{"title":"LoRaWAN中一个密钥管理漏洞的认知分析","authors":"Martha N. Kamkuemah","doi":"10.1109/PST52912.2021.9647741","DOIUrl":null,"url":null,"abstract":"Smart devices in applications like remote sensing systems use the LoRaWAN protocol to connect with and transmit data to a central server. The device and server use the protocol’s handshake procedure to start a communication session and negotiate session encryption keys. However, session keys remain unchanged throughout communications with the server. Static session keys make the protocol vulnerable to attack. An intruder that compromises the session keys can decrypt past and future messages. This work studies the LoRaWAN handshake procedure, its security properties, namely mutual authentication and secrecy, and proposes a key exchange scheme to mitigate the session key vulnerability. It proposes epistemic definitions for the vital properties of mutual authentication and secrecy. To validate them, we prove that the handshake and new key exchange scheme satisfy these definitions. Based on this validation, we show that the protocol is secure. Finally, the work shows that the new key exchange scheme is feasible for devices with limited processing power, bandwidth, and memory.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Epistemic Analysis of a Key-Management Vulnerability in LoRaWAN\",\"authors\":\"Martha N. Kamkuemah\",\"doi\":\"10.1109/PST52912.2021.9647741\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Smart devices in applications like remote sensing systems use the LoRaWAN protocol to connect with and transmit data to a central server. The device and server use the protocol’s handshake procedure to start a communication session and negotiate session encryption keys. However, session keys remain unchanged throughout communications with the server. Static session keys make the protocol vulnerable to attack. An intruder that compromises the session keys can decrypt past and future messages. This work studies the LoRaWAN handshake procedure, its security properties, namely mutual authentication and secrecy, and proposes a key exchange scheme to mitigate the session key vulnerability. It proposes epistemic definitions for the vital properties of mutual authentication and secrecy. To validate them, we prove that the handshake and new key exchange scheme satisfy these definitions. Based on this validation, we show that the protocol is secure. Finally, the work shows that the new key exchange scheme is feasible for devices with limited processing power, bandwidth, and memory.\",\"PeriodicalId\":144610,\"journal\":{\"name\":\"2021 18th International Conference on Privacy, Security and Trust (PST)\",\"volume\":\"17 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-12-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 18th International Conference on Privacy, Security and Trust (PST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PST52912.2021.9647741\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 18th International Conference on Privacy, Security and Trust (PST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PST52912.2021.9647741","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Epistemic Analysis of a Key-Management Vulnerability in LoRaWAN
Smart devices in applications like remote sensing systems use the LoRaWAN protocol to connect with and transmit data to a central server. The device and server use the protocol’s handshake procedure to start a communication session and negotiate session encryption keys. However, session keys remain unchanged throughout communications with the server. Static session keys make the protocol vulnerable to attack. An intruder that compromises the session keys can decrypt past and future messages. This work studies the LoRaWAN handshake procedure, its security properties, namely mutual authentication and secrecy, and proposes a key exchange scheme to mitigate the session key vulnerability. It proposes epistemic definitions for the vital properties of mutual authentication and secrecy. To validate them, we prove that the handshake and new key exchange scheme satisfy these definitions. Based on this validation, we show that the protocol is secure. Finally, the work shows that the new key exchange scheme is feasible for devices with limited processing power, bandwidth, and memory.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
