In the emerging Internet of Things (IoT) market, it is often desired to remotely control or wirelessly communicate with a variety of relatively simple, relatively inexpensive, low power devices. As such, there is a need for a means to transfer data in a secure manner between large numbers of such devices. Furthermore, due to the typical usage pattern for such devices (e.g., real-time updates of sensor readings, etc.), the data exchange pattern between such devices is mostly small, frequent data updates rather than infrequent transfers of large data sets.
The standard method for accomplishing secure data transfer between such devices employs two phases: an authentication and key exchange (AKE) phase and an encrypted data transfer phase. As implied by its name, the first phase involves the two steps: first, the communicating devices must assure each other that they each know with whom they are communicating (authentication) and then they must jointly agree upon a shared key that they can both use in the second phase. This second phase is where the actual secure data transfer happens, but it cannot proceed without successful completion of the first phase. It is desirable that the overall protocol be constructed in such a manner to ensure that the exchange can be free from both eavesdropping and/or interference by any unauthorized external party.
Unfortunately, using standard methods, this AKE phase cannot be completed without using asymmetric cryptography somewhere in the process. The computational load required due to the nature of the asymmetric cryptography mathematics is quite large; in fact it is several orders of magnitude larger than the amount of computation required to encrypt and decrypt the message traffic in the second phase.
This large computational load poses a problem for both the low-power requirements of the IoT device space as well as being highly inefficient in the case where the message data that must be transmitted in the second phase is small. Thus, there is a need for a protocol where the AKE phase does not require the use of asymmetric cryptography in order to securely arrive at a shared key between devices.