ArticlePDF Available

SIKM - A smart cryptographic key management framework

Authors:
Saman Shojae Chaeikar at Sydney International School of Technology and Commerce
Saman Shojae Chaeikar
  • Sydney International School of Technology and Commerce
Ali Ahmadi at Khaje Nasir Toosi University of Technology
Ali Ahmadi
Sasan Karamizadeh at Iran Telecommunication Research Center
Sasan Karamizadeh
Nakisa Shoja Chaeikar
Nakisa Shoja Chaeikar
Nakisa Shoja Chaeikar
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Download full-text PDF
Read full-text
Download citation

Abstract and Figures

For a secure data transmission in symmetric cryptography, data are encrypted and decrypted using an identical key. The process of creating, distributing, storing, deploying, and finally revoking the symmetric keys is called key management. Many key management schemes are devised that each one is suitable for a specific range of applications. However, these schemes have some common drawbacks like the hardness of key generation and distribution, key storage, attacks, and traffic load. In this article, a key management framework is proposed, which is attack resistant and transforms the current customary key management workflow to enhance security and reduce weaknesses. The main features of the proposed framework are eliminating key storage, smart attack resistant feature, reducing multiple-times key distribution to just one-time interpreter distribution, and having short key intervals – minutely, hourly, and daily. Moreover, the key revocation process happens automatically and with no revocation call.
Figures - available from: Open Computer Science
This content is subject to copyright. Terms and conditions apply.
Access to this full-text is provided by De Gruyter.
Content available from Open Computer Science
This content is subject to copyright. Terms and conditions apply.
Research Article
Saman Shojae Chaeikar*, Ali Ahmadi, Sasan Karamizadeh, and Nakisa Shoja Chaeikar
SIKM a smart cryptographic key management
framework
https://doi.org/10.1515/comp-2020-0167
received April 28, 2020; accepted January 18, 2021
Abstract: For a secure data transmission in symmetric
cryptography, data are encrypted and decrypted using an
identical key. The process of creating, distributing, storing,
deploying, and nally revoking the symmetric keys is called
key management. Many key management schemes are
devised that each one is suitable for a specicrangeof
applications. However, these schemes have some common
drawbacks like the hardness of key generation and distribu-
tion, key storage, attacks, and tracload.Inthisarticle,a
key management framework is proposed, which is attack
resistant and transforms the current customary key manage-
ment workow to enhance security and reduce weaknesses.
The main features of the proposed framework are elimi-
nating key storage, smart attack resistant feature, reducing
multiple-times key distribution to just one-time interpreter
distribution, and having short key intervals minutely,
hourly, and daily. Moreover, the key revocation process hap-
pens automatically and with no revocation call.
Keywords: cryptographic key management, symmetric key,
secure communications, key exchange, key refreshment
1 Introduction
A correct key management practice results in having
a reliable use of cryptography, and accordingly, good
information management [1]. Cryptography falls into two
types: symmetric and asymmetric. Symmetric class is when
both parties share an identical secret akeyfor encrypting
and decrypting their information. To generate, distribute,
and nally revoke a key, asymmetric key management frame-
work is required. Several practices are introduced for key
generation or key issuance, such as random number gene-
rator and key derivation functions. An important factor in key
generation process is key strength which analyzes how likely
a key is to be broken by cryptanalysis attacks. To enhance the
key strength, the weak keys that are normally inuenced by
the plain text patterns must be omitted from the key pool [2].
Long cryptographic keys deliver higher security, and with
todays equipment, cracking a 256-bitskeyorlongeris
impossible computationally. The longer keys normally pro-
vide higher security, but increase the computational costs as
well [2].
After generating a key, it must be distributed between
the engaged parties [3]. Sending keys in a clear text format
results in compromising the keys. Therefore, the process of
key distribution needs to be protected against adversaries.
The rst-ever key distribution scheme is the diplomatic
bag [4].In1975,DieHellman introduced a blind
channel establishment technique, which is still one of
the best key distribution practices [5]. Later, the German
Army Enigma (GAE)oered to combine a privately distrib-
uted key schedule and a piece of user-chosen secret key for
every message [6]. Pretty Good Privacy (PGP)is another
method that encrypts a symmetric key by means of an asym-
metric key [7]. Another practice is key wrapping: encapsu-
lating or hiding a key within another pre-distributed key [7].
When the keys should be related together or a periodical
secure exchange is required, a proper choice is using a master
key and deriving subsidiary keys when they are required.
Another common method is the key predistribution [8,9].
Final key management step key revocation is
informing all nodes that the current key is no more usable
and a new key will be given for future sessions [10]. This
may happen by issuing a revocation call, or through a
predened key lifetime.
Key storage storing the keys for future use is a
critical key management issue that increases the probability

* Corresponding author: Saman Shojae Chaeikar, Department of
Information Security, Faculty of Computer Engineering, Iranians
University an e-Institute of Higher Education, Tehran, Iran,
e-mail: saman.shoja@iranian.ac.ir
Ali Ahmadi: Department of Articial Intelligence, Faculty of
Computer Engineering, K. N. Toosi University of Technology, Tehran,
Iran, e-mail: ahmadi@kntu.ac.ir
Sasan Karamizadeh: Department of ICT Security, ICT Research
Institute, Tehran, Iran, e-mail: s.karamizadeh@itrc.ac.ir
Nakisa Shoja Chaeikar: Department of Information Security, Faculty
of Computer Engineering, Iranians University an e-Institute of
Higher Education, Tehran, Iran, e-mail: nks.shoja@gmail.com
Open Computer Science 2022; 12: 1726
Open Access. © 2022 Saman Shojae Chaeikar et al., published by De Gruyter. This work is licensed under the Creative Commons Attribution
4.0 International License.
of compromising the keys [11,12]. Storing them in a raw bit-
string format ignores the needed preliminary security counter-
measures, and accordingly, various techniques are devised to
overcome this problem. A common method is encrypting keys
by an application and decrypting after entering a pass-
word [13,14].
Key length and frequency of key replacement [15]are two
very important key management considerations. Employing
long keys and replacing them periodically enhances security.
When a long key is chosen, attacks like exhaustive key search
are not applicable or at least are highly time and resource
consuming. The keys should ideally be unique for each trans-
action or message [16]; however, due to the high cost and
hardness of the process, this is not applicable in all
circumstances.
