Abstract
LoRaWAN is an IoT protocol deployed worldwide. Whereas the first version 1.0 has been shown to be weak against several types of attacks, the new version 1.1 has been recently released, and aims, in particular, at providing corrections to the previous release. It introduces also a third entity, turning the original 2-party protocol into a 3-party protocol. In this paper, we provide the first security analysis of LoRaWAN 1.1 in its 3-party setting with a provable approach, and show that it suffers from several flaws. Based on the \({\text{3(S)ACCE}}\) model of Bhargavan et al., we then propose an extended framework that we use to analyse the security of LoRaWAN-like 3-party protocols, and describe a generic 3-party protocol provably secure in this extended model. We use this provable security approach to propose a slightly modified version of LoRaWAN 1.1. We show how to concretely instantiate this alternative, and formally prove its security in our extended model.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alt, S., Fouque, P.-A., Macario-rat, G., Onete, C., Richard, B.: A cryptographic analysis of UMTS/LTE AKA. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 18–35. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39555-5_2
Avoine, G., Ferreira, L.: Rescuing LoRaWAN 1.0. In: Financial Cryptography and Data Security (FC 2018) (2018).https://fc18.ifca.ai/preproceedings/13.pdf
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_21
Bhargavan, K., Boureanu, I., Delignat-Lavaud, A., Fouque, P., Onete, C.: A formal treatment of accountable proxying over TLS. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 339–356 (2018)
Bhargavan, K., Boureanu, I., Fouque, P.A., Onete, C., Richard, B.: Content delivery over TLS: a cryptographic analysis of keyless SSL. In: 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 1–16. IEEE, April 2017
Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30–45. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0024447
Canard, S., Ferreira, L.: Extended 3-Party ACCE and Application to LoRaWAN 1.1. Cryptology ePrint Archive (2019). http://eprint.iacr.org/2019/479
Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_28
Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol - Version 1.2 (August 2008), RFC 5246
Dowling, B., Fischlin, M., Günther, F., Stebila, D.: A cryptographic analysis of the TLS 1.3 handshake protocol candidates. In: Ray, I., Li, N., Kruegel: C. (eds.) ACM CCS 15. pp. 1197–1210. ACM Press, October 2015
Eronen, P., Tschofenig, H.: Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) (December 2005), RFC 4279
Fouque, P.A., Onete, C., Richard, B.: Achieving better privacy for the 3GPP AKA protocol. Cryptology ePrint Archive, Report 2016/480 (2016)
Jager, T., Kohlar, F., Schäge, S., Schwenk, J.: On the security of TLS-DHE in the standard model. Cryptology ePrint Archive, Report 2011/219 (2011)
Kohlar, F., Schäge, S., Schwenk, J.: On the security of TLS-DH and TLS-RSA in the standard model. Cryptology ePrint Archive, Report 2013/367 (2013)
Krawczyk, H.: SIGMA: the ‘SIGn-and-MAc’ approach to authenticated Diffie-Hellman and its use in the IKE protocols. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 400–425. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_24
Lundgren, L.: Taking over the world through MQTT - Aftermath. Black Hat USA (2017)
McGrew, D.: An Interface and Algorithms for Authenticated Encryption (January 2008), RFC 5116
Morrissey, P., Smart, N.P., Warinschi, B.: A modular security analysis of the TLS handshake protocol. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 55–73. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89255-7_5
Naylor, D., et al.: Multi-Context TLS (mcTLS): enabling secure in-network functionality in TLS. In: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, SIGCOMM 2015, pp. 199–212. ACM (2015)
Nir, Y., Langley, A.: ChaCha20 and Poly1305 for IETF Protocols (May 2015), RFC 7539
Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3 (August 2018), RFC 8446
Sornin, N.: LoRaWAN 1.1 Specification (June 2017), LoRa Alliance, version 1.1
Sornin, N., Luis, M., Eirich, T., Kramp, T.: LoRaWAN Specification (July 2016), LoRa Alliance, version 1.0
Wu, T.: The SRP Authentication and Key Exchange System (September 2000), RFC 2945
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Canard, S., Ferreira, L. (2019). Extended 3-Party \(\text{ACCE}\) and Application to LoRaWAN 1.1. In: Buchmann, J., Nitaj, A., Rachidi, T. (eds) Progress in Cryptology – AFRICACRYPT 2019. AFRICACRYPT 2019. Lecture Notes in Computer Science(), vol 11627. Springer, Cham. https://doi.org/10.1007/978-3-030-23696-0_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-23696-0_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-23695-3
Online ISBN: 978-3-030-23696-0
eBook Packages: Computer ScienceComputer Science (R0)