Efficient, Flexible and Secure Group Key Management Protocol for Dynamic IoT Settings

TL;DR

This paper introduces a highly efficient, secure, and flexible group key management protocol for dynamic IoT environments, addressing limitations of previous schemes by ensuring forward/backward secrecy and resistance to collusion attacks using symmetric encryption.

Contribution

The paper proposes a novel GKM protocol that is more secure, efficient, and adaptable to various device and user dynamics in IoT settings, improving upon existing schemes like GroupIt.

Findings

Outperforms GroupIt in communication costs

Uses only symmetric encryption for efficiency and security

Maintains forward and backward secrecy at all times

Abstract

Many Internet of Things (IoT) scenarios require communication to and data acquisition from multiple devices with similar functionalities. For such scenarios, group communication in the form of multicasting and broadcasting has proven to be effective. Group Key Management (GKM) involves the handling, revocation, updation and distribution of cryptographic keys to members of various groups. Classical GKM schemes perform inefficiently in dynamic IoT environments, which are those wherein nodes frequently leave or join a network or migrate from one group to another over time. Recently, the `GroupIt' scheme has been proposed for GKM in dynamic IoT environments. However, this scheme has several limitations such as vulnerability to collusion attacks, the use of computationally expensive asymmetric encryption and threats to the backward secrecy of the system. In this paper, we present a highly efficient and secure GKM protocol for dynamic IoT settings, which maintains forward and backward secrecy at all times. Our proposed protocol uses only symmetric encryption, and is completely resistant to collusion attacks. Also, our protocol is highly flexible and can handle several new scenarios in which device or user dynamics may take place, e.g., allowing a device group to join or leave the network or creation or dissolution of a user group, which are not handled by schemes proposed in prior literature. We evaluate the performance of the proposed protocol via extensive mathematical analysis and numerical computations, and show that it outperforms the GroupIt scheme in terms of the communication and computation costs incurred by users and devices.