Saved in:
Bibliographic Details
Main Authors: Peters, Sebastian N., Lautenschlager, Lukas, Emeis, David, Lochert, Jason
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2601.21966
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866908798314086400
author Peters, Sebastian N.
Lautenschlager, Lukas
Emeis, David
Lochert, Jason
author_facet Peters, Sebastian N.
Lautenschlager, Lukas
Emeis, David
Lochert, Jason
contents Cyber-Physical Systems (CPSs) rely on distributed embedded devices that often must communicate securely over buses. Ensuring message integrity and authenticity on these buses typically requires group-shared keys for Message Authentication Codes (MACs). To avoid insecure fixed pre-shared keys and trust-on-first-use concepts, a Group Key Agreement (GKA) protocol is needed to dynamically agree on a key amongst the devices. Yet existing GKA protocols lack adaptability to constrained CPS buses. This paper targets authenticated, fully distributed GKA suitable for bus topologies under constraints of industrial and cyber-physical systems, including broadcast-only links, half-duplex operation, resource limits, dynamic membership (including unannounced leaves), a long device lifetime, and a strong Dolev-Yao adversary capable of partitioning the bus. We first systematise existing protocols, then derive the requirements necessary for an authenticated and fully distributed GKA on bus systems. Finally, we design, implement, and evaluate a custom GKA protocol based on TreeKEM.
format Preprint
id arxiv_https___arxiv_org_abs_2601_21966
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Secure Group Key Agreement on Cyber-Physical System Buses
Peters, Sebastian N.
Lautenschlager, Lukas
Emeis, David
Lochert, Jason
Cryptography and Security
Cyber-Physical Systems (CPSs) rely on distributed embedded devices that often must communicate securely over buses. Ensuring message integrity and authenticity on these buses typically requires group-shared keys for Message Authentication Codes (MACs). To avoid insecure fixed pre-shared keys and trust-on-first-use concepts, a Group Key Agreement (GKA) protocol is needed to dynamically agree on a key amongst the devices. Yet existing GKA protocols lack adaptability to constrained CPS buses. This paper targets authenticated, fully distributed GKA suitable for bus topologies under constraints of industrial and cyber-physical systems, including broadcast-only links, half-duplex operation, resource limits, dynamic membership (including unannounced leaves), a long device lifetime, and a strong Dolev-Yao adversary capable of partitioning the bus. We first systematise existing protocols, then derive the requirements necessary for an authenticated and fully distributed GKA on bus systems. Finally, we design, implement, and evaluate a custom GKA protocol based on TreeKEM.
title Secure Group Key Agreement on Cyber-Physical System Buses
topic Cryptography and Security
url https://arxiv.org/abs/2601.21966