An Elliptic Curve Menezes – Qu – Vanston-Based Authentication and Encryption Protocol for IoT

,


Introduction
The Internet of Things (IoT) has assimilated into our daily life.IoT solutions are pervasive in many facets of daily life, including remote sensing, agriculture, healthcare systems, smart cities, smart homes, etc. [1][2][3].The number of IoT devices are expected to exceed 75 billion by the year 2025 [3].Such massive number of IoT devices produces a large amount of data which requires massive computational power to analyze and process these data.Since IoT devices have limited resources, they cannot store and compute such huge volumes of data generated by the IoT devices.Cloud computing is employed to meet such demands.Depending upon the applicability, IoT devices collect and transmit the raw data to the cloud server for subsequent analysis and processing.Massive amounts of raw data are transferred straight to cloud servers, which substantially degrades network performance and frequently creates a single point of failure and causes high latency.To avoid these problems, a three-tier IoT-edge-cloud architecture is commonly used in recent times.In this three-tier architecture, IoT nodes offload the heavy computation tasks to a nearby edge nodes.IoT devices transfer the raw data to edge nodes which then forward the processed data to cloud servers after analyzing them.Thus, it improves the overall performance of the network.Edge nodes typically work in a public network and are connected to IoT nodes using wireless networks.This makes the entire ecosystem vulnerable to various cyber attacks, namely, man-in-the-middle attack, repudiation attack, and eavesdropping [1].Since processing of these data plays a direct role in some very critical day-to-day operations, tampering of the data may cause catastrophic failures.So, it is essential to ensure that tamper-free data are passed through unsecured channels [4].Inclusion of cloud computing and edge computing with IoT devices make the ecosystem heterogeneous in nature and a generalized security solution is essential to meet the security requirements [5].In contrast to the expansive capabilities of cloud, IoT devices are characterized by constrained resources.Due to these contradicting characteristics of IoT ecosystems, conventional security solutions do not present a wholesome solution for the entire ecosystem [6].Public-key infrastructure is one of the widely used conventional security systems that can address overall network security.Similarly, identity-based public key cryptography (ID-PKC) is another security solution which is used by traditional desktop-based computing systems [7].The IoT ecosystem, when considered holistically, cannot achieve the requisite level of security through the utilization of current communication protocols tailored for IoT devices.They are susceptible to various types of attacks, such as credential disclosure attacks, unprotected pairing attacks, etc. [8][9][10].
In the pursuit of creating comprehensive security protocols for IoT ecosystems, researchers have faced the challenge of developing a one-size-fits-all solution [11,12].While several security protocols have been designed for IoT systems, a significant proportion of them rely on two fundamental techniques: Physical Unclonable Function (PUF) and elliptic curve cryptography (ECC) [13,14].These protocols have gained popularity because ECC, unlike traditional publickey cryptography algorithms, offers heightened security while maintaining relatively small key sizes.Notable example of such ECC-based solution can be found in Chanda et al.'s [15] study.However, these protocols have their own limitations.One of the serious problems that these solutions suffer from are the amount of energy they consume.These protocols exhibit more energy which impact the longevity of the device [16].Another problem that these methods are unable to resolve is the man-in-the-middle attack since they use Deffie Hellman elliptic curve to generate the key pair.Man-in-themiddle attacks can be eliminated by using ECMQV, a variation of ECC [17].ECMQV also offers defence against impersonator attacks [18].Another major of the existing problem is that they are using cloud server to assist the IoT nodes generate the public and private key pair.Main drawback of this approach is increased latency, as data must travel to and from remote cloud servers.Bandwidth usage is another area of concern, particularly with large number of IoT devices participating in the ecosystem which produces large-scale data transfers between devices and the cloud.Another problem with this approach is compliance issue.Compliance with data regulations may be challenging.
Protocols mentioned in Chanda et al.'s [15,[19][20][21][22][23] study have used ECC and PUF.PUF uses the physical property of the integrated circuit (IC) to recognize the IC.Chatterjee et al. [19] suggested a method for generating session keys that makes use of an extra IC to produce the PUF.And PUF generated by the IC is used for authentication purposes only.Moreover, the registration process in these solutions are very tedious and has to be done manually by capturing challenge-response pair (CRP) for all participating devices, which becomes prohibitively inconvenient with massive number of IoT devices.The complicated bilinear pairing of this method is another drawback.To create key pairs for IoT nodes, a sophisticated bilinear pairing technique is applied.Additionally, it is unable to prevent impersonation attacks and man-in-the-middle attack [21].Recent efforts have been directed toward developing a secure protocol for IoT networks using Blockchain and PUF circuit [24].
Here we presented a novel authentication-cum-key generation protocol for seamless communication across an IoT network.Our primary contributions include: (1) We propose a secure authentication protocol for IoT edge computing using PUF.Existing works in the domain either focus exclusively on the IoT network or devote their investigation on cloud networks only, thus leaving a void in finding generalized solutions that address the heterogeneity of IoT ecosystems.Usage of edge computing offers distinct advantages over the other solutions especially over cloud computing.By processing data closer to its source, proposed solution reduces latency, ensuring faster response times.This approach also optimizes bandwidth usage, as only relevant data or processed results are transmitted, enhancing efficiency.Additionally, the resilience of edge computing shines in scenarios with intermittent or unreliable cloud connectivity.Cost savings are achievable through reduced data transfers and optimized resource usage.Scalability is facilitated by the ability to horizontally scale resources by adding more edge devices.For industries with stringent data regulations, it provides compliance by keeping data closer to its origin.(2) We also propose a novel Key generation scheme based on a simple MQV elliptic curve which consumes less energy.(3) We have used underlying circuit of devices to define trust relationships using special hardware property called PUF (Figure 1).( 4) The proposed solution provides security from manin-the-middle attack.We also provide a formal security proof of the protocol.2 Wireless Communications and Mobile Computing (5) We provide performance analyses of the protocol in terms of communication overhead, storage, and computation requirements.
The rest of the paper is organized as follows: Challenges related to IoT key generation have been presented in Section 2. We also discussed possible ways of solving such problems therein.The proposed protocol has been discussed in Section 3. Experimental evaluation has been presented in Section 4. Section 5 discusses the security analyses.Finally, Section 6 presents the concluding remarks and potential future works.

