Enzinger, M. (2019):
Efficient group rekeying with G-IKEv2 and LKH
The growing field of the Internet of Things (IoT) has many applications which are in the need for secure communication within groups of devices, for example wireless sensor networks. Group re-keying, which means securely providing new keys to the group as a result of members joining or leaving the group, remains one of the main challenges. Several algorithms exist which provide for efficient re-keying with only one or few multicast messages. They rely upon a central instance, called the Group Controller/Key Server (GCKS) to manage the group and the keys associated with the group. This work implements and evaluates the LKH group key management algorithm as specified for its use within the G-IKEv2 protocol and focuses on constrained clients, as those are mostly used in IoT scenarios. The GCKS part is integrated into Strongswan, an open source, multi-platform IKE daemon. The group member part is implemented for RIOT, an open source operating system for embedded devices supporting multiple execution threads. It is shown that providing keys to constrained devices with low effort while still ensuring security properties such as post compromise security (also known as forward secrecy) and backward secrecy is possible. In addition to the implementation, a proposal is made to enhance the G-IKEv2 standard in a way that allows the LKH key distribution mechanism to provide updated keys to the group members more efficiently. With the proposal, rekey messages are significantly decreased in size, while maintaining low computational complexity for the group members to process those messages.