Motivation and Research Objectives
Creating secure communication between unassociated constrained devices is a significant challenge in the IoT network, commonly referred to as the device pairing problem It has been demonstrated that cryptographic primitives alone cannot fulfill the pairing requirements To address this issue, pre-authenticated auxiliary channels, often known as out-of-band (OOB) channels, are utilized Numerous device pairing protocols leveraging various OOB channels have been proposed; however, the security of these protocols is typically assessed informally, which may lead to undetected vulnerabilities Notably, Chapter 2 highlights previously unreported flaws in certain protocols Furthermore, many existing device pairing protocols are inadequate for resource-constrained devices or necessitate OOB channels with high bandwidth.
A significant challenge in the Internet of Things (IoT) is the security of the neighbor discovery process Secure neighbor discovery protocols are intended to help participants accurately identify devices within their physical signal range However, variations in wireless interfaces among participants can render some of these protocols ineffective, allowing attackers to exploit vulnerabilities and establish false connections This undermines the stability and security of the network Some existing research has begun to tackle this issue.
To prevent security flaws before the deployment of protocols, it is essential to implement effective methods early in the design phase Formal methods are particularly effective in minimizing security vulnerabilities during protocol design Numerous formal models have been developed to verify traditional security protocols, while various studies have also focused on verifying wireless security protocols, specifically addressing challenges in the neighbor discovery process and ad-hoc routing.
Traditional formal methods for authentication protocols typically utilize the Dolev-Yao model for attacker modeling However, in secure device pairing protocols, the out-of-band (OOB) channel is more tightly controlled by the user, which may diminish the attacker's capabilities compared to the Dolev-Yao model at certain stages of the protocol Consequently, existing verification techniques may not be suitable for these scenarios.
The main objective of this thesis is to propose secure and e↵ective wireless protocols in the context of IoT together with methods allowing to verify their security properties.
Despite of recent progress in security for device pairing protocols and neighbour discovery protocols, the following challenges still require research e↵orts.
• The design of security mechanisms must be lightweight in term of communication and computation to be suited for constrained devices.
• Proposed mechanisms must resist against malicious physical attacks such as relay- ing, delaying, replaying, spoofing attacks.
• Proposed mechanisms must be easy to use by an ordinary user.
Approach and Contributions
To tackle the challenges in device pairing and neighbor discovery protocols, we begin with an extensive literature review to understand the essential requirements This analysis allows us to identify the limitations of current methods We then introduce an innovative user-friendly device pairing protocol that eliminates the need for prior knowledge sharing between devices Our protocol not only maintains a high level of security but also significantly lowers communication costs compared to existing solutions.
We propose a formalism to verify security properties for protocols, adapting the flexible model of Strand Spaces to accommodate out-of-band (OOB) channels Our modifications include refining the attacker model to address both unsecured and OOB channels Additionally, we introduce a translation procedure that converts protocols utilizing OOB channels into ones that rely solely on cryptographic primitives This ensures that if the translated protocol is secure, the original protocol is also secure This approach enables the use of traditional security protocol verification tools, allowing us to assess the security of protocols with OOB channels by simply verifying the translated version Our key contributions include the adaptation of Strand Spaces, refinement of the attacker model, and the development of a reliable translation procedure.
We present an innovative device pairing protocol that enhances security and improves efficiency while reducing communication costs compared to competitors To demonstrate its practicality, we have implemented our protocol within an embedded system, showcasing its effectiveness and utility.
We introduce an enhanced Strand Spaces model to effectively represent the physical security features of out-of-band (OOB) channels, while also expanding the adversary capabilities associated with these channels This innovative model has revealed new vulnerabilities in existing device pairing protocols Furthermore, we demonstrate the correctness of our protocol within this framework Additionally, we outline a procedure to convert a model of an initial protocol utilizing OOB channels into a corresponding model in the original Strand Spaces, ensuring the security properties of the initial protocol are maintained.
We tackle the issues associated with various neighbor discovery mechanisms that stem from differing signal ranges among participants By extending the original Strand Spaces theory, we incorporate the physical aspects of secure neighbor discovery protocols Our findings reveal that discovery mechanisms reliant on message time-flight are not dependable.
We propose an innovative secure bootstrapping scheme for IoT devices that allows resource-constrained objects to join home networks securely This approach eliminates the need for pre-shared keys, authenticated public keys, or a public key infrastructure (PKI), ensuring functionality even in worst-case scenarios, such as when the home gateway is offline or when devices are reused.
Thesis Outline
The rest of this thesis features 5 chapters:
Chapter 2 explores secure device pairing protocols that utilize out-of-band channels, analyzing current approaches and identifying flaws in certain protocols, such as the Wong-Stajano protocol Building on this analysis, we introduce a novel device pairing protocol designed to enhance security through the use of out-of-band communication.
• Chapter 3 is devoted to formal security analysis of secure device pairing protocols.
This article presents an extension of Strand Spaces theory, applied to analyze the Wong-Stajano protocol, revealing a significant flaw Additionally, it demonstrates the application of this theory to model and validate the security of a new device pairing protocol introduced in Chapter 2 Furthermore, we outline a method for transforming a protocol modeled in our extended Strand Spaces into one that aligns with the original Strand Spaces framework, eliminating the need for out-of-band channels.
• Chapter 4 studies neighbour discovery protocols and the formal analysis of their security We propose another extension of Strand Space theory to model neighbour discovery protocols.
• Chapter 5 proposes a new secure bootstrapping scheme for constrained devices in IoT and describes the implementation of our new device pairing protocol.
• Chapter 6 concludes our thesis and considers possible future work.
The increasing need for secure communication among personal devices, particularly within the Internet of Things (IoT), highlights the challenges of authenticating devices without prior common knowledge One potential solution is the use of a pre-authenticated auxiliary channel, known as an out-of-band channel, which can be human-assisted or location-restricted While many device pairing protocols utilizing out-of-band channels have been proposed, most lack adequate proofs and may be susceptible to various attacks Furthermore, existing methods often fall short of meeting the convenience requirements for IoT applications, where devices are severely constrained and network bandwidth is costly.
This article examines existing secure device pairing protocols, revealing their inefficiencies in computation and communication for Internet of Things applications To address these shortcomings, we propose a novel key agreement protocol designed for two wireless devices, which utilizes only two wireless messages and one out-of-band message This approach significantly reduces communication costs compared to current solutions while maintaining an acceptable level of security The security of our proposed protocol is validated through an estimation of attack success probabilities within a computational model.
This chapter introduces out-of-band channels and existing device pairing schemes, followed by a presentation of our novel device pairing method Additionally, we will highlight the flaws identified in several current approaches to device pairing.
Out-of-Band Channels
OOB Security Properties
The distinction between data security properties and those related to physical channels can often be misunderstood due to their overlapping nature Data security is typically achieved through cryptographic methods, including symmetric and asymmetric encryption, signatures, and hash functions In contrast, a secure physical channel inherently offers data security without relying on cryptography, while also ensuring physical security features such as stall-free operation, listener resistance, non-forwarding capabilities, and constraints on time and distance This chapter explores various security properties involving participants S and R, a message m, a channel o, and a time interval T.
Data Origin Authentication (DOA), also known as message authentication, ensures that a message, originally created by a sender (S), can be verified by the receiver as coming from the authentic source This process guarantees that the message remains unaltered, thus encompassing message integrity However, it is important to note that while DOA prevents modification of the message, it does not protect against potential interception or replay attacks.