Background
The section has explored the realm of ECC and its variant, Menezes-Qu-Vanstone (ECMQV), as well as delved into the concept of PUF.Following this discussion, the focus has shifted to research efforts related to lightweight public key infrastructure (PKI) solutions.

Elliptic Curve Cryptography and Menezes-Qu-Vanstone.
Discrete logarithm problem is an unique feature of an elliptic curve which is the basis of ECC.Miller [25] described how asymmetric keys can be built from it.Any point in the elliptic curve is treated as a public key.And when the given point is multiplied with a random number it produces correspondence private key.
Elliptic curve in cryptography (ECC) has its advantage in key size.It provides better security protection than other asymmetric key cryptography using small key size.Table 1 presents the key size recommendation fixed by NIST for different cryptography Algorithm 1.
The IoT protocols mentioned in Chatterjee et al.'s [19,[26][27][28][29][30] study have used elliptic curve-based cryptography scheme.Menezes-Qu-Vanstone (MQV) is an authenticated protocol based on the Diffie-Hellman scheme.Like other DH schemes, MQV provides protection against an active attacker.Modified form of MQV is known as elliptic curve MQV (ECMQV).ECMQV provides more protection against active attacker and provides less computation overhead compared to ECC [16,18].We have used the hash variant of ECMQV in our proposed method.

Physical Unclonable Function (PUF)
. PUF employs the complex physical device features to carry out a set of challenge-response pairs.Such pairs are specific to the device.It can not be represented using any mathematical model.Due to this, it is very difficult for adversaries to guess or produce the secret by themselves.Moreover, no storage is required to keep the secret [31].Since PUF secret rely on the physical features of an integrated circuits, it is not possible to produce them [32].

