Score:0

Designing a CRAM protocol for mutual authentication in constrained devices

us flag

We are currently designing a simple Challenge-Response Authentication Mechanism (CRAM) protocol based on symmetric cryptography that would be used on the constrained embedded devices that would operate in a closed short-range network.

Mutual authentication is desired. The security capabilities offered by the devices are for now unknown. Hence, we are focusing primarily on only using the AES protocol during the authentication. In case we can also use the e.g., a MAC protocol, we would extend it during the afterwards secure channel communication.

We assume that both devices have the appropriate symmetric keys. Challenges (chg_x) are intended to be 16 bytes and randomly generated using a true RNG.

The sequence flow of the protocol would be:

  • $A \rightarrow B : id_A, chg_A $
  • $A \leftarrow B : id_B, enc(chg_A), enc(chg_B)$
  • $A \rightarrow B : dec(enc(chg_B))$

The device $A$ would verify its challenge during the reply and also decrypt and send the challenge from the other device. The encryption on the device $B$ of its challenge $chg_B$ is done to avoid reflection attacks as indicated in this question.

For the secure channel afterwards, we would plan to use a $ KDF(K||chg_A) $ to derive session keys.

My questions are:

  • would this protocol be sufficient for the intended scenario or is still vulnerable to some other attacks?
  • is it still desirable to also have Hash or MAC during the authentication in some capacity to alleviate potential threats?
Martin Thompson avatar
za flag
I would not use Encryption for authentication... I would use a MAC (if you have AES you can use CMAC) - a MAC is designed to provide authenticity, whereas Encryption is designed to give Confidentiality. Also, avoiding encryption avoids some export control hassle. See also https://crypto.stackexchange.com/questions/5788/efficient-symmetric-mutual-entity-authentication-protocol?rq=1
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.