A Lightweight Authentication and Key Exchange Protocol for IoT

Security in IoT environments is critical, as there are many situations where IoT devices provide sensory information that needs to be shared securely. However, providing authenticated and secure communication for IoT devices can be a challenge. IoT devices have many constraints, including limitations in computation, power, memory and energy. Moreover, they often have to go through a gateway/sink to connect to the network. For secure communication to the rest of the network, the IoT device needs to trust the gateway/sink, and this requires a means for the device to authenticate the gateway and vice-versa. We also seek to support secure communication even when the IoT device and gateway are disconnected from the rest of the network. In this paper, we provide a lightweight authentication and key exchange protocol for such IoT environments where the IoT device and gateway are communicating over a wireless channel. Our protocol depends on each pair of devices having two unique keys, a master key and an initial session key, provided at configuration time. The session key is constantly changing, and is used as the key for exchanging frames securely during a session. The protocol is lightweight and uses only symmetric-key cryptography and Hashed Message Authentication Code (HMAC)-based key derivation function (HKDF) to provide authentication, key exchange, confidentiality and message integrity. The protocol does not depend on any Trusted Third Party (TTP), and is a good fit for disconnected IoT environments. The keys are never exchanged over the network, providing perfect forward secrecy. The protocol is efficient in the amount of computation required, memory and energy usage.