nach oben

Erschienen in:

2024 | OriginalPaper | Buchkapitel

Computational Security Analysis of the Full EDHOC Protocol

verfasst von : Loïc Ferreira

Erschienen in: Topics in Cryptology – CT-RSA 2024

Verlag: Springer Nature Switzerland

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Ephemeral Diffie-Hellman Over COSE (EDHOC) is designed to be a compact and lightweight authenticated key exchange protocol, providing mutual authentication, forward secrecy, and identity protection. EDHOC aims at being suitable for low-power networks such as cellular IoT, 6TiSCH, and LoRaWAN. In this paper, we perform a security analysis of the last draft of EDHOC (draft \(23\)). We analyse the full protocol including its four different authentication methods. Our results show that the security of the authenticated key exchange in EDHOC depends essentially on that of the authenticated encryption algorithm used during that phase. Finally, we provide more precise estimates of the computational security bounds for all authentication methods in EDHOC so that meaningful choices of quantitative parameters can be done to instantiate the protocol securely.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel A Public Key Identity-Based Revocation Scheme:

Nächstes Kapitel The Multi-user Security of MACs via Universal Hashing in the Ideal Cipher Model

Note that our model does not give the adversary the ability to register its own (malicious) keys, contrary to [15, 16].

Informally, the “consistency” (defined by Krawczyk in [24]) guarantees a binding between a session key and the two parties involved in the protocol run. In the security model we use, the \(\textsf{Sound}\) predicate guarantees (when true) this property.

Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44448-3_41CrossRef

Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_21CrossRef

Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_25CrossRef

Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30–45. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0024447CrossRef

Bruni, A., Sahl Jørgensen, T., Grønbech Petersen, T., Schürmann, C.: Formal verification of ephemeral diffie-hellman over cose (edhoc). In: Cremers, C., Lehmann, A. (eds.) Security Standardisation Research, pp. 21–36 (2018)

Cheval, V., Jacomme, C., Kremer, S., Künnemann, R.: SAPIC+: protocol verifiers of the world, unite! In: Butler, K.R.B., Thomas, K. (eds.) USENIX Security 2022, pp. 3935–3952. USENIX Association (2022)

Connectivity Standards Alliance: Zigbee specification

Cottier, B., Pointcheval, D.: Security analysis of the EDHOC protocol (2022). https://doi.org/10.48550/arXiv.2209.03599

Davis, H., Günther, F.: Tighter proofs for the SIGMA and TLS 1.3 key exchange protocols. In: Sako, K., Tippenhauer, N.O. (eds.) ACNS 2021. LNCS, vol. 12727, pp. 448–479. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-78375-4_18CrossRef

10.

Degabriele, J.P., Govinden, J., Günther, F., Paterson, K.G.: The security of ChaCha20-Poly1305 in the multi-user setting. In: Vigna, G., Shi, E. (eds.) ACM CCS 2021, pp. 1981–2003. ACM Press (2021)

11.

Diemert, D., Jager, T.: On the tight security of TLS 1.3: theoretically sound cryptographic parameters for real-world deployments. J. Cryptol. 34(3), 30 (2021)MathSciNetCrossRef

12.

Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976). https://doi.org/10.1109/TIT.1976.1055638MathSciNetCrossRef

13.

Ferreira, L.: Computational security analysis of the full EDHOC protocol. Cryptology ePrint Archive (2024)

14.

Fischlin, M., Günther, F.: Multi-stage key exchange and the case of Google’s QUIC protocol. In: Ahn, G.J., Yung, M., Li, N. (eds.) ACM CCS 2014, pp. 1193–1204. ACM Press (2014)

15.

Günther, F., Mukendi, M.I.T.: Careful with MAc-then-SIGn: a computational analysis of the EDHOC lightweight authenticated key exchange protocol. Cryptology ePrint Archive, Report 2022/1705 (2022)

16.

Günther, F., Mukendi, M.I.T.: Careful with MAc-then-SIGn: A computational analysis of the EDHOC lightweight authenticated key exchange protocol. In: 8th IEEE European Symposium on Security and Privacy, EuroS &P 2023 (2023)

17.

Hermans, J., Pashalidis, A., Vercauteren, F., Preneel, B.: A new RFID privacy model. In: Atluri, V., Díaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 568–587. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23822-2_31CrossRef

18.

