Lightweight Broadcast Authentication Protocol for Edge-Based Applications

Abstract

In this article, we propose a lightweight authentication protocol that provides forward secrecy for edge-based applications. Motivated by the general consensus that centralized authentication solutions are not suitable for an expanding Internet of Things (IoT), our edge-based authentication reduces latency for critical applications, lowers cloud dependency, and employs cryptographic primitives, which are efficiently implemented on resource-constrained low-end devices. Moreover, the edge entity broadcast messages using session keys that are derived securely from a hash function. The protocol utilizes hash chains and authenticated encryption which makes it resilient to quantum attacks. Moreover, entities are not required to hold a permanent master key, and all session keys are derived securely from a hash function. As a use case, we present a smart emergency system where an edge application broadcasts alert messages for individual responder groups when specific events occur. We formally define and prove the main security properties of our protocol, and compare it to other lightweight protocols in terms of security and performance. The computational complexity of our protocol comprises of three decryption operations, two HMAC, and five hash computations. The required storage for each node is 96 B and the communication overhead is only 56 B per session.