Lightweight Session-Key Rekeying Framework for Secure IoT-Edge Communication
- URL: http://arxiv.org/abs/2511.02924v1
- Date: Tue, 04 Nov 2025 19:12:18 GMT
- Title: Lightweight Session-Key Rekeying Framework for Secure IoT-Edge Communication
- Authors: Haranath Rakshit, Rajkumar Bhandari, Subhasis Banerjee,
- Abstract summary: This paper presents the Dynamic Session Enhanced Key Protocol (DSEKP) that derives per-session AES-GCM keys using the HMAC-based Key Derivation Function (HKDF-SHA256)<n>Results demonstrate nearly identical throughput and reliability, with moderate overhead, while delivering per-session forward secrecy and built-in replay protection.<n>These findings confirm that dynamic symmetric symmetricing can substantially strengthen IoT-Edge links with minimal computational and bandwidth cost.
- Score: 0.0
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: The proliferation of Internet of Things (IoT) networks demands security mechanisms that protect constrained devices without the computational cost of public-key cryptography. Conventional Pre-Shared Key (PSK) encryption, while efficient, remains vulnerable due to static key reuse, replay attacks, and the lack of forward secrecy. This paper presents the Dynamic Session Enhanced Key Protocol (DSEKP) - a lightweight session-key rekeying framework, a fully symmetric extension to PSK that derives per-session AES-GCM keys using the HMAC-based Key Derivation Function (HKDF-SHA256) and authenticates session establishment through an HMAC proof in a single init-ack exchange. DSEKP was implemented on an ESP32 IoT sensor node and a Raspberry Pi 5 edge server communicating through a Mosquitto MQTT broker, and benchmarked against a static PSK baseline over more than 6,500 encrypted packets per configuration. The results demonstrate nearly identical throughput and reliability, with moderate overhead - mean latency increased by 27% and payload size by 10% - while delivering per-session forward secrecy and built-in replay protection. These findings confirm that dynamic symmetric rekeying can substantially strengthen IoT-Edge links with minimal computational and bandwidth cost, offering a practical migration path from static PSK to session-aware, scalable, and reproducible IoT security.
Related papers
- LSEG: A Lightweight and Secure Key Exchange Protocol for Smart Grid Communication [0.9449650062296824]
This paper proposes a lightweight authentication and secure key exchange protocol for smart grid environments.<n>Session communication is protected using ASCON128a, a lightweight, NIST-standardized, authenticated encryption algorithm.<n>Results show LSEG effectively balances security, efficiency, and compliance, making it a scalable solution for secure communication in smart grid infrastructures.
arXiv Detail & Related papers (2025-11-10T19:01:55Z) - A Hybrid Encryption Framework Combining Classical, Post-Quantum, and QKD Methods [0.0]
This paper introduces a hybrid encryption framework combining classical cryptography (EdDSA, ECDH), post-quantum cryptography (ML-DSA-6x5, ML-KEM-768), and Quantum Key Distribution (QKD) via Guardian to counter quantum computing threats.<n>Our prototype implements this integration, using a key derivation function to generate secure symmetric and HMAC keys, and evaluates its performance across execution time and network metrics.
arXiv Detail & Related papers (2025-09-09T08:48:38Z) - Towards Reliable Service Provisioning for Dynamic UAV Clusters in Low-Altitude Economy Networks [48.73244147035607]
Unmanned Aerial Vehicle (UAV) cluster services are crucial for promoting the low-altitude economy by enabling scalable, flexible, and adaptive aerial networks.<n>We propose a Lightweight and Privacy-Preserving Cluster Authentication and Session Key Update (LP2-CA) scheme for dynamic UAV clusters in low-altitude economy networks.
arXiv Detail & Related papers (2025-09-07T15:54:11Z) - An Efficient Hybrid Key Exchange Mechanism [58.96805474751668]
textscCHOKE is a code-based hybrid key-encapsulation mechanism (KEM)<n>We show that the communication cost of our construction is optimal under the requirement that each KEM must be used at least once.
arXiv Detail & Related papers (2025-05-05T09:28:46Z) - Rudraksh: A compact and lightweight post-quantum key-encapsulation mechanism [5.002862916626837]
Resource-constrained devices such as wireless sensors and Internet of Things (IoT) devices have become ubiquitous in our digital ecosystem.<n>Due to the impending threat of quantum computers on our existing public-key cryptographic schemes and the limited resources available on IoT devices, it is important to lightweight post-quantum cryptographic schemes suitable for these devices.<n>In this work, we explore the design space of learning with error-based PQC schemes to design a lightweight key-encapsulation mechanism (KEM) suitable for resource-constrained devices.
arXiv Detail & Related papers (2025-01-23T16:16:23Z) - Quantum-Safe Hybrid Key Exchanges with KEM-Based Authentication [2.102973349909511]
In PQCrypto 2023, Bruckner, Ramacher and Striecks proposed a novel hybrid AKE (HAKE) protocol, dubbed Muckle+.<n>Muckle# uses post-quantum key-encapsulating mechanisms for implicit authentication inspired by recent works in the area of Transport Layer Security (TLS) protocols.
arXiv Detail & Related papers (2024-11-06T16:28:17Z) - Practical hybrid PQC-QKD protocols with enhanced security and performance [44.8840598334124]
We develop hybrid protocols by which QKD and PQC inter-operate within a joint quantum-classical network.
In particular, we consider different hybrid designs that may offer enhanced speed and/or security over the individual performance of either approach.
arXiv Detail & Related papers (2024-11-02T00:02:01Z) - Distributed Symmetric Key Establishment: a Scalable Quantum-Safe Key Distribution Protocol [4.1010893028706255]
Pre-shared keys (PSK) have been widely used in network security.
Existing PSK solutions are not scalable.
We propose a new protocol called Distributed Symmetric Key Establishment (DSKE)
arXiv Detail & Related papers (2024-07-30T16:55:17Z) - DynamiQS: Quantum Secure Authentication for Dynamic Charging of Electric Vehicles [61.394095512765304]
Dynamic Wireless Power Transfer (DWPT) is a novel technology that allows charging an electric vehicle while driving.
Recent advancements in quantum computing jeopardize classical public key cryptography.
We propose DynamiQS, the first post-quantum secure authentication protocol for dynamic wireless charging.
arXiv Detail & Related papers (2023-12-20T09:40:45Z) - SOCI^+: An Enhanced Toolkit for Secure OutsourcedComputation on Integers [50.608828039206365]
We propose SOCI+ which significantly improves the performance of SOCI.
SOCI+ employs a novel (2, 2)-threshold Paillier cryptosystem with fast encryption and decryption as its cryptographic primitive.
Compared with SOCI, our experimental evaluation shows that SOCI+ is up to 5.4 times more efficient in computation and 40% less in communication overhead.
arXiv Detail & Related papers (2023-09-27T05:19:32Z) - Practical quantum secure direct communication with squeezed states [37.69303106863453]
We report the first table-top experimental demonstration of a CV-QSDC system and assess its security.<n>This realization paves the way into future threat-less quantum metropolitan networks, compatible with coexisting advanced wavelength division multiplexing (WDM) systems.
arXiv Detail & Related papers (2023-06-25T19:23:42Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.