KEAV enables secure communications in Internet of Things (IoT) and Voice over Internet Protocol (VoIP) networks without relying on a central authority or a third party, using a combination of ZRTP, a protocol that performs key exchange in the RTP media stream, and multi-party computation (MPC), a technique that allows multiple parties to compute a function without revealing their inputs.
This technology also uses a Short Authentication String (SAS), a short string that is derived from a session key and verified by the MPC module. KEAV reduces latency, improves cybersecurity, and offers a tunable security level for different applications.
In 2019, 57% of IoT devices were compromised and 90% of consumers lacked confidence in IoT security. By 2025, IoT cyberattacks could reach 300 million. With consumers and businesses being reticent about trusting in IoT devices because of security practices and data breaches, IoT devices need secure authentication and authorization to protect their data and connections.
Some of the common security flaws in IoT devices are weak or fixed passwords, lack of updates and patches, insecure interfaces and protocols, unencrypted data storage and transmission, and poor device management. These flaws make IoT devices vulnerable to various attacks, such as impersonation, eavesdropping, tampering, denial-of-service, and data breaches.
KEAV is a system that connects various IoT devices and applications in a secure way. It uses a combination of different encryption methods, such as symmetric and asymmetric cryptography, digital signatures, and certificates, to ensure the security and authenticity of IoT devices and their data.
The system does not depend on a Public Key Infrastructure (PKI) or a trusted third party to establish secure communication between two devices in networks like IoT or VoIP. Instead, it uses a Diffie-Hellman (DH) key exchange and an MPC module to verify the communication channel and exchange encrypted messages. Moreover, the system uses a SAS derived from a session key to compare the SAS automatically without human intervention.
KEAV consists of four main components:
- A security manager: that handles the security policies and mechanisms for IoT devices and applications, such as encryption, authentication, authorization and access control.
- A device manager: that manages the registration, discovery and communication of IoT devices, as well as their configuration and status monitoring.
- A service manager: that enables the discovery, composition and invocation of IoT services, as well as their orchestration and adaptation.
- A data manager: which collects, stores, processes and analyzes the data generated by IoT devices and services, as well as provides data visualization and query interfaces.
This technology improves the security and privacy of IoT systems by providing authentication, encryption, forward secrecy, and adaptability. It is a system that connects different IoT devices and applications securely and prioritizes security, privacy, and trust. It uses a hybrid cryptographic approach to balance security and performance.
- Performance: handling the large-scale, heterogeneous and dynamic nature of IoT networks efficiently, leveraging blockchain technology to provide a secure and distributed ledger that enhances the efficiency and reliability of IoT transactions and interactions, using a hybrid approach that combines symmetric and asymmetric cryptography (as well as digital signatures and certificates), to achieve a balance between security level and performance.
- The average latency for device authentication using asymmetric cryptography is 0.5 seconds for white-box devices and 1.5 seconds for black-box devices. The data encryption process using symmetric cryptography has an average latency of 0.1 seconds for white-box devices and 0.2 seconds for black-box devices.
- For the blockchain transaction validation process, the average latency using proof-of-work is 10 minutes for white-box devices and 15 minutes for black-box devices.
- The storage overhead of the blockchain ledger is approximately 300 MB on average for white-box devices and 100 MB for black-box devices.
- Compatibility: interoperating with existing or emerging IoT standards, protocols and platforms, supporting IoT devices and applications with different capabilities and requirements, comply with IoT standards and adherence to established IoT protocols (CoAP, MQTT, DTLS) and supporting different platforms (as Raspberry Pi, Android, iOS, etc) successfully integrating and functions with a wide range of devices and systems.
- Demonstrates an average interoperability level of 90% for both white-box and black-box device users.
- Adaptation level , is measured at 80% on average, as the ability to adjust and accommodate different environments.
- In terms of standard compliance, KEAV achieves an average level of 85% for both white-box and black-box device users. Furthermore, the platform support level stands at an impressive 95% on average, signifying its compatibility with various device platforms
- Security: protecting IoT devices, data and services from unauthorized access, tampering or leakage. KEAV uses encryption, authentication, authorization and access control to ensure the confidentiality, integrity, availability, authenticity, non-repudiation and accountability of IoT devices and data. The technology also uses blockchain technology to provide a consensus mechanism that validates and prevents malicious attacks or tampering. For both white-box and black-box device users.:
- Confidentiality: 95% on average.
- Integrity level: 95% on average.
- Availability: 90% on average.
- Authenticity: 95% on average.
- Non-repudiation: 95% on average.
- Accountability: 95% on average.
Benefits and Advantages
KEAV's security measures, coupled with the provided metrics, demonstrate its effectiveness in protecting IoT devices and data, ensuring a high level of security, trustworthiness, and reliability, empowering users to control their data and act as data brokers for potential end-users data in IoT. This solution provides privacy, correctness, forward secrecy, and resilience against man-in-the-middle attacks. The system and method are adaptable for different requirements and resource limitations of the devices.
- Enhance the security and privacy of IoT devices and data: by preventing unauthorized access, tampering or leakage.
- Enable users to control their own data: and act as data brokers for potential end-users data, by defining fine-grained permissions and policies for data sharing.
- Facilitate the development and deployment of IoT applications and services: by providing a uniform and transparent middleware system that supports interoperability and adaptation.
- Improve the efficiency and reliability of IoT transactions and interactions: by using blockchain technology to provide a secure and distributed ledger that validates and records them.
The system and method also provide forward secrecy, which means that compromising one session key does not affect the security of previous or future sessions.
Possible Applications and Use Cases
KEAV's technology can be applied in any context or scenario where IoT devices and applications are involved and where security, privacy, and trust are important, such as smart industries, which can benefit from improved efficiency and productivity. For example:
- Smart home: to connect and control various smart devices in a home environment, such as lights, cameras, thermostats, speakers, etc, while allowing users to share their data with other users or service providers according to their preferences and policies. KEAV can also protect the users’ data from unauthorized access or leakage by encrypting and authenticating the data and devices.
- Healthcare: to connect and monitor various medical devices and sensors in a healthcare environment, such as blood pressure monitors, glucose meters, heart rate monitors, etc. KEAV can also allow users to share health data with other users or service providers according to their preferences and policies, or protect it from unauthorized access or leakage by encrypting and authenticating the data and devices.
Development StageLab Prototype (TRL 3-4)
Further Information<p><a href="https://worldwide.espacenet.com/publicationDetails/biblio?DB=EPODOC&locale=en_EP&FT=E&CC=WO&NR=2019219862&KC=A1">WO2019219862A1</a></p> <p> </p> <p>Publications</p> <p><a href="https://repositorio-aberto.up.pt/bitstream/10216/134249/2/477620.pdf" target="_blank">Privacy Preserving Middleware Platform for IoT</a></p>
TagsCybersecurity, Communications & Networking, IoT, Authentication, Data Sharing, Privacy, Blockchain, Security, Identity management, Encryption, Smart devices