Decentralized Lightweight Group Key Management for Dynamic Access Control in IoT Environments

Rapid growth of Internet of Things (IoT) devices dealing with sensitive data has led to the emergence of new access control technologies in order to maintain this data safe from unauthorized use. In particular, a dynamic IoT environment, characterized by a high signaling overhead caused by subscribers' mobility, presents a significant concern to ensure secure data distribution to legitimate subscribers. Hence, for such dynamic environments, group key management (GKM) represents the fundamental mechanism for managing the dissemination of keys for access control and secure data distribution. However, existing access control schemes based on GKM and dedicated to IoT are mainly based on centralized models, which fail to address the scalability challenge introduced by the massive scale of IoT devices and the increased number of subscribers. Besides, none of the existing GKM schemes supports the independence of the members in the same group. They focus only on dependent symmetric group keys per subgroup communication, which is inefficient for subscribers with a highly dynamic behavior. To deal with these challenges, we introduce a novel Decentralized Lightweight Group Key Management architecture for Access Control in the IoT environment (DLGKM-AC). Based on a hierarchical architecture, composed of one Key Distribution Center (KDC) and several Sub Key Distribution Centers (SKDCs), the proposed scheme enhances the management of subscribers' groups and alleviate the rekeying overhead on the KDC. Moreover, a new master token management protocol for managing keys dissemination across a group of subscribers is introduced. This protocol reduces storage, computation, and communication overheads during join/leave events. The proposed approach accommodates a scalable IoT architecture, which mitigates the single point of failure by reducing the load caused by rekeying at the core network. DLGKM-AC guarantees secure group communication by preventing collusion attacks and ensuring backward/forward secrecy. Simulation results and analysis of the proposed scheme show considerable resource gain in terms of storage, computation, and communication overheads