Security Properties. WKA is closely related to Non-Interactive Zero- Knowledge (NIZK) Proof System. The key difference is the outcome of NIZK is only a binary verification result while WKA’s outcome is a key upon suc- cess. Hence the security properties of WKA are also very similar to those of NIZK. Furthermore, we require WKA to be secure against MITM attack. (See
Security Properties. Mutual Entity Authentication [8] between N and HN . Mutual “Implicit” Key Authentication [8] between N and HN . Known Key Security, meaning that compromising a session key in one session should not impose any threat to the session key security in any other sessions. Key Randomness, meaning that any successful key agreement should output a uniformly distributed session key amongst the set of all possible session keys [9].
Security Properties. We discuss the security properties provided by Du et al. [7], Liu et al. [13], Xxxxx et al. [4], and TLPKA. These security properties include mutual authentication, explicit key authentication, resistance to the replay attack, resistance to the man in the middle attack, and resistance to the insider attack. The results of these security properties comparisons are shown in Table 1. From Table 1, we can see that TLPKA achieves all of these security properties while Du et al.’s scheme and Liu et al.’s scheme can not realize the security property of explicit key authentication. Furthermore, Xxxxx et al.’s scheme does not have most of these security properties.
Security Properties. In Table 6, we present the results of protocols related to security comparisons and our proposed protocol based on batch verification. The suggested protocol prevents more attacks than other related previous studies, and also provide privacy-preserving and mutual authentication. Therefore, our proposed protocol is significantly safer than the considered related protocols. The system consumes some energy during implementation, depending on the real time and communication overhead of the system. Table 6. Security Properties. Security Properties Jianhong et al. [13] Xxxxx et al. [16] Xxxxxxxxx et al. [4] Ours Impersonation attack x x x o Side channel attack over OBU or TPD - x x o Trace attack o o o o Replay attack x o o o Man-in-the-middle attack x x o o Privacy-preserving o o o o Mutual authentication x x x o x: Insecure. o: Secure. -: Does not concern.
Security Properties. In GKA protocols, the fault tolerance property is very crucial since it is necessary to detect and eliminate malicious participants from the key agreement group. In other words, even if there are malicious participants in the group, they should not be able to affect the key computation of honest participants. Early protocol examples with this property are [24–26]. In this regard, in Xxxxx’x protocol [24], every participant keeps a verification matrix Xxx. After the secret key distribution step, each participant checks the signature of other participants. According to the result, the verification list is marked and submitted to other participants. Afterwards, in the fault detection step, participants re-validate the verification matrix and remove the faulty participants from the key agreement group. Finally, GKA protocol is started from scratch with the remaining participants. Forward secrecy (also stated as Perfect forward secrecy) is also a substantial property that protects against the computation of group keys by malicious actors even if private keys are compromised. Forward secrecy is utilized in protocols presented in [4, 27, 28]. Dynamic group key operations in group key agreement protocols must provide forward and backward confidentiality properties defined in Section 2.1.1. Introduced by Xxxxx et al., KAP-PBC [11] protocol provides these properties within its dynamic operations. In join and leave operations, last participants in the group re-compute the GKA parameters. Therefore, joined participants cannot compute the former group keys, and leaving participants cannot generate the subsequent keys. Moreover, KAP-PBC provides ‘Partial Backward Confiden- tiality’ property, which enables the participants to compute the group keys just before joining the group.
Security Properties. Mutual Entity Authentication. Entity authentication is the process by which one entity (the verifier) is assured of the identity of a second entity (the claimant) [27]. The PPKA should provision mutual entity authentication between N and HN. Mutual “Implicit” Key Authentication. The assurance that only a particularly identified other party may possibly know the negotiated key [27]. Mutual “implicit” key authentica- tion is required between N and HN.
Security Properties. Use the Security properties sheet to access security features if you want. Click to enable terminal security, and deactivate the Terminal Connection Manager function and the Hide Terminal Connection Configure Tab function. By default the Terminal Connection Manager function is enabled but the Hide Terminal Connection Configure Tab function is disabled.
Security Properties. The key derived from the group key agreement protocol needs to meet the following security features:
Security Properties. LiKe achieves the security properties listed below. Protection Against Leakage of Secret DA Information. The self-generated portion of the public key of each device is now bound to the identity of the generating party, via the string ωi. This smart feature is particularly useful when the information available on the DA are leaked to an adversary. Indeed, even if the adversary could know the partial private key of one of the two devices, it could not be able to impersonate any of them, being not aware of the remaining part of the private key [36]. To provide further insights, let us assume a scenario where the secret information of the IoT devices (i.e., their private keys) are created and stored on the DA, and they are leaked to the adversary (see, for instance, the case discussed in [32]). At the same time, let us assume that the adversary only has access to these information (e.g., by temporary reading or stealing the file), while it cannot get the private key of the DA, and neither its full control. Assuming the above-introduced challenging scenario, legacy certificate-based schemes (e.g., using X.509-ECDSA, and ECQV certificates) cannot continue to guarantee the security of the communications between IoT devices. Indeed, given that the security of the session keys generated between the devices using these schemes is fully based on the secrecy of the private keys, looking at the message exchange, the device can both reconstruct the session keys and impersonate any of the two devices in the network. Instead, when LiKe is adopted, being the full private key of the device composed by a part that is not known by the DA, the adversary still does not have the full information necessary to reconstruct the session keys already established or to predict future session keys that will be negotiated by the devices in the network. Thus, any tampering attempt by a malicious device would lead the two communicating parties to compute different preliminary session keys, thus causing irrecoverable errors when the authentication tags are exchanged and verified. Such powerful security features have been also formally verified via ProVerif (see Sec. V-B).
Security Properties. Intuitively, Ffr-cgka captures the security properties of Sec. 3, as follows. Regarding Agreement, observe that for each epoch Ffr-cgka stores and returns to the caller the
