Security Evaluation of Provably Secure ECC-Based Anonymous Authentication and Key Agreement Scheme for IoT
The proliferation of the Internet of Things (IoT) has worsened the challenge of maintaining data and user privacy. IoT end devices, often deployed in unsupervised environments and connected to open networks, are susceptible to physical tampering and various other security attacks. Thus, robust, effi...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-01-01
|
| Series: | Sensors |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1424-8220/25/1/237 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841548939581456384 |
|---|---|
| author | Kisung Park Myeonghyun Kim Youngho Park |
| author_facet | Kisung Park Myeonghyun Kim Youngho Park |
| author_sort | Kisung Park |
| collection | DOAJ |
| description | The proliferation of the Internet of Things (IoT) has worsened the challenge of maintaining data and user privacy. IoT end devices, often deployed in unsupervised environments and connected to open networks, are susceptible to physical tampering and various other security attacks. Thus, robust, efficient authentication and key agreement (AKA) protocols are essential to protect data privacy during exchanges between end devices and servers. The previous work in “Provably Secure ECC-Based Anonymous Authentication and Key Agreement for IoT” proposed a novel AKA scheme for secure IoT environments. They claimed their protocol offers comprehensive security features, guarding against numerous potential flaws while achieving session key security. However, this paper demonstrates through logical and mathematical analyses that the previous work is vulnerable to various attacks. We conducted a security analysis using the extended Canetti and Krawczyk (eCK) model, which is widely employed in security evaluations. This model considers scenarios where an attacker has complete control over the network, including the ability to intercept, modify, and delete messages, while also accounting for the potential exposure of ephemeral private keys. Furthermore, we show that their scheme fails to meet critical security requirements and relies on flawed security assumptions. We prove our findings using the automated validation of internet security protocols and applications, a widely recognized formal verification tool. To strengthen attack resilience, we propose several recommendations for the advancement of more robust and efficient AKA protocols specifically designed for IoT environments. |
| format | Article |
| id | doaj-art-a650829ee2314586bc1b5e8f88be7948 |
| institution | Kabale University |
| issn | 1424-8220 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Sensors |
| spelling | doaj-art-a650829ee2314586bc1b5e8f88be79482025-01-10T13:21:19ZengMDPI AGSensors1424-82202025-01-0125123710.3390/s25010237Security Evaluation of Provably Secure ECC-Based Anonymous Authentication and Key Agreement Scheme for IoTKisung Park0Myeonghyun Kim1Youngho Park2Department of Computer Engineering (Smart Security), Gachon University, Seongnam 13120, Republic of KoreaSystem Security Research Section, Electronics and Telecommunications Research Institute, Daejeon 34129, Republic of KoreaSchool of Electronic and Electrical Engineering, Kyungpook National University, Daegu 41566, Republic of KoreaThe proliferation of the Internet of Things (IoT) has worsened the challenge of maintaining data and user privacy. IoT end devices, often deployed in unsupervised environments and connected to open networks, are susceptible to physical tampering and various other security attacks. Thus, robust, efficient authentication and key agreement (AKA) protocols are essential to protect data privacy during exchanges between end devices and servers. The previous work in “Provably Secure ECC-Based Anonymous Authentication and Key Agreement for IoT” proposed a novel AKA scheme for secure IoT environments. They claimed their protocol offers comprehensive security features, guarding against numerous potential flaws while achieving session key security. However, this paper demonstrates through logical and mathematical analyses that the previous work is vulnerable to various attacks. We conducted a security analysis using the extended Canetti and Krawczyk (eCK) model, which is widely employed in security evaluations. This model considers scenarios where an attacker has complete control over the network, including the ability to intercept, modify, and delete messages, while also accounting for the potential exposure of ephemeral private keys. Furthermore, we show that their scheme fails to meet critical security requirements and relies on flawed security assumptions. We prove our findings using the automated validation of internet security protocols and applications, a widely recognized formal verification tool. To strengthen attack resilience, we propose several recommendations for the advancement of more robust and efficient AKA protocols specifically designed for IoT environments.https://www.mdpi.com/1424-8220/25/1/237security analysisInternet of Thingssecurity attackssession key security |
| spellingShingle | Kisung Park Myeonghyun Kim Youngho Park Security Evaluation of Provably Secure ECC-Based Anonymous Authentication and Key Agreement Scheme for IoT Sensors security analysis Internet of Things security attacks session key security |
| title | Security Evaluation of Provably Secure ECC-Based Anonymous Authentication and Key Agreement Scheme for IoT |
| title_full | Security Evaluation of Provably Secure ECC-Based Anonymous Authentication and Key Agreement Scheme for IoT |
| title_fullStr | Security Evaluation of Provably Secure ECC-Based Anonymous Authentication and Key Agreement Scheme for IoT |
| title_full_unstemmed | Security Evaluation of Provably Secure ECC-Based Anonymous Authentication and Key Agreement Scheme for IoT |
| title_short | Security Evaluation of Provably Secure ECC-Based Anonymous Authentication and Key Agreement Scheme for IoT |
| title_sort | security evaluation of provably secure ecc based anonymous authentication and key agreement scheme for iot |
| topic | security analysis Internet of Things security attacks session key security |
| url | https://www.mdpi.com/1424-8220/25/1/237 |
| work_keys_str_mv | AT kisungpark securityevaluationofprovablysecureeccbasedanonymousauthenticationandkeyagreementschemeforiot AT myeonghyunkim securityevaluationofprovablysecureeccbasedanonymousauthenticationandkeyagreementschemeforiot AT younghopark securityevaluationofprovablysecureeccbasedanonymousauthenticationandkeyagreementschemeforiot |