ITLS: Lightweight Transport-Layer Security Protocol for IoT With Minimal Latency and Perfect Forward Secrecy

Abstract

Enabling end-to-end secure communication is essential for many Internet-of-Things (IoT) application scenarios. Transport-layer security (TLS) and datagram TLS (DTLS) are the de-facto protocols for communication security in the IP-based IoT. However, the current authentication approaches of TLS are confronted with the heavy overhead and security issues in the resource-constrained IoT scenario. On the other hand, the identity-based cryptography (IBC) becomes an attractive cryptographic solution for the IoT. Unfortunately, the current IBC-based proposals exist the problem of either high communication latency or low level of security. In this article, we propose the first lightweight secure transport protocol called iTLS, which delivers protected data in the first flight with perfect forward secrecy, and provides implicit mutual authentication without certificates. iTLS dynamically generates identity-based early keys before receiving a server response, allowing clients to send the encrypted data without additional round trips. Furthermore, it employs the ephemeral secret ticket to obtain an ephemeral server key in the previous connection. Therefore, the early key established afterward can provide full forward secrecy. Design and implementation in the form of extension make iTLS fully compatible with TLS 1.3 and easy to be converted to a DTLS version. Our evaluation shows that iTLS reduces the network traffic overhead by at least 61.2%, and handshake latency on an ideal network by at least 60% compared to the certificate-based TLS. The results demonstrate iTLS achieves strong adaptability on the low-power and lossy IoT networks.