Related Works.
In the context of authentication protocols for IoT devices within a three-tier IoT-edge-cloud architecture, they can be broadly categorized into two groups as discussed in Aziz et al.'s [33] study.The first category employs symmetrical keys, while the second utilizes PKIbased ECC protocols.A symmetric key intercloud authentication protocol has been introduced in Seifelnasr et al.'s [34] study.Although symmetric keys demand less computational power, a significant drawback lies in their secure distribution.Securely transmitting symmetric keys over a public channel is a challenging task.Yang et al. [35] proposed a decentralized edge-based authentication protocol in which authentication processes occur at the edge nodes.Additionally, an ECC-based anonymous mutual authentication protocol is put forth in Li et al.'s [36] study.Challenges associated with these protocols include device identification and random number generation, which are crucial in defining elliptic curves.To address these issues, the utilization of PUF technology provides a solution.
Main applications of PUF are low-cost authentication and key generation [19-21, 31, 37].PUF can be used as a seed to a key generation algorithm and generate the key pair successfully [31,37].It can also be used as a symmetric key to secure the communication between two nodes [31].Identitybased public key cryptography scheme based on PUF has been discussed by Chatterjee et al. [19] and Yang et al. [27].This scheme has resolved the key distribution problem by using ID-based public key cryptography.But these methods have many shortcomings.Two major such problems are as follows: bilinear function has been used to realize these scheme and bilinear function is a complex operation which consumes significant amount of computing resources.Moreover, IBE cryptography inherently suffer from key escrow issue.Certificateless cryptography can be used for generating the key pair for small devices and it has been discussed by Ma et al. [28] and Seo et al. [38].However, main issues with these scheme is the complexity of the process where end nodes need to do multiple handshaking before establishing a secure session.Chatterjee et al. [19] proposed a key generation and key exchange protocol for IoT devices.As discussed in the previous section, this scheme has quite a few number of limitations such as additional area overhead, manual enrollment process, and complex key generation process.Moreover, it is suffering from man-in-the-middle attack and replay attack.This work has been further improved by Braeken [21] and Chatterjee et al. [20].A notable work mentioned in Braeken's [21] study tried to avoid man-in-themiddle attack, whereas Chatterjee et al. [20] proposed for the removal of the CRP database from key generation node to a offline secured database.
Boneh and Franklin [39] proposed ID-based public key cryptography.This method gets rid of tedious certificate distribution process by using the user's identity such as email ID, name, etc., to generate public key.When one node wants to communicate with another nodes, sender uses identity of Wireless Communications and Mobile Computing the recipient node and get the public key from a trusted third party called key generation center (KGC) to encrypt the message.Upon receiving the encrypted message, recipient gets the corresponding private key from KGC after successfully proving its valid identity and decrypt the message.Though this scheme solve the key distribution issue but it suffers some major issues.One of them is key escrow issue.
Public key cryptography mentioned above has resolved a critical issue, i.e., complex certificate exchange and validation of digital certificate.These two operations are resource intensive.That is why these solutions may be used in resource constrained environment such as IoT ecosystem.
An ID-based public key cryptography protocol has been proposed by Chatterjee et al. [19] and Yang et al. [27].In this scheme, key distribution issue has been resolved by introducing the identity-based public key cryptography.However, it has couple of significant issues.At first, a complex bilinear function is used to implement the protocol.Bilinear pairing is computation heavy and complicated process.Second, IBE cryptography inherently suffers from key escrow issue [28].Seo et al. [38] explained how certificateless cryptography can be used for generating the key pair for small devices.However, main issue with these scheme is the complexity of the process where end nodes need to do multiple handshaking before establishing a secure session.
Identity-based encryption (IBE) proposal have been implemented by Chen [30] and Boneh and Franklin [40].Original IBE had two major issues-it was prone to repudiation attack and it was suffering from key escrow problem.Chatterjee et al. [19] has overcome these two issues.In addition to this it has replaced public known identity such as email address with the PUF response as public identity of the IoT node.Major disadvantage of this scheme is that it uses bilinear pairing to achieve the above requirement.Bilinear pairing is computation heavy and takes a significant amount of CPU cycle to compute.This can be clearly visible in the result shared in Chatterjee et al.'s [19] study.And it also proposed these computation heavy task to be performed at the resource constrained IoT node.Combination of traditional PKI and IBE protocol has been proposed for IoT environment by Yang et al. [27].
PUF is another research area which is being considered for fulfilling the security needs of the IoT device.PUF uses the manufacturing variations of ICs to derive unique information [31] from a device.PUF has many interesting features.It can uniquely identify a billions of ICs even though they are manufactured by the same vendor using same design specification.Another noteworthy feature is it can be used as private-public key generation [41].Asymmetric key generation process using PUF has been explained in Marchand et al. [22] and Park et al.'s [42] studies.It has generated seed by hashing the PUF output and use the seed to generate the public/private key using key generation protocol.Each IC can have exponential number of unique set of CRP and it is next to impossible to model the CRP generation process using any mathematical model [37].Due to the noise, output of the PUF response is not accurate every time it is generated for a given challenge.
PUF circuitry can be categorized into two types-intrinsic-and FPGA-based PUF [43].FPGA-based PUF such as arbiter PUF needed additional circuitry to implement.However, in case of intrinsic PUFs, challenge-response pair (CRP) can be found within the device hardware itself.Intrinsic PUFs can be based on static random access memory (SRAM) and dynamic random access memory.Disadvantage of PUF based on SRAM is that CRP must be extracted during boot stage.However, CRP can be retrieved during run time for PUF implemented using DRAM.Until recently, IoT security solution proposed using PUF [19] requires additional FPGA hardware circuit.Proposed protocol has used DRAM and it is inbuilt to the device.That is why in this protocol, we do not need additional hardware.Moreover, it can retrieve CRP information at run time.Table 2 describes the comparative study among the existing security solutions for resource constrained device.
Protocol mentioned in this paper has removed the challenges mentioned above.At the same time, it takes less computation time and dissipates less amount of power.These two features are suitable for IoT ecosystems.

