Paper 2020/778

SAKE+: Strengthened Symmetric-Key Authenticated Key Exchange with Perfect Forward Secrecy for IoT

Seyed Farhad Aghili, Amirhossein Adavoudi Jolfaei, and Aysajan Abidin

Abstract

Lightweight authenticated key exchange (AKE) protocols based on symmetric-key cryptography are important in securing the Internet of Things (IoT). However, achieving perfect forward secrecy (PFS) is not trivial for AKE based on symmetric-key cryptography, as opposed to AKE based on public-key cryptography. The most recent proposals that provide PFS are SAKE and SAKE-AM. In this paper, we first take a closer look at these protocols and observe that they have some limitations, specially when deployed in the context of (industrial) IoT. Specifically, we show that if SAKE is used to establish parallel sessions between a server and multiple IoT nodes, then SAKE is susceptible to timeful attack. As for SAKE-AM, we show that an adversary can disrupt the availability by replaying messages from previous protocol sessions. We then propose SAKE+ that mitigates the timeful attack and that allows for concurrent execution of the protocol. Since traceability is a barrier for an AKE scheme in (industrial) IoT applications and SAKE-AM does not provide untraceability property, we improve upon SAKE-AM and propose SAKE+-AM that offers untraceability in addition to mitigating the replay attack. Finally, we prove the security and soundness of our schemes, and verify using a formal verification tool ProVerif.

Note: Minor corrections.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
Authenticated key exchangeForward secrecyIoTSymmetric-key crypto
Contact author(s)
seyedfarhad aghili @ esat kuleuven be
History
2020-07-14: last of 5 revisions
2020-06-24: received
See all versions
Short URL
https://ia.cr/2020/778
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/778,
      author = {Seyed Farhad Aghili and Amirhossein Adavoudi Jolfaei and Aysajan Abidin},
      title = {SAKE+: Strengthened Symmetric-Key Authenticated Key Exchange with Perfect Forward Secrecy for IoT},
      howpublished = {Cryptology ePrint Archive, Paper 2020/778},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/778}},
      url = {https://eprint.iacr.org/2020/778}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.