Key Agreement Features

Most existing systems use ECDH for key agreements. The attacker participates in the communication using the certificate and any value passed from a sender to a recipient. replay and spoofing attacks are possible. Existing systems aim to participate in communication by disguising themselves as legitimate users through key theft, reading, and public key exchange attacks. Thus, when a security threat occurs in existing patterns, it becomes a hidden cause of attack. In our schemas, keys are generated by adding identifiers of A and B; These are not available to anyone who wants to attack with user-generated rA, rB, and KDS. In Figure 1, the Elliptic Curve Diffie-Hellman (ECDH) algorithm is applied using a public key restored by an implicit certificate and which solves certain problems. Equation (6) shows that the DS is generated via a key match based on the ECDH that only A and B can calculate. It is possible to generate a CDR, which in turn generates a session key (via the KDF key bypass function) by entering IDA, IDB and rA,rB; These are the identifiers and random positive integers (nonces) that are used to create the DS and configure the session. The only entities that can calculate them are A and B, and mutual authentication is ensured by the calculation of the RDC. In this section, we propose Schema 1 with ECQV so that two objects can communicate directly through authentication and key agreement in the IoT environment.

In the existing ECQV-based key management protocol, the node masquerade was a problem due to replay attacks. To solve this problem, we propose an AKA protocol that reduces unnecessary processes in the key generation process and uses legitimate settings. Figure 5 shows the scenario in Figure 1 and the system parameters in Figure 1 are as follows. In an environment where fast communication is required, we offer a scheme that enables fast mutual authentication and key matching via implicit ECQV certificates. This schema provides implicit authentication for public keys (Figure 1). The exponential exchange of keys in itself does not specify any prior agreement or subsequent authentication between participants. It has therefore been described as an anonymous key memorandum of understanding. Shamir was the first to develop an ID-based cryptosystem that enables the management of PKI certificates [15]. In an ID-based PKC, the key distribution problem is solved with a known public key (an ID) instead of an existing authorized certificate. At this point, a trusted third party called a Key Generation Center (KGC) or private key generator generates and issues a private key for each user ID. However, all identification-based PLCs suffer from a significant escrow problem. The KGC can decrypt all encrypted texts and falsify signatures because the KGC generates the private keys.

In 2003, Al-Riyami et al. [16] developed a CL-PKC to solve both public key authentication and key escrow problems. In this cryptosystem, the KGC generates only a subset of the user`s private and public keys, and the user completes the keys. In other words, in a CL-PKC, the key trust problem is solved because the KGC only knows part of the private key. The CL-PKC cryptosystem enables data encryption, digital signature and AKA. The latter has an interactive protocol, and two users negotiate a common session key on a network. Al-Riyami et al. were the first to develop certificateless authentication of key matching based on a CL-PKC. However, since pairing is necessary, the efficiency of the calculation is low. Password-authenticated key matching protocols require that you configure a password separately (which may be smaller than a key) in a way that is both private and secure. These are designed to resist man-in-the-middle and other active attacks on the password and established keys. For example, DH-EKE, SPEKE, and SRP are password-authenticated variants of Diffie-Hellman.

The first publicly known public-key MOU[1] to meet the above criteria was the Diffie-Hellman key exchange, in which two parties jointly expose a generator with random numbers, so that a spy cannot determine what is the resulting value used to generate a shared key. In the Internet of Things (IoT) environment, more types of devices than ever before are connected to the Internet to provide IoT services. Smart devices are getting smarter and improving performance, but there are devices with little computing power and low storage capacity. Devices with limited resources will struggle to apply existing public-key cryptography systems to ensure security. Therefore, communication protocols should be applicable to different types of participating devices in the IoT environment, and these protocols should be facilitated for devices with limited resources. Security is an essential element in the IoT environment, so for secure communication, it is necessary to perform authentication between communication objects and generate the session key. .