Delegated authentication is a very popular and effective paradigm to deal with entity authentication problems for resource-constrained clients in cyber-physical systems; namely, the authentication between two clients is proxied by a trusted authentication server. However, an attacker may compromise the authentication server to impersonate the clients for sabotaging the cyber-physical systems. To detect the identity fraud attacks caused by an authentication server compromise, we propose two mutual authentication protocols by using a pseudo-random function family and a one-time signature (OTS) scheme. Our idea is to leverage the continuously evolving OTS signing and verifying keys at the signer and the verifier sides respectively for identity fraud detection because an identity fraud attack would violate the victim's honest OTS key update procedure. The proposed protocols are proven secure under a new mutual authentication security model that formulates the identity fraud detection.

, , , ,
7th ACM Cyber-Physical System Security Workshop (CPSS '21)
Computer Security

Yang, Z., Yin, C., Jin, C., Ning, J., & Zhou, J. (2021). Lightweight delegated authentication with identity fraud detection for cyber-physical systems. In Proceedings of the ACM Cyber-Physical System Security Workshop (pp. 17–28). doi:10.1145/3457339.3457984