Lightweight Session-Key Rekeying Framework for Secure IoT-Edge Communication

The proliferation of Internet of Things (IoT) networks demands security mechanisms that protect constrained devices without the computational cost of public-key cryptography. Conventional Pre-Shared Key (PSK) encryption, while efficient, remains vulnerable due to static key reuse, replay attacks, and the lack of key freshness. This paper presents the Dynamic Session Enhanced Key Protocol (DSEKP), a lightweight session-key rekeying framework that derives per-session AES-GCM keys using the HMAC-based Key Derivation Function (HKDF-SHA256) and authenticates session establishment through an HMAC proof in a single init-ack exchange. DSEKP was implemented on an ESP32 IoT sensor node and a Raspberry Pi 5 edge server communicating through a Mosquitto MQTT broker, and benchmarked against a static PSK baseline over more than 6,500 encrypted packets per configuration. The results demonstrate nearly identical throughput and reliability, with minimal runtime impact (approximately 27 percent one-time session-establishment latency and 10 percent per-packet payload overhead), while delivering per-session key isolation (assuming the long-term secret remains uncompromised) and built-in replay protection. The PSK baseline and DSEKP datasets are publicly archived on IEEE DataPort to enable full reproducibility and comparative benchmarking. These findings confirm that dynamic symmetric rekeying can substantially strengthen IoT-Edge links with minimal computational and bandwidth cost, offering a practical migration path from static PSK to session-aware and scalable IoT security.