A Protocol for Provably Secure Authentication of a Tiny Entity to a High Performance Computing One

Siniša Tomović ,Aleksandar Perović,Zoran Ognjanović,Miodrag J Mihaljević

doi:10.1155/2016/9289050

Abstract

The problem of developing authentication protocols dedicated to a specific scenario where an entity with limited computational capabilities should prove the identity to a computationally powerful Verifier is addressed. An authentication protocol suitable for the considered scenario which jointly employs the learning parity with noise (LPN) problem and a paradigm of random selection is proposed. It is shown that the proposed protocol is secure against active attacking scenarios and so called GRS man-in-the-middle (MIM) attacking scenarios. In comparison with the related previously reported authentication protocols the proposed one provides reduction of the implementation complexity and at least the same level of the cryptographic security.

Highlights

Expansion of Internet of Things (IoT) and Machine-toMachine (M2M) communications has implied additional challenges regarding the information security issues
A challenge is developing of the information security techniques which minimize the computational and power consumption overheads implied by the security requirements
The HB+ protocol has been proved to be secure against active attacks, but it has been shown in [10] that the HB+ protocol is insecure against a man-in-the-middle (MIM) attack

Summary

Introduction

Expansion of Internet of Things (IoT) and Machine-toMachine (M2M) communications has implied additional challenges regarding the information security issues. Authentication protocols for restricted implementation scenarios have been considered in a number of papers including [1,2,3] This is in line with a discussion recently reported in [4]. The reported protocols appear as not enough suitable because either (i) they are not enough lightweight for a tiny party of an authentication protocol and do not take into account the asymmetrical implementation constraints (ii) or/and they do not provide the desired level of cryptographic security. In this paper, we jointly employ certain elements of the reported protocols to achieve our main goal: development of the authentication protocols with asymmetric implementation complexity at Prover and Verifier sides which provides desired provable level of cryptographic security

Background

Proposal of a Dedicated Authentication Technique

The Security Evaluation Framework

Security Evaluation in the Active Attacking Scenario

Security Evaluation in the Restricted Man-in-the-Middle Attacking Scenario

A Concluding Discussion