Public Key Authentication and Key Agreement in IoT Devices With Minimal Airtime Consumption

Computational complexity of public key cryptography over sensor nodes is not anymore a blocking concern in modern devices which natively (and efficiently) support elliptic curve cryptography. The problem has rather shifted toward the significant airtime consumption required to exchange multiple messages and certificates so as to perform authentication and key agreement. This letter addresses such problem by exploiting implicit certificates (elliptic curve Qu-Vanstone). We specifically propose a novel key management protocol (KMP) which suitably integrates implicit certificates with a standard elliptic curve Diffie-Hellman exchange, and performs authentication and key derivation. As confirmed by a proof-of-concept implementation and relevant experimental results, the proposed KMP guarantees maximal airtime savings (up to 86.7%) with respect to conventional approaches, robust key negotiation, fast rekeying, and efficient protection against replay attacks.


I. INTRODUCTION
S ECURITY is vital in industrial Internet of Things (IIoT).
Critical applications such as process monitoring and automation require device-level authentication and support for encrypted and authenticated data exchange over the underlying low-power wireless sensor networks [5].
Standardization in this field has significantly advanced in the last years.At the application layer, the constrained application protocol (CoAP) has modified the widely employed datagram transport layer security so as to fit it into memory/energy constrained devices [14].At the data link layer, cryptographic extensions have been included in the IEEE 802.15.4 standard, and a new standardization initiative, namely the IEEE 802.15.9 standard [3], is currently addressing the support for key management protocol (KMP) messages through IEEE 802.15.4 information elements.In the mean time, public key cryptography (PKC)-a fundamental building block in most KMPs-has become viable also on constrained Manuscript received October 5, 2016; accepted November 15, 2016.Date of publication November 18, 2016; date of current version February 24, 2017.This work was supported by the European Union's Horizon 2020 Research and Innovation Programme for Project SymbIoTe under Grant 688156.This manuscript was recommended for publication by C. Gebotys.
G. Bianchi is with the Department of Electronic Engineering, University of Rome Tor Vergata, Rome 00133, Italy (e-mail: giuseppe.bianchi@uniroma2.it).
Color versions of one or more of the figures in this paper are available online at http://ieeexplore.ieee.org.
Digital Object Identifier 10.1109/LES.2016.2630729devices.Indeed, we are now at a point in time where elliptic curve cryptography (ECC) is not only affordable on today's ever more powerful and (memory) capable constrained devices [7], [17], but it is even cheap and natively introduced in the latest generation of IIoT devices [14].Such technological evolution is bringing us to a point where the primary concern is not anymore the computationally efficient support of ECC, but rather stems in how to use such primitives for building airtime-efficient authentication and key management protocols.Indeed, most of the proposed PKCbased handshakes [15] suffer from a significant shortcoming in terms of number and size of the messages exchanged [19].In particular, transmission of long messages containing conventional X.509 certificates [12] yields a sizeable airtime consumption, whose major consequences are: 1) a significant latency in the authentication protocol when run over a typical low-rate communication channel and 2) a significant power consumption, being airtime a major power drain component.

A. Contribution
Based on these premises, the contribution of this letter is threefold.First, our proposed approach is among the first to concretely integrate and experimentally evaluate "implicit" elliptic curve Qu-Vanstone (ECQV) certificates [1] within an authentication and key agreement protocol devised for IIoT devices and scenarios.While in our former work [19] performance were affected by a software implementation of the ECC primitives, this letter shows that the viability of such technique is greatly improved by the native (e.g., hardware) and efficient support of ECC over modern IIoT devices.Second, our novel proposed KMP relies on an ordinary and widely established "fixed" elliptic curve Diffie-Hellman (ECDH) exchange [6], which provides authentication without any explicit signature, as well as ephemeral key derivation (and very fast rekeying, when necessary).This is obtained by exchanging per-session nonces and by securing the exchange using a minimized number of messages (two per each direction, i.e., four in total).Finally, experimental performance results over both singlehop and multihop networks show significant improvements in terms of maximal airtime savings (up to 86.7%) with respect to a traditional approach relying on an ECDH exchange with public coefficients certified/signed using the ECC digital signature algorithm (ECDSA).

