sensors Article A Lightweight Authentication and Key Agreement Schemes for IoT Environments Dae-Hwi Lee and Im-Yeong Lee * Department of Computer Science and Engineering, Soonchunhyang University, Asan 31538, Korea; [email protected] * Correspondence: [email protected]; Tel.: +82-41-530-1323 Received: 10 August 2020; Accepted: 16 September 2020; Published: 18 September 2020 Abstract: In the Internet of Things (IoT) environment, more types of devices than ever before are connected to the internet to provide IoT services. Smart devices are becoming more intelligent and improving performance, but there are devices with little computing power and low storage capacity. Devices with limited resources will have difficulty applying existing public key cryptography systems to provide security. Therefore, communication protocols for various kinds of participating devices should be applicable in the IoT environment, and these protocols should be lightened for resources-restricted devices. Security is an essential element in the IoT environment, so for secure communication, it is necessary to perform authentication between the communication objects and to generate the session key. In this paper, we propose two kinds of lightweight authentication and key agreement schemes to enable fast and secure authentication among the objects participating in the IoT environment. The first scheme is an authentication and key agreement scheme with limited resource devices that can use the elliptic curve Qu–Vanstone (ECQV) implicit certificate to quickly agree on the session key. The second scheme is also an authentication and key agreement scheme that can be used more securely, but slower than first scheme using certificateless public key cryptography (CL-PKC). In addition, we compare and analyze existing schemes and propose new schemes to improve security requirements that were not satisfactory. Keywords: ECQV implicit certificate; CL-PKC; authentication; key agreement 1. Introduction The Internet of Things (IoT) is an environment/technology in which heterogeneous devices connected to the internet provide various services. Data collected by sensors and actuators are processed by smartphones. The number of IoT devices connected to the internet will increase rapidly in the 5G era [1,2]. People, objects, and spaces are becoming increasingly interconnected. Many countries, including Korea, are investing heavily in the field. The first IoT environment was the smart home, in which IoT technology connects household appliances to the internet. The user can remotely control air conditioners or the boiler to adjust the temperature. Many products featuring artificial intelligence are being released [3]. Mass-produced devices are becoming lighter, and smart buildings, factories, and cities are under construction [4]. Previously, devices could not be connected directly to the internet, requiring a gateway. Today, direct connections allow devices (such as smartphones) to interact. Security is of prime concern, particularly authentication and key management; the latter creates the session keys required for secure communication after authentication. Authentication is an important technology that can be applied in the perception layer and transportation layer, which are the basis of the IoT service [5]. However, existing authentication protocols are inadequate in environments featuring multiple devices. Sensors 2020, 20, 5350; doi:10.3390/s20185350 www.mdpi.com/journal/sensors Sensors 2020, 20, 5350 2 of 19 Sensors 2020, 20, x FOR PEER REVIEW 2 of 18 Figure1 shows a smart factory wherein IoT devices monitor and control the production equipmentFigure [6 ].1 Authenticationshows a smart andfactory key negotiationwherein IoT are devices required monitor to deliver and information control the quickly production and securely.equipment Similarly, [6]. Authentication when data are and sent key to negotiation the manufacturing are required execution to deliver system informa (MES),tion authentication quickly and andsecurely. key agreement Similarly, must when be data performed are sent by to end-to-endthe manufacturing communication execution via system a gateway (MES), (GW). authentication However, existingand key public agreement key infrastructure must be performed (PKI)-based by end authentication-to-end communication is too slow via in a real-time gateway environments.(GW). However, existing public key infrastructure (PKI)-based authentication is too slow in real-time environments. FigureFigure 1. 