Cryptographic keys are either symmetric or asym-
metric. Symmetric key cryptography is a class in which
both parties use an identical or trivially related secret
keys are derived from another. In other words, the users
employ an identical key for enciphering and deciphering
processes. Symmetric keys also might be called the secret
key, one key, shared key, single key, or private key in
which private key and secret key might mistakenly be
considered for similar terminologies in the public-key
cryptography domain [17,18]. In terms of the method of
data processing, symmetric algorithms are classied into
two classes: stream cipher and block cipher. Stream
cipher feeds the message bites one at a time into the
encryption/decryption process, while block ciphers con-
sider data as specic chunks normally 64 or 128 bits
and encrypt/decrypt one chunk at each time [19,20]. The
most common symmetric block cipher algorithms are
AES, Blowsh, DES, Triple DES, Serpent, and Twosh
[21,22]. Symmetric keys operate hundreds to thousands
of times faster than asymmetric keys, as fewer computa-
tions are needed to perform the processes. The keys
should be updated or replaced periodically to avoid being
discovered by the adversaries [23,24].
From the key types perspective, the ve main key
management classes are network-wide key, pairwise key,
random pairwise key, public key, and group key [24].The
network-wide key is the simplest scheme that predistri-
butes a key between all nodes before deploying the net-
work. Its main drawbacks are requiring key storage and
network-wide key compromising, if one node compro-
mises [25]. In the pairwise key, every node has a predis-
tributed key in common with the other nodes. To deploy
this method, for
n
nodes in a network,
n
1
pairwise keys
are required. It provides a high level of security, while the
size of the key storage and consumed memory increases
and scalability drops [26]. The third solution is the notion
of random pairwise key (RPK)that solves the key storage
problem of the previous method by randomly choosing a
set of pairwise keys from a key source [27]. By moving from
symmetric cryptography to asymmetric, public-key crypto-
graphy appears as a solution to the counted problems. It
produces strong keys with a high level of security with the
cost of increasing the computational cost and requiring
additional infrastructures like certicate authority [24].
The nal solution is a combination of network-wide key
and pairwise key methods. Intergroup data exchange uses
the pairwise key method, whereas the intragroup communi-
cations secure by a shared network-wide key. This com-
bination has a higher level of scalability, is more resilient,
and is resistant to node capture attacks compared to both
methods.Itsmaindrawbackisintheprocessofforming
and organizing node groups [28].
With regards to key distribution methodologies, the
current practices are classied into three categories: key
predistribution, postdeployment, and hybrid method [24].
In key predistribution, the keys are embedded within the
nodes before deploying the network. Its most critical pro-
blem is the need for large-size key storage. Moreover,
revoking the embedded keys and distributing new ones
rekeying is a very costly and time-consuming process
[29]. The other practice, postdeployment method, dynami-
cally forms the keys in the nodes once the network is
developed. Due to high resource consumption, rekeying
is the weakness of this method, and accordingly, it is
applicable when a limited number of keys are required
[29]. Hybrid key distribution is a combination of key pre-
distribution and postdeployment methods. Although it is
very scalable, it requires the resources of the both afore-
mentioned methods. Storing a limited number of predis-
tributed keys results in more need for postdeployment
keys a very costly process whereas embedding a large
number of predistributed keys reduces the resilience of the
network against the attacks [30].
The master key is a cryptographic key generation
algorithm that derives the required keys from an initiali-
zation vector, some context, and a label. The key that the
resultant keys are derived from is called the key deriva-
tion key. A key derivation function produces the derived
keys by an automated key establishment process or a
random bit generator [31]. The KDFs may require multiple
iterations to produce the desired key length. The master
key has three well-known KDF modes: counter, feedback,
and double-pipeline iteration. In the rst mode, the result
of the pseudorandom function is an iteration value a
counter. The second mode uses the output of the previous
iteration together with a counter as the input of the con-
sequent iteration. Both counter and feedback modes
18 Saman Shojae Chaeikar et al.
produce the keys through a single pipeline, while in the
double-pipeline iteration mode, this has increased to two
pipelines [31].
To address the aforementioned issues, this article
introduces an attack resistant and Smart Interpretative
Key Management (SIKM)framework an enhanced ver-
sion of our previous research [32]that changes the main
workload of key management from the server side to the
client side. This change of the workow reduces server
and network trac and increases security by means of
producing fresh and time-dependent keys. The following
sections describe the structure of the proposed SIKM fra-
mework, study the level of the reduced trac, and ana-
lyze the SIKMs attack resistance feature.
2 Workow and components
The workow in SIKM initiates from a server that is
responsible to generate a light-weight program that here
is called the interpreter. Once the interpreter created, the
server uploads its encrypted version to either a public or a
dedicated FTP server. Then, all of the nodes download and
decrypt the interpreter using the given key from the server.
In the next step, all nodes unify their date and time with
the dened time server. Upon completing these steps, the
nodes can generate synchronized keys and hold secured
sessions. Since the nodes produce fresh and dynamic keys
at the client side, the necessity of storing keys is resolved,
and always a fresh minutely, hourly, or daily key is ready
in the hand of the nodes. SIKM identies exhaustive key
search and replay attack, and reduces the likelihood of
man-in-the-middle attack. In light of having a constant
key lifetime, the key revocation process has been elimi-
nated and the keys revoke automatically. The SIKM frame-
work is formed by two components: a server and an inter-
preter. The server has four main tasks as follows.
Generating the interpreter.
Distributing the interpreter between the authenticated
nodes.
Monitoring security status of nodes.
Issuing the interpreter revocation call.
An interpreter is a light-weight piece of software that
generates keys based on its intrinsic knowledge. The
knowledge consists of time and date references (a time
zone and calendar), a bit-stream source address, the
interpreting method (or the key extraction algorithm),
36 embedded digits, and an interpreter revocation code.
After producing the interpreter, the server uploads its
encrypted copy to either a dedicated or a publicly available
source. The legitimate nodes receive the decryption key
through a secure channel from the server. After decrypting
and running the downloaded interpreter, it downloads a
bit-stream from the given network address, and then syn-
chronizes its time and date with the dened public source
on the Internet or the server. Since the nodes utilize iden-
tical key initialization resources, they produce identical
time-dependent keys synchronously. The key production
time interval options are minutely, hourly, or daily, and
the keys expire automatically after the dened period
without any revocation call.
2.1 Server
In the SIKM key management framework, the rst com-
ponent is a server that produces an interpreter and man-
ages the sessions until expiring. After generating the
interpreter, the server uploads it to a dedicated or public
space on the network. The authorized nodes receive the
interpreter address and its decryption key from the server
and then install it. Hereafter, the serversmaintasksare
managing new nodes, analyzing the nodessecurity status,
issuing the interpreter revocation call, and answering time
synchronization requests.
The overall SIKM process is shown in Figure 1. In the
current practices, the workow mainly is from the server
toward the nodes, while this ow is changed in SIKM,
and only in very limited stages, the server is involved.
