OTA-Key: Over the Air Key Management for Flexible and Reliable IoT Device Provision

TL;DR

OTA-Key provides a secure, scalable, and efficient method for managing unique device keys in IoT devices by decoupling key storage from firmware and using an intermediary server for key distribution and updates.

Contribution

It introduces OTA-Key, a novel scheme that decouples device keys from firmware, enabling secure, large-scale key management with reduced update times and communication overhead.

Findings

ProVerif security verification confirms scheme security.

Significantly lower update times compared to existing schemes.

Reduced data transfer volumes during key updates.

Abstract

As the Internet of Things (IoT) industry advances, the imperative to secure IoT devices has become increasingly critical. Current practices in both industry and academia advocate for the enhancement of device security through key installation. However, it has been observed that, in practice, IoT vendors frequently assign shared keys to batches of devices. This practice can expose devices to risks, such as data theft by attackers or large-scale Distributed Denial of Service (DDoS) attacks. To address this issue, our intuition is to assign a unique key to each device. Unfortunately, this strategy proves to be highly complex within the IoT context, as existing keys are typically hardcoded into the firmware, necessitating the creation of bespoke firmware for each device. Furthermore, correct pairing of device keys with their respective devices is crucial. Errors in this pairing process would incur substantial human and temporal resources to rectify and require extensive communication between IoT vendors, device manufacturers, and cloud platforms, leading to significant communication overhead. To overcome these challenges, we propose the OTA-Key scheme. This approach fundamentally decouples device keys from the firmware features stored in flash memory, utilizing an intermediary server to allocate unique device keys in two distinct stages and update keys. We conducted a formal security verification of our scheme using ProVerif and assessed its performance through a series of evaluations. The results demonstrate that our scheme is secure and effectively manages the large-scale distribution and updating of unique device keys. Additionally, it achieves significantly lower update times and data transfer volumes compared to other schemes.