1.Example Example model: model: smart smart factory factory environments. environments. MES,MES, manufacturingmanufacturing executionexecution system;system; CA,CA, certificatecertificate authority. authority. Here,Here, we we developed developed authentication authentication and and key key agreement agreement protocolsprotocols thatthat createcreate securesecure keyskeys afterafter mutualmutual authentication authentication to allow to allow IoT objects IoT toobjects communicate. to communicate. The first scheme The first allows scheme rapid authenticationallows rapid andauthentication key agreement and using key agreement an implicit using certificate an implicit termed certificate the elliptic termed curve Qu–Vanstonethe elliptic curve (ECQV). Qu–Vanstone Implicit certificate(ECQV). Implicit is a way certificate to implicitly is a way authenticate to implicitly the auth otherenticate party bythe derivingother party the by public deriving key the from public the certificate.key from Thethe certificate. second scheme The second is more scheme secure is than more the secure first, butthan slower, the first, and but is anslower, authentication and is an andauthentication key agreement and usingkey agreement the certificateless using the public certificateless key cryptosystem public key (CL-PKC).cryptosystem Both (CL schemes-PKC). Both use identityschemes (ID)-based use identity PKCs; (ID) the-based first schemePKCs; the features first scheme only implicit features authentication. only implicit Theauthentication. second scheme The incorporatessecond scheme signature incorporates information signature into inform the publication user into key. the public user key. TheThe contributions contributions of of this this paper paper can can be be summarized summarized as as follows. follows. 1. We analyze existing lightweight authentication and key agreement schemes for IoT 1. We analyze existing lightweight authentication and key agreement schemes for IoT environments. environments. 2. In an environment where fast communication is required, we propose a scheme that enables 2. In an environment where fast communication is required, we propose a scheme that enables rapid mutual authentication and key agreement through ECQV implicit certificates. This scheme rapid mutual authentication and key agreement through ECQV implicit certificates. This scheme provides implicit authentication for public keys (Scheme 1). provides implicit authentication for public keys (Scheme 1). 3. Although slower than Scheme 1, we propose an efficient authentication and key agreement 3. Although slower than Scheme 1, we propose an efficient authentication and key agreement schemescheme based based on on CL-PKC CL-PKC that that allows allows explicit explicit verification verification of of public public keys keys (Scheme(Scheme 2).2). ThisThis paper paper is is organized organized as as follows. follows. Section Section2 2contains contains more more details details on on implicit implicit certificates certificates and and CL-PKCs.CL-PKCs. Section Section3 pertains 3 pertains to theto the security security requirements. requirements. Our Our two two schemes schemes and and their their development development are describedare described in Sections in Sections4 and 54, and respectively. 5, respectively. Section Section6 contains 6 contains the conclusion. the conclusion. 2.2. Background Background and and Related Related Work Work InIn this this section, section, we we discuss discuss background background and and related related work. work. First,First, wewe examineexamine whatwhat typetype ofof authenticationauthentication and and key key agreement agreement (AKA) (AKA) is is used used in in the the recent recent IoT IoT environment. environment.Further, Further,we we analyzeanalyze thethe AKA AKA schemes schemes using using public public key key certificates certificates and and examine examine the the ECQV ECQV implicit implicit certificate.certificate. WeWe alsoalso analyze the certificateless-based AKA (CL-AKA) schemes using the certificateless PKC. Finally, we analyze the existing schemes. Sensors 2020, 20, 5350 3 of 19 Sensorsanalyze 2020 the, 20, x certificateless-based FOR PEER REVIEW AKA (CL-AKA) schemes using the certificateless PKC. Finally,3 of 18 we analyze the existing schemes. 2.1. Authentication and Key Agreement (AKA) 2.1. Authentication and Key Agreement (AKA) The IoT requires efficient and secure key management. Many objects are interconnected, and AKA Theis required IoT requires for secure efficient communication and secure key[7]. Key management. management Many protocols objects are are divided interconnected, into key distributionsand AKA is requiredand key foragreements secure communication (or key exchanges). [7]. Key During management key distribution, protocols a are sender divided requesting into key communicationdistributions and generates key agreements a session (or key, key and exchanges). a receiver Duringdecrypts key that distribution, key. Key agreement a sender requestingcalculates acommunication