Figure 1: (a)The workow in the common key management practices
and (b)the workow in SIKM.
SIKM a smart cryptographic key management framework 19
2.2 Interpreter
The embedded items within the interpreter are a set of 36
digits, bit-stream source address, time and date (agreed
time zone and calendar), an interpreter revocation code,
bit-stream interpreting knowledge (a key generation algo-
rithm), and in specic cases hardware specications. The
overall key generation process is illustrated in Figure 2.
Time and date: The nodes in SIKM may be distributed
all over the world. Therefore, as time and date parameters
are involved in key generation, these must be identical in
all nodes to let them produce synchronized keys. To this
end, all nodes rst synchronize their local time and date
with the server, or any other dened sources, and then
convert these items into the dened calendar and time zone.
Thirty-six digits: As date and time are involved in key
generation, these must be in a full format to construct a
set of 12 digits eight digits for date and four digits for
time. Triple times concatenation of the 12 digits shapes a
36 digit number that is needed for the key extraction algo-
rithm. To make it impossible for attackers to crack these 36
digits, the numbers are added to the embedded 36 digits
with no carry in each step. The result is a new 36 digits that
change at every key generation interval (Figure 3).
Bit-stream source: This an initialization factor that helps
in synchronizing the key generation process between all
nodes. It is extracted from the rst
n
bits of the dened
le or any data source on the network. To this end, all of
the interpreters download the rst required
n
bits and feed
them into the key extraction algorithm. The bit-stream
source update intervals should be known to the interpreter,
as any change results in producing unsynchronized keys.
Key extraction algorithm:Toproduceakey,thedown-
loaded bits are arranged in a matrix and then surveyed
according to the nal 36 digits. Starting from the index
(0, 0), the algorithm selects the bits horizontally for odd
numbers, and vertically for even numbers. This key extrac-
tion process continues until the key is fully produced. If a
column or row ends before picking up the necessary
number of bits, the process continues from the next column
or row, respectively. By reaching the nal item in a row, the
process continues from the next row, and for each column
from the next column. After the nal row or column, the
process continues from the rst one. If the 36 digits end
before producing the required key length, the key extraction
process reuses the digits. Figure 4 visualizes the matrix key
extraction technique.
Interpreter revocation code: This an embedded secret
code within the interpreter that receiving it means the
current version of the interpreter is expired due to the
decision of the administrator, compromising the inter-
preter or a periodical replacement. To issue the call, the
server encrypts the revocation code using the current key
and then sends it to the nodes.
Hardware specications: SIKM is applicable when the
nodes are well known and trustable for a long term. In cases
like a network of automated teller machines (ATMs),the
specication of the used hardware in all nodes is known.
Therefore, to enhance security, the interpreter could be con-
gured to produce keys when the hardware specications
match the given specications. This helps to avoid produ-
cing the keys if the interpreter is compromised and runs on
Figure 2: The overall process of key generation.
Figure 3: Calculating 36 digits based on the local date and time.
20 Saman Shojae Chaeikar et al.
the attackers machine. Applying this feature depends on
the end-users and is not applicable in all cases.
2.3 Double valid keys period
There are two valid keys within the rst seconds of key
refreshment: the current key and the previous key. This
double valid keys period is because some packets might
be encrypted and sent at the border of changing the
key and get delivered when a new key is utilized.
Therefore, these packets are encrypted with the pre-
vious key, while trying to be decrypted using the current
key. To avoid this conict, in the rst seconds of chan-
ging the key, the received packets are decrypted with
the current key. If the process was unsuccessful, the
previous key will be used for decryption. The length of
thedoublevalidkeysperioddependsonthemaximum
required time for sending a packet between the two
farthest nodes.
2.4 Joining and leaving
To join the sessions for the rst time, the node must pass
the authentication process, and then receive the interpreter
decryption key and the bit-stream download address. Upon
receivingthekey,thenodeisabletodecrypttheinterpreter
and deploy it to establish secure sessions.
If a node has been inactive for a while, it rst sends
an encrypted test message to either one of the nodes or
the server. Receiving a reply means that the interpreter is
valid. Otherwise, the interpreter is expired and the node
goes through the processes of authentication and down-
loading a new interpreter again (Figure 5).
When a node decides to leave the sessions perma-
nently, for a reliable node, it is enough to remove the
interpreter. However, if any of the disjoined nodes is
unreliable, the server revokes all of the distributed inter-
preters. Therefore, a new version of the interpreter must
always be ready in the server for a periodical update or
emergency circumstances.
Figure 4: Illustration of the matrix key extraction technique for 493148769486 digits.
SIKM a smart cryptographic key management framework 21
2.5 Application of SIKM in software security
In addition to utilizing SIKM for establishing secure con-
nections, it can be deployed as a component in software
to provide authentication and security together. When
the group identity is targeted, it helps to bypass the
necessity of entering the username and password to
gain access. To this end, it is enough to dene the level
of access to the resources for the interpreter holders.
At the server-side, the usersclearance is recognized
according to the employed decryption key. When a user
tries to access the resources, the server utilizes the cur-
rent keys of dierent interpreter distributions to decrypt
the request. The successful decryption key denes the
group identity and accordingly grants access.
2.6 Application
The framework is a proper key management choice when
the deployed network consists of reliable nodes that hold
secure sessions for a long term at least 34 fresh keys.
For example, SIKM is an ideal choice for securing a net-
work of ATMs. Assuming the overall interactions of each
customer takes 1 min, minutely key secures its transac-
tions by a unique key without any additional cost.
As another example, a multinational company may use
SIKM to secure the communications between its branches.
Using one interpreter lets the users communicate securely.
As an advanced setup, the branches may deploy SIKM in
pairwise mode and secure the data transmission between
every two branches independently. This type of deployment
requires
n
1
dierent interpreters for nbranches.
3 Security and performance
3.1 Security evaluation
This section studies the security of SIKM in three approaches:
how it reacts against some cryptographic attacks, removing
the key storage component, and the method of utilizing it for
one key per transaction. The following paragraphs discuss
these in detail.
Smart attack resistance: During the period of double
valid keys, if the received packet is not decipherable with
either the current or previous keys, SIKM considers the
packet as a sign of replay or an exhaustive key search
attack and then reports it to the server for the analysis of
nodessecurity status. The server examines the received
packet with the last few previous keys to identify the
attack type. If the received packet is not decipherable,
it is considered as a sign of exhaustive key search attack,
otherwise, a replay attack. Once an attack is identied,
depending on the server decision, the node may continue
working or shut down temporarily to observing the security
measures. The period of double valid keys and the process
of attack identication is illustrated in Figure 6.
