Internet of Things (IoT) employs a large number of sensors and actuators to collect and act upon data for its smart functionalities. These devices are considered as a part of the Low-power and Lossy Networks due to their use of low power embedded hardware and computationally constrained nature. For synchronization and utility, these devices are often clubbed together logically to form groups. To maintain data confidentiality within a group, a shared symmetric key called the Group Key (GK) is used by all the group members. The GK must be redistributed upon joining and leaving of a group member to maintain forward and backward secrecy. However, the key management (i.e., generation and distribution) process causes overhead which consumes the scarce network resources. In this paper, we propose TARE, a novel Topology Adaptive Re-kEying (TARE) scheme for lightweight and secure group communication. TARE integrates the principles of routing tree mapped logical key tree and local derivation of the key over the an IPv6 Routing Protocol for low-power and Lossy networks in an original way. TARE takes into consideration the current routing topology and makes maximum energy reduction as the premise for its choice of key derivation and distribution methods, thus, it reduces the network energy consumption while maintaining key secrecy and data confidentiality. In particular, TARE provides the following advantages: (1) lower network overhead and bandwidth utilization in key management and re-distribution operations, (2) effective against the network mobility in scalable IoT networks, (3) secure group communications in network against attacks such as man-in-the-middle and eavesdropping, and (4) data confidentiality by ensuring backward and forward secrecy in key distribution method. We evaluate the performance of TARE and compare it with existing schemes. Our results show the effectiveness of TARE regarding energy consumption, bandwidth utilization, and the number of encrypted message transmissions during the re-keying operations.

物联网（IoT）利用大量传感器和执行器为其智能功能收集数据并采取行动。这些设备由于使用了低功耗嵌入式硬件，并且在计算上受到限制，因此被视为低功耗有损网络的一部分。为了实现同步和实用性，通常将这些设备逻辑组合在一起以形成组。为了维护组内的数据机密性，所有组成员都使用称为组密钥（GK）的共享对称密钥。GK在加入和离开小组成员时必须重新分配，以保持前后保密性。但是，密钥管理（即生成和分发）过程导致开销，从而消耗了稀缺的网络资源。在本文中，我们提出了TARE，一种新颖的拓扑自适应中继（TARE）方案，用于轻量级和安全的组通信。TARE以原始方式集成了IPv6路由协议上路由树映射的逻辑密钥树和密钥在IPv6路由协议上的本地派生的原理。TARE考虑了当前的路由拓扑，并在选择密钥派生和分发方法的前提下最大程度地减少了能耗，从而在保持密钥保密性和数据机密性的同时降低了网络能耗。特别是，TARE具有以下优点：（1）降低了密钥管理和重新分配操作中的网络开销和带宽利用率，（2）有效应对可扩展的IoT网络中的网络移动性，（3）确保网络中的群组通信免受中间人和窃听等攻击，以及（4）通过确保密钥分发方法中的前后保密性来保护数据机密性。我们评估TARE的性能，并将其与现有方案进行比较。我们的结果表明，在重新加密操作期间，TARE在能耗，带宽利用率以及加密消息传输数量方面具有有效性。