OTA-Key: Over the Air Key Management for Flexible and Reliable IoT Device Provision
Qian Zhang, Yi He, Yue Xiao, Xiaoli Zhang, Chunhua Song
TL;DR
The paper tackles the security risks of shared keys in IoT devices and the difficulty of deploying unique device keys at scale within existing production lines. It introduces OTA-Key, a two-stage provisioning framework that decouples keys from firmware and uses an intermediary agent to assign per-device keys over the air, followed by an atomic agent-based update protocol to refresh keys and cloud connections without disrupting operation. The authors verify security formally with ProVerif and demonstrate through prototypes and large-scale simulations that OTA-Key provides secure, scalable, and flexible key management while significantly reducing update times and data transfer compared with traditional approaches. The work enables reliable cloud-platform switching and large-scale key updates, offering practical impact for secure IoT deployments as devices proliferate toward billions of connections.
Abstract
As the Internet of Things (IoT) industry advances, the imperative to secure IoT devices has become increasingly critical. Current practices in both industry and academia advocate for the enhancement of device security through key installation. However, it has been observed that, in practice, IoT vendors frequently assign shared keys to batches of devices. This practice can expose devices to risks, such as data theft by attackers or large-scale Distributed Denial of Service (DDoS) attacks. To address this issue, our intuition is to assign a unique key to each device. Unfortunately, this strategy proves to be highly complex within the IoT context, as existing keys are typically hardcoded into the firmware, necessitating the creation of bespoke firmware for each device. Furthermore, correct pairing of device keys with their respective devices is crucial. Errors in this pairing process would incur substantial human and temporal resources to rectify and require extensive communication between IoT vendors, device manufacturers, and cloud platforms, leading to significant communication overhead. To overcome these challenges, we propose the OTA-Key scheme. This approach fundamentally decouples device keys from the firmware features stored in flash memory, utilizing an intermediary server to allocate unique device keys in two distinct stages and update keys. We conducted a formal security verification of our scheme using ProVerif and assessed its performance through a series of evaluations. The results demonstrate that our scheme is secure and effectively manages the large-scale distribution and updating of unique device keys. Additionally, it achieves significantly lower update times and data transfer volumes compared to other schemes.