• Data Confidentiality (DC): If a sender determines that only a specified R can observe content of a message m, then no one including penetrators, excepted R, is allowed to know the content ofm.
Channel Origin Authentication (COA) ensures that only designated senders can use a specific channel to transmit messages, making it clear to intended receivers who the authentic sender is This mechanism prevents impersonation of the sender by unauthorized individuals However, it is important to note that an attacker may still disrupt message transmission, allowing them to intercept messages before they reach their intended recipients.
Channel Confidentiality (CC) ensures that only a designated receiver, R, can access messages on a specific channel, a fact known to authorized senders This security feature prevents unauthorized parties, or penetrators, from impersonating R to intercept messages Additionally, it safeguards against eavesdropping, ensuring that messages transmitted on the channel remain confidential and secure from unauthorized access.
• Channel Occupancy (CO): If a specific receiverRuses a channeloto communicate with someone during interval of timeT, then there is indeed a sender usingowith
R during T A penetrator cannot manipulate o during T if o is not exclusively used by the penetrator However, it is possible to overhear and block messages.
Note that, channel occupancy allows participants to ensure distance and presence of their protocol partners Straightforwardly, penetrators cannot use suspending attack on messages over such channels.
Channel origin authentication and channel confidentiality were originally defined in [31], where their definitions overlap; channel confidentiality ensures data confidentiality, while channel origin authentication guarantees data origin authentication Additionally, the concept of channel occupancy is an adaptation of the locale occupancy property introduced in [32].
OOB Classification
In this subsection, we classify out-of-band channels according to both their physical characteristics and the security properties they o↵er.
According to the classification from [33], existing out-of-band (OOB) channels can be categorized based on their physical characteristics into several types: cable-based, audio-based, visual-based, tactile-based, motion-based, biometric-based, wireless-based, or a combination of these types.
A cable-based connection is used in the Resurrecting duckling policy model proposed in [34] to map relationship between devices A master device, called ”Mother”, imprints
In the context of "duckling" slave devices, slaves can be categorized as either imprintable or imprinted Imprintable slaves represent the initial state before being selected by a master, while they transition to an imprinted state once a secret is transferred from the master, binding them to the master for life This imprinting ensures unwavering loyalty and obedience from the slave, as they will not serve anyone else The authors propose that the secret key can be transmitted in plain text over a physical connection, such as a cable, rather than using cryptographic key exchange methods like the DH scheme, which may limit practical convenience Nevertheless, this method requires minimal human involvement during the authentication phase.
Protected-content-based channels play a crucial role in two-factor authentication mechanisms, with common examples including SMS, encrypted email, and confidential paper mail These channels ensure that messages are kept confidential and are intended solely for a specific recipient.
Audio channels serve as out-of-band communication methods, where cryptographic material is encoded into nonsensical audio sentences These sentences are transmitted from a speaker to a microphone, allowing the target device to reinterpret them as cryptographic information The user then compares the results to determine whether to accept or deny the pairing.
Audio-based authentication systems often rely on physical interfaces like speakers and microphones, which can be vulnerable to denial of service attacks and adversely affected by noisy environments For example, ambient noise in crowded places such as subways, airports, or bars complicates speaker recognition, making authentication challenging Additionally, these audio schemes are not accessible for users with disabilities.
Image comparison for establishing an out-of-band channel between devices has been explored in early literature This method involves encoding cryptographic material into images, which users then compare across two devices It is particularly effective for high-resolution screens found on laptops, PDAs, and smartphones.
Visual-based channels, like audio-based ones, face challenges related to hardware requirements and susceptibility to denial of service attacks Additionally, the use of cameras is often restricted in high-security locations, such as military zones and bank offices, while barcodes can be ineffective in low-light conditions.
The BEDA protocol, introduced by Soriente et al., offers methods for securely transmitting secrets between devices using simple interfaces such as buttons It includes four variants: Button-to-Button, Display-to-Button, Short-Vibration-to-Button, and Long-Vibration-to-Button, differing only in how the initial device shares the secret with others.
To transmit a secret code, two methods are proposed: the Button-Button approach and the Display-to-Button approach In the Button-Button method, users press and release buttons on both devices simultaneously until the secret is obtained Alternatively, the Display-to-Button method involves one device signaling the user to press a button on the other device, with the secret being calculated based on the idle time between the two button presses.
To create a secure communication channel, various wireless technologies like infrared, ultrasound, RFID, Bluetooth, and NFC can be utilized Examples include the "Talking to Stranger" method and its variants However, these approaches face significant challenges, particularly from denial of service attacks and passive eavesdropping threats.
Bluetooth pairing typically requires a 4-digit pre-shared PIN code, making it vulnerable to offline brute force attacks Alternative solutions utilizing NFC technology offer a very short communication range, enhancing security In many cases, NFC is used in conjunction with Bluetooth to facilitate quicker setups and improved security While NFC does not prevent eavesdropping, the close proximity required for NFC authentication makes it difficult to execute a Man-In-The-Middle (MITM) attack.
The Feeling-is-Believing scheme is one of the earliest methods to utilize biometric data for creating a secure communication channel, as detailed in [51] This innovative approach involves sharing a secret key through authenticated biometric information, enhancing security in data transmission.
Biometric-based security schemes may seem more secure and user-friendly from the user's perspective; however, they often lack accuracy and demand significant computational resources Additionally, it is essential for every device to be fitted with a biometric scanner to implement these systems effectively.
Accelerometers are commonly utilized for monitoring vibrations and determining both magnitude and direction One notable application is the Smart-its-Friends scheme, where two devices are shaken together to facilitate pairing The accelerometer data collected during this process helps the devices create a shared communication channel Various alternative methods have also been explored in recent studies.
A drawback of these approaches is that the deployment and use of embedded accelerom- eters is not possible in devices such as printers or projectors.
Claude Castelluccia and Pars Mutaf developed the Shake Them Up scheme, enabling two constrained devices to securely share a secret with minimal hardware and out-of-band channel requirements This innovative method requires the devices to shake and twirl in close proximity while exchanging radio packets At the conclusion of this process, both devices generate the same secret key The scheme's security is enhanced by the use of a CDMA-based system, which ensures source indistinguishability, preventing attackers from intercepting the key exchange.
OOB Penetrator Model
The penetrator is restricted from taking actions on private OOB channels but can still execute malicious activities on public or protected OOB channels This article examines various atomic attacks that can occur on OOB channels.
• Overhear means that attackers are able to know the content of messages when they are being transmitted on the OOB channel.
• Block means that attackers can drop any message sent over an OOB channel.
• Suspend means that attackers are able to delay sending events on the OOB channel.
• Replay means attackers are able to replay messages sent on the OOB channel.
In out-of-band channels, attackers are restricted from accessing private channels, while in protected channels, they can delay or drop messages but cannot decipher their content Additionally, protected channels are typically established by legitimate devices and are designed to be fresh, preventing attackers from replaying them.
Attackers can intercept unprotected message content transmitted over public channels; however, they cannot manipulate short-range public channels during their opening, preventing replay and suspension attacks In contrast, long-range public channels are vulnerable to such attacks due to their unsupported channel occupancy.
Table2.3presents the penetrator power for each kind of OOB channels.
Table 2.3: Threats on Out-of-Band Channels
Out of Band Channel Attacker’s Power
Type Overhear Block Suspend Replay
Overview on Secure Device Pairing Schemes
Long Authenticated String-Based Authentication Key Agreement
The Interlock protocol, introduced by Rivest and Shamir in 1984, utilizes users' knowledge of communication patterns or voice recognition as a long-range public out-of-band channel This innovative scheme enables two parties to mutually authenticate their public keys based on their initial knowledge, eliminating the need for third-party assistance.
