Formal Proof of a Vulnerability in Z-Wave IoT Protocol

Mario Lilli; Chiara Braghin; Elvinia Riccobene

doi:10.5220/0010553301980209

Formal Proof of a Vulnerability in Z-Wave IoT Protocol

Mario Lilli, Chiara Braghin, Elvinia Riccobene

2021

Abstract

Nowadays, IoT (Internet of Things) devices are becoming part of our daily life. Unfortunately, many of them do not use standardized communication protocols with a provable security guarantee. The use of formal methods is, therefore, highly demanded in order to perform property verification and to prevent possible threats and accidents to users. In this paper, we propose a formal verification of the Z-Wave protocol, claimed to be one of the most secure IoT communication protocols thanks to the new S2 Security class, recently added. Specifically, our analysis targets the joining procedure of a device to the Z-Wave net. We exploit the ASMETA formal framework to model the protocol and to perform formal analysis in terms of model validation against informal documented requirements and verification of the protocol correct behaviour with respect to its security goals. The verification process revealed a vulnerability that could be used to perform a successful Man-In-The-Middle (MITM) attack compromising the secrecy of the exchanged symmetric keys.

Download

Paper Citation

in Harvard Style

Lilli M., Braghin C. and Riccobene E. (2021). Formal Proof of a Vulnerability in Z-Wave IoT Protocol. In Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-524-1, pages 198-209. DOI: 10.5220/0010553301980209

in Bibtex Style

@conference{secrypt21,
author={Mario Lilli and Chiara Braghin and Elvinia Riccobene},
title={Formal Proof of a Vulnerability in Z-Wave IoT Protocol},
booktitle={Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2021},
pages={198-209},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010553301980209},
isbn={978-989-758-524-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - Formal Proof of a Vulnerability in Z-Wave IoT Protocol
SN - 978-989-758-524-1
AU - Lilli M.
AU - Braghin C.
AU - Riccobene E.
PY - 2021
SP - 198
EP - 209
DO - 10.5220/0010553301980209