Paper 2019/911

IoT-Friendly AKE: Forward Secrecy and Session Resumption Meet Symmetric-Key Cryptography

Gildas Avoine, Sébastien Canard, and Loïc Ferreira


With the rise of the Internet of Things and the growing popularity of constrained end-devices, several security protocols are widely deployed or strongly promoted (e.g., Sigfox, LoRaWAN, NB-IoT). Based on symmetric-key functions, these protocols lack in providing security properties usually ensured by asymmetric schemes, in particular forward secrecy. We describe a 3-party authenticated key exchange protocol solely based on symmetric-key functions (regarding the computations done between the end-device and the back-end network) which guarantees forward secrecy. Our protocol enables session resumption (without impairing security). This allows saving communication and computation cost, and is particularly advantageous for low-resource end-devices. Our 3-party protocol can be applied in a real-case IoT deployment (i.e., involving numerous end-devices and servers) such that the latter inherits from the security properties of the protocol. We give a concrete instantiation of our key exchange protocol, and formally prove its security.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. MAJOR revision.ESORICS 2019
Security protocolsAuthenticated key exchangeSymmetric-key cryptographySession resumptionForward secrecySecurity modelInternet of Things
Contact author(s)
loic ferreira @ orange com
2019-08-12: received
Short URL
Creative Commons Attribution


      author = {Gildas Avoine and Sébastien Canard and Loïc Ferreira},
      title = {IoT-Friendly AKE: Forward Secrecy and Session Resumption Meet Symmetric-Key Cryptography},
      howpublished = {Cryptology ePrint Archive, Paper 2019/911},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.