ZeroProKeS: A Secure Zeroconf Key Establishment Protocol for Large-Scale Low-Cost Applications

IF 7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-09-01 DOI:10.1109/TDSC.2022.3207927

S. K. Sakib, G. Amariucai, Yong Guan

{"title":"ZeroProKeS: A Secure Zeroconf Key Establishment Protocol for Large-Scale Low-Cost Applications","authors":"S. K. Sakib, G. Amariucai, Yong Guan","doi":"10.1109/TDSC.2022.3207927","DOIUrl":null,"url":null,"abstract":"Traditional approaches to authenticated key establishment include the use of PKI or trusted third parties. While certificate deployment is sub-optimal for large-scale, low-cost applications, the use of trusted third parties is subject to human error and leaked credentials. For this context, co-location can be a valuable resource, and it is often exploited through common randomness harvesting techniques, but these, in turn, suffer from low achievable rates and usually from restrictive assumptions about the environment. Recent techniques for exploiting co-location are based on the notion of quality time and rely on sophisticated throttled clue-issuing mechanisms that allow a device with enough time to spend in the vicinity of the transmitter to find a secret key by collecting enough consecutive clues. By contrast, attackers are afforded only limited time to listen to, or interact with, the clue transmitter. Previous work in this direction deals solely with passive attackers and uses high-overhead information throttling mechanisms. This paper introduces the active attacker model for the quality-time paradigm and proposes a simple solution, a Zeroconf Key Establishment Protocol (ZeroProKeS). Additionally, the paper shows how to efficiently expand the proposed protocol to adhere to any customized information transfer function between legitimate users.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3636-3652"},"PeriodicalIF":7.0000,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Dependable and Secure Computing","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1109/TDSC.2022.3207927","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Traditional approaches to authenticated key establishment include the use of PKI or trusted third parties. While certificate deployment is sub-optimal for large-scale, low-cost applications, the use of trusted third parties is subject to human error and leaked credentials. For this context, co-location can be a valuable resource, and it is often exploited through common randomness harvesting techniques, but these, in turn, suffer from low achievable rates and usually from restrictive assumptions about the environment. Recent techniques for exploiting co-location are based on the notion of quality time and rely on sophisticated throttled clue-issuing mechanisms that allow a device with enough time to spend in the vicinity of the transmitter to find a secret key by collecting enough consecutive clues. By contrast, attackers are afforded only limited time to listen to, or interact with, the clue transmitter. Previous work in this direction deals solely with passive attackers and uses high-overhead information throttling mechanisms. This paper introduces the active attacker model for the quality-time paradigm and proposes a simple solution, a Zeroconf Key Establishment Protocol (ZeroProKeS). Additionally, the paper shows how to efficiently expand the proposed protocol to adhere to any customized information transfer function between legitimate users.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

ZeroProKeS:用于大规模低成本应用的安全零配置密钥建立协议

建立身份验证密钥的传统方法包括使用PKI或可信第三方。虽然证书部署对于大规模、低成本的应用程序来说不是最优的，但使用受信任的第三方容易出现人为错误和凭证泄露。在这种情况下，协同定位可能是一种有价值的资源，并且通常通过常见的随机收集技术加以利用，但这些技术的可实现率较低，并且通常受到对环境的限制性假设的影响。利用同址技术的最新技术是基于质量时间的概念，并依赖于复杂的节流线索发布机制，该机制允许设备有足够的时间在发射器附近度过，通过收集足够的连续线索来找到密钥。相比之下，攻击者只能在有限的时间内听取或与线索发送者互动。以前在这个方向上的工作只处理被动攻击者，并使用高开销的信息节流机制。本文介绍了质量时间范式的主动攻击者模型，并提出了一种简单的解决方案——零配置密钥建立协议(ZeroProKeS)。此外，本文还展示了如何有效地扩展所提出的协议，以坚持合法用户之间的任何自定义信息传递函数。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

IEEE Transactions on Dependable and Secure Computing 工程技术-计算机：软件工程

CiteScore

11.20

自引率

5.50%

发文量

354

审稿时长

9 months

期刊介绍： The "IEEE Transactions on Dependable and Secure Computing (TDSC)" is a prestigious journal that publishes high-quality, peer-reviewed research in the field of computer science, specifically targeting the development of dependable and secure computing systems and networks. This journal is dedicated to exploring the fundamental principles, methodologies, and mechanisms that enable the design, modeling, and evaluation of systems that meet the required levels of reliability, security, and performance. The scope of TDSC includes research on measurement, modeling, and simulation techniques that contribute to the understanding and improvement of system performance under various constraints. It also covers the foundations necessary for the joint evaluation, verification, and design of systems that balance performance, security, and dependability. By publishing archival research results, TDSC aims to provide a valuable resource for researchers, engineers, and practitioners working in the areas of cybersecurity, fault tolerance, and system reliability. The journal's focus on cutting-edge research ensures that it remains at the forefront of advancements in the field, promoting the development of technologies that are critical for the functioning of modern, complex systems.