Lightweight and escrow-less authenticated key agreement for the internet of things

Security is essential for wide wireless sensor network (WSN) deployments, such as the Internet of Things (IoT). However, the resource-constrained nature of sensors severely restricts the cryptographic algorithms and protocols that can be used in such platforms. Such restrictions apply especially to authenticated key agreement (AKA) protocols for bootstrapping keys between authorized nodes: in traditional networks, such schemes involve the transmission of quite large certificates and the execution of memory- and processing-intensive cryptographic algorithms, which are not suitable for WSNs. Whereas lightweight WSN-oriented schemes also exist, most of them focus on small deployments where key-escrow is possible (i.e., a fully trusted authority knows the private keys of all nodes). Aiming to identify AKA solutions suitable for the IoT scenario, in this article we assess lightweight and escrow-free schemes, evaluating their security and performance in terms of processing time and energy consumption in the TelosB platform. Besides proving that some very efficient schemes are actually flawed, we show that the combination of SMQV (strengthened-Menezes-Qu-Vanstone) with implicit certificates leads to a secure and lightweight AKA scheme.