Evaluating the security of one-way key chains in TESLA-based GNSS Navigation Message Authentication schemes

Caparra, Gianluca; Sturaro, Silvia; Laurenti, Nicola; Wullems, Christian

doi:10.1109/icl-gnss.2016.7533685

Cited by 26 publications

(35 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…TESLA is widely used to authenticate broadcast messages [31,32], such as DoS attack-tolerant TESLA-based broadcast authentication protocol in Internet of Things [33]. We first present an overview of TESLA by outlining properties that make TESLA suitable for securing PLC for load management systems.…”

Section: Timed Efficient Stream Loss-tolerant Authentication (Tesla)mentioning

confidence: 99%

Modified Timed Efficient Stream Loss-tolerant Authentication to Secure Power Line Communication

Sigweni¹,

Mangwala²,

Chuma³

2019

IJECE

View full text Add to dashboard Cite

<div class="page" title="Page 1"><div class="layoutArea"><div class="column"><p><span>This paper investigates the feasibility of Timed Efficient Stream Loss-tolerant Authentica- tion to serve security needs of Power Line Communication (PLC) system. PLC network has been identified as the ideal choice to function as the last mile network, deliver load management messages to smart meters. However, there is need to address the security concerns for load management messages delivered over power line communications. The ubiquitous nature of the power line communication infrastructure exposes load management systems (LMS) deployed over it to a security risk. Ordinarily, PLC network does not em- ploy any security measures on which the smart meters and data concentrators can depend on. Therefore, the need to provide a secure mechanism for communication of load man- agement system messages over a PLC network. In LMS, source authentication is of highest priority because we need to respond only to messages from an authenticated source. This is achieved by investigating suitable robust authentication protocols. In this paper we present modifications to Timed Efficient Stream Loss-tolerant Authentication for secure authentica- tion to secure messages for load management over PLC. We demonstrate that PLC can be used to securely and effectively deliver Load Management messages to smart meters, with minimal overhead. </span></p></div></div></div>

show abstract

Section: Timed Efficient Stream Loss-tolerant Authentication (Tesla)mentioning

confidence: 99%

Modified Timed Efficient Stream Loss-tolerant Authentication to Secure Power Line Communication

Sigweni¹,

Mangwala²,

Chuma³

2019

IJECE

View full text Add to dashboard Cite

show abstract

“…This characteristic of being deterministic offers receivers the ability to recover the keychain in the event that messages are lost, but it also allows attackers the ability to carry out pre-computation attacks. The addition of a "salt", or cryptographic randomness, to the key creation process has been proposed in previous literature [5][7] [8]. This salt can come in the form of incorporating a time-varying hash function that changes with each iteration of key creation in the keychain.…”

Section: Ii: the Tesla Algorithmmentioning

confidence: 99%

“…The keys in the keychain will be derived from this one-way function by truncating the output of the hash to create each key. In [5], it was pointed out that one needs to be careful when truncating the output of the SHA256 function to create the keychain. A pre-image or second pre-image becomes more likely to be found as the amount of truncation increases.…”

Section: Iii: Probabilistic Attack Model For Tesla Securitymentioning

confidence: 99%

“…This paper is divided into the following sections: Section II provides an overview of the TESLA algorithm; Section III briefly introduces the probabilistic model for TESLA security from [5] and derives an updated version of the attacker model; Section IV covers the trade space for the TESLA keychain design that is within the scope of this paper; Section V provides results and Section VI provides conclusions and recommendations from the trade space analysis.…”

Section: I: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Parameter Selection for the TESLA Keychain

Neish¹,

Walter²,

Enge³

2018

Proceedings of the 31st International Technical Meeting of the Satellite Division of the Institute of Navigation (ION GNSS+ 201

View full text Add to dashboard Cite

In this work, the threats to TESLA and the TESLA keychain are evaluated and the weak points in the implementation are identified. Modes of attack are modeled to emulate the effort required for an attacker to break the security of the TESLA keychain. This effort is contextualized with the window of vulnerability which is directly related to the length of the keychain and other variables. The effort required to break TESLA as these variables change is calculated using probabilistic models. While observing the variables' consequences to security, an analysis is carried out that yield recommendations for a secure implementation of the TESLA keychain.

show abstract

“…Both symmetric and asymmetric algorithms have been proposed as digital authentication methods for GNSS and SBAS, and both sets of algorithms are built upon primitives that are assumed to be hard to break. For asymmetric algorithms, the primitive discussed here is the digital signature based on the discrete logarithm, and for symmetric algorithms, it is the one‐way hash function.…”

Section: Introductionmentioning

confidence: 99%

Quantum‐resistant authentication algorithms for satellite‐based augmentation systems

2019

View full text Add to dashboard Cite

Cryptography in the form of digital signatures can be part of the solution to the threat of spoofing and is going to be implemented on Galileo and other Global Navigation Satellite Systems. Digital signatures incorporated into the data stream authenticate the integrity of the data as well as the origin of the message. Implementing a digital signature on a satellite-based augmentation system for use in aviation will require the signature to be short and the signing procedure to be cryptographically relevant for the next 30 or more years. With the advent of quantum computing, many state-of-the-art authentication schemes are no longer viable, so an authentication scheme implemented in satellite-based augmentation system will need to be quantum secure. This paper introduces the cryptographic primitives (foundational problems) necessary to understand the vulnerabilities in modern-day cryptography due to quantum computing and investigates the use of TESLA (Timed Efficient Stream Loss-tolerant Algorithm) and EC-Schnorr (Elliptic Curve-Schnorr) algorithms in broadcast systems.

show abstract

Evaluating the security of one-way key chains in TESLA-based GNSS Navigation Message Authentication schemes

Cited by 26 publications

References 4 publications

Modified Timed Efficient Stream Loss-tolerant Authentication to Secure Power Line Communication

Modified Timed Efficient Stream Loss-tolerant Authentication to Secure Power Line Communication

Parameter Selection for the TESLA Keychain

Quantum‐resistant authentication algorithms for satellite‐based augmentation systems

Contact Info

Product

Resources

About