Formal verification of security properties of the Lightweight Authentication and Key Exchange Protocol for Federated IoT devices

The federated nature of many crucial Internet of Things (IoT) applications introduces several challenges from a security perspective. To address critical challenges related to the authentication and secure communication of IoT devices operating in federated environments, we propose a new authentication and key exchange protocol based on a distributed ledger. Our protocol uses the unique configuration fingerprint of an IoT device and does not require secure storage in participating IoT devices. To validate the correctness of our design, we have performed formal modeling and verification of the security properties, using two different verification tools: Verifpal and the Tamarin prover.

[1]  Xiaohui Kuang,et al.  Multidomain security authentication for the Internet of things , 2020, Concurr. Comput. Pract. Exp..

[2]  Chien-Ming Chen,et al.  A secure blockchain-based group key agreement protocol for IoT , 2021, The Journal of Supercomputing.

[3]  Neng Zhang,et al.  Master-slave chain based trusted cross-domain authentication mechanism in IoT , 2020, J. Netw. Comput. Appl..

[4]  Marco Aurélio Amaral Henriques,et al.  FLAT: Federated lightweight authentication for the Internet of Things , 2020, Ad Hoc Networks.

[5]  Branka Stojanovic,et al.  Towards formal verification of IoT protocols: A Review , 2020, Comput. Networks.

[6]  Thar Baker,et al.  A decentralized lightweight blockchain-based authentication mechanism for IoT systems , 2020, Cluster Computing.

[7]  S. Chattopadhyay,et al.  A secure mutual authentication protocol for IoT environment , 2020, Journal of Reliable Intelligent Environments.

[8]  Armin Babaei,et al.  Physical Unclonable Functions in the Internet of Things: State of the Art and Open Challenges , 2019, Sensors.

[9]  Issa Traoré,et al.  Secure mutual authentication and automated access control for IoT smart home using cumulative Keyed-hash chain , 2019, J. Inf. Secur. Appl..

[10]  Venkatraman Ramakrishna,et al.  Hands-On Blockchain with Hyperledger: Building decentralized applications with Hyperledger Fabric and Composer , 2018 .

[11]  Cesare Stefanelli,et al.  Exploiting smart city IoT for disaster recovery operations , 2018, 2018 IEEE 4th World Forum on Internet of Things (WF-IoT).

[12]  Ralf Sasse,et al.  Symbolically analyzing security protocols using tamarin , 2017, SIGL.

[13]  Nir Kshetri,et al.  Can Blockchain Strengthen the Internet of Things? , 2017, IT Professional.

[14]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[15]  Carsten Bormann,et al.  Terminology for Constrained-Node Networks , 2014, RFC.

[16]  Paul E. Hoffman,et al.  Concise Binary Object Representation (CBOR) , 2020, RFC.

[17]  Bruno Blanchet,et al.  Security Protocol Verification: Symbolic and Computational Models , 2012, POST.

[18]  Ben Smyth,et al.  ProVerif 1.85: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial , 2011 .

[19]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[20]  Hugo Krawczyk,et al.  The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?) , 2001, CRYPTO.

[21]  Martn Abadi,et al.  Security Protocols and their Properties , 2000 .

[22]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).