II. BACKGROUND: ECQV IMPLICIT CERTIFICATES
For the reader's convenience, we briefly review the notion of implicit certificates along with the details of the ECQV algorithm [1].Let G be an elliptic curve group, and let G ∈ G be a generator of (prime) order n of the group G. Let U be the 1943-0663 c 2016 IEEE.Personal use is permitted, but republication/redistribution requires IEEE permission.
3) The user generates the private key p u = γ u +r•H(C U , U) and the relevant public key P U = p u • G. Any party can trivially compute U's public key by knowing only its identity U, its implicit certificate C U , and the CA's public key P CA , as The security of such construction was formally proven in [10], and an X.509-compliant implicit certificate format using in total 78 bytes was presented in [11].
III. KEY MANAGEMENT PROTOCOL Our proposed KMP relies on the widely accepted ECDH handshake, but minimizes airtime consumption by exchanging the public ECDH coefficients in implicit format, i.e., by using ECQV implicit certificates.Our design challenge is therefore to comply with the "fixed" nature of the resulting handshake (ephemeral ECDH coefficients would mandate an explicit digital signature).This is addressed by the exchange and handling of fresh nonces per each session, via two supplementary authentication messages following the initial ECDH exchange, which guarantee peer authentication and (fresh) key derivation.
In details, the proposed protocol, non restrictively illustrated in Fig. 1 for the case of a constrained device D which mutually authenticates and negotiates a session key with a coordinator device C, comprises two phases.Without loss of generality, we assume that all the constrained devices, including the network coordinator, trust the same CA, and possess the following cryptographic material: own public key, own private key, own implicit certificate, and CA's public key.
In the first phase, each peer X (i.e., C or D) sends to the other party a message comprising: 1) a nonce ρ X and 2) an implicit ECQV certificate C X .The receiver is thus able to: 1) extract the Public Key P X = P CA + C X • H(C X , X) from the implicit certificate C X , as described in Section II; 2) compute the (same and fixed) premaster session key K CD using an ordinary ECDH.For instance, once received C D and after having extracted P D , the network coordinator C can use its private key p c to compute K CD = p c P D = p c p d G; the same result is obtained on the other side by the device D which computes K CD = p d P C = p c p d G.Note that (as indeed expected by a "fixed" ECDH exchange) subsequent handshakes among the same pair of devices would yield the same key K CD .Moreover, note that any attacker could replay the message containing the implicit certificate so as to impersonate one of the two devices.
To address both such issues, our proposed KMP relies on fresh nonces in each "new" exchange.Nonces serve for two complementary purposes.
1) Authentication: To authenticate the exchange, peers D and C compute an authentication tag where the [k, s] operator refers to a generic symmetric authentication algorithm (e.g., an HMAC) working on the bit stream s by using key k.Note that the two tags differ, as they use the same information but in a different order [6].2) Key Derivation: Finally, each peer computes the actual session key P K (or multiple keys, to distinguish encryption key from integrity key as customarily done in mainstream security protocols) via an ordinary/standard key derivation function (KDF) χ , as: )-details in Section IV.We conclude this section by noting that the proposed KMP intrinsically supports fast opportunistic rekeying.In fact, based on the fixed ECDH mechanism, the key negotiation algorithm always produces the same shared secret for a specific device pairs.Therefore, the heavy cryptographic operations required by both ECQV and ECDH algorithms can be avoided in a subsequent handshake: a device can retrieve from a local cache the previously computed premaster key and simply compute a new session key using the new exchanged nonces.

