Paper Info
Title
Questioning the security and efficiency of the ESIoT approach.
Abstract
ESIoT is a secure access control and authentication protocol introduced for Internet of Things (IoT) applications. The core primitive of ESIoT is an identity-based broadcast encryption scheme called Secure Identity-Based Broadcast Encryption (SIBBE). SIBBE is designed to provide secure key distribution among a group of devices in IoT networks, and enable devices in each group to perform mutual authentication. The scheme is also designed to hide the structure of the group from nodes outside of the group. We identify multiple efficiency and security issues in this primitive that prove SIBBE unsuitable for IoT applications. First, we show that contrary to what was claimed, the size of the ciphertexts generated by the encryption function is not constant but in fact linear in the number of devices in the group. Additionally, we demonstrate that the encryption and decryption costs are also linear in the number of nodes in the group, implying scalability issues thus inefficiency for IoT applications. In terms of security, we prove that SIBBE does not achieve the desired property of anonymity and allows an attacker to gain information on the structure of any given group. Finally, we demonstrate how SIBBE does not achieve the claimed chosen-ciphertext security. We however prove its security for a weaker security notion (namely selective-ID indistinguishability against chosen-plaintext attacks) under a variant of the GDDHE assumption.
Year
DOI
Venue
2018
10.1145/3212480.3212491
WiSec '18: 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Stockholm Sweden June, 2018
Field
DocType
ISBN
Broadcast encryption,Key distribution,Mutual authentication,Message authentication code,Computer security,Computer science,Computer network,Encryption,Authentication protocol,Access control,Anonymity
Conference
978-1-4503-5731-9
Citations 
PageRank 
References 
0
0.34
6
Authors
5
Name
Order
Citations
PageRank
Aïda Diop100.34
Saïd Gharout2203.73
Maryline Laurent326135.11
Jean Leneutre420317.73
Jacques Traoré518218.31