Proposed Method
This paper enhances the solution proposed by Chanda et al. [15].It introduces a lightweight PKI protocol using an edge network.And it replaces the traditional elliptic curve with more secured MQV elliptic curve.Usage of edge computing offers distinct advantages over the other solutions especially over cloud computing.By processing data closer to its source, Cost savings are achievable through reduced data transfers and optimized resource usage.Scalability is facilitated by the ability to horizontally scale resources by adding more edge devices [41].
For industries with stringent data regulations, it provides compliance by keeping data closer to its origin.MQV on elliptic curves represents a sophisticated enhancement to traditional ECC for secure key agreement.The key idea behind MQV on elliptic curves is to establish a shared secret between two parties over an insecure communication channel, utilizing the mathematical properties of elliptic curves.Like Chanda et al. [15] proposed solution is also built on fundamental principles of the well-established PKI system, where nodes exchange their public keys before data transfer.In contrast to traditional PKI systems, the proposed protocol simplifies the digital certificate structure and eliminates resource-intensive operations like certificate validation and certificate revocation processes.Despite these simplifications, it manages to offer security features comparable to PKI.The following sections provide a detailed explanation of the protocol's process.

Trust Model.
In the traditional PKI system, trust relationships are established between end nodes and a Certificate Authority (CA).End nodes rely on the CA to validate certificates of other nodes through a complex certificate validation process.In the proposed scheme, a two-layer trust model is employed.The first layer establishes trust between an IoT node and a designated special node known as the Key Center (KC), which is hosted within the edge network.The second layer of trust is established between the KC and a Cloud Server.Instead of storing key information within digital certificates, this scheme utilizes PUF.PUF generates unique CRPs, which are employed for authenticating devices.A node is authenticated when it correctly provides the CRP requested by the KC.Additionally, CRPs generated by PUF serve as symmetric keys for distributing public keys among user nodes.This innovative approach enhances the security of the system.The architectural framework of the proposed method is depicted in Figure 2, presenting a structure comprising three primary components involved in the communication process.These components are defined as follows: (1) Storage Server (SS): Hosted in the cloud, the SS maintains the CRPs for all nodes enrolled in the IoT ecosystem.(2) KC: Situated within the edge network, the KC serves as an intermediary node responsible for coordinating between end nodes and facilitating the production and distribution of public keys.It plays a crucial role in mediating communications between user The interaction within this framework involves a structured communication flow, where the SS maintains a direct connection with the KC.User nodes, on the other hand, do not directly communicate with the SS.During the registration phase, the SS issues short-lived symmetric keys to each user node for enrollment, enhancing security.The proposed scheme introduces two distinct trust relationships within this architecture, which will be further elaborated upon.
(1) Permanent relationship-It is defined between SS and KC.PKI system has been used to establish this relationship.
(2) Temporary relationship-This is established during registration phase where SS issues symmetric key to each user node for enrollment.
Protocol mentioned here comprised of three steps as shown in Figure 3.Each of these steps has been discussed in the following subsection.
3.2.Pre-Enrollment Phase.SS generates the symmetric using the algorithm based on the reciprocity of wireless channels, as mentioned in Haroun and Gulliver's [44] study.Then, it distributes the symmetric key to each user node.Symmetric key is valid for a given duration t and user node needs to finish the enrollment by this time.

