Chaining the secret: Lightweight authentication for security in pervasive computing

Abstract

With the proliferation of pervasive computing which enables global connectivity of surrounding objects, the importance of security and its methodology is getting more recognized recently. However, since networking devices composing the pervasive computing are usually resource-constrained compared to traditional devices, there are many difficulties in deploying complex security functionality on them. Even if they have succeeded to provide security protocol, use of heavy authentications such as public key infrastructure or certificate-based credential type often becomes another burden. Meanwhile, the most popular and lightweight authentication type is Pre-shared Key (PSK), however, it can be easily exposed by attackers. To overcome this limitation, we present a pre-shared key chaining system which utilizes lightweight PSK and offers moving defense against key attacks with a small overhead. The system generates a chain of arbitrary PSKs without any secret exchanges and provides a new PSK from the chain at each secure session. This work enables constrained devices to communicate in a secure way without high risks of getting compromised, lightweight all the same.