Key storage: One of the important key management
problems is the existence of key storage, which increases
the likelihood of compromising the keys. In the common
practices, the keys are stored permanently for future ses-
sions, while in SIKM the keys are changing constantly,
produced at application time, and are not stored.
Key per session: Ideally, cryptography uses one fresh
key for every transaction. However, due to the cost and
hardness of implementation, this idea is not simply applic-
able. Since in SIKM the nodes produce the keys without
imposing cost or trac on the network, a fresh key is
utilized in short intervals without imposing extra cost.
For instance, by deploying SIKMs minutely key in an
ATM network, assuming each customer spends 60 seconds
for a transaction, every transaction is secured using a
unique key.
3.2 Performance evaluation
To measure the cost-eectiveness of the designed frame-
work, it is compared with the key per session method of
the master-key scheme. To this end, equations (1)(3)
help to make a comparison between the key per session
First time
joining
Sending a request to server
for downloading the
interpreter
Authentication
Receiving the decryption
key and downloading the
interpreter
Joining
passive
nodes
Sending an encrypted
message to the server
or a node
Joining a session
Not
replied
Passed
Figure 5: Process of joining sessions.
22 Saman Shojae Chaeikar et al.
(KPS)scheme and SIKM for minutely, hourly, and daily
key refreshment intervals. Table 1 describes the symbols
and their corresponding metrics that are used in the
equations. The bit-stream refreshment interval is consid-
ered once a week.
Equation (1)calculates the imposed key per session
trac for nweeks. Equation (2)computes the trac of the
server activities from the time of establishing SIKM until
revoking the interpreter. The total SIKM imposed trac
on the network which also consists of the servers trac
is calculated in equation (3).
()=+×××nkkn nKPS traffic for 7
.
wdlrlkpd w
(1)
()=+niiSIKM traffic for
.
wkdlirl (2)
()()=+++×
n
iii ni
SIKM netwotk traffic for .
w
kdl irl idl w brl (3)
Since all of the KPS key distribution trac is imposed
on the server, this trac is equal for the server and net-
work. However, in SIKM, the trac is divided into two
parts: between the server and the nodes, and between the
dened source on the network and the nodes. The trac
of KPS and SIKM for producing minutely, hourly and
daily keys for up to 52 weeks is calculated in Tables 2
and 3. To illustrate the dierences, Figures 79 depict
Decryption
Decrypted message
Received packet
Successful Unsuccessful
Decrypting by
previous key
Decrypted message
Successful Unsuccessful
Decryptable by
previous keys
Replay attack
Successful Unsuccessful
Brute force attack
Figure 6: Double key checking and attack identication diagram.
Table 1: Trac of activities
Description Metric (KB)Symbol
Number of keys per day nkpd
KPS key distribution trac1
k
dl
KPS key revocation trac 0.5
krl
SIKM key distribution trac1
i
kdl
SIKM interpreter downloading trac50
i
idl
SIKM interpreter revocation trac 0.5
i
irl
SIKM bit-stream reloading trac 0.5
i
brl
Number of weeks
n
Table 2: The imposed trac on KPS server and network for produ-
cing minutely, hourly, and daily keys
Weeks No. of keys Server traf. (KB)Net traf. (KB)
Minutely key (1,440 keys per day)
1 10,080 15,120 15,120
4 40,320 60,480 60,480
13 131,040 196,560 196,560
26 262,080 393,120 393,120
52 524,160 786,240 786,240
Hourly key (24 keys per day)
1 168 252 252
4 672 1,008 1,008
13 2,184 3,276 3,276
26 4,368 6,552 6,552
52 8,736 13,104 1,3104
Daily key (1 key per day)
1 7 10.5 10.5
428 42 42
13 91 136.5 136.5
26 182 273 273
52 364 546 546
Table 3: The imposed trac on SIKM server and network for pro-
ducing minutely, hourly, and daily keys
Weeks No. of keys Server traf.(KB)Net traf.(KB)
Minutely key (1,440 keys per day)
1 10,080 1.5 52
4 40,320 1.5 53.5
13 131,040 1.5 58
26 262,080 1.5 64.5
52 524,160 1.5 77.5
Hourly key (24 keys per day)
1 168 1.5 52
4 672 1.5 53.5
13 2,184 1.5 58
26 4,368 1.5 64.5
52 8,736 1.5 77.5
Daily key (1 key per day)
1 7 1.5 52
4 28 1.5 53.5
13 91 1.5 58
26 182 1.5 64.5
52 364 1.5 77.5
SIKM a smart cryptographic key management framework 23
the imposed trac on the KPS server, SIKM server, and
SIKM network for minutely, hourly, and daily keys,
respectively.
The trac per key for both KPS and SIKM schemes is
calculated in Tables 4 and 5. The tables demonstrate that
SIKM daily key imposes just
1
7
of KPS trac on the net-
work. For hourly key, the distance increases to
1
170
, and
nally, the trac in SIKM for minutely keys is
1
10,714
of
KPS trac per key. This means having less than one-bit
trac on the network for every minutely SIKM key.
At the start of establishing SIKM, referring to Table 1
values, 51 KB trac is generated for receiving the decryp-
tion key and then downloading the interpreter. To nd
the threshold for choosing between KPS and SIKM, the
51 KB of SIKM trac must be divided into 1.5 KB tracof
distributing and revoking a KPS key. The results show
that requiring more than 34 fresh keys is the threshold
for employing SIKM instead of KPS. In other words, for
daily keys after 34 days, for hourly keys after 34 h, and for
minutely keys after 34 min, using SIKM is more cost-
eective.
Figure 10 depicts the comparison of the generated
trac per key between SIKM and KPS after 52 weeks,
and Table 6 compares the main key management features
between SIKM and KPS. As shown, KPS has less node
workload and the easier process for node revocation,
while SIKM outperforms in the rest of features.
Although the proposed framework reduces the cost
and trac load of deploying fresh keys, it has two main
drawbacks: rst, protecting the distribution of the inter-
preter decryption key against a man-in-the-middle attack
0
160000
320000
480000
640000
800000
1st
KPS - Netw
SIKM - Net
week 4th wee
work traffic
twork and server
ek 13th week
SIKM - Server traffic
r traffic
26th week 52thh week
Figure 7: Comparison of KPS and SIKM minutely key trac on net-
work and server.
0
3000
6000
9000
12000
15000
1th w
KPS - Netwo
SIKM - Netw
week 4th wee
ork traffic
work and server
k 13th week 2
SIKM -
traffic
26th week 52th
- Server traffic
h week
Figure 8: Comparison of KPS and SIKM hourly key trac on network
and server.
