Rapid growth of Internet of Things (IoT) devices dealing with sensitive data has led to the emergence of new access control technologies in order to maintain this data safe from unauthorized use. In particular, a dynamic IoT environment, characterized by a high signaling overhead caused by subscribers' mobility, presents a significant concern to ensure secure data distribution to legitimate subscribers. Hence, for such dynamic environments, group key management (GKM) represents the fundamental mechanism for managing the dissemination of keys for access control and secure data distribution. However, existing access control schemes based on GKM and dedicated to IoT are mainly based on centralized models, which fail to address the scalability challenge introduced by the massive scale of IoT devices and the increased number of subscribers. Besides, none of the existing GKM schemes supports the independence of the members in the same group. They focus only on dependent symmetric group keys per subgroup communication, which is inefficient for subscribers with a highly dynamic behavior. To deal with these challenges, we introduce a novel Decentralized Lightweight Group Key Management architecture for Access Control in the IoT environment (DLGKM-AC). Based on a hierarchical architecture, composed of one Key Distribution Center (KDC) and several Sub Key Distribution Centers (SKDCs), the proposed scheme enhances the management of subscribers' groups and alleviate the rekeying overhead on the KDC. Moreover, a new master token management protocol for managing keys dissemination across a group of subscribers is introduced. This protocol reduces storage, computation, and communication overheads during join/leave events. The proposed approach accommodates a scalable IoT architecture, which mitigates the single point of failure by reducing the load caused by rekeying at the core network. DLGKM-AC guarantees secure group communication by preventing collusion attacks and ensuring backward/forward secrecy. Simulation results and analysis of the proposed scheme show considerable resource gain in terms of storage, computation, and communication overheads.

中文翻译：

---

用于物联网环境中动态访问控制的去中心化轻量级组密钥管理


处理敏感数据的物联网 (IoT) 设备的快速增长导致了新的访问控制技术的出现，以保证这些数据的安全，防止未经授权的使用。特别是，动态物联网环境的特点是用户移动性导致的高信令开销，这对确保向合法用户安全分发数据提出了重大关注。因此，对于这种动态环境，组密钥管理 (GKM) 代表了管理密钥传播以实现访问控制和安全数据分发的基本机制。然而，现有的基于GKM且专用于物联网的访问控制方案主要基于集中式模型，无法解决物联网设备规模庞大和用户数量增加带来的可扩展性挑战。此外，现有的GKM方案都不支持同一组内成员的独立性。他们只关注每个子组通信的依赖对称组密钥，这对于具有高度动态行为的订阅者来说效率低下。为了应对这些挑战，我们引入了一种新颖的去中心化轻量级组密钥管理架构，用于物联网环境中的访问控制（DLGKM-AC）。该方案基于分层架构，由一个密钥分发中心（KDC）和多个子密钥分发中心（SKDC）组成，增强了用户组的管理并减轻了 KDC 上的密钥更新开销。此外，还引入了一种新的主​​令牌管理协议，用于管理跨一组订阅者的密钥传播。该协议减少了加入/离开事件期间的存储、计算和通信开销。 所提出的方法适应可扩展的物联网架构，通过减少核心网络重新生成密钥造成的负载来减轻单点故障。 DLGKM-AC 通过防止共谋攻击和确保后向/前向保密来保证安全的组通信。该方案的仿真结果和分析表明，在存储、计算和通信开销方面获得了相当大的资源增益。