lwEPSep: A Lightweight End-to-end Privacy-preserving Security Protocol for CTI Sharing in IoT Environments

IF 0.9 4区计算机科学 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS Journal of Internet Technology Pub Date : 2021-09-01 DOI:10.53106/160792642021092205011

Hoonyong Park, Jiyoon Kim, Sangmin Lee, Daniel Gerbi Duguma, I. You

{"title":"lwEPSep: A Lightweight End-to-end Privacy-preserving Security Protocol for CTI Sharing in IoT Environments","authors":"Hoonyong Park, Jiyoon Kim, Sangmin Lee, Daniel Gerbi Duguma, I. You","doi":"10.53106/160792642021092205011","DOIUrl":null,"url":null,"abstract":"The Internet of Things (IoT) is vulnerable to a wide range of security risks, which can be effectively mitigated by applying Cyber Threat Intelligence (CTI) sharing as a proactive mitigation approach. In realizing CTI sharing, it is of paramount importance to guarantee end-to-end protection of the shared information as unauthorized disclosure of CTI is disastrous for organizations using IoT. Furthermore, resource-constrained devices should be supported through lightweight operations. Unfortunately, the aforementioned are not satisfied by the Hypertext Transfer Protocol Secure (HTTPS), which state-of-the-art CTI sharing systems mainly depends on. As a promising alternative to HTTPS, Ephemeral Diffie-Hellman over COSE (EDHOC) can be considered because it meets the above requirements. However, EDHOC in its current version contains several security flaws, most notably due to the unprotected initial message. Consequently, we propose a lightweight end-to-end privacy-preserving security protocol that improves the existing draft EDHOC protocol by utilizing previously shared keys and keying materials while providing ticket-based optimized re-authentication. The proposed protocol is not only formally validated through BAN-logic and AVISPA, but also proved to fulfill essential security properties such as mutual authentication, secure key exchange, perfect forward secrecy, anonymity, confidentiality, and integrity. Also, comparing the protocol’s performance to that of the EDHOC protocol reveals a substantial improvement with a single roundtrip to allow frequent CTI sharing.","PeriodicalId":50172,"journal":{"name":"Journal of Internet Technology","volume":"22 1","pages":"1067-1079"},"PeriodicalIF":0.9000,"publicationDate":"2021-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Internet Technology","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.53106/160792642021092205011","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The Internet of Things (IoT) is vulnerable to a wide range of security risks, which can be effectively mitigated by applying Cyber Threat Intelligence (CTI) sharing as a proactive mitigation approach. In realizing CTI sharing, it is of paramount importance to guarantee end-to-end protection of the shared information as unauthorized disclosure of CTI is disastrous for organizations using IoT. Furthermore, resource-constrained devices should be supported through lightweight operations. Unfortunately, the aforementioned are not satisfied by the Hypertext Transfer Protocol Secure (HTTPS), which state-of-the-art CTI sharing systems mainly depends on. As a promising alternative to HTTPS, Ephemeral Diffie-Hellman over COSE (EDHOC) can be considered because it meets the above requirements. However, EDHOC in its current version contains several security flaws, most notably due to the unprotected initial message. Consequently, we propose a lightweight end-to-end privacy-preserving security protocol that improves the existing draft EDHOC protocol by utilizing previously shared keys and keying materials while providing ticket-based optimized re-authentication. The proposed protocol is not only formally validated through BAN-logic and AVISPA, but also proved to fulfill essential security properties such as mutual authentication, secure key exchange, perfect forward secrecy, anonymity, confidentiality, and integrity. Also, comparing the protocol’s performance to that of the EDHOC protocol reveals a substantial improvement with a single roundtrip to allow frequent CTI sharing.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

lwepsp:面向物联网环境下CTI共享的轻量级端到端隐私保护安全协议

物联网(IoT)容易受到各种安全风险的影响，通过将网络威胁情报(CTI)共享作为一种主动缓解方法，可以有效缓解这些安全风险。在实现CTI共享时，确保共享信息的端到端保护至关重要，因为未经授权的CTI泄露对使用物联网的组织来说是灾难性的。此外，应该通过轻量级操作支持资源受限的设备。不幸的是，上述内容不能满足于最先进的CTI共享系统主要依赖的超文本传输协议安全(HTTPS)。EDHOC (Ephemeral Diffie-Hellman over COSE)是一种很有前途的HTTPS替代方案，因为它符合上述要求。然而，EDHOC在其当前版本中包含几个安全漏洞，最明显的是由于未受保护的初始消息。因此，我们提出了一种轻量级的端到端隐私保护安全协议，该协议通过利用先前共享的密钥和密钥材料来改进现有的EDHOC协议草案，同时提供基于票证的优化重新认证。该协议不仅通过ban -逻辑和AVISPA进行了正式验证，而且还证明了该协议具有相互认证、安全密钥交换、完全前向保密、匿名性、机密性和完整性等基本安全特性。此外，将该协议的性能与EDHOC协议的性能进行比较，可以发现单次往返允许频繁的CTI共享有了实质性的改进。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Journal of Internet Technology COMPUTER SCIENCE, INFORMATION SYSTEMS-TELECOMMUNICATIONS

CiteScore

3.20

自引率

18.80%

发文量

112

审稿时长

13.8 months

期刊介绍： The Journal of Internet Technology accepts original technical articles in all disciplines of Internet Technology & Applications. Manuscripts are submitted for review with the understanding that they have not been published elsewhere. Topics of interest to JIT include but not limited to: Broadband Networks Electronic service systems (Internet, Intranet, Extranet, E-Commerce, E-Business) Network Management Network Operating System (NOS) Intelligent systems engineering Government or Staff Jobs Computerization National Information Policy Multimedia systems Network Behavior Modeling Wireless/Satellite Communication Digital Library Distance Learning Internet/WWW Applications Telecommunication Networks Security in Networks and Systems Cloud Computing Internet of Things (IoT) IPv6 related topics are especially welcome.