A. Security Considerations
The proposed approach relies on building blocks whose security is widely established, namely ECDH [6] and ECQV [10].Note that these building blocks remain independent in our construction, opposed to being composed, and secret parameters for both schemes are neither exposed to external entities nor used in a way different from their standard usage.In this way, we avoid possible issues that may emerge when mixing blocks whose conjuncted adoption is not universally guaranteed ( [9], for instance, shows problems related to the composition of implicit certificates and ECDSA technique).
Moreover, ECQV implicit certificates, binding a public key to its owner in a trusted way, make the proposed strategy robust against man-in-the-middle (MITM) attacks.Furthermore, the mutual authentication scheme implemented in the second part of the protocol protects the entire approach against replay attacks, and explicitly binds the exchanged cryptographic quantities to the involved peer identities using per-session nonces.It is worth noting that the two authentication messages closely mimic the operation of the finished message in the transport layer security (TLS) protocol, and therefore, inherit the relevant security properties assessed for the TLS protocol [18].Indeed, each authentication tag is computed by including all the information exchanged in the first two messages (plus the peer identities) and hence protects the entire exchange from MITM modifications.
Finally, the designed protocol does not specifically influence (i.e., neither positively or negatively) resilience against physical attacks such as tampering, fault, and side-channel attacks, resilience which is mandated to a careful technical implementation and choice of the involved elliptic curves.For instance, standard software/hardware-based techniques can be used to mitigate tampering attacks and prevent the physical access to security parameters stored within the device.To prevent fault attacks which force the victim device to perform calculations on weak elliptic curves in order to leak the secret key, it is necessary to carefully select the considered ECC curve: the one adopted in our implementation (see Section IV for details) satisfies this requirement.And in terms of side-channel attacks (at least for what concerns side timing-channels), the ECC hardware implementation adopted in our prototype employs the montgomery ladder [6] algorithm (see Section IV) and thus guarantees that the time needed to perform ECC point multiplication is independent from side-channel information and does not leak secret key information.

IV. IMPLEMENTATION
The proposed KMP scheme has been implemented in the OpenWSN protocol stack (openwsn.atlassian.net),installed on the OpenMote-CC2538 constrained platform (www.openmote.com),and released as open source at the site http://telematics.poliba.it/iot-ecc,under the Berkeley software distribution license.Some implementation aspects and design choices are listed below.
1) The KMP has been developed at the application layer and integrated in CoAP.The KMP instance running on a given node is handled as a CoAP resource, identified with the Uniform Resource Identifier (URI) "coap://[ipaddr]:[port]/kmp," where [ip-addr], [port], and kmp are the IPv6 address of the node, the port number (default value 5683), and the KMP resource, respectively.2) At the link-level, the IIoT technology supports very small packets (e.g., maximum transmission unit equal to 127 bytes).KMP messages carrying peer certificates thus need to be fragmented.Then, we used the block-wise transfer mode [8]. 3) CoAP provides a reliable transfer by acknowledging packets after reception.To reduce bandwidth and energy consumption, and reduce delay (to a greater extent in multihop scenarios) we employed a piggybacking mechanism, where fragments of each peer's certificate are transmitted together with the ACK message referring to the previously received packet.
4) The OpenMote-CC2538 cryptoprocessor provides hardware accelerated atomic cryptographic ECC operations, which we have properly assembled and further optimized via software configuration.The well-known curve secp160r1 provided by NIST [4] is used for handling ECC operations.To the best of our knowledge, this is the first contribution that integrates elliptic cryptography on OpenMote-CC2538 boards in the OpenWSN protocol stack.From the security perspective, secp160r1 is able to guarantee the minimum acceptable security level (e.g., equal to 80) envisaged for an elliptic curve [13], while ensuring the lowest bandwidth requirements.Moreover, such curve is considered resilient against fault attacks [20].Furthermore, the OpenMote-CC2538 cryptoprocessor also implements the montgomery ladder algorithm, used to make ECC operations resilient against side-channel attacks.The authentication tag is also generated by a hardware accelerated execution of the HMAC-SHA256 algorithm.5) The session key P K is currently computed by using the MGF1 function, specified by IEEE P1363a [2], which provides a good compromise among simplicity, security, and code footprint.The code can be trivially extended to support better KDFs, such as the provably-secure KDFs recommended in the IETF RFC 5869.6) For simplicity, we do not use ECC point compression techniques to further reduce the size of the implicit certificate.Due to fragmentation of the application payload, the first two logical messages are always sent through two link-layer packets.7) The implemented KMP based on implicit certificates requires 12.240 kB of ROM and 644 Bytes of RAM, whereas the KMP implementation based on X.509 explicit certificates used in the next section for benchmarking purposes uses 15.192 kB of ROM and 877 Bytes of RAM.It therefore follows that implicit certificates also bring about advantages in terms of memory footprint.
V. EXPERIMENTAL PERFORMANCE ASSESSMENT The airtime consumption requested by the proposed KMP has been experimentally evaluated in a network with a variable number of devices organized in a chain topology.A benchmark approach that uses the same KMP procedure and adopts explicit X.509 certificates encoded through the standard privacy enhanced mail (PEM) format and the binary distinguished encoding rules (DER) format, as well as digitally signed via the ECDSA algorithm, has been taken into account for the comparison.The link layer, based on the IEEE 802.15.4e technology, has been configured with a slotframe of 101 slots, each lasting 10 ms.During a slotframe, each node has only two active slots: one for the management of the control traffic (i.e., routing messages, beacon frames, and keep-alive packets), the other one for exchanging KMP-related packets.As a result, a 2% duty-cycle for each node is ensured.Fig. 2 shows the impact that cryptographic and communication functionalities have on each single atomic operation.These results have been obtained by testing the execution of the KMP in a single hop network.As expected, implicit certificates can significantly reduce the handshake time.This performance gain is mainly obtained thanks to two different aspects.First, the 78 bytes implicit certificates can be sent within just two link-layer packets, opposed to the 13 packets needed for the 725 bytes of the explicit X.509 certificate in the PEM format, or the nine packets required to send the 495 bytes of the explicit X.509 certificate in the DER format.Second, cryptographic operations of ECQV require a lower computational load with respect to that needed to compute an ECDSA signature.
Fig. 3 reports (with 95% confidence intervals) the time required to complete the KMP protocol as a function of the number of hops that separates the involved nodes.These experimental results clearly demonstrate that the usage of implicit certificates always ensures the maximal airtime saving, with performance gains over explicit X.509 PEM certificates ranging from 77.1% to 86.7%, and from 50.9% to 84.7% with respect to explicit X.509 certificate in the DER format.