Enrollment Phase.
Enrollment phase started after the pre-enrollment phase.In this phase, KC sends a set of challenges to the user node.Upon receiving the challenges from KC, user node produces the response from in-built PUF circuit.It involves encrypting PUF data with the symmetric key received from the KC.The resultant encrypted response is then transmitted to the KC.Subsequently, the KC forwards the received request from the user node to the SS.Within this process, the SS undertakes the decryption of the data utilizing the symmetric key provided to the user node during the pre-enrollment phase.Following the decryption of the message transmitted by the user node, the SS retrieves the response stored in the repository.This retrieved response is then validated against the responses received from the user node, thus completing the symmetric key encryption and decryption cycle with a focus on secure data transmission: (

Key Generation and Distribution
(1) KC retrieves the CRP of the given node on random basis.Then, it performs the necessary error corrections on the response using a hash function.After error correction is done on the response bit, it generates the generic parameters for the elliptic curve using the following equation: After generating the generic parameters for elliptic curve, KC sends them to be used for key generation to both nodes.Then, each node uses ECC and the generic parameters provided by the KC to generate the key pair by themselves.(2) User nodes use the following equation to create key pair based on the generic parameters provided by the KC: s → random number; P pub → s × G; public key; s → private key.
(3) Once the key pairs are generated by the individual node then they would send the public key to KC so that it can distribute it to the node who is interested.
) KC uses the following equation to validates the public key it receives from the user nodes: Pub A ÞÞ: .(5) After validating the public key, KC distribute the public key to the intended node using the following equation: It completes the key generation and exchange steps.
The above mentioned functionalities are shown in Algorithm 1.

Experimental Evaluation
In the absence of standardized tools for measuring the security of communication protocols, a custom experimental setup has been meticulously designed to validate the proposed method.This setup comprises essential hardware and software components.A personal computer, boasting a Core i5 processor and 8 GB of RAM, is designated as the central control unit (RS) for managing and overseeing the experiment.Two Zybo Zynq-7000 boards serve as user nodes, chosen for their unique fusion of ARM-based software programmability and FPGA-based hardware programmability.The core of the experiment involves the implementation of a DRAM-based Wireless Communications and Mobile Computing PUF using Xilinx technology.PUF generates distinct CRPs essential for device authentication and enhancing security.To manage and store these CRPs, a MYSQL database is employed as a secure repository.The generation of elliptic curve key pairs is facilitated by the Miracle SDK library.Code development using Miracle SDK culminates in the creation of efl files.These files, once cross-compiled for the ARM processor architecture, are installed on the Zybo Zynq-7000 boards.Subsequently, the code is executed on these boards, and the results are retrieved.This integrated experimental setup provides a robust platform for the thorough validation of the proposed method.It leverages the Zybo boards' versatility, the DRAMbased PUF, and the capabilities of the Miracle SDK library, all while ensuring data integrity and secure management through the MYSQL database.It is a key component in assessing the security of the communication protocol under scrutiny.
In order to make a comparative study with existing solutions, we implemented two IoT communication protocols published recently.Algorithm 1 shows the implementation.
4.1.Implementation of Proposed Method.The proposed scheme has been implemented using C language and Miracle SDK.MySQL server has been used to simulate the repository server.
The proposed scheme has been realized through C language and Miracle SDK.The implementation incorporates MySQL server to emulate the functionalities of the SS.In this simulation environment, HP i-5 laptops play a dual role, effectively mimicking both the cloud server and edge node.To replicate the diverse characteristics of IoT nodes, we employed various Xilinx boards in conjunction with child processes spawned using C language, creating a dynamic ecosystem that closely mimics the intricacies of IoT devices.This innovative integration ensures a holistic representation of our proposed solution, with each component contributing to the emulation of real-world scenarios.The synergy between C language, Miracle SDK, MySQL, and the diverse hardware components employed underscores our commitment to creating a robust, versatile, and scalable implementation.4.2.Implementation of IBE Cryptography.We have used the algorithm mentioned for certificateless cryptography with the following modification: (1) Removed Weil pairing method.

