Integration of OWL Password-Authenticated Key Exchange Protocol to Enhance IoT Application Protocols.

Abstract

The rapid expansion of the IoT has led to increasing concerns about security, particularly in the early stages of communication where many IoT application-layer protocols, such as CoAP and MQTT, lack native support for secure key exchange. This absence exposes IoT systems to critical vulnerabilities, including dictionary attacks, session hijacking, and MitM threats, especially in resource-constrained environments. To address this challenge, this paper proposes the integration of OWL, a password-authenticated key exchange (PAKE) protocol, into existing IoT communication frameworks. OWL introduces a lightweight and secure mechanism for establishing high-entropy session keys from low-entropy credentials, without reliance on complex certificate infrastructures. Its one-round exchange model and resistance to both passive and active attacks make it particularly well-suited for constrained devices and dynamic network topologies. The originality of the proposal lies in embedding OWL directly into protocols like CoAP, enabling secure session establishment as a native feature rather than as an auxiliary security layer. Experimental results and formal analysis indicate that OWL achieves reduced authentication latency and lower computational overhead, while enhancing scalability, resilience, and protocol performance. The proposed solution provides an innovative, practical, and efficient framework for securing IoT communications from the foundational protocol level.