Provably secure ECC-based device access control and key agreement protocol for IoT environment

For secure communication between any two neighboring sensing devices on the Internet of Things (IoT) environment, it is essential to design a secure device access control and key agreement protocol, in which the two phases, namely, 'node authentication' and 'key agreement' are involved. While the node authentication allows two sensing devices to authenticate each other using their own pre-loaded secret credentials in memory, the key agreement phase permits to establish a secret key between them if the mutual authentication is successful. In this paper, we propose a new certificate-based 'lightweight access control and key agreement protocol in the IoT environment, called LACKA-IoT,' that utilizes the elliptic curve cryptography (ECC) along with the 'collision-resistant one-way cryptographic hash function.' Through a detailed security analysis using the formal security under the 'Real-Or-Random (ROR) model,' informal (non-mathematical) security analysis, and formal security verification using the broadly used 'Automated Validation of Internet Security Protocols and Applications (AVISPA)' tool, we show that the LACKA-IoT can protect various known attacks that are needed for a secure device access control mechanism in the IoT. Furthermore, through a comparative study of the LACKA-IoT and other relevant schemes, we show that there is a better tradeoff among the security and functionality features and communication and computational costs of the LACKA-IoT as compared to other schemes. Finally, the 'practical demonstration using the NS2 simulation' has been carried out on the LACKA-IoT to measure various network parameters.