Paper 2021/1127

Bigdata-facilitated Two-party Authenticated Key Exchange for IoT

Bowen Liu, Qiang Tang, and Jianying Zhou


Authenticated Key Exchange (AKE) protocols, by definition, guarantee both session key secrecy and entity authentication. Informally, session key secrecy means that only the legitimate parties learn the established key and mutual authentication means that one party can assure itself the session key is actually established with the other party. Today, an important application area for AKE is Internet of Things (IoT) systems, where an IoT device runs the protocol to establish a session key with a remote server. In this paper, we identify two additional security requirements for IoT-oriented AKE, namely Key Compromise Impersonation (KCI) resilience and Server Compromise Impersonation (SCI) resilience. These properties provide an additional layer of security when the IoT device and the server get compromised respectively. Inspired by Chan et al.'s bigdata-based unilateral authentication protocol, we propose a novel AKE protocol which achieves mutual authentication, session key secrecy (including perfect forward secrecy), and the above two resilience properties. To demonstrate its practicality, we implement our protocol and show that one execution costs about 15.19 ms (or, 84.73 ms) for the IoT device and 2.44 ms (or, 12.51 ms) for the server for security parameter λ =128 (or, λ =256). We finally propose an enhanced protocol to reduce the computational complexity on the end of IoT by outsourcing an exponentiation computation to the server. By instantiating the signature scheme with NIST's round three alternate candidate Picnic, we show that one protocol execution costs about 14.44 ms (or, 58.45 ms) for the IoT device and 12.78 ms (or, 46.34 ms) for the server for security parameter λ =128 (or, λ =256).

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. Information Security Conference: ISC 2021
Contact author(s)
bowen liu @ list lu
bowen liu @ pm me
2021-09-06: received
Short URL
Creative Commons Attribution


      author = {Bowen Liu and Qiang Tang and Jianying Zhou},
      title = {Bigdata-facilitated Two-party Authenticated Key Exchange for IoT},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1127},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.