SEABASS: Symmetric-keychain encryption and authentication for building automation systems

Ng, Joshua; Keoh, Sye Loong; Tang, Zhaohui; Ko, Hajoon

doi:10.1109/wf-iot.2018.8355106

Cited by 5 publications

(1 citation statement)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Under the development of technology, there are increasingly articles pointing out that the LonTalk authentication protocol in building automation system has many vulnerabilities [6]. Literature [7][8][9][10][11][12] points out that the LonTalk authentication protocol has the following security vulnerabilities: (1) this authentication protocol only supports verifying the identity of the sender and cannot check the identity of the receiver. Only the sender can initiate the challenge-answer request; however, the receiver cannot, so the protocol can only carry out one-way authentication.…”

Section: Introductionmentioning

confidence: 99%

Formal Security Analysis and Improvement Based on LonTalk Authentication Protocol

Tao

2022

Security and Communication Networks

View full text Add to dashboard Cite

Security analysis of security protocol can be used to ensure communication security in the network. The process of security protocol analysis using the formal analysis method is simple and standardized, which is a research hotspot in the field of information security. In this study, a formal analysis method based on colored Petri net theory and Dolev-Yao attacker model is adopted to analyze LonTalk authentication protocol, and three types of attackable vulnerabilities including replay, tamper, and spoofing are found in LonTalk authentication protocol; thus, a secure LonTalk-SA authentication protocol is proposed. The LonTalk-SA authentication protocol was added with a trusted third-party server, which authenticates the identity of the sender and receiver and generates session keys through XOR operations on random numbers. The formal analysis of the new scheme shows that the new scheme can effectively resist three types of attacks, provide bidirectional authentication of communication nodes, and ensure the confidentiality, integrity, and authentication of messages during transmission, thus improving the security of protocols.

show abstract