Rapid growth of Internet of Things (IoT) devices dealing with sensitive data has led to the emergence of new access control technologies in order to maintain this data safe from unauthorized use. In particular, a dynamic IoT environment, characterized by a high signaling overhead caused by subscribers’ mobility, presents a significant concern to ensure secure data distribution to legitimate subscribers. Hence, for such dynamic environments, group key management (GKM) represents the fundamental mechanism for managing the dissemination of keys for access control and secure data distribution. However, existing access control schemes based on GKM and dedicated to IoT are mainly based on centralized models, which fail to address the scalability challenge introduced by the massive scale of IoT devices and the increased number of subscribers. Besides, none of the existing GKM schemes supports the independence of the members in the same group. They focus only on dependent symmetric group keys per subgroup communication, which is inefficient for subscribers with a highly dynamic behavior. To deal with these challenges, we introduce a novel Decentralized Lightweight Group Key Management architecture for Access Control in the IoT environment (DLGKM-AC). Based on a hierarchical architecture, composed of one Key Distribution Center (KDC) and several Sub Key Distribution Centers (SKDCs), the proposed scheme enhances the management of subscribers’ groups and alleviate the rekeying overhead on the KDC. Moreover, a new master token management protocol for managing keys dissemination across a group of subscribers is introduced. This protocol reduces storage, computation, and communication overheads during join/leave events. The proposed approach accommodates a scalable IoT architecture, which mitigates the single point of failure by reducing the load caused by rekeying at the core network. DLGKM-AC guarantees secure group communication by preventing collusion attacks and ensuring backward/forward secrecy. Simulation results and analysis of the proposed scheme show considerable resource gain in terms of storage, computation, and communication overheads.

中文翻译：

---

用于物联网环境中动态访问控制的分散式轻量级组密钥管理

处理敏感数据的物联网 (IoT) 设备的快速增长导致出现了新的访问控制技术，以保护这些数据免受未经授权的使用。尤其是动态物联网环境，其特点是用户移动性导致的高信令开销，这对确保向合法用户安全分发数据提出了重大关切。因此，对于此类动态环境，组密钥管理 (GKM) 代表了管理密钥分发以实现访问控制和安全数据分发的基本机制。然而，现有的基于 GKM 且专用于 IoT 的访问控制方案主要基于中心化模型，无法解决 IoT 设备的大规模和用户数量增加带来的可扩展性挑战。除了，现有的 GKM 计划均不支持同一组中成员的独立性。它们只关注每个子组通信的相关对称组密钥，这对于具有高度动态行为的订户来说是低效的。为了应对这些挑战，我们引入了一种新颖的分散式轻量级组密钥管理架构，用于物联网环境中的访问控制 (DLGKM-AC)。该方案基于由一个密钥分发中心（KDC）和多个子密钥分发中心（SKDC）组成的分层架构，增强了用户组的管理并减轻了 KDC 上的密钥更新开销。此外，还引入了一种新的主​​令牌管理协议，用于管理跨一组订阅者的密钥分发。该协议减少了存储、计算、和加入/离开事件期间的通信开销。所提出的方法适用于可扩展的物联网架构，该架构通过减少在核心网络重新生成密钥引起的负载来减轻单点故障。DLGKM-AC 通过防止串通攻击和确保后向/前向保密来保证安全的组通信。所提出方案的仿真结果和分析表明，在存储、计算和通信开销方面，资源获得了可观的收益。