1 Alice and Bob exchange their public keys via a long-range public out-of-band channel.
2 Aliceproduces{m A }P K B then sends the first half of the result denoted by ({m A }P K B) 1 toBob.
3 Bobproduces{m B }P K Athen sends the first half of the result denoted by ({m B }P K A) 1 toAlice.
4 Alicesends to Bob the second half denoted by ({m A }P K B ) 2
Aice(A) and Bob(B) Communicating entities
ID A Device A identifier r A Random number generated by entity A k A key k A Key generated by entity A ks Shared key
Entity A possesses a private key, while entity X generates a message or data denoted as m The message m is processed through a keyed-hash function using key k, resulting in h k (m) Additionally, the message m can be encrypted with the same key k, represented as { m } k A one-way hash function applied to message m yields h(m), and a truncated version of this hash is denoted as h s (m) The concatenation of various parts of a message is indicated, along with the bitwise "XOR" operation A and B represent secret values within this context.
Diffie-Hellman public key of entity A g a Diffie-Hellman public key of entity A g ab Diffie-Hellman shared key between A and
The commitment algorithm generates a commit value (c) and a decommit value (d) from a message (m) Conversely, the open commitment algorithm takes the values c and d to produce either a message (m) or an error signal The commit value is computed by entity A, as is the decommit value.
SAS A Short Authenticated String computed by entity A
Q A A number of instances of entity A in the network
X M ove Number messages on wireless channel
Dotted line Represents a out-of-band channel
Solid line Representing an insecure channel
An arrow Direction of each message
5 Bob sends toAlice the second half denoted by ({m B }P K A ) 2
6 Both decrypt the combination of two halves with their own private key.
The strength of this protocol basically lies on encryption algorithms with which the attacker cannot decrypt the received halves of encrypted messages.
In 1993, Maher got his patent for several pairing methods [62] allowing a user to share secret DH key manually In one method, he applied a hash function to interpret a
The DH key is converted into a 4-digit hexadecimal number, which is displayed on each device's screen for easy comparison by users In this context, the out-of-band (OOB) channel is considered a short-range public channel, and the protocol operates accordingly.
1 Aliceand Bob generate DH keysg a and g b respectively.
2 Aliceand Bob exchange their keys.
3 Both calculate h(g ab ) as a 4 digit hexadecimal number, and show the result on their device’s screen.
4 U serdecides to accept or reject by pushing a button on both devices.
U ser checks that h(DH A ) = h(DH B )
The protocol should require at least 80 bits over an out-of-band channel to be secure.
As a result, this length of bit string would be over-weighted for any out-of-band channel.
Balfanz and al proposed a new scheme using audio or infrared channels to transmit a hash of public keys [63] The protocol works as follows:
1 Alice and Bob initially exchange their identifiers and a hash value of their pubic keys over the out-of-band channel.
2 Both sides exchange their identifiers and their public key on insecure channel.
The security of this protocol relies heavily on the robustness of out-of-band (OOB) channels and the hash function used To effectively mitigate the risk of Man-In-The-Middle (MITM) attacks, it is essential to transmit a minimum of 80 bits of information in each direction of the OOB channel Failing to meet this requirement could allow an attacker to discover a pair of public keys (P K A 0, P K B 0) that satisfy the conditions h(P K A) = h(P K A 0) and h(P K B) = h(P K B 0), thereby facilitating a successful MITM attack.
2.2.1.4 Visual authentication based on Integrity Checking
Saxena and al proposed a new pairing protocol, namelyVisual authentication based on Integrity Checking (VIC) [45] which works as follows:
1 Aliceand Bob initially exchange their pubic keys.
2 Alicehashes both keys, and sends the hash value to Bob.
3 Bob verifies the hash value and informs the result to U ser over an out-of-band channel.
4 U serindicates Accepts/Rejects to Alice.
H = h(P K A , P K B ) H if H = h(P K A , P K B ) then informs OK Accept/Reject
Security of VIC heavily depends on the strength of the hash function and requires at least 80 bits on each OOB channel to prevent hash collision.
Manual Authentication Protocols
To address the excessive length of Out-of-Band (OOB) messages in previous protocols, researchers have explored reducing this length to 16 or 32 bits while maintaining security against adversaries who might extract messages from hash values Christian Gehrmann and Chris J Mitchell introduced three manual authentication protocols to tackle this issue: MANA I, designed for scenarios where one device features a keyboard and the other a display; MANA II, which is applicable when both devices have displays; and MANA III, intended for cases where both devices are equipped with keyboards.
These protocols remarkably reduce bandwidth of OOB channel to l bits (16-20 bits) in each way while a MITM attack success probability is still hold at 2 l
The authors introduced an initial scheme in [64], which employs a keyed hash function with an output ranging from 16 to 20 bits, demonstrating an adequate level of security The protocol operates as follows:
1 Alicesends a message mtoBob over an insecure channel.
2 Alice generates a random symmetric key k(16 to 20 bits), computes h k (m) and then outputs the results to its display.
4 Bobuseskand recomputesh k (m), compares whetherh k (m) and the value entered byU serequal or not, then informs Accept/Reject toU seraccording to the result.
5 U serindicates Accept/Reject to Alice.
If M AC A = M AC B then outputs OK Accept/Reject
MANA II [65],a variant of MANA I, works as follows:
1 Alicesends a message mtoBob over an insecure channel.
2 Alicegenerates a random key k(16 to 20 bits) Alice also generates h k (m), then outputs it toU ser over an out-of-band channel.
3 Alicesends key ktoBob over the insecure channel.
4 Bob usesk and recomputesh k (m), and outputsh k (m) to U ser.
5 U ser compares the values from both devices If values match, U ser indicates Accept/Reject to both devices.
U ser checks that M AC A = M AC B
In MANA III protocol [64], both devices agree on a public data m Here,A and B are identifiers forAliceand Bob, respectively The scheme operates as follows:
1 Alicegenerates a short random bit-string (16 to 20 bits)r, and sends toBobover a out-of-band channel.
2 Alicesends a message mtoBob over an insecure channel.
3 Alicegenerates a key k A , computesM AC A =h k A (A, m, r), then sendsM AC A to Bob over a insecure channel.
4 Bob generates a key kB, computesM ACB =h k B (B, m, r), then sends M ACB to Aliceover the insecure channel.
5 When AlicereceivesM AC B ,Alicesends k A toBob.
6 Bob recomputes M ACA and verifies the expected identifier A, and random value r IfM AC A matches the received value sent byAlice,Bob sendsk B toAlice and informs the resultU ser.
7 AlicerecomputesM AC B and verifies the expected identifierB, and random value r If M AC B matches the received value sent by Bob, Aliceinforms the result to
8 U serindicates Accept/Reject on both devices.
If M AC A 0 = M AC A then outputs OK k B
If M AC B 0 = M AC B then output OK
MANA I and II utilize either a public or protected out-of-band channel, whereas MANA III mandates a private channel to ensure the confidentiality of the value of r A leak of this value could expose the MANA III protocol to MITM attacks Additionally, the success probability of attacks across all MANA protocols remains below 2^l, where l represents the length of the MAC values in MANA I and II, and the length of r in MANA III.
