A design of the lightweight key management system for multi-level embedded devices

Embedded devices usually have limited resources and can support limited computing, storage, and communication overhead, which requires key management solutions to be lightweight and efficient. Some traditional key management schemes, such as the public key management system, need to be managed by certificates and CAs, and the storage and communication overhead between nodes is often large; it is thus difficult to deploy these schemes in embedded device usage scenarios. This paper finally selects the symmetric key management system as the support, and introduces the advantages of the public key system to facilitate the management of symmetric keys, thereby ensuring the lightweight nature and security of the system.

During the use of the device, there will be problems such as loss, scrapping, loss reporting and retrieval. These special devices need to be managed through a blacklist mechanism. With the passage of time and the increase in the number of devices, the number of devices registered in the blacklist library will become very large, even exceeding the storage space. While dealing with large-scale blacklists, problems such as updating and synchronisation difficulties are typically encountered. Therefore, when designing the system, the problem of the larger blacklist should be considered, and a reasonable and effective mechanism should be instituted to control the numerical strength of blacklists, with the result that the stability of the system is ensured.

Three types of keys need to be generated in this system: management keys, service keys and session keys.

The management key is generated by the corresponding module in the device, and it is mainly used for the encryption protection of the service key, the secure transmission of the service key and the security authentication of the device. For symmetric management keys, a random number is generated and the result of hashing the random number as a key is stored, whereas for asymmetric management keys, a public–private key pair is generated as the management key.

The service key is used to protect the security of service data and also participate in the negotiation of the session key. In order to meet the requirements of being lightweight, the service key is in the form of a symmetric key and managed according to a tree-shaped key structure, and the sub-service key is dispersed from the root service key. The service key generation algorithm is as follows: Ki=Hash(Ki−1∥IDi∥Ver) {K_i} = Hash\left( {{K_{i - 1}}\parallel I{D_i}\parallel Ver} \right) where K_i represents the service key of the i-th layer device, K_i−1 represents the service key of the i-1 layer device, ID_i represents the identity of the i-th layer device and Ver represents the current service key version number. In this way, the business key of each layer is related to the business key of the previous layer and its own identity, and the one-way nature of the hash algorithm is used to organise it into a one-way tree structure.

Session keys are used during the session cycle for encryption and decryption of communication data. The session key is negotiated by the devices of both parties at the beginning of the session, and when the session period ends, the session key is also destroyed.

Key storage is an important link in key management, since the security of the system is directly affected by whether or not the key is stored securely. The management key is mainly used in the local device, and thus it is mainly stored in the local device. It must be securely stored in the device; otherwise, the service and session keys will be leaked. For a device with a security module, the key can be stored in the module in plaintext, and an external calling interface can be provided.

Service keys are stored in devices and keystores. In the device, the service key is encrypted and stored by the key encryption key.

The session key is mainly used to encrypt and protect the communication data during the session. The session key has the shortest life cycle and only exists in the session cycle. Therefore, the session key does not need to be stored locally. The session key exists in the memory. After the session ends, the session key is destroyed from the memory.

After the key is generated, it needs to be sent to the target device through a secure channel, and the key information cannot be leaked during this process. The secure distribution of business keys can be achieved by means of key transmission keys, and the specific process is shown in Figure 4.

Fig. 4

During the key transmission process, the key management centre retrieves the key database, and encrypts and stores the newly generated device service key information in the key store. The key transmission process uses the key transmission key to encrypt and protect the service key, which ensures the security of the key distribution process.

Key negotiation is mainly used to negotiate session keys. Communication data during a session is usually protected by session key encryption. The lifetime of the session key is very short, amounting to no more than a single session period. It is generated at the beginning of the session and destroyed at the end of the session. In this system, the negotiation of the session key is performed using the service key. Figure 5 shows the session key negotiation process between adjacent two-layer devices.

Fig. 5

The service key is used frequently, and thus the regular update period of the service key cannot be too long. The business layer key is updated in a top-down manner. When the upper-layer device receives the new key, it calculates the new key of the lower-layer device by combining the dispersion factor ID and version Ver. Then the upper-level device uses the old key to calculate the lower-level old key, and encrypts the new key. The upper-level device sends it to the lower-level device. The hash value of the version number is also sent with the key. The function of the hash value is to perform an integrity check on the key to ensure that the key is updated completely and reliably. The lower-layer device can obtain the new service key after decryption with the old service key, and perform key integrity detection in combination with the hash value. After it is ascertained as correct, the update completion response packet is sent to the upper-layer device to complete the key update.

The management key is used less frequently than the service key, and its update period can be appropriately longer than the service key update period. The update of the management key is done locally, and the corresponding key is regenerated by the device and stored locally. In this system, in order to better balance the update relationship between the service and management keys, an update-times counter is used to determine whether to update the management key. When the number of service key updates reaches the threshold, the management key is updated, and after the update, the counter is reset to zero, and the next round of counting starts.

When the device exits the working group, the key should be destroyed to prevent it from being leaked. For the management and service keys in the device, the related interface of the key module is called upon to destroy the key. At the same time, the key management module is responsible for deleting key-related information in the keystore.

In this system, the session key used by the device in the communication process is different each time, and the new session key cannot decrypt the historical session data packets, making the historical communication data packets invalid for this session process. In addition, in the negotiation process of the session key, the communication parties generate random numbers, and a new session key is obtained by generating a new random number each time, which ensures the freshness of the session key. Even if the attacker captures the data packets of a certain negotiation process, the next session key cannot be negotiated.

The service key transmission process uses the key transmission key for protection, and the public key pub-Key of the transmission key has been recorded in the keystore when the device is registered; thus, an attacker cannot forge a new public–private key pair. Therefore, the attacker cannot decrypt the data information in the key transmission process, which ensures the security of the process. During the key negotiation process, both communicating parties use the service key to encrypt data. The attacker does not have the business key to decrypt the data in the negotiation process, which makes it difficult to conduct man-in-the-middle attacks.

When the device requests the service key, the key centre will find the corresponding public key information according to the provided ID. If the attacker provides a fake ID or pretends to be another device, the public key information found by the key centre will also be wrong. Since the attacker does not have the corresponding private key, the service key cannot be decrypted.

In addition, the key update policy when the device joins and exits is set in this system. When a device joins or exits, the system will perform a key update operation, and the original key leaked in the device will not be able to participate in the encryption and decryption operations normally, thus ensuring the forward and backward security of the system.

The device needs to store the management key locally, and each service in the device corresponds to a service key. In this system, the upper-layer device does not need to store the key of the lower-layer device, but the device identification provided by the lower-layer device obtains its key through decentralised calculation. In this way, the storage overhead of the device can be effectively reduced and the resource utilisation rate can be improved. This system is more suitable for embedded devices with limited storage resources.

Communication overhead is very important for system performance and stability. This section analyses the key transmission, negotiation and update process based on the number of times of sending and receiving communication packets and the data size of communication packets.