A study on the device authentication and key distribution method for internet of things

Abstract

The internet of things (IoT) is a technology exchanging and sharing information without an operation and a help of a human. The technology is commercialized rapidly. However, IoT processes and transmits various forms of data at complex and different networks and it is exposed to the risks of information leakage, manipulation, and falsification. Moreover, the security vulnerability of IoT increased even further because IoT is composed of many low-performance devices and it is hard to apply the conventional security technologies to these low-performance devices. This study proposed a security method using a hash function and a symmetric encryption method to enhance confidentiality, mutual authentication, and data privacy under the IoT environment with limited resources. The proposed method authenticated a device by using a secret key, a device ID, and a random number and produced a session key, which was necessary to encrypt the transmitted data. This method could properly respond to the counterfeit, falsification, disguise, and replay attacks and secure the confidentiality of the data.