Ephemeral Pairing Protocols
Jaap-Henk Hoepman proposed a protocol that utilizes long-range public out-of-band channel properties for secure sharing of Diffie-Hellman (DH) public keys The process occurs in two phases: initially, both parties exchange hashes of their public keys through insecure channels, followed by the transmission of short hashes or truncated hashes via out-of-band channels.
1 Aliceand Bob generate DH keysg a and g b respectively.
2 Both sides exchange a hash value of g a and g b over an insecure channel.
3 After the reception of the hash value, both sides calculate a short hash value ofg a and g b , i.e h s (g a ) andh s (g b ), and exchange them over an out-of-band channel.
4 Both sides reveal their value g a and g b to each other via the insecure channel.
5 At the end, each side verifies the received values containing a hash, a short hash values, and a key The key will be accepted if these values are valid.
Nguyen and Roscoe proposed an improved version of Hoepman protocol by removing one message on long-rang public OOB channel [66] The protocol works as follows:
1 Aliceand Bob generate DH keyg a and g b respectively.
5 Alice calculates a short hash value h s (g a g b ), then sends it to Bob over the out-of-band channel.
6 Bob recomputes h s (g a , g b ), checks whether it matches to the value sent by Alice. Bob informs the result toU ser.
7 U serindicates Accept/Reject to Alice.
H = h s (g a g b ) H checks if h s (g a , g b ) = H, then informs OK
The security of the Hoepman protocol relies significantly on the freshness of Diffie-Hellman (DH) keys in each session; otherwise, an attacker could exploit this vulnerability to find a matching key with an identical short hash output, enabling a successful Man-in-the-Middle (MITM) attack Additionally, Hoepman has demonstrated the protocol's security within the Bellare-Pointcheval-Rogaway model Similarly, the enhancement proposed by Nguyen and Roscoe maintains the necessity for fresh DH keys to ensure security.
We can point a vulnerability in Hoepman protocol in the next section when we assume that attackers can produce a collision in the short hash function.
Wong-Stajano Multichanel Security Protocols
Wong and Stajano introduced innovative mutual authentication and key agreement protocols utilizing both bidirectional and unidirectional public out-of-band channels Their implementations leverage visual channels as long-range public out-of-band methods to ensure data origin authenticity.
Wong and Stajano introduced a new variant of MANA III protocol which works as follows:
1 Alicegenerates a random numberr A , a keyk A , and DH key g a
2 Bob generates a random numberr B , a keyk B , and DH keyg b
3 Both sides exchange g a and g b to each other.
4 Alicecomputes M ACA=h k A (A, g a , g b , rA, kA), then sends it to Bob.
5 Bob computesM AC B =h k B (B, g b , g a , r B , k B ), then sends it to Alice.
6 Both sides exchange theirr A and r B to each other over an out-of-band channel.
7 At the end,Bob sides exchange theirk A and k B to each other.
8 Alice (resp Bob) recomputes h k B (B, g b , g a , rB, kB) (resp h k A (A, g a , g b , rA, kA)), checks whether it matches the M AC B (resp M AC B ) value sent by Bob (resp. Alice), and depending on the result accept or reject the key.
The original protocol has usability limitations, as it necessitates six message exchanges over an insecure channel and the computation of a MAC value, which can strain constrained devices To address these challenges, the authors introduced an enhanced version.
1 Alicegenerates a random numberr A , a keyk A , and DH key g a
2 Bob generates a random numberr B , a keyk B , and DH keyg b
3 Alice computes M AC A =h k A (A, g a , g b , r A ), then sends it with Alice’s identifier
A and DH public keyg a toBob.
4 Bob calculates M ACB = hk B (B, g b , g a , rB), then sends it with Bob’s identity B and g b toAlice.
5 Both sides exchange their random value r A and r B to each other over an out-of- band channel.
7 Bob recomputes h k A (A, g a , g b , r A ), checks whether it matches the M AC A value sent by Alice, and sendsk B toAlice.
8 Alice recomputes h k B (B, g b , g a , r B ), checks whether it matches the M AC B value sent by Bob.
9 Each sides indicates whether the DH key has been accepted or rejected.
The improved protocol combines the first 4 messages of MANA III variant into 2 mes- sages, and uses the MAC function, instead of a general hash function.
Wong and Stajano introduced a novel protocol utilizing two unidirectional out-of-band (OOB) channels—one for long-range public communication and another for short-range interactions This updated version streamlines the process by requiring only three messages over the wireless channel, compared to the four messages needed in the bidirectional version.
1 Alicegenerates a random numberr A and DH keyg a
2 Bob generates a random numberr B , a keyk B , and DH keyg b
4 Bob computes M AC B =h k B (B, g b , g a , r B ), then sends it with Bob’s identifier B and public DH key g b toAlice.
5 Alice acknowledges the reception of previous message to Bob over a short-range public out-of-band channel.
6 Bobsendsr B toAliceover the unidirectional long-range public out-of-band chan- nel.
8 Alice recomputes h k B (B, g b , g a , r B ), checks whether it matches the M AC B value sent by Bob.
9 Aliceinforms to U serwhether the DH key has been accepted or rejected.
The unidirectional OOB channel protocol streamlines communication by utilizing just five messages, including two out-of-band messages This efficient approach significantly reduces both computational and communication costs on devices when compared to the previous two protocols.
2.2.4.3 Improved Wong-Stajano Key Agreement Protocol
Nguyen and Roscoe introduced a variant of the Wong-Stajano protocol that simplifies the process by eliminating long keys and combining two different authenticated strings, A and B, into a single value, A r B The protocol operates based on this innovative approach.
1 Alicegenerates a random numberr A and DH keyg a
2 Bob generates a random numberr B , and DH key g b
3 Alicecalculates h(A, g a , r A ), and sends it toBob.
4 Bob calculatesh(B, g b , r B ), then sends it toAlice.
7 Alicecalculatesr A r B , then pushes it on a long-range public out-of-band channel toBob.
8 BobrecalculatesrA rB and checks whether it matches to one sent byAlice The result will be informed toU ser.
9 U serindicates Accept/Reject to Alice.
2.2.4.4 Analysis of Wong-Stajano Protocols
Attack scenarios in which the protocol goal does not hold for initiator will be presented in the following section.
Short Authenticated String-Based Authentication Key Agreement
Serge Vaudenay introduced a protocol [68] based on Short Authentication String (SAS) in 2005 This scheme uses l biton the long-range public OOB channel, and preserves
2 l attack success probability X-Move means that the number of wireless messages used in the protocol isX (it does not take into account the number of OOB messages).
2.2.5.1 4-Move SAS-based Mutual-Authentication
In the work [68], Vaudenay presented his message authentication protocol based on a short authenticated string over an OOB channel The protocol is illustrated as follows.
In this protocol, the number 0 and 1 used in commitment scheme to avoid reflection attacks.
1 Alice types a message mA, then picks a random value rA Bob types a message m B , then picks a random valuer B
2 Alicecomputes (c A , d A ) commit(0, m A , r A ), and sendsm A , c A toBob.
3 Bob computes (c B , d B ) commit(1, m B , r B ) sends m B , c B toAlice.
4 Alicesends d A toBob Then Bob computes (0, r A , m A ) Open(c A , d A ).
5 Bob sendsdB toAlice Then Alicecomputes (1, rB, mB) Open(cB, dB).
6 Alice computes SAS A r A r B , and sends SAS to Bob over an out-of-band channel.
7 Bob computes SAS B =r A r B , then sends SAS B back to Alice over an out-of- band channel.
8 Each side verifies whether the calculated SAS value matches to the received or not, and depending on the result, accepts or rejects the party’s message.
