Skip to Main content Skip to Navigation
Conference papers

Questioning the security and efficiency of the ESIoT approach

Abstract : ESIoT was introduced at WiSec 2017 as a protocol for providing secure access control and authentication in Internet of Things (IoT) applications. The core primitive of ESIoT is an identity-based broadcast encryption scheme called Secure Identity-Based Broadcast Encryption (SIBBE). SIBBE is designed to provide secure key distribution among a group of devices in IoT networks, and enable devices in each group to perform mutual authentication. The scheme is also designed to hide the structure of the group from nodes outside of the group. We identify multiple efficiency and security issues in the primitive that prove SIBBE unsuitable for IoT applications. First, we show that the size of the ciphertexts generated by the encryption function is linear in the number of devices in the group as opposed to constant as claimed in the description of the scheme. Additionally, we demonstrate how constrained nodes in the network perform a number of decryptions also linear in the set of devices, implying scalability issues and thus inefficiency for IoT applications. In terms of security, we prove that SIBBE does not achieve the desired property of anonymity and allows an attacker to gain information on the structure of any given group. Finally, we demonstrate how SIBBE does not achieve chosen-ciphertext security as claimed. We however prove its security for a weaker security notion (namely selective-ID indistinguishability against chosen-plaintext attacks) under a strong cryptographic assumption
Complete list of metadata

Cited literature [12 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-01850383
Contributor : Médiathèque Télécom Sudparis & Institut Mines-Télécom Business School <>
Submitted on : Friday, July 27, 2018 - 11:52:10 AM
Last modification on : Tuesday, February 2, 2021 - 2:26:02 PM
Long-term archiving on: : Sunday, October 28, 2018 - 1:09:25 PM

File

2018-wisecAida-QuestioningEsIO...
Files produced by the author(s)

Identifiers

Citation

Aida Diop, Said Gharout, Maryline Laurent, Jean Leneutre, Jacques Traoré. Questioning the security and efficiency of the ESIoT approach. WISEC 2018: 11th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Jun 2018, Stockholm, Sweden. pp.202 - 207, ⟨10.1145/3212480.3212491⟩. ⟨hal-01850383⟩

Share

Metrics

Record views

158

Files downloads

182