Cryptanalysis and improvement of the YAK protocol with formal security proof and security verification via Scyther

Mohammad, Zeyad

doi:10.1002/dac.4386

Cited by 11 publications

(7 citation statements)

References 69 publications

(116 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Figure 6 indicates the formal verification result of PUFDCA in Scyther. To analyze the result, the Scyther claims were classified into security properties, involving confidentiality, freshness, forward secrecy, and resistance to impersonation and replay attacks [20,21]. The security properties can be analyzed for the proposed solution.…”

Section: Experimental Results Analysismentioning

confidence: 99%

PUFDCA: A Zero-Trust-Based IoT Device Continuous Authentication Protocol

Alshomrani

2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

It is very challenging to secure the Internet of Things (IoT) systems, which demands an end-to-end approach from the edge devices to cloud or hybrid service. The exponential growth besides the simple and low-cost nature of IoT devices has made IoT system an attractive target for several types of security attacks such as impersonation, spoofing, and DDoD attacks. This work is aimed at enhancing the IoT security using a zero-trust (ZT) approach by proposing a physical unclonable function-based device continuous authentication (PUFDCA). The PUFDCA provides two kinds of authentications to verify the identity of the IoT device, static authentication to verify the identity before starting the session using PUF technology and continuous authentication to verify the location of the device during the session to ensure the authenticated device is not changed. The security analysis and verification tool results demonstrate that the proposed protocol is secure against a range of common IoT attacks. In addition, PUFDCA is considered lightweight and consumes low energy and storage.

show abstract

Section: Experimental Results Analysismentioning

confidence: 99%

PUFDCA: A Zero-Trust-Based IoT Device Continuous Authentication Protocol

Alshomrani

2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

show abstract

“…The YAK protocol achieved robust security under the computational Diffie–Hellman (CDH) assumption in the random oracle model. However, the YAK protocol is insecure as shown in References 7 and 20.…”

Section: The Related Workmentioning

confidence: 99%

“…The known‐key security attackIt is expected that the EMSK produces unique common session keys. However, if a session key is revealed, this should not facilitate a passive attack to compromise future session key or an impersonation by an active attack 7,17 . In EMSK, suppose that the nine session keys (σ1 to σ9), see Figure 3, are known to an adversary.…”

Section: Security Analysis Of the Proposed Protocol Against Well‐known Attacksmentioning

confidence: 99%

“…It is designed under the perfect or unbreakable encryption assumption 37 which means that an attacker learns nothing from an encrypted message unless she/he knows the decryption key. Yang et al 7,38–43 used the Scyther tool for analyzing two complex group authentication protocols.…”

Section: Security Analysis Of the Proposed Protocol Against Well‐known Attacksmentioning

confidence: 99%

“…There are various algorithms which are based on public key encryption such as, Rivest, Shamir, Adliman (RSA), Diffie–Hellman key exchange (DH), elliptic curve Diffie–Hellman (ECDH), digital signature algorithm (DSA), elliptic curve digital signature algorithm (ECDSA), elliptic curve cryptography (ECC), ELGamal encryption algorithm, 3–5 YAK protocol 6 and improved YAK, 7 Menezes–Qu–Vanstone (MQV) protocol, and the hashed MQV (HMQV) protocol 8,9 …”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

An authenticated, secure, and mutable multiple‐session‐keys protocol based on elliptic curve cryptography and text‐to‐image encryption algorithm

Abusukhon

Mohammad

Al-Thaher

2021

Concurrency and Computation

Self Cite

View full text Add to dashboard Cite

Summary Most of the key agreement protocols (e.g., Menezes–Qu–Vanstone [MQV] family) generate one common key per session. This leaves the session key vulnerable against various attacks. This article proposed an enhanced multiple session key (EMSK) protocol which is based on the elliptic curve Diffie–Hellman (ECDH), HMQV, and the YAK protocols. The EMSK generates multiple session keys per session. Unlike the MQV protocol, the EMSK needs only two messages to be exchanged in order to create nine session keys. However, the MQV requires 18 messages to be exchanged in order to produce these nine session keys. In EMSK, one of the session keys is used to encrypt the plaintext using the one‐time pad cipher. The encrypted message is then embedded in an RGB‐image in order to provide confidentiality service of communication. The EMSK is evaluated theoretically against various types of attacks and practically using the Scyther simulator. The results from the simulator showed that the EMSK protocol withstand various types of attacks on the MQV, HMQV, and the YAK protocols, and provided perfect forward secrecy. In addition, the EMSK provides a digital signature feature which validates the authenticity and integrity of a digital message using the zero knowledge prove.

show abstract