A Hybrid Key Agreement Scheme for Smart Homes Using the Merkle Puzzle

Abstract

Cryptographic keys should be established for the smart home devices in order to secure home area networks. In certain smart home applications, however, the devices might be produced by different factories. As a result, it becomes impractical to assume devices are preloaded with secrets before leaving factories. Moreover, in some scenarios, smart home devices have no access to an online trusted third party. These problems make conventional key agreement schemes inapplicable for these devices. It is investigated that devices can extract secrets from received signal strength (RSS) measurements at the physical layer. However, the bit extraction rate is low. The Merkle puzzle is introduced to design the key agreement scheme by expanding the low entropy seed to high entropy secret key. However, it introduces considerable time and computation costs. To alleviate these problems, in this article, we design a hybrid key agreement scheme for smart homes. Namely, smart home devices first extract short random keys at the physical layer. Then, they establish secret communication keys at higher layers by making use of the Merkle puzzle. In this way, secret keys can be established without using any preloaded secrets or online trusted third party. We prove the security of the new scheme and present a prototype implementation using Ralink WiFi cards. Moreover, we evaluate the performance of our scheme and compare it with other related schemes. The analysis shows that comparing with the related schemes, in our scheme, the time cost is at least one order of magnitude lower, the computation cost is at least five orders of magnitude lower, and the extra communication cost is moderate.