International Association
for Cryptologic Research

Abstract. We present a topology-based key setup protocol (ToBKeS) to facilitate the plug and play deployment of cryptography, in networks with known topology. This protocol uses the topology to authenticate messages of devices. ToBKeS assumes that there is at least one device that is initialized with the known network topology, the authentication server, that it has a known public key and that it shares secret keys with some of the other devices in the network. ToBKeS eases the adoption of security by eliminating the need to manually set every device with its own private key. Furthermore, ToBKeS limits the impact of key exposures by ensuring both perfect forward secrecy and proactive key refresh, re-establishing security after exposure. We analyze the properties of the ToBKeS protocol and show sufficient topology conditions for its applicability. In addition, we prove its security against power-full attacker, that is able to control the route of the network, as well as an attacker that is able control some of the devices in the network.