SAS A r A r B SAS A check SAS A = r A r B check SAS B = r A r B SAS B SAS B r A r B verify Bob and m B verify Alice and m A
2.2.5.2 3-Move SAS-based Mutual-Authentication
In [69], Sylvain Pasini and Serge Vaudenay attempted to decrease interaction cost of previous protocol down to 3 moves The protocol runs as follows:
1 Aliceand Bob start with the same messagem A =m B
2 Alicepicks a random value r A Bobpicks a random value r B
3 Alicecomputes (cA, dA) commit(mA, rA), and sendscA toBob.
5 Alice sends d A to Bob Then Bob computes (m A , r A ) Open(c A , d A ), check whether m A =m B or not.
6 Alice computes SASA = rA rB, and sends SASA to Bob over an out-of-band channel.
7 Bob computes SAS B =r A r B with the value of r A obtained when opening the commitment, checks that SAS A = SAS B , and then sends SAS B back to Alice over his out-of-band channel.
9 Both sides inform Accept/Reject to U ser.
SAS B = r A r B SAS B Checks that SAS A = SAS B Checks that SAS A = SAS B
2.2.5.3 3-Move SAS-based Message Cross Authentication
The new SAS-based Message Cross Authentication protocol enhances the previous 3-move mutual authentication method by utilizing a keyed hash function to generate a short authentication string.
1 Alice types message m A , then picks a random value r A Bob types message m B picks a random value r B
2 Alicecomputes (c A , d A ) commit(0, m A , r A ), and sendsc A toBob.
4 Alicesends d A toBob Bob computes (0, m A , r A ) Open(c A , d A ).
5 Alice computes SAS A =r B h r A (m B ) using the received value of r B , and send SASA toBob through out-of-band channel.
6 BobcomputesSASB=rB hr A (mB) with the value ofrAobtained when opening the commitment, checks that SAS A = SAS B , and send SAS B toAlice through out-of-band channel.
8 Both sides inform Accept/Reject to U ser.
Computes SAS B = r B h r A (m B ) SAS B Checks that SAS A = SAS B
Sven Laur and Kaisa Nyberg introduced the MANA IV protocol, a three-move message cross-authentication method that utilizes l-bit out-of-band (OOB) messages, where l represents the length of the OOB message.
2 Alice computes (c A , d A ) commit(r A ) for random r A , and sends (m A , c A ) to Bob.
3 Bob chooses randomr B , a message m B and sends (m B , r B ) to Alice.
5 Bob computesr A Open(c A , d A ) and halts if r A =N U LL.
6 Alice(resp Bob) calculatesSAS A =h(r A , r B , m A , m B ) (resp SAS B =h(r A , r B , m A , m B )).
7 Alicesends SASA toBob over a long-range public OOB channel.
8 Bob checks whetherSAS A ==SAS B , and informs the result to U ser.
9 U serindicates the Accept/Reject to Alice.
SAS A checks if SAS A = SAS B , then informs OK Accept/Reject
Laur and Kyberg revised the MANA IV protocol to propose a more computationally efficient protocol, called Manually Authenticated Diffie-Hellman (MA-DH) [70] The protocol runs as follows.
1 Alicecomputes (c A , d A ) commit(g a ), and sends (A, c A ) to Bob.
2 Bob computesg b , and sends (B, g b ) to Alice.
5 Alice computes SASA = h(A, B, g a , g b ) and sends SASA to Bob via an OOB channel.
6 BobcomputesSAS B =h(A, B, g a , g b ), and checks ifSAS A =SAS B , then informs
Computes SAS B = h(A, B, g a , g b ) Checks if SAS A = SAS B then informs OK Accept/Reject
Cagalj, Capkun, and Hubaux introduced three innovative protocols based on the original Diffie-Hellman (DH) protocol, which incorporate human operations The first protocol, DH-SC, utilizes visual comparison of short strings, while the second, DH-DB, enhances DH-SC by enabling devices to determine an upper bound distance through time-flight estimation The third protocol, DH-IC, employs integrity codes to ensure that any signal blocking is detectable For this discussion, we will focus on the DH-SC protocol.
1 Alice and Bob selects secret exponents aand b, computes DH public parameters g a and g b , and choose random numberr A and r B respectively.
2 Alicecomputes mA= 0, A, g a , rA Bob computes mB= 1, B, g b , rB
3 Alicecomputes (c A , d A ) commit(m A ) and sendsc A toBob.
4 Bob computes (c B , d B ) commit(m B ) , and sends c B toAlice.
5 Alice sends d A to Bob Bob computes m A = Open(c A , d A ) and verifies that 0 appears at beginning ofmA If verification is successful,Bob sendsdB toAlice.
6 Alice computes m B = Open(c B , d B ) and verifies that 1 appears at beginning of m B If the verification of is successful, Alice computes i A =r A r B , and sends i A via an OOB channel to Bob.
7 Bob computesi B =r A r B , checks thati A =i B , and indicates the success.
8 Alicechecks thati A =i B and indicates the success
To prevent reflection attacks, public values 0 and 1 are utilized, while identifiers A and B represent human-readable information, such as email addresses or names The authors implemented screens or human voice as an out-of-band channel to securely transmit these authenticated values.
A, g a , r A B, g b , r B m A = 0, A, g a , r A m B = 1, B, g b , r B (c A , d A ) commit(m A ) (c B , d B ) commit(m B ) c A c B d A m A Open(c A , d A ) d B Verifies 0 in m A m B Open(c B , d B ) Verifies 1 in m B Computes i A = r A r B i A
Computes i B = r A r B Checks that i A = i B i B Outputs OK
2.2.5.7 Short Random String-Based Key Agreement Protocol
Researchers in [5] highlighted the need for user assistance in SAS-based AKA methods, leading to the introduction of the Short Random String (SRS) key agreement protocol This innovative scheme facilitates automatic pairing of two devices via an audio channel, offering improved bandwidth efficiency compared to traditional SAS-based methods The protocol operates through a three-step interaction between Alice and Bob.
1 Alicesends its public keyP K A to deviceB.
2 Bob generates two random strings, r and SRS Then Bob computes a hashed value usingP K A ,P K B ,SRSand r and sends this value toAlice.
3 Bob sendsSRS toAlice over an out-of-band channel.
5 Aliceverifies the hashed value received in step 2 using P KA,P KB,SRS and r.
6 Aliceinforms the result to U ser
7 U serindicates Accept/Reject to Bob.
In the protocol, only Alice conducts the verification process, which allows attackers to potentially impersonate her public key To mitigate this vulnerability, implementing human oversight or requiring an acknowledgment from Alice to Bob can effectively prevent such attacks.
Checks if c A = c B then informs OK
We found an counterexample against Initiator guarantee, and present it in the next session.
2.2.5.8 Analysis of SAS-Based Protocols
Vaudenay and Pasini utilized the Bellare-Rogaway model to validate their protocols, asserting that the probability of attack success is less than 2^l for l-bit Shared Authentication Secrets (SAS) involving two participants, with Q_A and Q_B representing the number of instances of Alice and Bob in the network For example, in a multi-party network, l is 50 bits, while in a two-party network, it is 15 bits Conversely, Laur and Nyberg challenged Vaudenay's findings, arguing that the Random Oracle (RO) model and Common Reference String (CRS) model are unsuitable for ad-hoc networks Their research indicated that the attack success probability against MANA IV is 2^l, where l denotes the length of the SAS value.
Comparison of pairing protocols
A comparison of previous pairing protocols is summarised in table 2.5.
