TY - GEN
T1 - Cryptanalysis and Countermeasures of 'LAAKA
T2 - 39th International Conference on Information Networking, ICOIN 2025
AU - Kwon, Deokkyu
AU - Son, Seunghwan
AU - Park, Youngho
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - Fog computing is a technology that fog servers cover the computational tasks of cloud server. Therefore, end devices can receive more real-time and localized services from fog servers. Therefore, researchers integrate fog computing and Internet of Things (IoT) to supplement the resource constraint problem of IoT devices and process data services in network edge. In 2024, Ali et al. proposed a mutual authentication and key agreement protocol to preserve anonymous and lightweight communications in fog-driven IoT environments. They utilized only hash functions and exclusive-OR (XOR) operators considering hardware specifications of IoT devices. In this work, we cryptanalysis Ali et al.'s authentication protocol to prove that 'ephemeral secret leakage (ESL)' and 'stolen verifier attacks' can be performed in their protocol. Moreover, we discover that Ali et al.'s protocol has a 'desynchronization problem', where network entities cannot conduct authentication after initial communication. To supplement these security flaws, we conduct a discussion and present countermeasures, such as physically unclonable function (PUF), dynamic update of temporary identity, and usage of long-term secret parameters.
AB - Fog computing is a technology that fog servers cover the computational tasks of cloud server. Therefore, end devices can receive more real-time and localized services from fog servers. Therefore, researchers integrate fog computing and Internet of Things (IoT) to supplement the resource constraint problem of IoT devices and process data services in network edge. In 2024, Ali et al. proposed a mutual authentication and key agreement protocol to preserve anonymous and lightweight communications in fog-driven IoT environments. They utilized only hash functions and exclusive-OR (XOR) operators considering hardware specifications of IoT devices. In this work, we cryptanalysis Ali et al.'s authentication protocol to prove that 'ephemeral secret leakage (ESL)' and 'stolen verifier attacks' can be performed in their protocol. Moreover, we discover that Ali et al.'s protocol has a 'desynchronization problem', where network entities cannot conduct authentication after initial communication. To supplement these security flaws, we conduct a discussion and present countermeasures, such as physically unclonable function (PUF), dynamic update of temporary identity, and usage of long-term secret parameters.
KW - Authentication
KW - countermeasure
KW - cryptanalysis
KW - ephemeral secret leakage
KW - stolen verifier
UR - https://www.scopus.com/pages/publications/105005723986
U2 - 10.1109/ICOIN63865.2025.10993049
DO - 10.1109/ICOIN63865.2025.10993049
M3 - Conference contribution
AN - SCOPUS:105005723986
T3 - International Conference on Information Networking
SP - 286
EP - 290
BT - 39th International Conference on Information Networking, ICOIN 2025
PB - IEEE Computer Society
Y2 - 15 January 2025 through 17 January 2025
ER -