4.3.
Results.The proposed method, alongside two other communication protocols-certificateless cryptography and cloud-based IBE cryptography-has undergone comprehensive evaluation within the previously described experimental environment.The evaluations involved the analysis of results derived from elliptic curves with varying key sizes, specifically 160, 192, and 224 bits.These results serve as a critical measure of the performance and security attributes of each protocol, shedding light on their effectiveness and suitability for the intended communication tasks.In Table 3, we present the execution times for the creation of a single key pair, which is a crucial metric in assessing the efficiency of the given protocol.This table also includes execution times for the other two existing algorithms for reference.In Column 3 of Table 3, the execution times of the proposed method and the two other communication protocols are compared.Additionally, the power dissipation, shown in Column 4 of Table 3, is documented for the proposed method and the other two communication protocols.It is important to note that the evaluation encompasses various elliptic curve key sizes, including 160, 192, and 224 bits, to provide a  Wireless Communications and Mobile Computing comprehensive view of the performance across different security levels.Table 4 explains the measurements taken when the protocols are executed on concurrent key creation requests for 250 users.From the outcome mentioned in the aforesaid tables, we can conclude the following: (1) Due to MQV elliptic scalar operation given protocols outsmart the existing protocols.Given protocol is 2 − 3 × faster than the existing protocols.It may be recall that reason for slowness of the existing protocols is they use bilinear pairing for key generation process.Our findings is corroborated with the result mentioned in Cao et al.'s [45] study where it is shown that peer protocols are 5 × slower with respect to the proposed protocol.(2) Comparison made on energy consumption explains that the given protocols consumes 3 − 4 × less power than the peer protocols.(3) Outcome mentioned here clearly indicates that execution time, energy consumption changes with respect to the size of ECC.For example, time needed to produce a single key pair for a 160 bits elliptic curve by the given protocol is 1:3 × quicker than 192 bits and 2 × quicker than 224 bits.Likewise, power dissipation varies with respect to the key size.
(4) Execution time linearly increased when number of users are increased for both single-user and concurrent users.
Figures 4 and 5 present the outcome for execution time and power dissipation in graphical chart.The vertical axis in Figure 4 denotes to the time requires to complete the operations in ms, whereas elliptic curve size is mentioned in horizontal axis.Figure 4 represents that time needed to produce a pair of private and public key using the given protocol as well as the other communication protocols method has grown elliptic curve size.However, the given protocol yields far superior outcome compared to the state-of-the-art protocols.In Figure 5, the vertical axis indicates the power dissipation in microjoule, and horizontal axis represents the size of the elliptic curve.Figure 5 concludes that power consumption of the given protocol and the existing schemes is growing with respect to elliptic curve size.Nevertheless, the given method yields a far superior result than the existing protocols.Mathematical comparison indicated that the given protocol is 4 − 7 × quicker than the other two protocols.It is also clear that the power dissipation is 5 − 10 × better than the other protocols.

Memory Consumption.
Memory size occupied by the given protocol at run time is shown in Table 5.It also describes the memory size consumed by the other two existing protocols.Clearly given method takes less memory than the existing protocols.(1) Adversary will have full authority over the communication channel, i.e., adversary will be able to replay, add, update the data exchanged over the channel.It can also monitor the data transmitted over the channel.

