LiKe: Lightweight Certificateless Key Agreement for Secure IoT Communications

Certificateless public-key cryptography (CL-PKC) schemes are particularly robust against the leakage of secret information stored on a trusted third party (TTP). These security features are particularly relevant for Internet of Things (IoT) domains, where the devices are typically preconfigured with secret keys, usually stored locally on the TTP for following maintenance tasks. Despite some contributions already proposed for the adoption of CL-PKC schemes in constrained IoT devices, current solutions generally require high message overhead, are computationally demanding, and place a high toll on the energy budget. To close this gap, we propose LiKe, a lightweight pairing-free certificateless key agreement protocol suitable for integration in the latest ZigBee 3.0 protocol stack and constrained IoT devices. LiKe is an authenticated key agreement protocol characterized by: 1) ephemeral cryptographic materials; 2) support for intermittent connectivity with the TTP; 3) lightweight rekeying operations; and 4) robustness against impersonation attacks, even when information stored on the TTP is leaked. LiKe has been thoroughly described, and its security properties have been proved via formal tools. Moreover, we have implemented and tested it on real IoT devices, in networks with up to 11 nodes—the source code has been released as an open source. Results are striking: on the OpenMote-b hardware platform, LiKe requires a total time of 3.259 s to establish session keys on each participating device, and at most 0.258% of the overall battery capacity, emerging as a lightweight and energy-friendly solution. Finally, comparisons with competing solutions do show the superior quality and viability of our proposal.