VI. CONCLUSION
In this letter we have proposed and experimentally evaluated a key management protocol specifically designed for IIoT scenarios, where bandwidth and energy consumption are critical aspects.While relying on a standard and widely accepted ECDH scheme, it significantly improves airtime savings by employing implicit ECQV certificates.The proposed scheme also provides peers' authentication, ephemeral key derivation, fast rekeying, and efficient protection against replay attacks.Experimental assessment on a concrete CoAP-based implementation, supporting a join protocol for devices potentially many hops far from each other, shows airtime savings up to 86.7% with respect to conventional schemes relying on explicit X.509 certificates.

Fig. 1 .
Fig. 1.Key negotiation protocol.bit-stringidentifying a given user, and let CA be a certification authority with private key p ca ∈ {0, n}, and public key P CA = p ca • G ∈ G.An implicit certificate for the user U is a single point C U ∈ G of the group, issued by the CA, which permits a receiver who knows the user identity U and the public key P CA of the CA, to extract the user's Public Key P U ∈ G such that P U = p u • G, with p u ∈ {0, n} being the user's private key.Specifically, let H(•) be a cryptographic hash function; then an implicit certificate is issued as follows.1)The user U generates a random positive integer r, computes an elliptic curve point R = r • G, and sends it to the CA. 2) The CA generates a random positive integer k, and returns the implicit certificate as the elliptic pointC U = R + k • G,along with the implicit signature γ u = p ca + k • H(C U , U). 3) The user generates the private key p u = γ u +r•H(C U , U) and the relevant public key P U = p u • G. Any party can trivially compute U's public key by knowing only its identity U, its implicit certificate C U , and the CA's public key P CA , as P U = P CA + H(C U , U) • C U .Indeed