Abstract
Providing the desired security for constrained devices in the edge of Internet of Things (IoT) systems is a challenging task. Given that those devices are in shortage of the area and energy, many lightweight and ultra-lightweight protocols have been proposed so far in the literature. On the other hand, while we see many new proposals in the literature to secure communications on IoT systems, security analysis of those schemes has not received enough attention. Hence, in this paper, we analyse the security of three recently protocols for constrained environments and show their security loopholes. The analysed schemes include two protocols which have been published by IEEE Access and a recently proposed protocol entitled Extremely Good Privacy (EGP). The designers of all those protocols claimed optimal security against active adversaries. However, in this paper, we propose an efficient secret disclosure attack against EGP that recovers the whole secret parameters of the protocol after eavesdropping/blocking several sessions of the protocol and doing some off-line computations. The probability of the adversary to recover whole 2l secret parameters of the tag after eavesdropping/blocking 68 sessions of the protocol is 0.99, targeting a 128-bit security level by l=128. In addition, we show that an adversary can efficiently desynchronize the target tag from the reader/server in polynomial time. In the case of the other protocols, we also present efficient attacks that contradict the designers' security claims.
Highlights
The Internet of Things (IoT) is an emerging technology which is going to affect all aspects of our life, where very soon we will be surrounded by many smart devices that can monitor and report every motion of us and even report related data through an interconnected network to many different sources where we may explicitly or implicitly allow them to do so
2) We present an off-line password guessing by an insider attacker against the proposed protocol by Yu et al [22], Internet of Vehicles (IoV)-SMAP
Extremely Good Privacy (EGP) was among the latest ultra-lightweight protocols in literature, to the best of our knowledge, which can be considered as a member of the RAPP family of authentication protocols, due to its structure
Summary
The Internet of Things (IoT) is an emerging technology which is going to affect all aspects of our life, where very soon we will be surrounded by many smart devices that can monitor and report every motion of us and even report related data through an interconnected network to many different sources where we may explicitly or implicitly allow them to do so. A. OUR CONTRIBUTIONS In this paper, based on the given adversarial model, as the first third-party analysis of the above mentioned protocols, we evaluate the security of three protocols and our contributions are as follows: 1) We show that the proposed protocol by Son et al [21] suffers from secret disclosure attack and insider attack. Description kth doctor ith patient Cloud server Trusted authority Smart-card/Identity/Password of the patient Random numbers generated by Pi and CS respectively Secret identity of the patient Secret keys of T A Secret keys of CS Bilinear map e : G × G → GT Public key One-way hash function Map to point hash function Session key between Pi and CS Concatenation XOR operation Adversary other researchers tried to provide decentralized solutions by basing their protocol on the blockchain-based platforms such as [41], [42], [43].
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.