{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,3]],"date-time":"2025-12-03T17:58:54Z","timestamp":1764784734313,"version":"3.37.3"},"reference-count":36,"publisher":"Wiley","license":[{"start":{"date-parts":[[2021,9,13]],"date-time":"2021-09-13T00:00:00Z","timestamp":1631491200000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100003621","name":"Ministry of Science, ICT and Future Planning","doi-asserted-by":"publisher","award":["2018-0-00231"],"award-info":[{"award-number":["2018-0-00231"]}],"id":[{"id":"10.13039\/501100003621","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100002560","name":"Soonchunhyang University","doi-asserted-by":"publisher","award":["2018-0-00231"],"award-info":[{"award-number":["2018-0-00231"]}],"id":[{"id":"10.13039\/501100002560","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Mobile Information Systems"],"published-print":{"date-parts":[[2021,9,13]]},"abstract":"<jats:p>Most existing conventional security mechanisms are insufficient, mainly attributable to their requirements for heavy processing capacity, large protocol message size, and longer round trips, for resource-intensive devices operating in an Internet of Things (IoT) context. These devices necessitate efficient communication and security protocols that are cognizant of the severe resource restrictions regarding energy, computation, communication, and storage. To realize this, the IETF (Internet Engineering Task Force) is currently working towards standardizing an ephemeral key-based lightweight and authenticated key exchange protocol called EDHOC (Ephemeral Diffie\u2013Hellman over COSE). The protocol\u2019s primary purpose is to build an OSCORE (Object Security for Constrained RESTful Environments) security environment by supplying crucial security properties such as secure key exchange, mutual authentication, perfect forward secrecy, and identity protection. EDHOC will most likely dominate IoT security once it becomes a standard. It is, therefore, imperative to inspect the protocol for any security flaw. In this regard, two previous studies have shown different security vulnerabilities of the protocol using formal security verification methods. Yet, both missed the vital security flaws we found in this paper: resource exhaustion and privacy attacks. In finding these vulnerabilities, we leveraged BAN-Logic and AVISPA to formally verify both EDHOC protocol variants. Consequently, we described these security flaws together with the results of the related studies and put forward recommended solutions as part of our future work.<\/jats:p>","DOI":"10.1155\/2021\/7314508","type":"journal-article","created":{"date-parts":[[2021,9,13]],"date-time":"2021-09-13T23:37:47Z","timestamp":1631576267000},"page":"1-18","source":"Crossref","is-referenced-by-count":5,"title":["Scrutinizing the Vulnerability of Ephemeral Diffie\u2013Hellman over COSE (EDHOC) for IoT Environment Using Formal Approaches"],"prefix":"10.1155","volume":"2021","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2710-0864","authenticated-orcid":true,"given":"Jiyoon","family":"Kim","sequence":"first","affiliation":[{"name":"Dept. of Information Security Engineering, Soonchunhyang University, Asan 31538, Republic of Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7121-4204","authenticated-orcid":true,"given":"Daniel Gerbi","family":"Duguma","sequence":"additional","affiliation":[{"name":"Dept. of Information Security Engineering, Soonchunhyang University, Asan 31538, Republic of Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8609-0785","authenticated-orcid":true,"given":"Sangmin","family":"Lee","sequence":"additional","affiliation":[{"name":"Dept. of Information Security Engineering, Soonchunhyang University, Asan 31538, Republic of Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8074-4899","authenticated-orcid":true,"given":"Bonam","family":"Kim","sequence":"additional","affiliation":[{"name":"Dept. of Information Security Engineering, Soonchunhyang University, Asan 31538, Republic of Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6384-0056","authenticated-orcid":true,"given":"JaeDeok","family":"Lim","sequence":"additional","affiliation":[{"name":"Electronics and Telecommunications Research Institute (ETRI), Daejeon 34129, Republic of Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0604-3445","authenticated-orcid":true,"given":"Ilsun","family":"You","sequence":"additional","affiliation":[{"name":"Dept. of Information Security Engineering, Soonchunhyang University, Asan 31538, Republic of Korea"}]}],"member":"311","reference":[{"issue":"2","key":"1","first-page":"1","article-title":"Identification of attacks against wireless sensor networks based on behavior analysis","volume":"10","author":"V. Korzhuk","year":"2019","journal-title":"Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications"},{"key":"2","doi-asserted-by":"publisher","DOI":"10.1109\/soca.2014.58"},{"volume-title":"Press Release: Global Internet of Things Market To Grow to 27 Billion Devices, Generating USD3 Trillion Revenue in 2025","year":"2021","author":"Machina Research","key":"3"},{"volume-title":"IoT Growth Demands Rethink of Long-Term Storage Strategies, Says IDC","year":"2021","author":"IDC Corporate