Mwitende Gervais, Pivot Access Ltd, Rwanda

Data security and privacy are important to prevent the reveal, modification and unauthorized usage of sensitive information. The introduction of using critical power devices for internet of things (IoTs), e-commerce, e payment, and wireless sensor networks (WSNs) has brought a new challenge of security due to the low computation capability of sensors. Therefore, the lightweight authenticated key agreement protocols are important to protect their security and privacy. Several researches have been published about authenticated key agreement. However, there is a need of lightweight schemes that can fit with critical capability devices. Addition to that, a malicious key generation center (KGC) can become a threat to watch other users, i.e impersonate user by causing the key escrow problem. Therefore, we propose a lightweight certificateless Authenticated Key Agreement (AKA) based on the computation Diffie-Hellman problem (CDHP). The proposed protocol maintains the characteristics of certificateless public key cryptography. The protocol is split into two combined phases. In the first phase, our protocol establishes a session key between users (sender and receiver). In the second phase, we use a lightweight proxy blind signature based on elliptic curve discrete logarithm problem (ECDLP). The used proxy signature has small computation costs, and can fit for small devices such sensors and protects against un-authentication and un-authorization on decentralized system. Compared to the existing AKA schemes, our scheme has small computation costs. The protocol achieves the well known security features compared to the related protocols.

Cerificateless AKA, distinguishability, Session key, proxy blind signature, forward secrecy, decentralized.