loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Karl Norrman 1 ; 2 ; Vaishnavi Sundararajan 3 and Alessandro Bruni 4

Affiliations: 1 Ericsson Research, Security, Stockholm, Sweden ; 2 KTH Royal Institute of Technology, Stockholm, Sweden ; 3 University of California Santa Cruz, U.S.A. ; 4 IT University of Copenhagen, Copenhagen, Denmark

Keyword(s): Formal Verification, Symbolic Dolev-Yao Model, Authenticated Key Establishment, Protocols, IoT.

Abstract: Constrained IoT devices are becoming ubiquitous in society and there is a need for secure communication protocols that respect the constraints under which these devices operate. EDHOC is an authenticated key establishment protocol for constrained IoT devices, currently being standardized by the Internet Engineering Task Force (IETF). A rudimentary version of EDHOC with only two key establishment methods was formally analyzed in 2018. Since then, the protocol has evolved significantly and several new key establishment methods have been added. In this paper, we present a formal analysis of all EDHOC methods in an enhanced symbolic Dolev-Yao model using the Tamarin tool. We show that not all methods satisfy the authentication notion injective of agreement, but that they all do satisfy a notion of implicit authentication, as well as Perfect Forward Secrecy (PFS) of the session key material. We identify other weaknesses to which we propose improvements. For example, a party may intend to establish a session key with a certain peer, but end up establishing it with another, trusted but compromised, peer. We communicated our findings and proposals to the IETF, which has incorporated some of these in newer versions of the standard. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 54.227.104.229

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Norrman, K.; Sundararajan, V. and Bruni, A. (2021). Formal Analysis of EDHOC Key Establishment for Constrained IoT Devices. In Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT; ISBN 978-989-758-524-1; ISSN 2184-7711, SciTePress, pages 210-221. DOI: 10.5220/0010554002100221

@conference{secrypt21,
author={Karl Norrman. and Vaishnavi Sundararajan. and Alessandro Bruni.},
title={Formal Analysis of EDHOC Key Establishment for Constrained IoT Devices},
booktitle={Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT},
year={2021},
pages={210-221},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010554002100221},
isbn={978-989-758-524-1},
issn={2184-7711},
}

TY - CONF

JO - Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT
TI - Formal Analysis of EDHOC Key Establishment for Constrained IoT Devices
SN - 978-989-758-524-1
IS - 2184-7711
AU - Norrman, K.
AU - Sundararajan, V.
AU - Bruni, A.
PY - 2021
SP - 210
EP - 221
DO - 10.5220/0010554002100221
PB - SciTePress