Hybrid Cryptographic System Using DH and AES for Securing IoT Communication

Abstract

The present invention relates to a hybrid cryptographic system that combines the Diffie-Hellman (DH) key exchange protocol and the Advanced Encryption Standard (AES) algorithm to secure communication between IoT devices. The system enables secure key exchange without relying on pre-shared keys, followed by AES encryption for efficient data transmission. The proposed system is suitable for resource-constrained IoT environments, providing both confidentiality and integrity while ensuring low computational overhead.

Specification

Description:FIELD OF THE INVENTION: The present invention relates to the field of cryptography, more specifically to a hybrid cryptographic system combining the Diffie-Hellman (DH) key exchange protocol and the Advanced Encryption Standard (AES) algorithm to secure communication in Internet of Things (IoT) networks. 3. BACKGROUND OF THE INVENTION: The proliferation of IoT devices in various domains such as healthcare, smart homes, industrial automation, and connected vehicles has introduced significant security challenges. These devices often operate in resource-constrained environments, making traditional cryptographic solutions unsuitable due to their high computational and power requirements. As IoT devices communicate over networks that are vulnerable to a wide array of cyberattacks, ensuring secure communication becomes critical. The Diffie-Hellman (DH) key exchange protocol is a widely used cryptographic technique for securely exchanging keys between two parties over an insecure communication channel. AES is a symmetric encryption standard that provides robust encryption but relies on secure key exchange for operation. Current solutions for securing IoT communications either use asymmetric encryption (which may be computationally intensive for IoT devices) or symmetric encryption (which requires a pre-shared key). These methods either compromise performance or security. Thus, there is a need for an efficient, scalable, and secure cryptographic system that provides both strong encryption and efficient key management for IoT networks. ________________________________________ 4. OBJECTIVES OF THE INVENTION: The primary objectives of the present invention are: 1. To provide a secure and efficient cryptographic system for IoT devices. 2. To enable secure key exchange between IoT devices without relying on pre-shared keys. 3. To reduce the computational load on resource-constrained IoT devices. 4. To ensure confidentiality, integrity, and authenticity of data exchanged between IoT devices. 5. To provide a scalable cryptographic solution suitable for large-scale IoT networks. ________________________________________ 5. SUMMARY OF THE INVENTION: The present invention provides a hybrid cryptographic system that combines the Diffie-Hellman (DH) key exchange protocol with the Advanced Encryption Standard (AES) encryption algorithm to secure communication in IoT networks. This system leverages the strength of DH for secure key exchange while using AES for efficient data encryption. The system facilitates secure communication between IoT devices by enabling them to dynamically exchange encryption keys using the DH protocol without relying on a pre-shared key. Once the key is exchanged, the devices utilize the AES algorithm to encrypt the communication payload, ensuring confidentiality and integrity. The hybrid approach ensures the security of key exchange and the efficiency of symmetric encryption, making it ideal for IoT devices with limited processing power and energy resources. ________________________________________ 6. DETAILED DESCRIPTION OF THE INVENTION: 1. Overview of the Hybrid Cryptographic System: The system consists of two primary components: Diffie-Hellman (DH) Key Exchange Protocol: This is used for secure key exchange between IoT devices. The DH protocol enables two devices to agree on a shared secret key, even when communicating over an insecure channel. Advanced Encryption Standard (AES) Algorithm: Once the shared secret is established using DH, the AES encryption algorithm is used to encrypt the data exchanged between the IoT devices. AES is a symmetric encryption algorithm known for its high performance and security. 2. Working of the Hybrid Cryptographic System: Initiation of Communication: The system begins with two IoT devices intending to communicate securely over a network. One of the devices, designated as the "Initiator," sends a message to the other device, referred to as the "Responder," requesting a secure connection. Diffie-Hellman Key Exchange: The Initiator and Responder exchange public keys according to the DH protocol. Using these public keys, both devices compute a shared secret key. The private keys required for the DH computation are never transmitted over the network, ensuring that the key exchange remains secure from eavesdropping. Key Derivation: The shared secret key generated by the DH exchange is further processed using a key derivation function (KDF) to produce an encryption key suitable for the AES algorithm. This derived key is used for encrypting the communication between the devices. AES Encryption: After the key derivation process, both devices use the AES algorithm to encrypt and decrypt the data exchanged between them. The AES encryption operates in one of its secure modes (e.g., AES-GCM, AES-CBC) to provide data confidentiality and integrity. Secure Data Transmission: Encrypted data is transmitted between the Initiator and the Responder. Both devices use the previously agreed-upon AES encryption key to decrypt the received data. Session Termination: Once the communication session is complete, the shared encryption key is discarded, and no long-term keys are retained, ensuring that the system remains secure against future attacks. 3. Security Features: Confidentiality: Data exchanged between IoT devices is encrypted using AES, ensuring that unauthorized parties cannot access the transmitted information. Integrity: The system ensures that any unauthorized modification of the transmitted data is detected. Authenticity: The key exchange process provides a means of verifying the authenticity of the communication partners. Forward Secrecy: The use of the DH key exchange ensures that even if a key is compromised in the future, previous communications remain secure. 4. Efficiency and Scalability: The hybrid system is optimized for IoT devices with limited computational resources. The DH key exchange, though initially computationally intensive, is performed only during the establishment of the connection. Subsequent communication uses the efficient AES encryption, reducing the burden on the devices. The system is scalable and can be deployed in large-scale IoT networks where secure, efficient, and low-power communication is required. , Claims:1. I/We claim a hybrid cryptographic system for securing communication between IoT devices, comprising: a) a Diffie-Hellman key exchange module configured to securely exchange a shared secret between two IoT devices over an insecure communication channel; b) a key derivation module configured to derive an AES encryption key from the shared secret; and c) An AES encryption module configured to encrypt and decrypt data exchanged between the two IoT devices using the derived AES encryption key.
2. I/We claim the system as claimed in claim 1, wherein the AES encryption module operates in AES-GCM or AES-CBC mode. 3. I/We claim the system as claimed in claim 1, further comprising a session termination module that discards the shared encryption key after the communication session is complete. 4. I/We claim the system as claimed in claim 1, wherein the key exchange process provides forward secrecy, preventing compromise of past communications. 5. I/We claim the system as claimed in claim 1, wherein the system is scalable and optimized for resource-constrained IoT devices.

Documents