0
120
240
360
480
600
1th w
KPS - Netw
SIKM - Net
week 4th wee
work traffic
twork and serve
k 13th week 2
SIKM
r traffic
26th wekk 52th
- Server traffic
h week
Figure 9: Comparison of KPS and SIKM daily key trac on network
and server.
Table 4: Trac per key for KPS minutely, hourly, and daily keys
after 52 weeks
No. of keys Net trac Net trac per key
Key per minute
524,160 786,240 KB 1.5 KB
Key per hour
No. of keys Net trac Net trac per key
8,736 13,104 KB 1.5 KB
Key per day
No. of keys Net trac Net trac per key
364 546 KB 1.5 KB
Table 5: Trac per key for SIKM minutely, hourly, and daily keys
after 52 weeks
No. of keys Net trac Net trac per key
Key per minute
524,160 77.5 KB 0.00014 KB
Key per hour
No. of keys Net trac Net trac per key
8,736 77.5 KB 0.0088KB
Key per day
No. of keys Net trac Net trac per key
364 77.5 KB 0.2129 KB
24 Saman Shojae Chaeikar et al.
and second, the process of revoking a node. If the inter-
preter decryption key compromises during distribution
between any of the nodes, the whole network compro-
mises accordingly, and the server must distribute a new
interpreter. However, this is not limited to the SIKM and
is a common problem between all of the current prac-
tices. Moreover, when a node revokes, the rest must go
through the process of receiving and deploying a new
interpreter, unless it has been revoked securely.
4 Conclusion
The cyberspace is an online environment where its parti-
cipants are involved in various types of interactions. The
essence of these interactions is the data that is exchanged
between the engaged parties. Disclosure of data to unauthor-
ized people is a critical concern for the security of communica-
tions, and cryptography is the main solution for overcoming
condentiality threats. Therefore, a range of cryptographic key
management frameworks are devised to produce, distribute,
and revoke the required keys. However, each one is suitable
for specic applications and has its own drawbacks. This
article proposes a novel cryptographic key management fra-
mework that is cost-eective when more than 34 fresh and
dynamic keys are required. It produces the fresh keys in min-
utely, hourly, or daily intervals and dramatically reduces the
trac load per key in comparison with the master key scheme.
In addition, the framework reacts smartly against some cryp-
tographic attacks and eliminates the need for key storage. It is
also applicable for authentication in secure sessions when
groupmembershipisenoughforgainingaccess.
Conict of interest: Authors state no conict of interest.
References
[1]F. Gandino, C. Celozzi, and M. Rebaudengo, A key manage-
ment scheme for mobile wireless sensor networks,Appl. Sci.,
vol. 7, no. 5, p. 490, 2017.
[2]E. Barker, W. Barker, Recommendation for key management,
part 2: best practices for key management organization,
Technical report, National Institute of Standards and
Technology, 2018.
[3]E. Yuan and L. Wang, A key management scheme realising
location privacy protection for heterogeneous wireless sensor
networks,Int. J. Sensor Netw., vol. 32, no. 1, pp. 3441, 2020.
[4]G. Xu, X.-B. Chen, Z. Dou, Y.-X. Yang, and Z. Li, A novel pro-
tocol for multiparty quantum key management,Quantum
Inform. Process., vol. 14, no. 8, pp. 29592980, 2015.
[5]S. S. Chaeikar, H. S. Moghaddam, and H. R. Zeidanloo, Node
based interpretative key management framework,in: Security and
Management, Las Vegas, USA: WORLDCOMP, 2010, pp. 204210.
[6]J. Han and J. Wang, An enhanced key management scheme for
LoRaWAN,Cryptography, vol. 2, no. 4, pp. 34, 2018.
[7]A. Mazin, K. Davaslioglu, and R. D. Gitlin, Secure key man-
agement for 5g physical layer security,in: 2017 IEEE 18th
Wireless and Microwave Technology Conference (WAMICON),
Cocoa Beach, FL, USA: IEEE, 2017, pp. 15.
[8]J. Liu, X. Tong, Z. Wang, M. Zhang, and J. Ma, A centralized key
management scheme based on mceliece pkc for space net-
work,IEEE Access, vol. 8, pp. 4270842719, 2020.
[9]S. S. Chaeikar, S. Yazdanpanah, and N. S. Chaeikar, Secure
sms transmission based on social network messages,Int. J.
Internet Technol. Secured Trans., vol. 11, no. 2,
pp. 176192, 2021.
[10]S. R. Singh and K. K. Ajoy, Key management scheme for
internet of things using an elliptic curve,J. Comput. Theoret.
Nanosci., vol. 17, no. 1, pp. 115121, 2020.
[11]G. Manikandan and U. Sakthi, A comprehensive survey on
various key management schemes in WSN,in: 2018 2nd
International Conference on I-SMAC (IoT in Social, Mobile,
Analytics and Cloud)(I-SMAC)I-SMAC (IoT in Social, Mobile,
Analytics and Cloud)(I-SMAC), Palladam, India: IEEE, 2018,
pp. 378383.
[12]A. Joshi and A. K. Mohapatra, Authentication protocols for
wireless body area network with key management approach,
0
0.3
0.6
0.9
1.2
1.5
Minutely key
KPS traffic per
Hourly key
r key SIKM tra
Daily
ffic per key
key
Figure 10: Comparison of network trac between KPS and SIKM
after 52 weeks.
Table 6: Comparing SIKM and KPS features
Features SIKM KPS
Low network trac
X
Distributed computations
X
Low server workload
X
Low node workload X
Resistant to brute force attack
X
Resistant to replay attack
X
Cost-eectiveness
X
Node revocation X
SIKM a smart cryptographic key management framework 25
J. Discrete Math. Sci. Cryptograph., vol. 22, no. 2,
pp. 219240, 2019.
[13]Y. Tian, Z. Wang, J. Xiong, and J. Ma, A blockchain-based
secure key management scheme with trustworthiness in
DWSNs,IEEE Trans. Industr. Inform., vol. 16, no. 9,
pp. 61936202, 2020.
[14]M. Alizadeh, M. Salleh, M. Zamani, J. Shayan, S. Karamizadeh,
Security and performance evaluation of lightweight crypto-
graphic algorithms in RFID, The 16th WSEAS International
Conference on Communications (part of CSCC 12), Kos Island,
Greece, July 1417, 2012.
[15]J. Shen, H. Tan, S. Moh, I. Chung, Q. Liu, and X. Sun,
Enhanced secure sensor association and key management in
wireless body area networks,J. Commun. Netw., vol. 17, no. 5,
pp. 453462, 2015.
[16]L. Zhang, Key management scheme for secure channel
establishment in fog computing,IEEE Trans. Cloud Comput.,
vol. 9, no. 3, pp. 111728, 2019.