Security Analysis
(2) The adversary can perform the following operations in polynomial time.
(i) Invoke(timestamp, challenge, response, node)-Adversary can execute this task to ask for the public key of a particular node.(ii) Read (KC, channel, node)-Message that is exchanged between KC and a node can be intercepted using this operation.(iii) MemoryRead (node)-Data stored in the memory of a specific node can be read using this method.(iv) Get (node, KC)-Public key of a specific node can be obtained using this function.
Proof.We have taken help of three games namely G1, G2, and G3 to prove the above mentioned theorem.An event is denoted as follows: where Adversary S can guess the random bit c in the G j correctly.
Advantage probability winning the game G j for S is as follows: Scheme explained in Wazid et al.'s [46] study has been used to prove this game.□ Game G0: We have simulated the actual attack by Adversary S against the given method using ROR model.Here bit c is selected randomly before start of the game G0.So it can be deducted from semantic security as follows: Game G1: Eavesdropping attack has been included in the game.In this game, Adversary S can eavesdrop all the messages exchanged during key exchange.Secret key generated by adversary is compared with the real keys exchanged between nodes using reveal and test query.
PUF(C k ) and PUF(C i ) define the security of the key SK ik .Since PUF responses are unknown to S so eavesdropping of the messages will never increase S's winning probability in the game G1.Also the games G0 and G1 are indistinguishable so we got the following result: Adversary S modeled all the scenarios.Only item remaining is to guess the bit c to win the game.Therefore, we have the following equation: By combining all the above equations:, we get the following equation:  Proof.In the adversarial model, messages transmitted between any node and KC can be requested, read, and received by an adversary.These messages can be intercepted by the adversary and sent them back to the KC to carry out replay attack.Each messages in the proposed scheme contains a timestamp which is encrypted using PUF response, KC will verify the timestamp before approving a request.The KC would remove a message if it contains an expired timestamp.So an adversary cannot carry out the replay attack.
Proof.Nodes are identified using PUF responses.This identity is also included in the messages transferred between any two entities.Since it is not possible for an adversary to guess the PUF response of a particular challenge, adversary would not be able to identify the node that has sent the message.□

Conclusion and Future Works
This paper introduced a generalized PKI-based ECC authentication and key generation protocol that enhances communication within IoT ecosystems by employing ECMQV.The protocol's primary advantages lie in its ability to significantly reduce energy consumption and execution time.It achieves this through the incorporation of a unique elliptic curve known as MQV elliptic curve, which enhances both security and performance in terms of execution time and memory usage.The protocol's design leverages in-built circuits in user nodes to generate the MQV elliptic curve.The experimental results corroborate the effectiveness of the proposed protocol, demonstrating that it outperforms its peer processes by being 1.5 times faster and exhibiting lower energy dissipation.These attributes are particularly valuable for resourceconstrained IoT devices.Future extensions of this work may involve automating the enrollment process to eliminate the need for manual intervention in symmetric key distribution to individual user nodes.Additionally, a revocation mechanism could be introduced for enhanced security.Furthermore, it is worth considering the impact of environmental temperature on the quality of secure keys generated from PUF. Investigating whether the proposed method consistently delivers high-quality PUF output under varying ambient temperatures could be a valuable avenue of research for designing a robust authentication scheme.

4. 3 . 1 .( 1 )
Parameters.Parameters used in the analysis are given below: Execution time: It represents the duration taken to perform the code block.(2) Energy consumption: It is determined by deducting the energy consumed in the previous sample from the present sample.A sample denotes the amplitude of remaining energy in a battery.(3) Storage size: The memory size needed during the execution of process: E EnrgyR → Power dissipated by CPU per unit time; E ExcTimeP → Time needed by process P to finish the execution; E EnrgyP → Power dissipates by process P in each execution cycle; and E EnrgyP → Enrgy R × ExcTime P 4.3.2.Computation Overhead.

TABLE 1 :
Key sizes (in bits) as per NIST recommendation.

