Group key management in the Internet of Things: Handling asynchronicity

Abstract

Internet of Things (IoT) devices have permeated our immediate surroundings, becoming ubiquitous. These devices engage in continuous communication, with a significant aspect being group communications. Indeed, the latter are often more efficient than one-to-one interactions, rendering them well-suited for applications like e-health, federated learning, and military systems. However, security plays a pivotal role in these group communications, especially in safeguarding data confidentiality and user privacy. In this context, group key management protocols offer a mechanism for establishing shared group keys and updating them when needed. Nonetheless, the inherently asynchronous nature of IoT devices has proven to be a challenge. IoT devices are susceptible to unexpectedly entering an offline mode due to factors such as battery depletion, energy conservation, or loss of wireless connectivity. Consequently, the establishment of a group key for secure communications becomes a complex task. In this paper, we introduce an innovative approach to establishing group credentials asynchronously while ensuring robust security attributes, including Perfect Forward Secrecy (PFS) and Post-compromise Security (PCS). Our protocol is designed around blockchain technology, specifically smart contracts to embrace the distributed nature of IoT. Additionally, we incorporate a reputation-based mechanism to address the heterogeneity of IoT devices in terms of resource disparity. Evaluation results demonstrate the feasibility of our approach, along with reasonable performances.