Formal verification of misbinding attacks on secure device pairing and bootstrapping

Thumbnail Image

Access rights

openAccess
publishedVersion

URL

Journal Title

Journal ISSN

Volume Title

A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
This publication is imported from Aalto University research portal.
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
Other link related to publication (opens in new window)

Authors

Date

2020-04-01

Department

Department of Computer Science

Major/Subject

Mcode

Degree programme

Language

en

Pages

17

Series

Journal of Information Security and Applications, Volume 51

Abstract

In identity misbinding attacks against authenticated key-exchange protocols, a legitimate but compromised participant manipulates the honest parties so that the victim becomes unknowingly associated with a third party. These attacks are well known, and resistance to misbinding is considered a critical requirement for security protocols on the Internet. In the context of device pairing, on the other hand, the attack has received little attention outside the trusted-computing community. This paper points out that most device pairing protocols are vulnerable to misbinding. Device pairing protocols are characterized by lack of a-priory information, such as identifiers and cryptographic roots of trust, about the other endpoint. Therefore, the devices in pairing protocols need to be identified by the user's physical access to them. As case studies for demonstrating the misbinding vulnerability, we use Bluetooth and protocols that register new Internet of Things (IoT) devices to authentication servers on wireless networks. We have implemented the attacks. We also show how the attacks can be found in formal models of the protocols with carefully formulated correspondence assertions. The formal analysis yields a new type of double misbinding attack. While pairing protocols have been extensively modelled and analyzed, misbinding seems to be an aspect that has not previously received sufficient attention. Finally, we discuss potential ways to mitigate the threat and its significance to security of pairing protocols.

Description

Keywords

Bluetooth, Device pairing, DPP, EAP-NOOB, Formal modelling, IoT Security, Misbinding attack, ProVerif

Other note

DOI

10.1016/j.jisa.2020.102461

Citation

Peltonen, A, Sethi, M & Aura, T 2020, 'Formal verification of misbinding attacks on secure device pairing and bootstrapping', Journal of Information Security and Applications, vol. 51, 102461. https://doi.org/10.1016/j.jisa.2020.102461

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-202004282923

Collections

[article-cris] Perustieteiden korkeakoulu / SCI