Informal Security Analysis. We now informally discuss the strength of the proposed protocol with respect to the required security features for an identity-based mutual authentication scheme, to be applied in a SG context [10,11]. • Resistance against replay attacks. There are two options, either M1 is replayed in the same period of R2 usage or it is replayed when a new R2 is determined by the SP. In the first case, the same key as before is derived. However by capturing M2, which is a hash value containing the SK, no additional information can be derived by the attacker. If the server keeps track of the parameters R1 sent during the period in which R2 remains constant, further action of the SP can be avoided. In the second case, a new session key is generated by the SP. However, when checking the hash value S1 a contraction is found by the SP as the SK is different. The session is then stopped immediately. • Resistance against impersonation attacks. There are again two options, impersonation of messages M0 and M1. First, it is impossible to impersonate the message M0 as it is used to construct the SK by both the SM and the SP. Even if the SM is using R2, sent from a malicious entity, the corresponding SK computed by the SM will not correspond with the SK computed by the SP and at the point where S1 is validated. At that moment, the session will be terminated. Also impersonation of the message M1 sent by the SM is impossible. This follows from the fact that M1 consists of the parameter R1. Only the SP is able to derive from R1 the common shared key K with the SM in order to decrypt the ciphertext C for finding the identity and certificate of the SM. From these two parameters and the strength of the ECQV certificate mechanism, the SP can construct the corresponding public key PA of the SM. The construction of the SK by the SP exploits the usage of this public key PA and its own private key dB, which is also derivable by the SM who is in possession of the correct corresponding private key dA and the public key PB of the SP. Consequently, it is impossible for an attacker to impersonate M1 without knowledge of a valid private-public key pair of a SM or to impersonate M2 without knowledge of the private key dB of the SP. • Resistance against MITM attacks. For the same reasons as explained in the replay and impersonation attacks, it is impossible to execute a MITM attack. Note that this resistance also strongly relies from the authentication feature established through the ECQV certificate ...
Informal Security Analysis. It is proved in this section that the proposed protocol provides security measures for D2D key agreement protocol. Table 4 compares the proposed protocol with other existing protocols in features and resisting known attacks.
Informal Security Analysis i.Resistance to UKS Attack: This attack [23] is an attack whereby 𝑂𝐵𝑈𝑖 ends up have confidence in that he has key shared with 𝑂𝐵𝑈𝑗 and although in fact the case, 𝑂𝐵𝑈𝑗 shares the key with adversary who is not 𝑂𝐵𝑈𝑖. This attack targets the protocols with good authentication and freshness in key. Adding of user identity to the message will restrict the unknown key share attack. In the proposed technique, vehicle identity is encrypted and then communicated to the other vehicle which is involved in the communication.
Informal Security Analysis. This section addresses a detailed security evaluation to indicate that the proposed scheme is secure against various known security attacks. Suppose that an adversary A can eavesdrop, intercept, modify, delete or replay the transmission over a public channel.
Informal Security Analysis. Thus, it is difficult for an adversary to identify a particular UAV and this forms the basis for the proposed protocol’s robustness against attacks on UAV anonymity.
Informal Security Analysis. In this subsection we give informal proof of the security of M2MAKA-FS basing on CK security model. Firstly, we show that the protocol M2MAKA-FS is SK secure under CK SK security and that it satisfies the AKA protocol properties as well as the security and privacy goals. Proposition 1: M2MAKA-FS is SK secure under the CK model.
Informal Security Analysis
