Security Properties. Mutual Entity Authentication [8] between N and HN . Mutual “Implicit” Key Authentication [8] between N and HN . Known Key Security, meaning that compromising a session key in one session should not impose any threat to the session key security in any other sessions. Key Randomness, meaning that any successful key agreement should output a uniformly distributed session key amongst the set of all possible session keys [9].
Security Properties. WKA is closely related to Non-Interactive Zero- Knowledge (NIZK) Proof System. The key difference is the outcome of NIZK is only a binary verification result while WKA’s outcome is a key upon suc- cess. Hence the security properties of WKA are also very similar to those of NIZK. Furthermore, we require WKA to be secure against MITM attack. (See
Security Properties. We discuss the security properties provided by Du et al. [7], Liu et al. [13], Xxxxx et al. [4], and TLPKA. These security properties include mutual authentication, explicit key authentication, resistance to the replay attack, resistance to the man in the middle attack, and resistance to the insider attack. The results of these security properties comparisons are shown in Table 1. From Table 1, we can see that TLPKA achieves all of these security properties while Du et al.’s scheme and Liu et al.’s scheme can not realize the security property of explicit key authentication. Furthermore, Xxxxx et al.’s scheme does not have most of these security properties.
Security Properties. In the following we describe the lemmas associated with the security properties relevant to this work, where agent A and B correspond to the ground- and air stations: mutual_authentication_A/B The property is modeled via Lowes [Low97] bi-directional full-agreement property as outlined in the Tamarin manual [Tea23], combined with a unique element exchanged between agent A and B. Full agreement is the combination of injective agreement, i.e., stating that if agent A accepts with agent B, then they can be sure B also accepted with A, except if either of long-term keys was revealed (resulting in corruption of the agent as an action fact). The uniqueness property is modeled via the session_ uniqueness_A/B lemma (modeled as in [GGCG+21]), i.e., the guarantee that different sessions have different keys. When both lemmas hold, mutual authentication is achieved via full-agreement. Hence, the mutual_authentica- tion_A/B lemma can be regarded as a combination of Definitions 6 to 8. secrecy Secrecy corresponds to BR-secrecy, promising that when a session key x is assigned a “secret” property at time i, then either the adversary does not know x, or x has been revealed, or a corresponding agent was marked as corrupted via an action fact. Similarly, secrecy_pfs guarantees, that the adversary does not know x, except if the agent was corrupted at a time j prior to i, i.e., j < i. key_consistency_A/B Key consistency [GGCG+21, §A.6.4] corresponds to key confir- mation, such that for all sessions with agents A and B with xxxx xxxX and keyB respectively, the following holds: When agent A accepts keyA at time i in session iA, and agent B accepts with keyB at time j in the same session, then keyA and keyB must be same, except if one of the agents was corrupted. This corresponds to key confirmation in the computational model. The models of session uniqueness and key confirmation are based on the implementation from Donenfeld et al. [DM17].
Security Properties. The following security properties of the authentication protocols should be con- sidered. Password authentication protocols are very subject to replay, password guessing, and stolen-verifier attacks [9].
Security Properties. The key derived from the group key agreement protocol needs to meet the following security features:
Security Properties. In GKA protocols, the fault tolerance property is very crucial since it is necessary to detect and eliminate malicious participants from the key agreement group. In other words, even if there are malicious participants in the group, they should not be able to affect the key computation of honest participants. Early protocol examples with this property are [24–26]. In this regard, in Xxxxx’x protocol [24], every participant keeps a verification matrix Xxx. After the secret key distribution step, each participant checks the signature of other participants. According to the result, the verification list is marked and submitted to other participants. Afterwards, in the fault detection step, participants re-validate the verification matrix and remove the faulty participants from the key agreement group. Finally, GKA protocol is started from scratch with the remaining participants. Forward secrecy (also stated as Perfect forward secrecy) is also a substantial property that protects against the computation of group keys by malicious actors even if private keys are compromised. Forward secrecy is utilized in protocols presented in [4, 27, 28]. Dynamic group key operations in group key agreement protocols must provide forward and backward confidentiality properties defined in Section 2.1.1. Introduced by Xxxxx et al., KAP-PBC [11] protocol provides these properties within its dynamic operations. In join and leave operations, last participants in the group re-compute the GKA parameters. Therefore, joined participants cannot compute the former group keys, and leaving participants cannot generate the subsequent keys. Moreover, KAP-PBC provides ‘Partial Backward Confiden- tiality’ property, which enables the participants to compute the group keys just before joining the group.
Security Properties. Security properties for systems and system assets are less well defined as those for information assets. In fact, it is common to define security controls and mechanisms instead of the particular properties that need to be preserved. In this section, we have collected a set of system security properties that are relevant in the context of Smart Grids. The properties availability and integrity have a slightly different meaning, if they are considered in the context of a system or system asset. A good definition for availability in the context of a system is given in IEEE Standard Glossary of Software Engineering Terminology, i.e. IEEE Std 610.12-1990 [12]: System Availability - the degree to which a system or component is operational and accessible when required for use. Often expressed as a probability. Note that the definition refers to a degree. This is relevant as the impact of the duration of unavailability can vary significantly. As security goals are defined at an early stage of the design phase it may be difficult to specifically quantify the degree of the desired system availability. In this document, we will therefor will only specify security goals on the system availability of a system or system assets if its disturbance has a direct severe impact on a certain interest of a stakeholder. System Availability is directly related to the properties robustness, and resilience that have been defined in SEGRID deliverable D4.1 [14]: Robustness - the ability of a system or network (component) to remain secure and operational despite some of its components (subcomponents) have been compromised or have been subjected to disturbance events. Resilience - the ability of a system, network or entity exposed to threats to resist, absorb, accommodate to and recover from the effects of cyber-attacks in a timely and efficient manner, including the preservation and restoration of its essential basic structures and functions. As the latter two are more specific regarding the particular behaviour of the system or system asset during a cyber-attack (or disturbance), it is relevant to consider these properties in the context of the SEGRID project. As we define security goals based on the need to protect a certain interest of a stakeholder, it might however be difficult to distinguish whether a system (asset) needs to be robust or resilient. Regarding integrity in the context of a system, IEEE Std 610.12-1990 [12] also has a definition. This definition, however, is a sli...
Security Properties. Mutual Entity Authentication. Entity authentication is the process by which one entity (the verifier) is assured of the identity of a second entity (the claimant) [27]. The PPKA should provision mutual entity authentication between N and HN. Mutual “Implicit” Key Authentication. The assurance that only a particularly identified other party may possibly know the negotiated key [27]. Mutual “implicit” key authentica- tion is required between N and HN.
Security Properties. In Table 6, we present the results of protocols related to security comparisons and our proposed protocol based on batch verification. The suggested protocol prevents more attacks than other related previous studies, and also provide privacy-preserving and mutual authentication. Therefore, our proposed protocol is significantly safer than the considered related protocols. The system consumes some energy during implementation, depending on the real time and communication overhead of the system. Table 6. Security Properties. Security Properties Jianhong et al. [13] Xxxxx et al. [16] Xxxxxxxxx et al. [4] Ours Impersonation attack x x x o Side channel attack over OBU or TPD - x x o Trace attack o o o o Replay attack x o o o Man-in-the-middle attack x x o o Privacy-preserving o o o o Mutual authentication x x x o x: Insecure. o: Secure. -: Does not concern.
