Abstract

Providing the desired security for constrained devices in the edge of Internet of Things (IoT) systems is a challenging task. Given that those devices are in shortage of the area and energy, many lightweight and ultra-lightweight protocols have been proposed so far in the literature. On the other hand, while we see many new proposals in the literature to secure communications on IoT systems, security analysis of those schemes has not received enough attention. Hence, in this paper, we analyse the security of three recently protocols for constrained environments and show their security loopholes. The analysed schemes include two protocols which have been published by IEEE Access and a recently proposed protocol entitled Extremely Good Privacy (EGP). The designers of all those protocols claimed optimal security against active adversaries. However, in this paper, we propose an efficient secret disclosure attack against EGP that recovers the whole secret parameters of the protocol after eavesdropping/blocking several sessions of the protocol and doing some off-line computations. The probability of the adversary to recover whole 2l secret parameters of the tag after eavesdropping/blocking 68 sessions of the protocol is 0.99, targeting a 128-bit security level by l=128. In addition, we show that an adversary can efficiently desynchronize the target tag from the reader/server in polynomial time. In the case of the other protocols, we also present efficient attacks that contradict the designers' security claims.

Highlights

  • The Internet of Things (IoT) is an emerging technology which is going to affect all aspects of our life, where very soon we will be surrounded by many smart devices that can monitor and report every motion of us and even report related data through an interconnected network to many different sources where we may explicitly or implicitly allow them to do so

  • 2) We present an off-line password guessing by an insider attacker against the proposed protocol by Yu et al [22], Internet of Vehicles (IoV)-SMAP

  • Extremely Good Privacy (EGP) was among the latest ultra-lightweight protocols in literature, to the best of our knowledge, which can be considered as a member of the RAPP family of authentication protocols, due to its structure

Read more

Summary

INTRODUCTION

The Internet of Things (IoT) is an emerging technology which is going to affect all aspects of our life, where very soon we will be surrounded by many smart devices that can monitor and report every motion of us and even report related data through an interconnected network to many different sources where we may explicitly or implicitly allow them to do so. A. OUR CONTRIBUTIONS In this paper, based on the given adversarial model, as the first third-party analysis of the above mentioned protocols, we evaluate the security of three protocols and our contributions are as follows: 1) We show that the proposed protocol by Son et al [21] suffers from secret disclosure attack and insider attack. Description kth doctor ith patient Cloud server Trusted authority Smart-card/Identity/Password of the patient Random numbers generated by Pi and CS respectively Secret identity of the patient Secret keys of T A Secret keys of CS Bilinear map e : G × G → GT Public key One-way hash function Map to point hash function Session key between Pi and CS Concatenation XOR operation Adversary other researchers tried to provide decentralized solutions by basing their protocol on the blockchain-based platforms such as [41], [42], [43].

SECURITY FLAWS
QUESTIONING THE SECURITY OF EGP
A BRIEF DESCRIPTION OF EGP
DISCUSSION
CONCLUSIONS
Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
IoT cyber risk: a holistic analysis of cyber risk assessment frameworks, risk vectors, and risk ranking process
Kamalanathan Kandasamy ... Sethuraman Srinivas
EURASIP Journal on Information Security | VOL. 2020
Kamalanathan Kandasamy, et. al.Kamalanathan Kandasamy ... Sethuraman Srinivas
26 May 2020
Enabling Technologies for Effective Deployment of Internet of Things (IoT) Systems
Jamil Y Khan ... Dong Chen
Journal of Telecommunications and the Digital Economy | VOL. 2
Jamil Y Khan, et. al.Jamil Y Khan ... Dong Chen
26 May 2020
INTERNET OF THINGS SYSTEMS SECURITY: BENCHMARKING AND PROTECTION
-
07 May 2020
Towards a Formal IoT Security Model
Tania Martin ... Ioannis Kounelis
Symmetry | VOL. 12
Tania Martin, et. al.Tania Martin ... Ioannis Kounelis
05 Aug 2020
View more papers

More From: IEEE Access

Paper Title
Journal
Date
Author
Design of a Compact Power Splitter With Improved Performance for Wireless Applications Using Recurrent and Feed Forward Neural Networks Inverted Models
Salah I Yahya ... Sobhan Roshani
IEEE Access | VOL. 12
Salah I Yahya, et. al.Salah I Yahya ... Sobhan Roshani
01 Jan 2024
DeepTextMark: A Deep Learning-Driven Text Watermarking Approach for Identifying Large Language Model Generated Text
Travis Munyer ... Arjon Das
IEEE Access | VOL. 12
Travis Munyer, et. al.Travis Munyer ... Arjon Das
01 Jan 2024
Joint Learning of Spectral Clustering and Low-Rank Representation Based on Precise Segmentation Cost for Cancer Subtype Identification
Yanming Cao ... Jia Wang
IEEE Access | VOL. 12
Yanming Cao, et. al.Yanming Cao ... Jia Wang
01 Jan 2024
An Improved Artificial Potential Field Path Planning Based on Gradient Statistical Mutation Quantum Genetic Algorithm
Zhenguo Yuan ... Hui Li
IEEE Access | VOL. 12
Zhenguo Yuan, et. al.Zhenguo Yuan ... Hui Li
01 Jan 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.