[17]S. ShojaeChaeikar, A. A. Manaf, A. A. Alarood, and M. Zamani,
PFW: polygonal fuzzy weighted an svm kernel for the classi-
cation of overlapping data groups,Electronics, vol. 9, no. 4,
p. 615, 2020.
[18]Y. Harchol, I. Abraham, and B. Pinkas, Distributed ssh key
management with proactive rsa threshold signatures,in:
International Conference on Applied Cryptography and
Network Security, Leuven, Belgium: Springer, 2018, pp. 2243.
[19]A. Ghosal and M. Conti, Key management systems for
smart grid advanced metering infrastructure: A survey,
IEEE Commun. Surveys Tutorials, vol. 21, no. 3,
pp. 28312848, 2019.
[20]S. S. Chaeikar, M. Alizadeh, M. H. Tadayon, and A. Jolfaei, An
intelligent cryptographic key management model for secure
communications in distributed industrial intelligent systems,
Int. J. Intell. Syst., 2021.
[21]M. Ma, G. Shi, and F. Li, Privacy-oriented blockchain-based
distributed key management architecture for hierarchical
access control in the iot scenario,IEEE Access, vol. 7,
pp. 3404534059, 2019.
[22]J. Sen, Cryptography and security in computing,BoDBooks
on Demand, London: IntechOpen, 2012.
[23]S. S. Chaeikar, A. Jolfaei, N. Mohammad, and P. Ostovari,
Security principles and challenges in electronic voting,
in: 2021 IEEE 25th International Enterprise Distributed Object
Computing Workshop (EDOCW), Gold Coast, Australia: IEEE,
2021, pp. 3845.
[24]M. S. Yousefpoor and H. Barati, Dynamic key management
algorithms in wireless sensor networks: A survey,Comput.
Commun., vol. 134, pp. 5269, 2019.
[25]T. Pramod, K. G. Boroojeni, M. H. Amini, N. Sunitha, and
S. Iyengar, Key pre-distribution scheme with join leave sup-
port for scada systems,Int J. Critic. Infrastruct. Protect.,
vol. 24, pp. 111125, 2019.
[26]S. Yazdanpanah and S. S. Chaeikar, IKM-based security
usability enhancement model,Int. J. Comput. Sci. Inf. Technol.
Secur., vol. 2, no. 4, pp. 852858, 2012.
[27]L. Li, G. Xu, L. Jiao, X. Li, H. Wang, J. Hu, et al., A secure
random key distribution scheme against node replication
attacks in industrial wireless sensor systems,IEEE Trans. Ind.
Inform., vol. 16, no. 3, pp. 20912101, 2019.
[28]S. Mandal, S. Mohanty, and B. Majhi, CL-AGKA:
Certicateless authenticated group key agreement protocol for
mobile networks,Wireless Netw., vol. 26, pp. 30113031,
2020. Doi: 10.1007/s11276-020-02252-z.
[29]S. S. Chaeikar, A. B. A. Manaf, and M. Zamani, Comparative
analysis of master-key and interpretative key management
(IKM)frameworks,Cryptograph. Security Comput., vol. 203,
pp. 203218, 2012.
[30]R. L. Naik, S. S. S. Reddy, and M. G. Chand, Toward
secure quantum key distribution protocol for super dense
coding attack: A hybrid approach,in: Data Engineering
and Communication Technology, Singapore: Springer, 2020,
pp. 515525.
[31]M. Griotti, F. Gandino, and M. Rebaudengo, Transitory master
key transport layer security for WSNS,IEEE Access, vol. 8,
pp. 2030420312, 2020.
[32]S. S. Chaeikar, S. AbdRazak, S. Honarbakhsh, H. R. Zeidanloo,
M. Zamani, and F. Jaryani, Interpretative key management
(IKM), a novel framework,in: 2010 Second International
Conference on Computer Research and Development,
Kuala Lumpur, Malaysia: IEEE, 2010, pp. 265269.
26 Saman Shojae Chaeikar et al.
10.1515_comp-2020-01
67.pdf
Content uploaded by Sasan Karamizadeh
Author content
All content in this area was uploaded by Sasan Karamizadeh on Mar 08, 2022
Content may be subject to copyright.
10.1515_comp-2020-01
67.pdf
Content uploaded by Saman Shojae Chaeikar
Author content
All content in this area was uploaded by Saman Shojae Chaeikar on Feb 26, 2022
Content may be subject to copyright.
... As seen in Figure 2, the CoinJoin transaction combines the transactions into a single transaction rather than two separate transactions. Although the inbox and CoinJoin transaction port on the right have labels that make it evident how much bitcoin is coming in and going out, it is impossible to trace the cash flow to find out who paid whom [17,18,19]. CoinJoin transactions give criminals an additional layer of anonymity to cover the entire financial flow [20]. ...
View
... To detect the hand gesture, the algorithm should first transform the video frames into two-dimensional images, and then apply segmentation and skin filter functions. In this area, the researchers have presented various methods that utilize machine learning techniques such as support vector machines (SVM) [6], artificial neural networks (ANN) [7], fuzzy systems [8], deep learning (DL) [9], and metaheuristic methods [10]. ...
Secure CAPTCHA by Genetic Algorithm (GA) and Multi-Layer Perceptron (MLP)
Article
Full-text available
  • Sep 2023
To achieve an acceptable level of security on the web, the Completely Automatic Public Turing test to tell Computer and Human Apart (CAPTCHA) was introduced as a tool to prevent bots from doing destructive actions such as downloading or signing up. Smartphones have small screens, and, therefore, using the common CAPTCHA methods (e.g., text CAPTCHAs) in these devices raises usability issues. To introduce a reliable, secure, and usable CAPTCHA that is suitable for smartphones, this paper introduces a hand gesture recognition CAPTCHA based on applying genetic algorithm (GA) principles on Multi-Layer Perceptron (MLP). The proposed method improves the performance of MLP-based hand gesture recognition. It has been trained and evaluated on 2201 videos of the IPN Hand dataset, and MSE and RMSE benchmarks report index values of 0.0018 and 0.0424, respectively. A comparison with the related works shows a minimum of 1.79% fewer errors, and experiments produced a sensitivity of 93.42% and accuracy of 92.27–10.25% and 6.65% improvement compared to the MLP implementation. The range of the supported hand gestures can be a limit for the application of this research as a limited range may result in a vulnerable CAPTCHA. Also, the processes of training and testing require significant computational resources. In the future, we will optimize the method to run with high reliability in various illumination conditions and skin color and tone. The next development plan is to use augmented reality and create unpredictable random patterns to enhance the security of the method.
