Questioning the security and efficiency of the ESIoT approach - Equipe Autonomic and Critical Embedded Systems Accéder directement au contenu
Communication Dans Un Congrès Année : 2018

Questioning the security and efficiency of the ESIoT approach

Résumé

ESIoT was introduced at WiSec 2017 as a protocol for providing secure access control and authentication in Internet of Things (IoT) applications. The core primitive of ESIoT is an identity-based broadcast encryption scheme called Secure Identity-Based Broadcast Encryption (SIBBE). SIBBE is designed to provide secure key distribution among a group of devices in IoT networks, and enable devices in each group to perform mutual authentication. The scheme is also designed to hide the structure of the group from nodes outside of the group. We identify multiple efficiency and security issues in the primitive that prove SIBBE unsuitable for IoT applications. First, we show that the size of the ciphertexts generated by the encryption function is linear in the number of devices in the group as opposed to constant as claimed in the description of the scheme. Additionally, we demonstrate how constrained nodes in the network perform a number of decryptions also linear in the set of devices, implying scalability issues and thus inefficiency for IoT applications. In terms of security, we prove that SIBBE does not achieve the desired property of anonymity and allows an attacker to gain information on the structure of any given group. Finally, we demonstrate how SIBBE does not achieve chosen-ciphertext security as claimed. We however prove its security for a weaker security notion (namely selective-ID indistinguishability against chosen-plaintext attacks) under a strong cryptographic assumption
Fichier principal
Vignette du fichier
2018-wisecAida-QuestioningEsIOTApproach.pdf (367.5 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01850383 , version 1 (27-07-2018)

Identifiants

Citer

Aida Diop, Said Gharout, Maryline Laurent, Jean Leneutre, Jacques Traoré. Questioning the security and efficiency of the ESIoT approach. WISEC 2018: 11th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Jun 2018, Stockholm, Sweden. pp.202 - 207, ⟨10.1145/3212480.3212491⟩. ⟨hal-01850383⟩
125 Consultations
141 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More