applications also bring new types of security threats. To achieve end-to-end secure communication, IoT applications need key establishment schemes with integrated security fundamentals such as identification and authentication of IoT components, as well as integrity, confidentiality, availability and authenticity of data, to prevent security attacks from weakening and disrupting the communication. In this context, we present a new lightweight key establishment scheme that comprises a novel Identity-Based Credentials (IBC) mechanism and key establishment protocol. The IBC mechanism enables an IoT component to securely disclose a single identity for security support and privacy enhancement for key establishment. In this paper, we model IoT application attributes to develop our lightweight security and privacy enhancing key establishment scheme. The formal verification and analysis show that, compared to the existing schemes, our proposed scheme is resilient against more types of security attacks, and incurs lower computational and communication costs in IoT applications