View
... To detect the hand gesture, the algorithm should first transform the video frames into twodimensions images, and then apply segmentation and skin filter functions. In this area, the researchers have presented various methods that utilize machine learning techniques such as Support Vector Machines (SVM) [6], Artificial Neural Networks (ANN) [7], fuzzy systems [8], Deep Learning (DL) [9], and metaheuristic methods [10]. ...
Secure CAPTCHA by Genetic Algorithm (GA) and Multi-Layer Perceptron (MLP)
Preprint
Full-text available
  • Jul 2023
To achieve an acceptable level of security on the web, the Completely Automatic Public Turing test to tell Computer and Human Apart (CAPTCHA) was introduced as a tool to prevent bots from doing destructive actions such as downloading or signing up. Mobile devices have small screens, and therefore, using the common CAPTCHA methods (e.g. text CAPTCHAs) in these devices raises usability issues. To introduce a reliable, secure, and usable CAPTCHA that is suitable for mobile devices, this paper introduces a hand gesture recognition CAPTCHA based on applying Genetic Algorithm (GA) principles on Multi-Layer Perceptron (MLP). The proposed method improves the performance of MLP-based hand gesture recognition. It has been trained and evaluated on 2201 videos of the IPN Hand dataset, and MSE and RMSE benchmarks report the index values of 0.0018 and 0.0424, respectively. Comparison with the related works shows a minimum of 1.79% fewer errors, and experiments produced a sensitivity of 93.42% and accuracy of 92.27% – 10.25% and 6.65% improvement compared to the MLP implementation.
View
... However, encryption done using a key, which must be shared between both ends to be able to decrypt files and view contents. Therefore, key management is an essential part to have a successful secure shared system [3]. ...
Secure Exam Storage Using RSA public key encryption
Preprint
Full-text available
  • Nov 2022
Performance, usability, and security are the focus of software systems development. Confidentiality, availability and integrity are the main goals of these systems security. One common software system that needs to be secured is exams, which is an assessment method to measure student performance in education. Sharing exams between faculty members is common task for moderation and review, but it exposed to Leakage. Exams Leakage will affect confidentiality and integrity of the exams. Loss of confidentiality will affect the reputation of the institute, where loss of integrity may have serious impact on the students’ performance. It is a troublesome for faculties to guarantee exam electronic documents confidentiality. Therefore, it is required to have secure exam storage systems. Some solutions are central server-based systems, cloud-based systems, and block chain-based systems. The cloud-based system is secure and trusted, but data may corrupt without the knowledge of the cloud service provider. Bock chain is a better solution but requires more storage. In this paper, we proposed a key management method to secure exams storage using public key Cryptosystem; it uses an RSA algorithm to provide distinctive feature of data integrity, confidentiality and authentication. It can be used in centralised server-based system or cloud-based system. The proposed framework provides security without increase in encoding and decoding time and without increase in file size.
View
... However, the complexion is not the best element that influences the output. A given photograph may include a lot of pores and skin coloration and is non-adult content [10,11]. ...
Adult content image recognition by Boltzmann machine limited and deep learning
Article
Full-text available
  • May 2022
Adult content images have a detrimental effect on Internet users, a significant number of whom are minors. Therefore, it is essential to control and detecting adult content images using multimedia processing and computer vision techniques. Previous studies have typically focused on manual-engineered visual features that may be difficult to detect and analyze. This paper presents a new model that employs deep convolutional neural networks within a Gaussian-Bernoulli limited-time, for adult content image recognition of a wide variety in a precise and effective manner. There are various layers within Convolutional Neural Networks for feature extraction and classification. Gaussian-Bernoulli limited-time was used for feature extraction to describe the images, and these features were summarized using the Boltzmann machine limited in the feature summary phase. The benefit of such an approach is convenience in carrying out feature extraction. Additionally, when tested on the most modern criterion dataset, this finding is believed to be more precise compared to other state-of-the-art approaches. The results obtained prove that the proposed approach leads to a higher efficiency.
View
... This section needs experience in user-centric design and thought design processes. If the team can not define a critical problem to the customer, the right product will not be designed [54][55][56][57].  Choose someone as a project manager who is familiar with design. ...
IOT and Machin Learning
Article
Full-text available
  • Mar 2022
Communication is the process of sending and receiving messages through signs or language or behavior or any other means. Currently, person-to-person communication is done by using the voice as a means of transmitting information, expressing thoughts by modulating the pitch and range of sound, or by communicating non-verbal information. The growth and development of technology has done a great job of making user communication more efficient and profitable. The new generation of devices has many tools, tools and newspapers to facilitate this, where voice messaging is no longer required in SMS or MMS mobile devices, and a new app like Whatsapp has all the possibilities to send a message with all the expressions. of the Internet.
View
View
Face recognition by deep learning Algorithems
Article
Full-text available
  • Nov 2022
one of the commen face recognition methods utlized in identification and securirty.one of the proplem in face recognitiom can be errors in featuer detecion due to illumination or opse. Nowadays deep learning algorithms is used to measure accuracy.The final step is to train a classifier that can take in the measurements from a new test image and tells which known person is the closest match.
View
Face recognition by deep learning Algorithems
Article
  • Nov 2022
one of the commen face recognition methods utlized in identification and securirty.one of the proplem in face recognitiom can be errors in featuer detecion due to illumination or opse. Nowadays deep learning algorithms is used to measure accuracy.The final step is to train a classifier that can take in the measurements from a new test image and tells which known person is the closest match.
View
View
An intelligent cryptographic key management model for secure communications in distributed industrial intelligent systems
Article
Full-text available
  • Apr 2021
For secure communication in a distributed cooperation, generally, the data are encrypted and decrypted using a symmetric key. The process of creating, distributing, storing, deploying, and finally revoking the cryptographic keys is called key management. On the basis of the structure, usability, and complexity of the cyber‐physical systems, each one of the current key management practices is suitable for a specific range of applications. However, these schemes have some drawbacks in common, such as complicated key generation and distribution process, using key storage, attacks, and traffic load. This paper proposes a key management model for establishing secure communications in the distributed industrial intelligent systems. The model is attack resistant, has high usability in real‐world applications, and transforms the current customary key management workflow to enhance security and reduce weaknesses. Its main features include reduced process, intelligent attack resistance, producing dynamic keys with no additional cost, and eliminating key storage and revocation calls.