Approach Number of Message Computation Communication Required
Cost per Side Cost over
Interlock 4 2 2 HASH 2* 80 bits HF Long-range public Maher Manual
2 2 1 HASH 2* 80 bits HF Long-range public Talking to
VIC 3 1 1 HASH 20 bits HF Long-range public
MANA III 4 1 2 MAC 16-20bits K MF Long-range public Wong-Stajano
6 2 1 MAC 2 *(20 bits N) HF Long-range public Wong-Stajano
4 2 1 MAC 2 *(20 bits N) HF Long-range public Wong-Stajano
3 1 1 MAC 20 bits N HF Long-range public Improved
1* (20 bits N) HF + XOR Long-range public
80 bits S HASH Short HF and
4 2 1 CS + 1 XOR 15 bits SAS CS + XOR Long-range public 3-move SAS
3 1 1 CS + 1 XOR 15 bits SAS CS + XOR Long-range public SAS Cros
14 bits SAS CS + HF Long-range public
14 bits SAS CS + HF Long-range public
SRS-based AK 3 1 1 CS 15 bits SRS CS Long-range public
DH-SC 4 2 2 CS + 1 XOR 15bits SAS CS + XOR Long-range public
2.3 2-Move Secure Device Pairing Protocol
This article introduces an efficient novel pairing protocol that operates with only two messages transmitted over a wireless channel and one message sent through a long-range public out-of-band (OOB) channel Despite its streamlined communication, the protocol maintains an attack success probability of 2^l, where l represents the length of random numbers Figure 2.1 illustrates the protocol's operation, which occurs between the initiator, Alice, and the responder, Bob, as they securely exchange their Diffie-Hellman (DH) public keys, denoted as g^a and g^b, respectively.
• Participants reuse their public keys across protocol sessions.
A keyed hash function can be understood as a hash function combined with a key, but it is generally viewed as less secure than its predecessor This is primarily due to the typically shorter output length of keyed hash functions when used over out-of-band channels, which creates vulnerabilities that attackers may exploit.
1 Alicepicks a random value r A Bobpicks a random value r B
4 Alicesends M AC= (rA hr B (g a , g b )) toBob over a long-range public channel.
6 Bobchecks whetherh(g a , r 0 A ) ==h(g a , r A ) or not, and informs the result toU ser.
7 U serindicates Accept/Reject to Aliceby pushing a button.
M AC = (r A h r B (g a , g b )) MAC r 0 A = M AC h r B (g a , g b ) check if h(g a , r A 0 ) = h(g a , r A ) then informs OK OK(Push button)
Figure 2.1: New 2-move Authenticated Key Agreement Protocol
The protocol utilizes random values r A and r B along with a hash function to implement a commitment scheme, which is designed to significantly reduce the probability of attacks, as discussed in section 2.3.1.
This protocol ensures robust security through a low-bandwidth out-of-band (OOB) channel, assuming that Alice and Bob remain honest and uncompromised Upon receiving the third message, Bob is able to verify the information and securely inform Alice of the outcome, with assistance from a human user.
Table 2.6 provides a comparative analysis of our protocol against major existing protocols that utilize a public out-of-band (OOB) channel The comparison considers various factors, including the number of messages transmitted over the wireless channel, the number of messages on the OOB channel, the computational costs involved, and whether a formal security proof exists, either in the Dolev-Yao model or a computational model.
Our protocol maintains low computational complexity by incorporating only a single exclusive-or operation on a short string, which minimally affects the overall cost Additionally, it optimizes communication expenses by utilizing the fewest messages possible A comprehensive security analysis has been conducted within both the Dolev-Yao and computational models.
Table 2.6: Device Pairing Protocol Comparison
Protocol Wireless OOB Computation Cost Proof
Bidirectional Wong-Stajano [4] 4 2 2*MAC FAIL
Unidirectional Wong-Stajano [4] 3 2 1*MAC FAIL
Improved Wong-Stajano [66] 4 1 2*HF + 1*XOR ỉ
3-Move SAS [68] 3 1 1*CS +1HF + 1*XOR p
Our Proposal 2 1 1*HF +1*MAC + 1*XOR p
Security Analysis
We give a sketch of proof of our protocol using modular approach [73] which was used in [71] Our goal is to evaluate the of a successful attacking probability against the protocol.
We refer to the security definition in [71] which is recalled below.
Definition 2.3.1 We say that a protocol is a secure protocol enabling authentication of DH public parameter between A and B, respectively g a and g b , if attacker cannot succeed in deceivingAandB into accepting DH public parameters di↵erent theng a and g b , except with a small probabilityO(2 l ) wherel is the length of the OOB message.
Lemma 2.3.2 For any interaction between Initiator and Responder, and attacker X, attack success probability of X is lower or equal to n .2 l , where n is the number of participants on the network, is the maximum number of sessions for each participant, l is the length of short authenticated string.
In a standard run, the responder utilizes the value of A obtained from messages on the OOB channel to successfully open the commitment h(g a , r A ) If this process is successful, an Accept status is communicated To achieve victory, attacker X must deliver h(m) in the initial message, ensuring that h(m) equals h(g xa ,(r A h r xb (g a , g xb )) (h r B (g xa , g b ))) This equation can be reformulated based on our assumption regarding the keyed-hash function, leading to h(m) = h(g xa ,(r A r xb r B h(g a , g xb ) h(g xa , g b )).
In the simplest case where attackerXis able to find a pair (g xa , g xb ) such thath(g xa , g b ) h(g a , g xb ), we can deduce from (2) thatr xa =r A r xb r B orr xa r B =r A r xb (3).
X must submit r xb before knowing r A and submit r xa before seeing r B Consequently, the attacking strategy involving X, r A, and r B will only be disclosed after the generation and submission of r xa and r xb If both r A and r B are revealed simultaneously, we can choose either one arbitrarily Assuming r A is revealed after r B, we proceed accordingly.
(i) r A and r B are independently and uniformly distributed random variables,
(ii) r xa and r xb must be generated and submitted before eitherr A is revealed,
(iii) each principal can open at most sessions.
The same holds for a case where rB is revealed after rA Therefore, the probability of r xa r B =r A r xb is less than n .2 l
In scenarios where X fails to identify a collision, we define t as h(g a, g xb) h(g xa, g b), with g a and g b remaining consistent across sessions Consequently, we derive the equation (i) r xa r B = r A r xb t, and (ii) if t remains constant, the likelihood of r xa r B equating to r A r xb t is less than n.2 l.
Flaws Found in Some Pairing Protocols
Attack on Wong-Stajano Protocol using Bidirectional Channel
The Wong-Stajano protocol, detailed in subsection 2.2.4 of this chapter, utilizes a bidirectional channel to facilitate key agreement between two participants This protocol is currently implemented in the Pico system [74].
However, we found a counterexample in which the protocol goal does not hold for the initiator The counterexample is illustrated in the figure2.2, and is detailed in table2.7.
