Kim Ki-Wook, Han Youn-Hee, Min Sung-Gi
Department of Computer and Radio Communication Engineering, Korea University, Seoul 136-713, Korea.
School of Computer Science and Engineering, Korea University of Technology and Education, CheonAn 330-708, Korea.
Sensors (Basel). 2017 Sep 21;17(10):2170. doi: 10.3390/s17102170.
Many Internet of Things (IoT) services utilize an IoT access network to connect small devices with remote servers. They can share an access network with standard communication technology, such as IEEE 802.11ah. However, an authentication and key management (AKM) mechanism for resource constrained IoT devices using IEEE 802.11ah has not been proposed as yet. We therefore propose a new AKM mechanism for an IoT access network, which is based on IEEE 802.11 key management with the IEEE 802.1X authentication mechanism. The proposed AKM mechanism does not require any pre-configured security information between the access network domain and the IoT service domain. It considers the resource constraints of IoT devices, allowing IoT devices to delegate the burden of AKM processes to a powerful agent. The agent has sufficient power to support various authentication methods for the access point, and it performs cryptographic functions for the IoT devices. Performance analysis shows that the proposed mechanism greatly reduces computation costs, network costs, and memory usage of the resource-constrained IoT device as compared to the existing IEEE 802.11 Key Management with the IEEE 802.1X authentication mechanism.
许多物联网(IoT)服务利用物联网接入网络将小型设备与远程服务器连接起来。它们可以与标准通信技术(如IEEE 802.11ah)共享接入网络。然而,尚未提出一种适用于使用IEEE 802.11ah的资源受限物联网设备的认证和密钥管理(AKM)机制。因此,我们提出了一种用于物联网接入网络的新型AKM机制,该机制基于具有IEEE 802.1X认证机制的IEEE 802.11密钥管理。所提出的AKM机制不需要在接入网络域和物联网服务域之间预先配置任何安全信息。它考虑了物联网设备的资源限制,允许物联网设备将AKM流程的负担委托给一个功能强大的代理。该代理有足够的能力支持针对接入点的各种认证方法,并为物联网设备执行加密功能。性能分析表明,与现有的具有IEEE 802.1X认证机制的IEEE 802.11密钥管理相比,所提出的机制大大降低了资源受限物联网设备的计算成本、网络成本和内存使用。
