Secure group key distribution in constrained environments with IKEv2

Felde, Nils gentschen; Guggemos, Tobias; Heider, Tobias; Kranzlmüller, Dieter

doi:10.1109/desec.2017.8073823

Cited by 11 publications

(10 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This allows a pair of nodes to perform authentication in an IKE-negotiated security association even when one node is too constrained to compute the required cryptographic functions supported by the IKE's security association policy [38]. Due to the wide adoption of IKE protocols, IKEv2 is remains a subject of interest in group authentication for constrained environments [39].…”

Section: A Ikev2mentioning

confidence: 99%

Reviewing Constrained Node Networks

Kwanashie¹

2023

Preprint

View full text Add to dashboard Cite

show abstract

Section: A Ikev2mentioning

confidence: 99%

Reviewing Constrained Node Networks

Kwanashie¹

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…With increasing group sizes or geographical distribution, central management with its associated operations might become difficult, though. [8] In the next section we will compare and evaluate the suitability of Group Key Management Procedure (GKMP) [13], [14], Logical Key Hierachy (LKH) [30], One-way Function Tree (OFT) [41], Centralized Flate Table Key Management (CFKM) [39], Chinese Remaindering Group Key (CRGK) [42], CRT-GKM [38] and Central Authorized Key Extension (CAKE) [15] for LDACS.…”

Section: Selection Of Group Key Management Proceduresmentioning

confidence: 99%

Group Key Distribution Procedures for the L-Band Digital Aeronautical Communications System (LDACS)

Ewert

Mäurer

Gräupl

2021

2021 IEEE/AIAA 40th Digital Avionics Systems Conference (DASC)

View full text Add to dashboard Cite

Since the beginning of the century, an increasing amount of air traffic has pushed current aeronautical communication systems to their limits. Therefore, a modernization process is ongoing aiming to digitalize previously analog systems and prepare them for future requirements. Among these efforts is the L-Band Digital Aeronautical Communication System (LDACS). Being the worldwide first integrated Communication, Navigation and Surveillance (CNS) system, it will replace legacy analog voice communications in the future. Any newly developed system must provide strong cyber security, especially when deployed within critical infrastructures. While previous work has been focused on implementing Mutual Authentication and Key Establishment protocols in LDACS, applying security mechanisms in a group wise fashion has not been evaluated yet. As LDACS control messages apply to all members of an LDACS cell, Group Key Management (GKM) methods are a vital step in introducing control channel security to LDACS. The objective of this paper is to evaluate GKM procedures to support secure group communication within LDACS control channels.

show abstract

“…Previous group key schemes (Felde et al, 2017) cannot be deployed directly since 1) they require a service center to store key directories, 2) they are not able to minimize the downtime during smart grid's operation, and 3) Most PMU/PDCs are equipped with limited memory and low-capacity micro-controllers, which tend to be restricted in their storage capability and computation.…”

Section: Key Exchangementioning

confidence: 99%

A lightweight integrity protection scheme for low latency smart grid applications

Jolfaei

Kant

2019

Computers & Security

View full text Add to dashboard Cite

The substation communication protocol used in smart grid allows the transmission of messages without integrity protection for applications that require very low communication latency. This leaves the real-time measurements taken by phasor measurement units (PMUs) vulnerable to man-in-the-middle attacks, and hence makes high voltage to medium voltage (HV/MV) substations vulnerable to cyber-attacks. In this paper, a lightweight and secure integrity protection algorithm has been proposed to maintain the integrity of PMU data, which fills the missing integrity protection in the IEC 61850-90-5 standard, when the MAC identifier is declared 0. The rigorous security analysis proves the security of the proposed integrity protection method against ciphertext-only attacks and known/chosen plaintext attacks. A comparison with existing integrity protection methods shows that our method is much faster, and is also the only integrity protection scheme that meets the strict timing requirement. Not only the proposed method can be used in power protection applications, but it also can be used in emerging anomaly detection scenarios, where a fast integrity check coupled with low latency communications is used for multiple rounds of message exchanges. This paper is an extension of work originally reported in Proceedings of 14th International Conference on Security and Cryptography (Jolfaei and Kant, 2017). 1 4 cycle or 4 ms (for 60 Hz lines) for the most critical messages. Over the past two decades, many power companies have already deployed hundreds or thousands of PMUs and phasor data concentrators (PDCs) that have no cryptographic acceleration (Pappu et al., 2013). These devices cannot maintain the strict 4 ms latency requirement when they are equipped with conventional hash based techniques, such as a cipher-based MAC (CMAC) (Dworkin, 2007) and a hash-based MAC

show abstract

Secure group key distribution in constrained environments with IKEv2

Cited by 11 publications

References 9 publications

Reviewing Constrained Node Networks

Reviewing Constrained Node Networks

Group Key Distribution Procedures for the L-Band Digital Aeronautical Communications System (LDACS)

A lightweight integrity protection scheme for low latency smart grid applications

Contact Info

Product

Resources

About