USA","key":"4"},{"key":"5","doi-asserted-by":"publisher","DOI":"10.1109\/surv.2013.100713.00203"},{"issue":"3","key":"6","first-page":"47","article-title":"A survey of secure Internet of things in relation to blockchain","volume":"10","author":"M. Alizadeh","year":"2020","journal-title":"Journal of Internet Services and Information Security"},{"issue":"2","key":"7","first-page":"87","article-title":"On the optimality of route selection in grid wireless sensor networks: theory and applications","volume":"11","author":"Y. M. Khamayseh","year":"2020","journal-title":"Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications"},{"issue":"1","key":"8","first-page":"2","article-title":"A study on the side-channel analysis trends for application to IoT devices","volume":"10","author":"B. Sim","year":"2020","journal-title":"Journal of Internet Services and Information Security"},{"key":"9","doi-asserted-by":"crossref","DOI":"10.17487\/rfc7252","volume-title":"The Constrained Application Protocol (CoAP)","author":"Z. Shelby","year":"2014"},{"key":"10","doi-asserted-by":"crossref","DOI":"10.17487\/RFC8949","volume-title":"Concise Binary Object Representation (CBOR)","author":"C. Bormann","year":"2020"},{"key":"11","doi-asserted-by":"crossref","DOI":"10.17487\/RFC8724","volume-title":"SCHC: Generic Framework for Static Context Header Compression and Fragmentation","author":"A. Minaburo","year":"2020"},{"key":"12","doi-asserted-by":"publisher","DOI":"10.1109\/mce.2019.2953740"},{"key":"13","doi-asserted-by":"crossref","DOI":"10.1109\/ACCESS.2020.3041057","article-title":"Integrating LPWAN technologies in the 5G ecosystem: a survey on security challenges and solutions","volume":"8","author":"J. Sanchez-Gomez","year":"2020","journal-title":"IEEE Access"},{"key":"14","doi-asserted-by":"publisher","DOI":"10.3390\/s20010280"},{"key":"15","doi-asserted-by":"crossref","DOI":"10.17487\/rfc7296","volume-title":"Internet Key Exchange Protocol Version 2 (IKEv2)","author":"C. Kaufman","year":"2014"},{"key":"16","doi-asserted-by":"crossref","DOI":"10.17487\/RFC8446","volume-title":"The Transport Layer Security (TLS) Protocol Version 1.3","author":"E. Rescorla","year":"2018"},{"volume-title":"The Datagram Transport Layer Security (DTLS) Protocol Version 1.3","year":"2021","author":"E. Rescorla","key":"17"},{"key":"18","doi-asserted-by":"crossref","DOI":"10.17487\/RFC8613","volume-title":"Object Security for Constrained RESTful Environments (OSCORE)","author":"G. Selander","year":"2019"},{"volume-title":"Ephemeral Diffie-Hellman over COSE (EDHOC)","year":"2021","author":"G. Selander","key":"19"},{"volume-title":"Ephemeral Diffie-Hellman over COSE (EDHOC)","year":"2018","author":"G. Selander","key":"20"},{"volume-title":"Ephemeral Diffie-Hellman over COSE (EDHOC)","year":"2020","author":"G. Selander","key":"21"},{"first-page":"21","article-title":"Formal verification of ephemeral Diffie-Hellman over COSE (EDHOC)","author":"A. Bruni","key":"22"},{"article-title":"Formal analysis of EDHOC key establishment for constrained IoT devices","year":"2020","author":"K. Norrman","key":"23"},{"article-title":"Proverif 2.00: automatic cryptographic protocol verifier, user manual and tutorial","year":"2018","author":"B. Blanchet","key":"24"},{"key":"25","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39799-8_48"},{"key":"26","doi-asserted-by":"publisher","DOI":"10.1145\/77648.77649"},{"key":"27","doi-asserted-by":"publisher","DOI":"10.1007\/11513988_27"},{"key":"28","doi-asserted-by":"crossref","DOI":"10.17487\/RFC8152","volume-title":"\u201cCBOR Object Signing and Encryption (COSE)","author":"J. Schaad","year":"2017"},{"key":"29","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-45146-4_24"},{"key":"30","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586125"},{"key":"31","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45608-2_2"},{"author":"Y. Chevalier","key":"32","article-title":"A high level protocol specification language for industrial security-sensitive protocols"},{"key":"33","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-004-0055-7"},{"key":"34","doi-asserted-by":"publisher","DOI":"10.1007\/11805618_21"},{"key":"35","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30227-8_68"},{"first-page":"1","article-title":"Improvements on the genet and Klay technique to automatically verify security protocols","author":"Y. Boichut","key":"36"}],"container-title":["Mobile Information Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/misy\/2021\/7314508.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/misy\/2021\/7314508.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/misy\/2021\/7314508.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,9]],"date-time":"2023-01-09T03:33:31Z","timestamp":1673235211000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/misy\/2021\/7314508\/"}},"subtitle":[],"editor":[{"given":"Zengpeng","family":"Li","sequence":"additional","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2021,9,13]]},"references-count":36,"alternative-id":["7314508","7314508"],"URL":"https:\/\/doi.org\/10.1155\/2021\/7314508","relation":{},"ISSN":["1875-905X","1574-017X"],"issn-type":[{"type":"electronic","value":"1875-905X"},{"type":"print","value":"1574-017X"}],"subject":[],"published":{"date-parts":[[2021,9,13]]}}}