TY - GEN
T1 - Formal analysis of secure device pairing protocols
AU - Nguyen, Trung
AU - Leneutre, Jean
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2014/10/14
Y1 - 2014/10/14
N2 - The need to secure communications between personal devices is increasing nowadays, especially in the context of Internet of Things. Authentication between devices which have no prior common knowledge is a challenging problem. One solution consists in using a pre-authenticated auxiliary channel, human assisted or location limited, usually called out-of-band channel. A large number of device pairing protocols using an out-of-band channel were proposed, but they usually suffer from a lack of formal analysis. In this paper, we introduce a formal model, conceived as an extension of Strand Spaces, to analyze such protocols. We use it to analyze a device pairing protocol with unilateral out-of-band channel proposed by Wong & Stajano. This leads us to discover some vulnerabilities in this protocol. We propose a modified version of the protocol together with a correctness proof in our model.
AB - The need to secure communications between personal devices is increasing nowadays, especially in the context of Internet of Things. Authentication between devices which have no prior common knowledge is a challenging problem. One solution consists in using a pre-authenticated auxiliary channel, human assisted or location limited, usually called out-of-band channel. A large number of device pairing protocols using an out-of-band channel were proposed, but they usually suffer from a lack of formal analysis. In this paper, we introduce a formal model, conceived as an extension of Strand Spaces, to analyze such protocols. We use it to analyze a device pairing protocol with unilateral out-of-band channel proposed by Wong & Stajano. This leads us to discover some vulnerabilities in this protocol. We propose a modified version of the protocol together with a correctness proof in our model.
UR - https://www.scopus.com/pages/publications/84911012962
U2 - 10.1109/NCA.2014.50
DO - 10.1109/NCA.2014.50
M3 - Conference contribution
AN - SCOPUS:84911012962
T3 - Proceedings - 2014 IEEE 13th International Symposium on Network Computing and Applications, NCA 2014
SP - 291
EP - 295
BT - Proceedings - 2014 IEEE 13th International Symposium on Network Computing and Applications, NCA 2014
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2014 13th IEEE International Symposium on Network Computing and Applications, NCA 2014
Y2 - 21 August 2014 through 23 August 2014
ER -