A Formal Analysis of EnOcean’s Teach-in and Authentication

Abstract

The security of protocols and the absence of design-related weaknesses and vulnerabilities is crucial for the prevention of cyber attacks. This paper provides the first formal model for EnOcean, an IoT protocol widely used in home automation systems. Based on EnOcean’s security specification a formal model of its teach-in and high security authentication is created in the applied pi calculus. In an automated security analysis with the security protocol model checker ProVerif several security requirements are checked. While the analysis shows that all the secrecy statements can be verified, it identifies some weaknesses for the authentication. Based on an analysis of the potential attacks, we suggest a provable fix for the detected attacks.