Table 2.7: Attack Scenario Against Initiator’s Guarantee in Wong-
Stajano Protocol with Bidirectional Channel
Step 1.1 Attacker suspends the r B sent by Bob on OOB channel
Step 1.2 Attacker drops the k B sent by Bob
Step 1.3 Alice starts a new session
Step 2.1 Alice sends (A, g a , M AC k A 0 (A, g a 0 , r A 0 )) to the Attacker on wireless chan- nel Step 2.2 Attacker sends (B, g x , M AC k X (B, g x , r B )) on wireless channel
Step 2.3 Attacker drops r 0 A sent by Alice on OOB channel
Step 2.4 Attacker releases on OOB channel r B , suspended at step 1.1
Step 2.5 Attacker sends k X to Alice on wireless channel
Step 2.6 At the end of the execution, Alice believes she shares a fresh session key with Bob, known actually by the Attacker
Attack on Wong-Stajano Protocol using Unidirectional Channels 43
Figure 2.2: Attack on Wong-Stajano Protocol using Bidirectional Channel with Uni- directional Channels
Figure 2.3: Attack on Wong-Stajano Protocol using Unidirectional Channels
Table 2.8: Attack Scenario Against Initiator’s Guarantee in Wong-
Stajano Protocol with Unidirectional Channels
Step 1.1 Attacker intercepts g a sent by Alice on wireless channel
Step 1.2 Attacker replies with (B, g x , h k X (B, g x , g a , r x )) to Alice on wireless channel Step 1.3 Attacker suspends r B sent by Bob on OOB channel
Step 2.1 Alice starts a new session and sends g a 0 on wireless channel
Step 2.2 Attacker responds (B, g x , h k X (B, g a 0 , g x 0 , r B )) on wireless channel
Step 2.3 Attacker drops ACK sent by Alice on OOB channel
Step 2.4 Attacker release r B sent by Bob on OOB channel at Step 1.3
Step 2.5 Attacker sends k X to Alice on wireless channel
Step 2.6 At the end of the execution, Alice believes she shares a fresh session key with Bob, known actually by the Attacker
Attack on SRS-AKA Protocol
Attack against SRS-AKA is similar with the attack against Wong-Stajano protocol using unidirectional channels The attack scenario is illustrated in figure 2.4 and detailed in table 2.9.
Table 2.9: Attack Scenario Against Initiator’s Guarantee in SRS-AKA
Step 1.1 Attacker intercepts P K A sent by Alice on wireless channel
Step 1.2 Attacker replies with h(P K A , P K X , r X , SRS X ), P K X to Alice on wire- less channel Step 1.3 Attacker suspends SRS sent by Bob on OOB channel
Step 2.1 Alice starts a new session and sends P K A on wireless channel
Step 2.2 Attacker responds h(P K A , P K X , r X , SRS), P K X on wireless channel
Step 2.4 Attacker release SRS sent by Bob on OOB channel at Step 1.3
Step 2.5 Attacker sends r X to Alice on Wireless channel
Step 2.6 At the end of the execution, Alice believes she shares a fresh session key with Bob, known actually by the Attacker
Attack on Hoepman AKA Protocol
The Hoepman protocol, while similar to the Wong-Stajano protocol, presents unique challenges for attackers due to its use of short hashing values instead of random numbers exchanged over an out-of-band (OOB) channel This distinction complicates potential attacks, yet the reliance on a less robust hash function raises concerns If an attacker can successfully find a collision in the short hash function within polynomial time, they could execute a man-in-the-middle (MITM) attack This scenario is illustrated in Figure 2.5 and detailed in Table 2.10.
Figure 2.4: Attack Against SRS-AKA Protocol
Figure 2.5: Attack Against Hoepman-AKA Protocol
Conclusion
In this chapter, we conducted a survey on out-of-band channel types and secure device pairing protocols, proposing a novel key agreement solution over radio links Our approach requires only two wireless radio messages and one out-of-band message, making it more cost-effective than existing protocols while maintaining equivalent security levels We also provided a sketch of proof in a modular model, along with an implemented proof of concept that has been tested successfully.
Table 2.10: Attack Scenario Against Initiator’s Guarantee in Hoepman
Step 1.1 Attacker suspends the h s (g b ) sent by Bob on OOB channel
In the process of compromising a session, the attacker identifies a value \( g^x \) such that \( h_s(g^x) = h_s(g^b) \), without needing to establish \( h(g^x) = h(g^b) \) Subsequently, Alice initiates a new session and transmits \( h(g^{a2}) \) to the attacker over a wireless channel In response, the attacker sends \( h(g^x) \) back to Alice through the same wireless channel.
Step 2.3 Attacker drops h s (g a2 ) sent by Alice on OOB channel
Step 2.4 Attacker releases h s (g b ) at Step 1.1 on OOB channel
Step 2.5 Alice sends g a2 to Attacker on wireless channel
Step 2.6 Attacker sends g x to Alice on wireless channel
At the conclusion of the process, Alice is under the impression that she has successfully shared a new session key with Bob; however, this key is actually known to an embedded system controlled by an attacker, highlighting a significant security vulnerability Additionally, we have identified previously unreported flaws in the Wong-Stajano, Hoepman, and SRS-AKA protocols.
Analysis of Secure Device Pairing Protocols
In this chapter, we aim to introduce a formalism that naturally models device pairing protocols and enables the verification of their security properties Our approach adapts the flexible framework of Strand Spaces, which represents protocols through the local perspectives of participants during a protocol execution By leveraging this flexibility, we enhance Strand Spaces to accommodate out-of-band (OOB) channels, while also refining the attacker model to address the various types of channels, including both unsecured and OOB channels.
We identified a flaw in the device pairing protocol utilizing unidirectional out-of-band channels, as proposed by Wong and Stajano, which has not been previously published This protocol is currently implemented in the PICO solution Additionally, we introduce a translation procedure that converts a protocol model from our extended Strand Spaces into a model compatible with the original Strand Spaces, excluding OOB channels This translation maintains the security properties of the original protocol, allowing for automatic verification using established security protocol verification tools.
The chapter 3 starts by surveying existing related work Then we present the extension Strand Spaces model to deal with out-of-band channels and device pairing problems.
This chapter analyzes the Wong-Stajano protocol and provides a proof of our proposed protocol from the previous chapter Additionally, we present our out-of-band translation at the conclusion.
Related Work
While much research focuses on the formal verification of traditional authentication protocols, there is a noticeable lack of studies addressing the challenges associated with multichannel protocols.
In their study, the authors in [77] explore whether auxiliary channels are essential for authentication without pre-shared knowledge, demonstrating through BAN logic [2] that device authentication via a single channel is unfeasible They propose an extension of BAN logic that incorporates out-of-band (OOB) channels, validating the correctness of the Talking to Strangers protocol from [63] and a simplified version of the Wong-Stajano protocol [4] However, as noted in subsection 2.4.2, the Wong-Stajano protocol is susceptible to attacks due to the lack of expressiveness in the proposed formalism for accurate modeling The formal verification of various Bluetooth protocol versions has garnered significant attention in the literature, with multiple proposals [78–80] addressing security vulnerabilities from version 2.0 to the latest version 4.0.
Several verification tools, including ProVerif, PRISM probabilistic model checker, and Tamarin, provide limited out-of-band channel modeling These tools represent initial steps toward the automated analysis of formal models for human-assisted protocols.
Extended Strand Spaces with Out-of-Band Channels
Model Assumptions
We now make several practical assumptions in our model as follows:
The secure device pairing protocol employs perfect hash functions, effectively preventing attackers from successfully executing collision, pre-image, and second-image attacks.
• There is no more than one instance of a particular role using an OOB channel on each side at a given time.
• When one device sends the Accept/Reject information, the other confirms this decision.
Following the device pairing process, a communication session will commence However, if there is no confirmation of the procedure's completion, the pairing process will restart with a new session.
Notations
Some notation conventions that we use in this chapter is presented in table 3.1.
