Provably repairing the ISO/IEC 9798 standard for entity authentication1

Basin, David; Cremers, Cas; Meier, Simon

doi:10.3233/jcs-130472

Cited by 42 publications

(8 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This attack leads to both devices accepting although neither actually pairs with the other. Similar attacks have been previously shown on other protocols [5].…”

Section: Analysis Of Passkey Entrysupporting

confidence: 83%

The Bluetooth CYBORG: Analysis of the Full Human-Machine Passkey Entry AKE Protocol

Troncoso¹,

Hale

2021

Proceedings 2021 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Assuming that an adversary cannot effect such channels is no longer realistic, as demonstrated by recent attacks leveraging malware to target the user interface, as well as more established social engineering attacks. Notably the Tap 'n Ghost attack [33], which specifically targets Bluetooth devices, refutes the idea that user communications should be ignored in protocol analysis. As a result, it is critical to analyze the protocols in their entirety, accounting for both user interaction and device-to-device communication -namely, the cyborg protocol.Leading authenticated key exchange (AKE) models do not capture user-to-device (UtD) attacks due to the sole focus on device-to-device (DtD) communications. However useroriented attacks arise precisely from adversarial control of the UtD channel, or from a combination of control on UtD and DtD channels. While models capturing the UtD channel in the analysis of authentication protocols have emerged [18], [23], there has been a lack of such modeling for key exchange until now despite the standarized use of such protocols in practice. This is in stark contrast to the widespread implementation and standardization of AKE protocols employing the UtD channel [10], [25].We model adversarial abilities against key exchange on what is normally the OOB channel. As noted before, Tap 'n Ghost is one attack which focuses heavily on vulnerabilities in the (previously assumed to be perfect) OOB channel. The attack is notable as it is a two-pronged assault on a user interface (without actively attacking device memory itself). The attacker first executes a Tag-based Adaptive Ploy, which forces a pop-up to display on a user's device, and then activates a Ghost Touch Generator, which spoofs touches on unwanted areas of the screen, to force pairing with a corrupted device. Thus, the attack requires adversarial ability to create messages to be sent to a user from a device, and adversarial ability to modify communications back from the user to the device (see Figure 1). We reference the Tap n' Ghost attack as an illustrative example throughout, but it is not the only attack leveraging the UtD communication channel. Touchloggers [12], [16], the StrandHogg vulnerability [24], social engineering, and shoulder-surfing attacks also fall into this category. All such attack vectors are systematically accounted for in our CYBORG model. Bluetooth's Passkey Entry [10] generates and shares a random value (a passkey) via the user to effectively achieve Abstract-In this paper, we computationally analyze Passkey Entry in its entirety as a cryptographic authenticated key exchange (AKE) -including user-protocol interactions that are typically ignored as out-of-band. To achieve this, we model the user-to-device channels, as well as the typical device-to-device channel, and adversarial control scenarios in both cases. In particular, we separately capture adversarial control of device displays on the initiating and responding devices as well as adversarial control of user input mechanisms using what we call a ...

show abstract

“…This attack leads to both devices accepting although neither actually pairs with the other. Similar attacks have been previously shown on other protocols [5].…”

Section: Analysis Of Passkey Entrysupporting

confidence: 83%

The Bluetooth CYBORG: Analysis of the Full Human-Machine Passkey Entry AKE Protocol

Troncoso¹,

Hale

2021

Proceedings 2021 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…The proposed protocol for the trusted IoT device scenario was modeled based on existing Scyther models [64] of the ISO 9798 standard for entity authentication, which were used for the conception of SKID3 protocol [59].…”

Section: Definition 15 (Injective Agreement)mentioning

confidence: 99%

Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning

Hayashi

Ruggiero

2022

Sensors

View full text Add to dashboard Cite

Virtual assistants, deployed on smartphone and smart speaker devices, enable hands-free financial transactions by voice commands. Even though these voice transactions are frictionless for end users, they are susceptible to typical attacks to authentication protocols (e.g., replay). Using traditional knowledge-based or possession-based authentication with additional invasive interactions raises users concerns regarding security and usefulness. State-of-the-art schemes for trusted devices with physical unclonable functions (PUF) have complex enrollment processes. We propose a scheme based on a challenge response protocol with a trusted Internet of Things (IoT) autonomous device for hands-free scenarios (i.e., with no additional user interaction), integrated with smart home behavior for continuous authentication. The protocol was validated with automatic formal security analysis. A proof of concept with websockets presented an average response time of 383 ms for mutual authentication using a 6-message protocol with a simple enrollment process. We performed hands-free activity recognition of a specific user, based on smart home testbed data from a 2-month period, obtaining an accuracy of 97% and a recall of 81%. Given the data minimization privacy principle, we could reduce the total number of smart home events time series from 7 to 5. When compared with existing invasive solutions, our non-invasive mechanism contributes to the efforts to enhance the usability of financial institutions’ virtual assistants, while maintaining security and privacy.

show abstract

“…Cremers and Horvat [8] verified 30 key exchange protocols standardized in ISO/IEC 11770-2 [9] and ISO/IEC 11770-3 [10] with automated security verification tool Scyther [11], and found some spoofing attacks. Scyther and Tamarin Prover [12] have been also used to verify other standardized protocols such as IKEv1/v2 in IPsec [13], entity authentication protocols in ISO/IEC 9798 [14], TLS 1.3 [15], 5G-AKA [16] and smart grid authentication protocol SAv5 in IEEE 1815-2012 [17] and others. Dreier et al [26] showed verification results of industrial protocols OPC-UA and MODBUS with Tamarin Prover, and gave a modeling of sequence numbers and counters.…”

Section: Related Workmentioning

confidence: 99%

Verification of Group Key Management of IEEE 802.21 Using ProVerif

Noguchi

Hanatani

Yoneyama

2021

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

Home Energy Management Systems (HEMS) contain devices of multiple manufacturers. Also, a large number of groups of devices must be managed according to several clustering situations. Hence, since it is necessary to establish a common secret group key among group members, the group key management scheme of IEEE 802.21 is used. However, no security verification result by formal methods is known. In this paper, we give the first formal verification result of secrecy and authenticity of the group key management scheme of IEEE 802.21 against insider and outsider attacks using ProVerif, which is an automatic verification tool for cryptographic protocols. As a result, we clarify that a spoofing attack by an insider and a replay attack by an outsider are found for the basic scheme, but these attacks can be prevented by using the scheme with the digital signature option.

show abstract

Provably repairing the ISO/IEC 9798 standard for entity authentication1

Cited by 42 publications

References 19 publications

The Bluetooth CYBORG: Analysis of the Full Human-Machine Passkey Entry AKE Protocol

The Bluetooth CYBORG: Analysis of the Full Human-Machine Passkey Entry AKE Protocol

Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning

Verification of Group Key Management of IEEE 802.21 Using ProVerif

Contact Info

Product

Resources

About