nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

IoT-Friendly AKE: Forward Secrecy and Session Resumption Meet Symmetric-Key Cryptography

verfasst von : Gildas Avoine, Sébastien Canard, Loïc Ferreira

Erschienen in: Computer Security – ESORICS 2019

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

With the rise of the Internet of Things and the growing popularity of constrained end-devices, several security protocols are widely deployed or strongly promoted (e.g., Sigfox, LoRaWAN, NB-IoT). Based on symmetric-key functions, these protocols lack in providing security properties usually ensured by asymmetric schemes, in particular forward secrecy. We describe a 3-party authenticated key exchange protocol solely based on symmetric-key functions (regarding the computations done between the end-device and the back-end network) which guarantees forward secrecy. Our protocol enables session resumption (without impairing security). This allows saving communication and computation cost, and is particularly advantageous for low-resources end-devices. Our 3-party protocol can be applied in a real-case IoT deployment (i.e., involving numerous end-devices and servers) such that the latter inherits from the security properties of the protocol. We give a concrete instantiation of our key exchange protocol, and formally prove its security.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Privacy-Preserving Collaborative Medical Time Series Analysis Based on Dynamic Time Warping

Nächstes Kapitel Strongly Secure Identity-Based Key Exchange with Single Pairing Operation

Nur mit Berechtigung zugänglich

Any other \(\hbox {2-AKE}\) protocol can be used, as long as it provides the same properties as SAKE, but we are not aware of other such protocols.

The case where XS is the initiator is very similar.

The detailed proof is given in the extended version of the paper [3].

The proof of SAKE-R is similar to that of SAKE and is given in the extended version of the paper.

Aviram, N., Gellert, K., Jager, T.: Session resumption protocols and efficient forward security for TLS 1.3 0-RTT. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 117–150. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17656-3_5. (Cryptology ePrint Archive, Report 2019/228)CrossRef

Avoine, G., Ferreira, L.: Rescuing LoRaWAN 1.0. In: Tsudik, G. (ed.) FC 2018. LNCS, vol. 10957. Springer, Heidelberg (2018)

Avoine, G., Canard, S., Ferreira, L.: IoT-friendly AKE: forward secrecy and session resumption meet symmetric-key cryptography. Cryptology ePrint Archive, Report 2019 (2019)

Avoine, G., Canard, S., Ferreira, L.: Symmetric-key authenticated key exchange (SAKE) with perfect forward secrecy. Cryptology ePrint Archive, Report 2019/444 (2019)

Badertscher, C., Matt, C., Maurer, U., Rogaway, P., Tackmann, B.: Augmented secure channels and the goal of the TLS 1.3 record layer. In: Au, M.-H., Miyaji, A. (eds.) ProvSec 2015. LNCS, vol. 9451, pp. 85–104. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26059-4_5CrossRef

Bellare, M., Kohno, T., Namprempre, C.: Authenticated encryption in SSH: provably fixing the SSH binary packet protocol. In: Atluri, V. (ed.) ACM CCS 02, pp. 1–11. ACM Press, New York (2002)

Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_21CrossRef

Bhargavan, K., Boureanu, I., Fouque, P.A., Onete, C., Richard, B.: Content delivery over TLS: a cryptographic analysis of keyless SSL. In: 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 1–16. IEEE, April 2017

Brzuska, C., Jacobsen, H., Stebila, D.: Safely exporting keys from secure channels. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 670–698. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_26CrossRef

10.

Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol - Version 1.2 (2008)

11.

Dowling, B., Fischlin, M., Günther, F., Stebila, D.: A cryptographic analysis of the TLS 1.3 draft-10 full and pre-shared key handshake protocol. Cryptology ePrint Archive, Report 2016/081 (2016)

12.

i-scoop: The Industrial Internet of Things (IIoT): the business guide to Industrial IoT (2018). https://www.i-scoop.eu/internet-of-things-guide/industrial-internet-things-iiot-saving-costs-innovation/

13.

Jager, T., Kohlar, F., Schäge, S., Schwenk, J.: On the security of TLS-DHE in the standard model. Cryptology ePrint Archive, Report 2011/219 (2011)

14.

Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., Kiviner, T.: Internet Key Exchange Protocol Version 2 (IKEv2), October 2014

15.

Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3 (2018)

16.

Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373–390. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_23CrossRef

17.

Salowey, J., Zhou, H., Eronen, P., Tschofenig, H.: Transport Layer Security (TLS) Session Resumption without Server-Side State, January 2008

18.

Seys, S., Preneel, B.: Power consumption evaluation of efficient digital signature schemes for low power devices. In: IEEE International Conference on Wireless And Mobile Computing, Networking And Communications. WiMob 2005, vol. 1, pp. 79–86. IEEE, August 2005

19.

Sheffer, Y., Tschofenig, H.: Internet Key Exchange Protocol Version 2 (IKEv2) - Session Resumption, January 2010

20.

Sigfox: Secure SigFox Ready devices - Recommendation guide (2017)

21.

Sigfox: SigFox Technical Overview, May 2017

22.

Sornin, N.: LoRaWAN 1.1 Specification. LoRa Alliance (2017)

23.

Sornin, N., Luis, M., Eirich, T., Kramp, T.: LoRaWAN Specification. LoRa Alliance, v1.0 (2016)

24.

Yegin, A.: LoRaWAN Backend Interfaces 1.0 Specification. LoRa Alliance (2017)

Titel: IoT-Friendly AKE: Forward Secrecy and Session Resumption Meet Symmetric-Key Cryptography
verfasst von: Gildas Avoine
Sébastien Canard
Loïc Ferreira
Verlag: Springer International Publishing
Buch: Computer Security – ESORICS 2019
Print ISBN: 978-3-030-29961-3

Electronic ISBN: 978-3-030-29962-0

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-29962-0_22

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner