Group key management in the Internet of Things: Handling asynchronicity

Internet of Things (IoT) devices have permeated our immediate surroundings, becoming ubiquitous. These devices engage in continuous communication, with a significant aspect being group communications. Indeed, the latter are often more efficient than one-to-one interactions, rendering them well-suited for applications like e-health, federated learning, and military systems. However, security plays a pivotal role in these group communications, especially in safeguarding data confidentiality and user privacy. In this context, group key management protocols offer a mechanism for establishing shared group keys and updating them when needed. Nonetheless, the inherently asynchronous nature of IoT devices has proven to be a challenge. IoT devices are susceptible to unexpectedly entering an offline mode due to factors such as battery depletion, energy conservation, or loss of wireless connectivity. Consequently, the establishment of a group key for secure communications becomes a complex task. In this paper, we introduce an innovative approach to establishing group credentials asynchronously while ensuring robust security attributes, including Perfect Forward Secrecy (PFS) and Post-compromise Security (PCS). Our protocol is designed around blockchain technology, specifically smart contracts to embrace the distributed nature of IoT. Additionally, we incorporate a reputation-based mechanism to address the heterogeneity of IoT devices in terms of resource disparity. Evaluation results demonstrate the feasibility of our approach, along with reasonable performances.

Automated summary

Internet of Things (IoT) devices have become ubiquitous and brought the need for group communications. However, security in group communications is challenging due to the asynchronous nature of IoT devices. This paper introduces an innovative approach using blockchain technology and smart contracts to ensure secure and scalable group communications.