IRIS Institutional Research Information System - AIR Archivio Istituzionale della Ricerca

Nowadays, IoT (Internet of Things) devices are becoming part of our daily life. Unfortunately, many of them do not use standardized communication protocols with a provable security guarantee. The use of formal methods is, therefore, highly demanded in order to perform property verification and to prevent possible threats and accidents to users. In this paper, we propose a formal verification of the Z-Wave protocol, claimed to be one of the most secure IoT communication protocols thanks to the new S2 Security class, recently added. Specifically, our analysis targets the joining procedure of a device to the Z-Wave net. We exploit the ASMETA formal framework to model the protocol and to perform formal analysis in terms of model validation against informal documented requirements and verification of the protocol correct behaviour with respect to its security goals. The verification process revealed a vulnerability that could be used to perform a successful Man-In-The-Middle (MITM) attack compromising the secrecy of the exchanged symmetric keys.

Formal proof of a vulnerability in Z-wave IoT protocol / M. Lilli, C. Braghin, E. Riccobene - In: Proceedings of the 18th International Conference on Security and Cryptography, SECRYPT 2021 / [a cura di] S. De Capitani di Vimercati, P. Samarati. - [s.l] : SciTePress, 2021. - ISBN 978-989-758-524-1. - pp. 198-209 (( Intervento presentato al 18. convegno International Conference on Security and Cryptography, SECRYPT 2021 tenutosi a Virtual, Online nel 2021 [10.5220/0010553301980209].

Formal proof of a vulnerability in Z-wave IoT protocol

M. Lilli
Primo
;C. Braghin
Secondo
;E. Riccobene
Ultimo
2021

Abstract

Nowadays, IoT (Internet of Things) devices are becoming part of our daily life. Unfortunately, many of them do not use standardized communication protocols with a provable security guarantee. The use of formal methods is, therefore, highly demanded in order to perform property verification and to prevent possible threats and accidents to users. In this paper, we propose a formal verification of the Z-Wave protocol, claimed to be one of the most secure IoT communication protocols thanks to the new S2 Security class, recently added. Specifically, our analysis targets the joining procedure of a device to the Z-Wave net. We exploit the ASMETA formal framework to model the protocol and to perform formal analysis in terms of model validation against informal documented requirements and verification of the protocol correct behaviour with respect to its security goals. The verification process revealed a vulnerability that could be used to perform a successful Man-In-The-Middle (MITM) attack compromising the secrecy of the exchanged symmetric keys.
Abstract State Machine; ASMETA; Formal Verification; IoT Security; MITM; Z-Wave Protocol
Settore INF/01 - Informatica
2021
Institute for Systems and Technologies of Information, Control and Communication (INSTICC)
Book Part (author)
03 - Contributo in volume
File in questo prodotto:
File Dimensione Formato  
secrypt2021.pdf

accesso riservato

Tipologia: Pre-print (manoscritto inviato all'editore)
Dimensione 1.03 MB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
1.03 MB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/919589
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 5
  • ???jsp.display-item.citation.isi??? 2
social impact