Fine-Grained, Privacy-Augmenting LI-Compliance in the LAKE Standard
摘要
The Internet Engineering Task Force and its LAKE working group standardized the Ephemeral Diffie-Hellman over COSE (EDHOC) authenticated key-exchange protocol for use in constrained Internet of Things deployments. The use cases include cellular networks, such as NB-IoT, but also non-cellular networks such as 6TiSCH, and LoRaWAN. As a result of its use in cellular networks, EDHOC will be subject to Lawful Interception (LI), which allows a group of authorities to break, if equipped with a warrant, the end-to-end (E2E) security of the channel established through EDHOC. Current implementations of EDHOC would only allow lawful interception by using the cellular network operator as a legitimate endpoint, essentially running a Person-in-the-Middle attack against the protocol. In this work, we focus on a privacy-preserving, fine-grained LI-compliant modification of EDHOC for all four authentication methods that this protocol currently supports. We achieve this via a careful white-box composition of EDHOC with the Lawful Interception Key-Exchange approach of Arfaoui et al. (ESORICS 2021) and Bultel and Onete (SAC 2022). Our resulting construction not only achieves strong key-security, but also non-frameability, and LI-compliance, without breaking the identity-protection property of EDHOC. Our implementation results show that, while LIKE adds an overhead to a standard EDHOC implementation in Rust, the resulting protocol remains practical while achieving much better privacy and LI-compliance.