Resumen
With the rapid growth of Internet of Things (IoT) devices around the world, thousands of mobile users share many data with each other daily. IoT communication has been developed in the past few years to ensure direct connection among mobile users. However, wireless vulnerabilities exist that cause security concerns for IoT device-to-device (D2D) communication. This has become a serious debate, especially in smart environments where highly sensitive information is exchanged. In this paper, we study the security requirements in IoT D2D communication. In addition, we propose a novel authentication approach called Secure Key Exchange with QR Code (SeKeQ) to verify user identity by ensuring an automatic key comparison and providing a shared secret key using Diffie-Hellman key agreement with an SHA-256 hash. To evaluate the performance of SeKeQ, we ran a testbed using devices with a WiFi-Direct communication interface. The obtained results depict that our proposal can offer the required security functions including key exchange, data confidentiality, and integrity. In addition, our proposal can reach the same security performances as MANA (Manual Authentication) and UMAC (Universal-Hashing Message Authentication Code) but with 10 times fewer key computations and reduced memory occupancy.