Abstract
Ephemeral Diffie-Hellman over COSE (EDHOC) [1] is an authentication protocol that aims to replace TLS for resource constrained Internet of Things (IoT) devices using a selection of lightweight ciphers and formats. It is inspired by the newest Internet Draft of TLS 1.3 [2] and includes reduced round-trip modes. Unlike TLS 1.3, EDHOC is designed from scratch, and does not have to support legacy versions of the protocol. As the protocol is neither well-known nor has been used in practice it has not been scrutinized to the extent it should be.
The objective of this paper is to verify security properties of the protocol, including integrity, secrecy, and perfect forward secrecy properties. We use ProVerif [3] to analyze these properties formally. We describe violations of specific security properties for the reduced round-trip modes. The flaws were reported to the authors of the EDHOC protocol.
The objective of this paper is to verify security properties of the protocol, including integrity, secrecy, and perfect forward secrecy properties. We use ProVerif [3] to analyze these properties formally. We describe violations of specific security properties for the reduced round-trip modes. The flaws were reported to the authors of the EDHOC protocol.
Original language | English |
---|---|
Title of host publication | Security Standardisation Research : 4th International Conference |
Editors | Cas Cremers, Anja Lehmann |
Number of pages | 15 |
Place of Publication | Darmstadt, Germany |
Publisher | Springer |
Publication date | 2018 |
Pages | 21-36 |
ISBN (Print) | 978-3-030-04761-0 |
ISBN (Electronic) | 978-3-030-04762-7 |
DOIs | |
Publication status | Published - 2018 |
Keywords
- Authentication Protocol
- Resource Constrained IoT
- Lightweight Ciphers
- Reduced Round-Trip Modes
- Security Verification