Secured‐KDS: Secret key distribution and authentication scheme for resource‐constrained devices

Abstract In the era of the Internet of things (IoT), billions of electrical devices are connected to the Internet and communicate remotely with one another without any human intervention. IoT devices often do not enforce proper security measures; this raises serious privacy and security concerns. One of the big issues in securing IoT communications is that traditional cryptographical protocols incur high computational costs and are not suitable for resource‐constrained devices. In this paper, the authors focus on issues related to secret keys distribution and authentication schemes. Although there exist some lightweight authentication schemes for IoT devices in the literature, they come with some limitations (e.g. preconfiguration of shared secret keys). A new lightweight authentication scheme suitable for IoT devices is proposed. This scheme incurs low resource utilisation and provides a trusted mode of Secret key distribution between IoT devices and a control server. A real‐time test‐bed environment is deployed to examine whether the authors’ proposed scheme is applicable for resource‐constrained devices. The authors’ performance analysis shows that the proposed scheme is efficient and is resistant to possible security attacks such as replay attacks, man‐in‐the middle attacks, impersonation attacks, modification attacks, and remote access trojan attacks.