Verification of PUF-based IoT Protocols with AVISPA and Scyther

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21240%2F22%3A00359193" target="_blank" >RIV/68407700:21240/22:00359193 - isvavai.cz</a>

Výsledek na webu

<a href="https://www.scitepress.org/PublicationsDetail.aspx?ID=G7zm9mmYwBQ=&t=1" target="_blank" >https://www.scitepress.org/PublicationsDetail.aspx?ID=G7zm9mmYwBQ=&t=1</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.5220/0011299000003283" target="_blank" >10.5220/0011299000003283</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Verification of PUF-based IoT Protocols with AVISPA and Scyther

Popis výsledku v původním jazyce

Paper from 2020 (Buchovecká et al., 2020) suggests protocols suitable for lightweight IoT Devices. They are based on physical unclonable functions (PUF) which among others simplify the problem of key management on simple hardware devices and microcontrollers. These protocols are supposed to authenticate a device and distribute keys safely so that only the intended parties can know the key. We analysed suggested protocols using two automated verification tools AVISPA and Scyther. The analysis shows that there are several issues concerning the authentication property. We demonstrate the results from the tools and describe several attacks that exploit this vulnerability. Finally, we provide modified versions of these protocols that are resistant to those attacks and satisfy authentication as desired.

Název v anglickém jazyce

Verification of PUF-based IoT Protocols with AVISPA and Scyther

Popis výsledku anglicky

Paper from 2020 (Buchovecká et al., 2020) suggests protocols suitable for lightweight IoT Devices. They are based on physical unclonable functions (PUF) which among others simplify the problem of key management on simple hardware devices and microcontrollers. These protocols are supposed to authenticate a device and distribute keys safely so that only the intended parties can know the key. We analysed suggested protocols using two automated verification tools AVISPA and Scyther. The analysis shows that there are several issues concerning the authentication property. We demonstrate the results from the tools and describe several attacks that exploit this vulnerability. Finally, we provide modified versions of these protocols that are resistant to those attacks and satisfy authentication as desired.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/EF16_019%2F0000765" target="_blank" >EF16_019/0000765: Výzkumné centrum informatiky</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2022

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the 19th International Conference on Security and Cryptography

ISBN

978-989-758-590-6

ISSN

2184-7711

e-ISSN

—

Počet stran výsledku

9

Strana od-do

627-635

Název nakladatele

SciTePress

Místo vydání

Madeira

Místo konání akce

Lisabon / Virtuální

Datum konání akce

11. 7. 2022

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000853004900069