Authors:
Kavita Agrawal,P.V.G. D Prasad Reddy,Suresh Chittineni,DOI NO:
https://doi.org/10.26782/jmcms.2025.11.00007Keywords:
ChaCha20,Elliptic Curve Cryptography,Group Key Agreement,HMAC Integrity,IoT Security,Lightweight Cryptography,Secure Key Distribution,Shamir’s Secret Sharing,Abstract
A Group Key Agreement Protocol enables secure multi-party communication by establishing a common cryptographic key, which is especially critical at the edge layer of IoT networks where devices often operate in decentralized and resource-constrained environments. However, existing protocols face several challenges, including high computational overhead, single points of failure, and a lack of integrity validation during the Distribution of the Group Key. To address these challenges, we propose a lightweight edge-layer protocol that combines Shamir’s Secret Sharing Scheme (SSS) and Elliptic Curve Cryptography (ECC) for secure and efficient group key distribution among IoT edge devices. ECC (Curve25519) is used for secure peer-to-peer sharing, with key sizes that are 12 times smaller and operations that are four times faster than traditional RSA. SSS splits the group key into shares and reconstructs it using a threshold, reducing computation and eliminating the need for full key generation on each device. It also removes single points of failure because no device retains the complete key. ECC enables secure peer-to-peer exchange of encrypted shares using ChaCha20 for efficient confidentiality. ChaCha20 enhances encryption speed, performing nearly three times faster than AES on resource-constrained devices. To ensure shared authenticity and detect tampering, HMAC is applied. This offers a lightweight integrity check suitable for constrained IoT devices. The proposed protocol is quantitatively validated through entropy and key-strength analysis, confirming 128-bit equivalent security and O(n) scalability up to 100 nodes. Communication-cost evaluation demonstrates low bandwidth overhead, while formal verification using BAN Logic and ProVerif under the Dolev–Yao adversarial model establishes confidentiality, authenticity, and forward secrecy with provable resilience against replay, impersonation, and man-in-the-middle attacks.Refference:
I. Abdel Hakeem, S. A., & Kim, H., Centralized threshold key generation protocol based on Shamir Secret Sharing and HMAC authentication, Sensors, 22, 331, 2022. 10.3390/s22010331.
II. Ashraf, Z., Sohail, A., & Yousaf, M., Robust and lightweight symmetric key exchange algorithm for next-generation IoE. Internet of Things, 22, 100703, 2023. 10.1016/j.iot.2023.100703.
III. Cui, W., Cheng, R., Wu, K., Su, Y., & Lei, Y. (2021). A certificateless authenticated key agreement scheme for the power IoT, Energies, 14(19), 6317, 2021. 10.3390/en14196317.
IV. Ding, Z., et al., A lightweight and secure communication protocol for the IoT environment, IEEE Transactions on Dependable and Secure Computing, 21(3),2024, 1050–1067. 10.1109/TDSC.2023.3267979.
V. Fang, D., Qian, Y., & Hu, R. Q., A flexible and efficient authentication and secure data transmission scheme for IoT applications, IEEE Internet of Things Journal, 7(4),2020, 3474–3484. 10.1109/JIOT.2020.2970974.
VI. Ghebleh, M., Kanso, A., & Abuhasan, H., Verifiable secret sharing with changeable access structure, Discrete Mathematics, Algorithms and Applications, 2024. 10.1142/S179383092450037X.
VII. Lee, J., Kim, M., Park, K., Noh, S.-K., Bisht, A., Das, A. K., & Park, Y.-H., Blockchain-based data access control and key agreement system in IoT environment, Sensors, 23(11), 5173, 2023. 10.3390/s23115173
VIII. Lemnouar, N., Security limitations of Shamir’s secret sharing, Journal of Discrete Mathematical Sciences and Cryptography,2022, 1–13. 10.1080/09720529.2021.1961902.
IX. Li, B., Zhang, G., Lei, S., Fu, H., & Wang, J., A Lightweight Authentication And Key Agreement Protocol For Iot Based On ECC, In Proceedings of the 2021 International Conference on Advanced Computing and Endogenous Security, 2022, (pp 1–5), Nanjing, China. 10.1109/IEEECONF52377.2022.10013341.
X. Meng, K., Miao, F., Huang, W., & Xiong, Y., Threshold changeable secret sharing with secure secret reconstruction, Information Processing Letters, 157, 105928, 2020. 10.1016/j.ipl.2020.105928.
XI. Muhammad, T., Allaoua Chelloug, S., Alabdulhafith, M., & Abd El-Latif, A. A., Lightweight authentication protocol for connected medical IoT through privacy-preserving access, Egyptian Informatics Journal, 2024. 10.1016/j.eij.2024.100474.
XII. Oudah, M. S., & Maolood, A. T., Lightweight authentication model for IoT environments based on enhanced elliptic curve digital signature and Shamir Secret Share, International Journal of Intelligent Engineering and Systems, 15(5), 2024,81–90. 10.22266/ijies2022.1031.08.
XIII. R. Subrahmanyam, N. R. Rekha, and Y. V. S. Rao, “Authenticated Distributed Group Key Agreement Protocol Using Elliptic Curve Secret Sharing Scheme,” in IEEE Access, vol. 11, pp. 45243-45254, 2023. 10.1109/ACCESS.2023.3274468.
XIV. Sheikh, A. S., Keerthi, A., Dhuli, S., Likhita, G., Jahnavi, B. S. V. N. J., & Atik, F., A novel security system for IoT applications,In Proceedings of the 2021 12th International Conference on Computing, Communication and Networking Technologies (ICCCNT),2021, (pp. 1–5). Kharagpur, India. 10.1109/ICCCNT51525.2021.9579502.
XV. S., K., & Rengarajan, A., Advancing IoT security: A comprehensive survey of lightweight cryptography solutions. International Journal of Advanced Research in Computer and Communication Engineering, 2024. 10.17148/ijarcce.2024.13511.
XVI. Tomar, A., Gupta, N., D. L., Rani, S. P., & Tripathi, S., Blockchain-assisted authenticated key agreement scheme for IoT-based healthcare system, Internet of Things, 23, 100849, 2023. 10.1016/j.iot.2023.100849.
XVII. Vora, P., Upadhyay, R., & Wazid, M., Secure and lightweight key management scheme for resource-constrained IoT devices, Computer Networks, 245, 110853, 2024. 10.1016/j.comnet.2024.110853.
XVIII. Weidner, M., Klepmann, M., Hugenroth, D., & Beresford, A. R., Key agreement for decentralized secure group messaging with strong security guarantees, In Proceedings,2021, (pp. 2024–2045). 10.1145/3460120.3484542.
XIX. Zhang, R., Zhang, L., Choo, K.-K. R., & Chen, T., Dynamic authenticated asymmetric group key agreement with sender non-repudiation and privacy for group-oriented applications, IEEE Transactions on Dependable and Secure Computing, 20(1),2023, 492–505. 10.1109/TDSC.2021.3138445.