{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,28]],"date-time":"2025-10-28T00:30:30Z","timestamp":1761611430128,"version":"build-2065373602"},"reference-count":21,"publisher":"MDPI AG","issue":"10","license":[{"start":{"date-parts":[[2017,9,21]],"date-time":"2017-09-21T00:00:00Z","timestamp":1505952000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Many Internet of Things (IoT) services utilize an IoT access network to connect small devices with remote servers. They can share an access network with standard communication technology, such as IEEE 802.11ah. However, an authentication and key management (AKM) mechanism for resource constrained IoT devices using IEEE 802.11ah has not been proposed as yet. We therefore propose a new AKM mechanism for an IoT access network, which is based on IEEE 802.11 key management with the IEEE 802.1X authentication mechanism. The proposed AKM mechanism does not require any pre-configured security information between the access network domain and the IoT service domain. It considers the resource constraints of IoT devices, allowing IoT devices to delegate the burden of AKM processes to a powerful agent. The agent has sufficient power to support various authentication methods for the access point, and it performs cryptographic functions for the IoT devices. Performance analysis shows that the proposed mechanism greatly reduces computation costs, network costs, and memory usage of the resource-constrained IoT device as compared to the existing IEEE 802.11 Key Management with the IEEE 802.1X authentication mechanism.<\/jats:p>","DOI":"10.3390\/s17102170","type":"journal-article","created":{"date-parts":[[2017,9,21]],"date-time":"2017-09-21T12:17:40Z","timestamp":1505996260000},"page":"2170","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":19,"title":["An Authentication and Key Management Mechanism for Resource Constrained Devices in IEEE 802.11-based IoT Access Networks"],"prefix":"10.3390","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7636-8990","authenticated-orcid":false,"given":"Ki-Wook","family":"Kim","sequence":"first","affiliation":[{"name":"Department of Computer and Radio Communication Engineering, Korea University, Seoul 136-713, Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Youn-Hee","family":"Han","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Korea University of Technology and Education, CheonAn 330-708, Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sung-Gi","family":"Min","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, Korea University, Seoul 136-713, Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2017,9,21]]},"reference":[{"key":"ref_1","unstructured":"ZigBee Alliance (2017, September 08). ZigBee Specification. Available online: http:\/\/www.zigbee.org\/download\/standards-zigbee-specification\/."},{"key":"ref_2","unstructured":"ISA100 Standards Committee (2007). ISA100.11a, Release 1\u2013An Update on the First Wireless Standard Emerging from the Industry for the Industry. ISA EXPO 2007, International Society of Automation (ISA)."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Song, J., Han, S., Mok, A., Chen, D., Lucas, M., Nixon, M., and Pratt, W. (2008, January 22\u201324). WirelessHART: Applying wireless technology in real-time industrial process control. Proceedings of the Real-Time and Embedded Technology and Applications Symposium (RTAS\u201908), St. Louis, MO, USA.","DOI":"10.1109\/RTAS.2008.15"},{"key":"ref_4","unstructured":"Thread Group (2015). Thread Technical Overview, 5 October 2015, Berlin, Thread Group."},{"key":"ref_5","unstructured":"IEEE (2004). IEEE standard for local and metropolitan area networks-port-based network access control. IEEE Std 802.1X-2004 (Revision of IEEE Std 802.1X-2001), IEEE."},{"key":"ref_6","unstructured":"IEEE (2012). IEEE standard for information technology\u2014Telecommunications and information exchange between systems local and metropolitan area networks\u2014Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications-Redline. IEEE Std 802.11-2012 (Revision of IEEE Std 802.11-2007)\u2014 Redline, IEEE."