Hoang, V.T., Tessaro, S., Thiruvengadam, A.: The multi-user security of GCM, revisited: tight bounds for nonce randomization. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018, pp. 1429–1440. ACM Press (2018)

19.

IETF: IPv6 over the TSCH mode of IEEE 802.15.4e (6tisch) (2021)

20.

Jacomme, C., Kremer, S., Künnemann, R.: A comprehensive, formal and automated analysis of the EDHOC protocol. In: 32nd USENIX Security Symposium (USENIX Security 23) (2023)

21.

Jonsson, J.: On the security of CTR + CBC-MAC. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 76–93. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36492-7_7CrossRef

22.

Kim, J., et al.: Scrutinizing the vulnerability of ephemeral Diffie-Hellman over COSE (EDHOC) for IoT environment using formal approaches. Mob. Inf. Syst. 2021, 1–18 (2021)

23.

Krawczyk, H., Eronen, P.: HMAC-based Extract-and-Expand Key Derivation Function (HKDF) (2010). RFC 5869

24.

Krawczyk, H.: SIGMA: the ‘SIGn-and-MAc’ approach to authenticated Diffie-Hellman and its use in the IKE protocols. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 400–425. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_24CrossRef

25.

Krawczyk, H.: Cryptographic extraction and key derivation: the HKDF scheme. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 631–648. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_34CrossRef

26.

Norrman, K., Sundararajan, V., Bruni, A.: Formal analysis of EDHOC key establishment for constrained IoT devices. In: di Vimercati, S.D.C., Samarati, P. (eds.) Proceedings of the 18th International Conference on Security and Cryptography, SECRYPT 2021, pp. 210–221. SCITEPRESS (2021)

27.

Ouafi, K., Phan, R.C.W.: Traceable privacy of recent provably-secure RFID protocols. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 479–489. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68914-0_29CrossRef

28.

Rescorla, E., Barnes, R., Tschofenig, H.: Compact TLS 1.3 (2023)

29.

Rescorla, E., Tschofenig, H., Modadugu, N.: The Datagram Transport Layer Security (DTLS) Protocol Version 1.3 (2022)

30.

Schäge, S., Schwenk, J., Lauer, S.: Privacy-preserving authenticated key exchange and the case of IKEv2. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020. LNCS, vol. 12111, pp. 567–596. Springer, Heidelberg (2020). https://doi.org/10.1007/978-3-030-45388-6_20CrossRef

31.

Selander, G., Mattsson, J., Palombini, F., Seitz, L.: Object Security for Constrained RESTful Environments (OSCORE) (2019). RFC 8613

32.

Selander, G., Preuß Mattsson, J., Palombini, F.: Ephemeral Diffie-Hellman Over COSE (EDHOC) – draft-ietf-lake-edhoc-23 (2024)

33.

Selander, G., Preuß Mattsson, J., Serafin, L., Tiloca, M., Vučinić, M.: Traces of EDHOC (2023)

34.

Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332 (2004)

35.

Sigfox: Sigfox connected objects: Radio specifications (2023). rev. 1.7

36.

Sornin, N.: LoRaWAN 1.1 Specification (2017). LoRa Alliance, version 1.1

37.

Sornin, N., Luis, M., Eirich, T., Kramp, T.: LoRaWAN Specification (2016). LoRa Alliance, version 1.0

38.

Transforma Insights: IoT connections in 2030: 4 billion LPWA, 468 million 5G (non-mMTC), and 4% of cellular using private networks (2021)

39.

Transforma Insights: Global IoT connections to hit 29.4 billion in 2030 (2022)

40.

Vucinic, M., Selander, G., Mattsson, J.P., Watteyne, T.: Lightweight authenticated key exchange with EDHOC. Computer 55(4), 94–100 (2022)CrossRef

Titel: Computational Security Analysis of the Full EDHOC Protocol
verfasst von: Loïc Ferreira
Verlag: Springer Nature Switzerland
Buch: Topics in Cryptology – CT-RSA 2024
Print ISBN: 978-3-031-58867-9

Electronic ISBN: 978-3-031-58868-6

Copyright-Jahr: 2024
DOI: https://doi.org/10.1007/978-3-031-58868-6_2

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner