Cryptanalysis of PiLike: An Impersonation Attack on the Lightweight Identity-Based Authenticated Key Exchange Protocol Using Bi-ISIS

被引:0
作者
Hsu, Hao-Yi [1 ]
Lin, Hsin-Yi [1 ]
Tso, Raylin [1 ]
Chang, Tao-Hsiang [1 ]
Hsu, Jen-Chieh [1 ]
机构
[1] Natl Chengchi Univ, Dept Comp Sci, Taipei, Taiwan
来源
2024 19TH ASIA JOINT CONFERENCE ON INFORMATION SECURITY, ASIAJCIS 2024 | 2024年
关键词
Industrial Internet of Things; Identity-based cryptography; Authenticated key exchange; Lattice-based cryptography; Cryptanalysis; Impersonation attack;
D O I
10.1109/AsiaJCIS64263.2024.00013
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The proliferation of Industrial Internet of Things (IIoT) devices, coupled with their computational constraints, has necessitated robust authenticated key exchange mechanisms to secure communications. To address this issue, Gupta recently introduced a lattice-based lightweight authenticated key exchange protocol, PiLike, in the IEEE Systems Journal. Despite rigorous security proofs being provided, our cryptanalysis unveils a critical vulnerability in their scheme which may cause impersonation attacks. Specifically, in the private key extraction phase, an adversary can leverage secret information obtained during registration to impersonate legitimate users, successfully negotiating session keys while evading detection. In addition to the theoretical analysis, a corresponding concrete experiment was also conducted, showing that the adversary has a 100% success rate in breaking the required security claimed in PiLike. Our findings underscore the urgency to address PiLike's vulnerabilities, ensuring its reliability in safeguarding IIoT communications against conventional and quantum threats.
引用
收藏
页码:9 / 16
页数:8
相关论文
共 25 条
[1]  
Ajtai M., 1996, Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, P99, DOI 10.1145/237814.237838
[2]   Internet of Things: A survey on the security of IoT frameworks [J].
Ammar, Mahmoud ;
Russello, Giovanni ;
Crispo, Bruno .
JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, 2018, 38 :8-27
[3]   Identity-based encryption from the Weil pairing [J].
Boneh, D ;
Franklin, M .
SIAM JOURNAL ON COMPUTING, 2003, 32 (03) :586-615
[4]  
Borgohain T, 2015, Arxiv, DOI arXiv:1501.02211
[5]   NEW DIRECTIONS IN CRYPTOGRAPHY [J].
DIFFIE, W ;
HELLMAN, ME .
IEEE TRANSACTIONS ON INFORMATION THEORY, 1976, 22 (06) :644-654
[6]  
Ducas L., 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst., P238, DOI [DOI 10.13154/TCHES.V2018.I1.238-268, 10.13154/tches.v2018.i1.238-268]
[7]   Ideal Lattice-Based Anonymous Authentication Protocol for Mobile Devices [J].
Feng, Qi ;
He, Debiao ;
Zeadally, Sherali ;
Kumar, Neeraj ;
Liang, Kaitai .
IEEE SYSTEMS JOURNAL, 2019, 13 (03) :2775-2785
[8]   Quantum-Defended Blockchain-Assisted Data Authentication Protocol for Internet of Vehicles [J].
Gupta, D. S. ;
Karati, A. ;
Saad, W. ;
da Costa, D. B. .
IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, 2022, 71 (03) :3255-3266
[9]  
Gupta D.S., 2018, 2018 4 INT C REC ADV, P1
[10]   PiLike: Post-Quantum Identity-Based Lightweight Authenticated Key Exchange Protocol for IIoT Environments [J].
Gupta, Daya Sagar .
IEEE SYSTEMS JOURNAL, 2024, 18 (01) :15-23
123