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Simon, D., Aboba, B., and Eronen, P. (2008). RFC 5247\u2014Extensible Authentication Protocol (EAP) Key Management Framework, Network Working Group.","DOI":"10.17487\/rfc5247"},{"key":"ref_8","unstructured":"IEEE (2011). IEEE standard for local and metropolitan area networks\u2014Part 15.4: Low-Rate Wireless Personal Area Networks (LR-WPANs). IEEE Std 802.15.4-2011 (Revision of IEEE Std 802.15.4-2006), IEEE."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Yegin, A.E., and Cragie, R. (2012). RFC 6786\u2013Encrypting the Protocol for Carrying Authentication for Network Access (PANA) Attribute-Value Pairs, Internet Engineering Task Force (IETF).","DOI":"10.17487\/rfc6786"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"DeKok, A. (2015). RFC 7542\u2014The Network Access Identifier, Internet Engineering Task Force (IETF).","DOI":"10.17487\/RFC7542"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Bonetto, R., Bui, N., Lakkundi, V., Olivereau, A., Serbanati, A., and Rossi, M. (2012, January 25\u201328). Secure communication for smart IoT objects: Protocol stacks, use cases and practical examples. Proceedings of the 2012 IEEE International Symposium on IEEE World of Wireless, Mobile and Multimedia Networks (WoWMoM), San Francisco, CA, USA.","DOI":"10.1109\/WoWMoM.2012.6263790"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Forsberg, D., Patil, B., Yegin, A.E., Ohba, Y., and Tschofenig, H. (2008). RFC 5191\u2014Protocol for Carrying Authentication for Network Access (PANA), Network Working Group.","DOI":"10.17487\/rfc5191"},{"key":"ref_13","unstructured":"Yegin, A.E., and Ohba, Y. (2010). RFC 5807\u2014Definition of Master Key Between PANA Client and Enforcement Point, Internet Engineering Task Force (IETF)."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Jara, A.J. (2014, January 8\u201312). Trust extension protocol for authentication in networks oriented to management (TEPANOM). Proceedings of the International Conference on Availability, Reliability, and Security, Fribourg, Switzerland.","DOI":"10.1007\/978-3-319-10975-6_11"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Simon, D., and Hurst, R. (2008). RFC 5216\u2014The EAP-TLS Authentication Protocol, Network Working Group.","DOI":"10.17487\/rfc5216"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"120","DOI":"10.1145\/359340.359342","article-title":"A method for obtaining digital signatures and public-key cryptosystems","volume":"21","author":"Rivest","year":"1978","journal-title":"Commun. ACM"},{"key":"ref_17","unstructured":"Dai, W. (2017, June 15). Crypto++ 5.6 Benchmark. Available online: https:\/\/www.cryptopp.com\/benchmarks.html."},{"key":"ref_18","unstructured":"Atmel Corporation (2011). Atmel ATmega128 Datasheet, Atmel Corporation."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Ba\u00f1os-Gonzalez, V., Afaqui, M.S., Lopez-Aguilera, E., and Garcia-Villegas, E. (2016). In IEEE 802.11 ah: A technology to face the IoT challenge. Sensors, 16.","DOI":"10.3390\/s16111960"},{"key":"ref_20","unstructured":"IEEE (2017). IEEE Standard for Information technology\u2014Telecommunications and information exchange between systems\u2014Local and metropolitan area networks\u2014Specific requirements\u2014Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications amendment 2: Sub 1 GHz license exempt operation. IEEE Std 802.11ah-2016 (Amendment to IEEE Std 802.11-2016, As Amended by IEEE Std 802.11ai-2016), IEEE."},{"key":"ref_21","unstructured":"Rich, C. (2017, September 08). axTLS Embedded SSL. Available online: http:\/\/axtls.sourceforge.net\/index.htm."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/17\/10\/2170\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T18:45:33Z","timestamp":1760208333000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/17\/10\/2170"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,9,21]]},"references-count":21,"journal-issue":{"issue":"10","published-online":{"date-parts":[[2017,10]]}},"alternative-id":["s17102170"],"URL":"https:\/\/doi.org\/10.3390\/s17102170","relation":{},"ISSN":["1424-8220"],"issn-type":[{"type":"electronic","value":"1424-8220"}],"subject":[],"published":{"date-parts":[[2017,9,21]]}}}