Handling Secret Key Compromise by Deriving Multiple Asymmetric Keys based on Diffie-Hellman Algorithm

Abstract

A collection of connected things or nodes that collect information and send it through communication channels is known as the Internet of Things (IoT). Maintaining the confidentiality and integrity of the transferred data is crucial in many applications. As a result, protection of private data from security risks is a top priority for IoT based applications. IoT objects are typically energy-constrained computing and storage devices. Therefore, during the communication of devices, authentication among devices is necessary. A public-private key is created and utilized for the duration of the session without taking into account the possibility of loss to an adversary. Once the key has been compromised, there is no way to know when it has been lost, and the attacker can read every message. This severe security lapse went on for a longer period of time undiscovered. Revoking the key and creating a new key, which is not advised to do frequently, is the only defense against this security breach. An alternative solution to this problem is deriving a new key at communicating sites rather than exchanging keys among them. The performance of the key-sharing algorithm to perform the key exchange is measured based on the time required to encrypt/decrypt and derive the key at the node.