Questioning the Security of Three Recent Authentication and Key Agreement Protocols

Abstract

Providing the desired security for constrained devices in the edge of Internet of Things (IoT) systems is a challenging task. Given that those devices are in shortage of the area and energy, many lightweight and ultra-lightweight protocols have been proposed so far in the literature. On the other hand, while we see many new proposals in the literature to secure communications on IoT systems, security analysis of those schemes has not received enough attention. Hence, in this paper, we analyse the security of three recently protocols for constrained environments and show their security loopholes. The analysed schemes include two protocols which have been published by IEEE Access and a recently proposed protocol entitled Extremely Good Privacy (EGP). The designers of all those protocols claimed optimal security against active adversaries. However, in this paper, we propose an efficient secret disclosure attack against EGP that recovers the whole secret parameters of the protocol after eavesdropping/blocking several sessions of the protocol and doing some off-line computations. The probability of the adversary to recover whole 2l secret parameters of the tag after eavesdropping/blocking 68 sessions of the protocol is 0.99, targeting a 128-bit security level by l = 128 . In addition, we show that an adversary can efficiently desynchronize the target tag from the reader/server in polynomial time. In the case of the other protocols, we also present efficient attacks that contradict the designers' security claims.