Securing IoT-based collaborative applications using a new compressed and distributed MIKEY mode

International audienceMultimedia internet keying protocol (MIKEY) aims at establishing secure credentials between two communicating entities. However, existing MIKEY modes fail to meet the requirements of low-power and low-processing devices. To address this issue, we combine two previously proposed approaches to introduce a new compressed and distributed MIKEY mode applied to a collaborative internet of things context. A set of third parties is used to discharge the constrained nodes from heavy computational operations. Doing so, the MIKEY pre-shared mode is used in the constrained part of network, while the public key mode is used in the unconstrained part of the network. Furthermore, to mitigate the communication cost we introduce a new header compression scheme that reduces the size of MIKEY's header from 12 bytes to 3 bytes in the best compression case. To assess our approach, we performed a detailed security analysis using a formal validation tool (i.e., Avispa). In addition, we performed an energy evaluation of both communicational and computational costs. The obtained results show that our proposed mode is energy preserving whereas its security properties are preserved untouched

Securing IoT-based collaborative applications using a new compressed and distributed MIKEY mode

International audienceMultimedia internet keying protocol (MIKEY) aims at establishing secure credentials between two communicating entities. However, existing MIKEY modes fail to meet the requirements of low-power and low-processing devices. To address this issue, we combine two previously proposed approaches to introduce a new compressed and distributed MIKEY mode applied to a collaborative internet of things context. A set of third parties is used to discharge the constrained nodes from heavy computational operations. Doing so, the MIKEY pre-shared mode is used in the constrained part of network, while the public key mode is used in the unconstrained part of the network. Furthermore, to mitigate the communication cost we introduce a new header compression scheme that reduces the size of MIKEY's header from 12 bytes to 3 bytes in the best compression case. To assess our approach, we performed a detailed security analysis using a formal validation tool (i.e., Avispa). In addition, we performed an energy evaluation of both communicational and computational costs. The obtained results show that our proposed mode is energy preserving whereas its security properties are preserved untouched

Securing IoT-based Groups: Efficient, Scalable and Fault-tolerant Key Management Protocol

International audienceGroup key management protocols are crucial in establishing secured communication channels for collaborative IoT-based groups. The Internet of Things (IoT) dimension includes additional challenges. In fact, resource constrained members within dynamic and heterogeneous groups are unable to run existing group key protocols. Furthermore, these protocols need to be scalable and fault tolerant to suit growing and sensitive groups. To face these issues, we enhance our previously proposed protocol called Decentralized Batch-based Group Key protocol (DBGK). Using polynomial computation to secure data exchanges, we considerably improve its scalability, fault tolerance and collusion freeness properties. This gain is achieved thanks to the ability to include additional unconstrained members (controllers) while inducing a very limited cost on the constrained members. Furthermore, we include an energy preserving blockchain-based mechanism to authenticate group members credentials in a distributed manner. To assess our new protocol called DiStributed Batch-based Group Key protocol (DsBGK), we performed a detailed theoretical security analysis to evaluate its behaviour against well studied attacks in the literature. Furthermore, we validated this analysis using a formal validation tool. To evaluate DsBGK performances , we performed extensive simulations. We proceeded by comparing DsBGK in term of energy cost, first, with DBGK, then with other analogous protocols from the literature. The results confirmed the security soundness of DsBGK, in addition to an improved energy efficiency compared to its peers

Lightweighted and energy-aware MIKEY-Ticket for e-health applications in the context of internet of things

E-health applications have emerged as a promising approach to provide unobtrusive and customizable support to elderly and frail people based on their situation and circumstances. However, due to limited resources available in such systems and data privacy concerns, security issues constitute a major obstacle to their safe deployment. To secure e-health communications, key management protocols play a vital role in the security process. Nevertheless, current e-health systems are unable to run existing standardized key management protocols due to their limited energy power and computational capabilities. In this paper, we introduce two solutions to tailor MIKEY-Ticket protocol to constrained environments. Firstly, we propose a new header compression scheme to reduce the size of MIKEYs header from 12 Bytes to 3 Bytes in the best compression case. Secondly, we present a new exchange mode to reduce the number of exchanged messages from six to four. We have used a formal validation method to evaluate and validate the security properties of our new tailored MIKEY-Ticket protocol. In addition, we have evaluated both communication and computational costs to demonstrate the energy gain. The results show a decrease in MIKEY-Ticket overhead and a considerable energy gain without compromising its security properties