TABLE 2 :
Comparison of state-of-the-art IoT security solutions.
proposed solution reduces latency, ensuring faster response times.This approach also optimizes bandwidth usage, as only relevant data or processed results are transmitted, enhancing efficiency.Additionally, the resilience of edge computing shines in scenarios with intermittent or unreliable cloud connectivity.
IoT nodes: These are the end-user nodes within the IoT ecosystem.IoT nodes establish trust relationships and communicate with the KC for authentication and other interactions.
FIGURE 2: Overall architecture of the proposed method.
1) Response User = DðEðResponse User Þ; C 1 is used to validate if the request has been sent by the correct node.This is as follows.(i) KC retrieves challenge-response from SS for C 1 of Node A to validate the authenticity of the node.(ii) Following equation is used to validate the authenticity Node A = Node A ⊕ PUF(C 1 ) PUF RS (C 1 ) Node A = D PUF RS ðE PUFðC 1 Þ ðNode A ÞÞ: .(iii) After Node A is successfully authenticated, it initiates validation process for Node B in the next steps.(iv) KC retrieves set of CRP for Node B from SS.And then sends a request to Node B to provide the corresponding response.Request KC that is sent to Node B is given as follows: AUTH, Node B , E PUF RS (C 2 ), and C 2 .(v) KC then validates the authenticity of Node B by the equation given as follows: C 2 = D PUF C 2 ðE PUF RS ðC 2 Þ Þ: .(vi) A nonce is generated and sent to KC after the successful validation of Node B : AUTH, NONCE B ,E PUF C 2 (NONCE B ), C 2 , and Node B .(vii) KC validates Node B 's authentication using the following formula: NONCE B = D PUF C 2 ðE PUF RS ðNONCE B ÞÞ: .
3.4.Key Generation and Exchange.Process of the authentication-cum-communication is initiated by two user nodes who want to communicate between them.KC will assist the user nodes to generate the key pair and distribute between them.It has three subprocesses.3.4.1.Authentication.KC authenticates the user nodes before it assists them in key generation and exchange process.It reads the CRP from SS and then sends the challenge to the user nodes and ask them to provide the corresponding response.After receiving the response from the user nodes, it validates them with the response it retrieves from the RS node.If it finds the response as valid then KC initiate the key generation process.B , Node A , E PUFðC 1 Þ (Node A ), and C 1 .It sends the operation name as part of the request (R here) and other details it sends are identification of Node B , identification of Node A .It also sends the encrypted form of identification of Node A using PUF response and the equivalent challenge.CRP of Msg2, C 2 , Node A .(6) Individual node also validates the public sent by KC.Node B validates if it has received correct key from Node A using given equation.(i) A nonce messages is created by Node B to encrypt the public key sent by Node A .Data = ENC Pub A (NONCE) KEYVER, Node A , NONCE, Data, Node B .(ii) Node A validates the request after getting the key verification request from Node B .NONCE' = DEC Pvt A (Data) = NONCE.(iii) One more nonce is generated by Node A to encrypt the public key of Node B and transfer back the request to Node A .

TABLE 3 :
Evaluation of single key-pair generation.

TABLE 4 :
Evaluation of generating scheme with concurrent keypair.Formal Security Analysis Using Real or Random Model.Formal security of the given method has been explained by employing ROR model.We have considered S as an adversary, M n as n_th instance of a participant.Few such participants are IoT nodes such as Inode i and Inode k .Adversary S can talk to participant M n .M k -Inode k and M n -Inode i indicate k_th and n_th instances of Inode i and Inode k .h(⋅) is modeled collision resistant one-way hash function.This hash function can be invoked by Adversary S and other entities of the protocol.
Proposed method fulfills the SK-security.It is proved in the following way.An Adversary S run the protocol in polynomial time t.Advantage of S to get the secret key SK i k by breaking the protocol's security while the key exchange phase can be estimated as follows: [47] G2: Game G2 used hash function H.An active attack has been modeled in this game.DATA transferred between two IoT nodes are protected using collision resistant hash function which h(Node B + Pub A + PUF(C 2 ))or h(Node B + Pub A + PUF(C 1 )) a computationally infeasible task for the Adversary S.Moreover, PUF(C 1 ) and PUF(C 2 ) are unknown to S. Also G1 and G2 are "indistinguishable."GameG2has included Hash query.The birthday paradox deduces the following equation[47]: 5.3.1.Informal Security AnalysisLemma 1. Proposed protocol is free from Denial of service attack (DoS).It allows any IoT node to request for keys from other IoT nodes.Proof.Key generation center (KGC) hosted in cloud server validates the request received by a particular node using CRP value store in its database.KC will reject the message before initiating the key generation process if it finds message with random CRP.All the request traffic are protected by PUF challenge.Response of the corresponding challenge is kept in

TABLE 5 :
Memory consumption in KB.ES) only.It is impossible for the adversary to get the access of ES and fetch a valid CRP to protect the request.So, it is not possible for adversary to deny KC and perform the DoS attack.Public key of a node cannot be modified.Proof.Messages communicated between a node and KC can be intercepted by an adversary.But it can not modify the public key.Because public key information is XORed using PUF response.Replay attack cannot be conducted by the adversary in the proposed protocol.