View
View
PFW: Polygonal Fuzzy Weighted-An SVM Kernel for the Classification of Overlapping Data Groups
Article
Full-text available
  • Apr 2020
Support vector machines are supervised learning models which are capable of classifying data and measuring regression by means of a learning algorithm. If data are linearly separable, a conventional linear kernel is used to classify them. Otherwise, the data are normally first transformed from input space to feature space, and then they are classified. However, carrying out this transformation is not always practical, and the process itself increases the cost of training and prediction. To address these problems, this paper puts forward an SVM kernel, called polygonal fuzzy weighted or PFW, which effectively classifies data without space transformation, even if the groups in question are not linearly separable and have overlapping areas. This kernel is based on Gaussian data distribution, standard deviation, the three-sigma rule and a polygonal fuzzy membership function. A comparison of our PFW, radial basis function (RBF) and conventional linear kernels in identical experimental conditions shows that PFW produces a minimum of 26% higher classification accuracy compared with the linear kernel, and it outperforms the RBF kernel in two-thirds of class labels, by a minimum of 3%. Moreover, Since PFW runs within the original feature space, it involves no additional computational cost.
View
A Centralized Key Management Scheme Based on McEliece PKC for Space Network
Article
Full-text available
  • Feb 2020
Constrained by the limited resource, high-latency and high bit error rate, the existing group key management schemes for the space network are inefficient. To solve this problem, we proposed a centralized and identity-based key management scheme by using McEliece public-key cryptosystem (PKC). In this scheme, the node identity is used as the parameter to generate the public key. Therefore, the authentication can be embedded into the verification of the public key without needing the PKI. The group key is distributed with the protection of the public key so that the group key management scheme can be implemented safely. Furthermore, the McEliece public-key cryptosystem can resist the quantum attack and provide error correction capacity. It improves the efficiency of the group key distribution over the noisy channel. The proposed key management scheme is simulated on OPNET. The security of public-key generation, forward secrecy, backward secrecy and performance are analyzed. The results show that our scheme can provide confidentiality, integrity, authentication, non-repudiation, failure tolerance and error correction. In addition, the computation overhead and rounds of interaction are lower than former work.
View
Transitory Master Key Transport Layer Security for WSNs
Article
Full-text available
  • Jan 2020
Security approaches inWireless Sensor Networks (WSNs) are normally based on symmetric cryptography. Instead of symmetric encryption, some alternative approaches have been developed by using public-key cryptography. However, the higher computational cost represents a hard limitation to their use. In this paper, a new key management protocol is proposed. A transitory symmetric key is used to authenticate nodes in the network during the key establishment. However, pairwise keys are established using asymmetric cryptography. A theoretical analysis shows that the computational effort required by the public key cryptosystem is greatly reduced, while the security of the network is increased with respect to state-of-the-art schemes based on a transitory master key. Moreover, an experimental analysis demonstrates that this proposed approach can reduce the time spent for key establishment by about 35%.
View
CL-AGKA: certificateless authenticated group key agreement protocol for mobile networks
Article
Full-text available
  • May 2020
  • WIREL NETW
Wireless group communication has gained much popularity recently due to the increase in portable, lightweight devices. These devices are capable of performing group communication by enabling every participant to agree upon a group key for secure communication in an insecure network. Many authenticated group key agreement schemes have been proposed, but most of the schemes lack the dynamic property of mobile node joining/leaving the group such that the session key is updated without affecting the protocol. In this paper, we propose a pairing-free certificateless authenticated group key agreement protocol based on elliptic curve cryptosystem for resource-constrained mobile nodes. The objective of the proposed key-agreement protocol is to ensure the un-deniability of any message exchanged between the sender and receiver, contributory property for group key agreement, and allowing mobile users to join or leave the group dynamically by enabling forward and backward secrecy. Through the rigorous security analysis, we show that the proposed scheme achieves the well-known security functionalities against various types of attacks using informal security analysis and rigorous formal analysis using the random oracle model. Moreover, the protocol validation result using broadly-accepted automated validation of internet security protocols and applications shows that the protocol is safe under OFMC and CL-AtSe back-ends. Furthermore, the result of performance analysis shows that our proposed scheme achieves desirable security properties as compared to the existing related schemes by reducing the overall computation and communication cost despite a gradual increase in the number of participating mobile nodes.
View
Key Management Scheme for Internet of Things Using an Elliptic Curve
Article
  • Jan 2020
With the advancements in wireless internet technology, a new computing ecosystem, the Internet of Things(IoT), has ushered in numerous devices in many areas in our life as well as in industries. The IoT is a computing notion that describes a scenario in which objects we use everyday are accessible using the internet and can be controlled from anywhere (Kung, Y.F., et al., 2018. Home Monitoring System Based Internet of Things. 2018 IEEE International Conference on Applied System Invention (ICASI) , April; IEEE. pp.325–327; Singh, S. and Singh, N., 2015. Internet of Things (IoT): Security Challenges, Business Opportunities and Reference Architecture for E-Commerce. 2015 International Conference on Green Computing and Internet of Things (ICGCIoT) , October; IEEE. pp.1577–1581). It could comprise devices with sensors to gather and broadcast data over the Internet (Singh, S. and Singh, N., 2015. Internet of Things (IoT): Security Challenges, Business Opportunities and Reference Architecture for E-Commerce. 2015 International Conference on Green Computing and Internet of Things (ICGCIoT) , October; IEEE. pp.1577–1581). As per report of the research firm Gartner, the number of IoT objects will surpass 11.2 billion by 2018, and 20.4 billion by 2020. By 2020, the IoT industries will make revenue of almost 3 trillion US Dollars. As IoT devices are largely used in various areas of importance, it will definitely bring a lot of interests to hackers. It is worthwhile to quote here that hackers took away more than Rs 78 crore by hacking into router of Cosmos Bank based in Pune by duplicating debit cards in August, 2018. They carried out about 12 thousand unethical transactions worth Rs 78 crore in 28 countries. Hence, it is necessary to consider data privacy so that we can protect the data with limited system resource and technology. This paper proposes a new key management scheme with entity authentication for IoT devices. The proposed scheme uses modified Tate pairing. The presented scheme is apposite for IoT devices such as sensor networks due to their lower computational requirements.
View
View
A Blockchain-Based Secure Key Management Scheme with Trustworthiness in DWSNs
Article
  • Jan 2020
Dynamic Wireless sensor networks (DWSNs) as an important means of industrial data collection are a key part of IIoT, where security and reliability are important characteristics of trustworthiness. However, due to dynamics, the security of key management is caused by a nontrusted base station (BS) that is easily targeted. The distribution key management schemes that avianize the role of BS also lead to additional and heavy overhead on sensors. To tackle these issues, in this paper, we propose a blockchain-based secure key management scheme (BC-EKM). First, stake blockchain is constructed based on the hybrid sensor network. In addition, we design a secure cluster formation algorithm and a secure node movement algorithm to implement key management, where stake blockchain as a trust machine replaces the majority functions of the BS. Finally, we conduct security analysis and ample simulations. The results indicate that the BC-EKM scheme is effective and efficient.
View