EBASKET ECC Blended Authentication and Session Key Establishment Technique for IoT

Abstract

Security is a prerequisite of each device that provides physical access to anyone and is logically expose to communication network attacks. The Internet of Things (IoT) must assure energy-saving provision due to the unique characteristics of IoT devices that comprise cost-effective, low power, and data delivery capacity. A Key-based Authentication scheme is a need without creating a bottleneck of communication for security in IoT integration. Security solutions viz., Authentication, Access control, and Key management are essential for the protection of communication in IoT applications. Public Key Cryptography (PKC) encapsulates multiple security functionalities and applications in conventional networks. The proposed Elliptic Curve Cryptography (ECC) Blended Authentication and Session Key Establishment Technique (EBASKET), an enhanced HPAKE scheme secures the IoT device interactions using Hash and Public Key Cryptography conjoined with a Stochastic Number. EBASKET authenticates and establishes Session Key for communicating IoT Devices using ECC that enhances the security resisting Key Disclosure, Man-in-The-Middle (MiTM), Relay threats. It incorporates an Elliptic Curve of 256 bits to achieve the 128 bits security level. EBASKET accomplishes Key Establishment utilizes Nonce as the Fragmentary Key after authenticating the intercommunicating Devices. It decreases the overall delay incurred reducing the communication overhead minimizing the quantity and magnitude of the messages exchange for Authentication. A secure Key Establishment for the Session uses a Stochastic, Hashing function, and ECC. The interactions throughout the Predeploying, Authenticating, and Key Establishing process cause a delay. The performance graph depicts that Key Establishment and authenticating the IoT devices using ECC and reducing communicational cost enhance security than Enhanced, Hybrid, and Lightweight Authentication Schemes.