Distributed Cryptography with IoT Devices
5/4/2022
A research project exploring a novel distributed cryptographic protocol designed to protect private key compromise by distributing trust across a network of personal IoT devices.
The Problem
In standard public-key cryptography, a compromised private key is a permanent, silent vulnerability — an attacker needs no persistent access once they have it. We designed a protocol where each IoT device's private key becomes a required component of the recipient's effective private key. Even with full knowledge of the recipient's private key, an attacker cannot decrypt intercepted messages without also independently compromising each participating IoT device.
Implementation
The protocol was implemented in Python 3.9 using RSA-2048 and WebSockets, with a smart hub coordinating message chunking and reassembly across IoT devices. We benchmarked the system on real hardware: a Raspberry Pi 3B+ as the IoT device and a high-end PC as the control. Across 64 messages, the Pi averaged ~0.22s of added latency per chunk versus under 0.02s for the PC — an order of magnitude difference attributable to the absence of dedicated cryptographic hardware on the Pi.
Conclusion
The protocol is not feasible as implemented — latency overhead is too high for practical use, and the smart hub represents a residual point of failure. However, the work establishes a theoretical foundation for distributed key security on constrained devices, and identifies concrete paths forward including symmetric-key alternatives and hardware-accelerated decryption on modern embedded platforms.
← Portfolio