Security Analysis of a Key Exchange Protocol under Dolev-Yao Threat Model Using Tamarin Prover
Author
Abstract

In recent days, security and privacy is becoming a challenge due to the rapid development of technology. In 2021, Khan et al. proposed an authentication and key agreement framework for smart grid network and claimed that the proposed protocol provides security against all well-known attacks. However, in this paper, we present the analysis and shows that the protocol proposed by Khan et al has failed to protect the secrecy of the shared session key between the user and service provider. An adversary can derive the session key (online) by intercepting the communicated messages under the Dolev-Yao threat model. We simulated Khan et al.’s protocol for formal security verification using Tamarin Prover and found a trace for deriving the temporary key. It is used to encrypt the login request that includes the user’s secret credentials. Hence, it also fails to preserve the privacy of the user’s credentials, and therefore any adversary can impersonate the user. As a result, the protocol proposed by Khan et al. is not suitable for practical applications.

Year of Publication
2022
Date Published
jan
Publisher
IEEE
Conference Location
Las Vegas, NV, USA
ISBN Number
978-1-66548-303-2
URL
https://ieeexplore.ieee.org/document/9720852/
DOI
10.1109/CCWC54503.2022.9720852
Google Scholar | BibTeX | DOI