Algebra Extension
In this thesis, the term "regular" is defined as legitimate or trusted A "regular strand" refers to a legitimate role within a protocol, while a "regular node" denotes an event of sending or receiving that takes place on a regular strand Furthermore, "regular keys" are used to signify trusted keys.
Our concept of Strand Spaces algebra builds upon the definitions from [84], enhancing the framework to accommodate DH operations, hash functions, and signatures Consequently, we redefine the terminology accordingly.
Definition 3.2.1 The set ofterms Ais assumed to be freely generated from four disjoint sets: predictable texts T, unpredictable textsR, keysK, and Diffie-Hellman valuesD.
The set of keysK is divided into three disjoint sets: signature keys (private keys) KSig, verification keys (public keys) KV er, and keys for symmetric encryptionKSym The set
T also includes a set ofTN ame containing identifiers of participants.
Compound terms are built with the following operations:
• join: A⇥A!A, which represents concatenation of terms.
• encr: KSym⇥A!A, which represents encryption.
• sig: KSig⇥A!A, which represents signing a message.
T N ame Set of identifiers of participants
D X Set of DH keys of entity X
K Sym Set of symmetric keys
K V er Set of verification keys
K Sig Set of signature keys
X ESP Penetrator strands in the extended Strand
X SP Penetrator strands in the original Strand
In the context of original Strand Spaces, B o SP (m, i) represents a shape for the index o (m), while sk o r (m, i) denotes an Initiator skeleton within this framework Additionally, sk o r (m) signifies a Responder skeleton in B o SP (m, i) The term lrp (m) refers to a message m transmitted over a long-range public channel, whereas srp (m) indicates a message m sent via a short-range public channel Furthermore, pro (m) describes a message m communicated over a protected public channel, and pri (m) pertains to a message m shared on a private public channel.
• DH: D⇥D ! D, which represents the Diffie-Hellman operation We denote the range of DH byDDH.
• hash: A!KSym, representing hashing into keys We denote the range of hash by
• MAC: KSym⇥A!KSym, representing MAC operation with a key into keys.
As defined in [84], note that the output of hash functions are in the set of symmetric keys.
In this article, terms are represented as \( t \) and \( t_0 \), potentially indexed by integers Random texts, referred to as Rare, serve as nonces in protocols and are denoted by \( r \), which may be indexed by an agent's identifier Elements from KSym and D are represented by \( k \) and \( d \), respectively, and may also be indexed by identifiers or integers Throughout the chapter, encryption is denoted as \( \text{encr}(k, t) \), hashing as \( \text{hash}(t) \), and message authentication as \( \text{MAC}(k, t) \), represented as \( \{ t \}_k \), \( h(t) \), and \( h_k(t) \) The operation join(t, t 0) is expressed as \( t, t_0 \) or \( (t, t_0) \) when necessary to prevent confusion.
In our extension, we will need to explicitly distinguish between di↵erent channels We thus need to define what is a channel.
Definition 3.2.2 (Channel) Achannel is a group of strands which can exchange messages in the same region.
One strand may use more than one channel For example, given two channels ch 1 and ch 2 and 3 strands: st 1 ,st 2 ,st 3 , the strandst 1 andst 2 may usech 1 , whereasst 2 andst 3 usech 2
In the absence of a supplementary assumption, a channel is considered an unsecured public wireless channel by default It is essential to specify any specific assumptions regarding a channel prior to formalizing the protocol As a protocol may utilize multiple channels, it is necessary to indicate the name of the channel being used when sending or receiving a term Consequently, this impacts the definition of a signed term.
Definition 3.2.3 (Signed term) A signed term is a triplet h✓, t, chi , noted ✓ ch t, where
✓ is + (sending) or (reception), t a term, and ch the channel on which t is sent or received.
In subsection 3.2.4, we will explore how terms manipulated by a penetrator can be assigned a different sign We will specify the channel used, noting that "ch" indicates the term "t" is received on an out-of-band (OOB) channel, while "t" will represent reception on a public wireless channel Additionally, an OOB channel is defined as a unicast connection between two specific strands The capabilities of an attacker on these channels will be discussed in the following subsection.
According to the updated definition of signed terms, the concepts of strand space, node, edge, originating term, uniquely originating term, bundle, and height of a strand remain consistent with those presented in [13], as detailed in Appendix A.
We refine the notions ofsubterm andcomponent from previous works on Strand Spaces as follows.
Definition 3.2.4 (Subterm) We say that tis asubterm of t 0 , writtentvt 0 when:
Definition 3.2.5 (Component) We say that a termt is acomponent of term t 0 , written tvc t 0 , ift 0 can be obtained by concatenatingt with other terms.
For example, the term (A, g a , h(A, g a )), where g a denotes a Diffie-Hellman key, contains three components: A,g a , and h(A, g a ).
At last, we introduce the notion of boxed term.
Definition 3.2.6 (Boxed term) For a given bundle, we say that a term tisboxed at node n, if there exists terms t 0 and t 00 such that t v t 0 , t 0 v term(n), and t 0 has one of the following forms: {t 00 } k ,h(t 00 ),h k (t 00 ).
Extended Penetrator Model
The new penetrator model must consider the various channels utilized in secure device pairing protocols The original Dolev-Yao model is expanded to include Diffie-Hellman (DH), hash, and MAC operations for wireless channels We define DP as a set of the attacker’s DH keys.
• F Fresh DH key: h+di where d2DP
• MAC MAC: h t, k, h k (t)i wherekis a key generated by the attackers.
OOB channels are designed to restrict a penetrator's ability to manipulate messages, particularly on private channels However, they can still perform certain actions on public or protected OOB channels To effectively model these actions, we introduce a new event, #o_t, which indicates that a penetrator suspends message t on OOB channel o This event is specifically applicable to long-range public or protected OOB channels, leading to an enhancement of the penetrator model to include specific traces related to actions on these channels.
• OVH Overhearing : h ot,+t,+ o ti whereois an OOB channel of type public.
• SUS Suspending : h ot,# o tiwhereois a OOB channel of type long-range public or protected.
• REL Releasing : h# o t,+ o ti where ois a OOB channel of type long-range public or protected.
• RPL Replaying : h ot,+ o t,+ o ti where o is a OOB channel of type long-range public.
Let X ESP represent a set of five traces The dropping attack can be modeled by the SU S strand in the absence of the REL strand Additionally, the REL strand is effective for a term t over a long-range public OOB channel o only when there is a corresponding SU S strand for t over o.
Having defined the penetrator model, we can now define the notion of revealed term.
Definition 3.2.7 (Revealed term) For a given bundle, a term tis called to be revealed at node nif:
• tvterm(n), andtcan be obtained by the penetrator using his knowledge at node n, and
• for any n 0 that precedes n, or (n 0 n), such that t v term(n 0 ) the penetrator cannot obtain the tusing his knowledge at noden 0
Pairing Agreement
The primary objective of secure pairing device protocols is to guarantee that two devices, lacking any prior shared knowledge but connected through a common out-of-band (OOB) channel, arrive at the same agreement dataset following an acceptance notification To define the associated security property, we modify the agreement property definition from existing literature to fit our context.
Definition 3.2.8 (Agreement Property) We say that a protocol ensures InitiatorAagree- ment with Responder B on a set of data items ds, if whenever A (acting as Initiator) completes a protocol run, apparently with Responder B, then B has previously been running the protocol acting as Responder apparently with A, and each such run of A corresponds to a unique run of B Furthermore the two agents receive the same ds at the end of a run.
A penetrator can attack the protocol if at the end of its run, both devices reach toAccept state, yet having a di↵erent agreement dataset.