Abstract
Most existing conventional security mechanisms are insufficient, mainly attributable to their requirements for heavy processing capacity, large protocol message size, and longer round trips, for resource-intensive devices operating in an Internet of Things (IoT) context. These devices necessitate efficient communication and security protocols that are cognizant of the severe resource restrictions regarding energy, computation, communication, and storage. To realize this, the IETF (Internet Engineering Task Force) is currently working towards standardizing an ephemeral key-based lightweight and authenticated key exchange protocol called EDHOC (Ephemeral Diffie–Hellman over COSE). The protocol’s primary purpose is to build an OSCORE (Object Security for Constrained RESTful Environments) security environment by supplying crucial security properties such as secure key exchange, mutual authentication, perfect forward secrecy, and identity protection. EDHOC will most likely dominate IoT security once it becomes a standard. It is, therefore, imperative to inspect the protocol for any security flaw. In this regard, two previous studies have shown different security vulnerabilities of the protocol using formal security verification methods. Yet, both missed the vital security flaws we found in this paper: resource exhaustion and privacy attacks. In finding these vulnerabilities, we leveraged BAN-Logic and AVISPA to formally verify both EDHOC protocol variants. Consequently, we described these security flaws together with the results of the related studies and put forward recommended solutions as part of our future work.
Highlights
IoT refers to a network environment in which all surrounding objects are connected to wired and wireless networks to interact and exchange information over the Internet. ese objects can range from a simple soil moisture sensor in a field to a complex implanted device in a human body
(ii) We pointed out two novel potential security vulnerabilities that may lead to resource exhaustion and privacy attacks (iii) We described a concise summary of the principal security threats found by former related studies together with those identified by us e remainder of the paper is organized as follows
E complete security analysis of the asymmetric-key Ephemeral Diffie–Hellman over COSE (EDHOC) protocol depends on the assumption that the responder trusts the ephemeral Elliptic Curve Diffie–Hellman (ECDH) public key GX is from the initiator
Summary
IoT refers to a network environment in which all surrounding objects are connected to wired and wireless networks to interact and exchange information over the Internet. ese objects ( referred to as “things”) can range from a simple soil moisture sensor in a field to a complex implanted device in a human body. Some of the issues are tightly related to the severe computing resource constraints concerning storage, processing, and communication [5,6,7] Such tight requirements call for efficient mechanisms to enable devices operating within IoT environments to function through unstable channels with constrained bandwidth and varying topology [8]. To realize these stringent conditions, essential protocols, such as [9,10,11], have been standardized by IETF. IoT devices require more capable security schemes that work in tandem with the communication protocols to mitigate these security attacks
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
