Text

Analisis keamanan protokol autentikasi telemedis Zheng et al. berdasarkan trusted freshness

---

Protokol yang diusulkan oleh Zheng et al. pada tahun 2018 merupakan protokol autentikasi pada sistem telemedis. Protokol ini memiliki sifat mutual authentication, indistinguishability, dan forward security sehingga aman terhadap beberapa serangan seperti retransmission, tracking, eavesdropping, denial of service, dan man in the middle. Namun, belum terdapat penelitian yang membuktikan klaim tersebut sehingga diperlukan metode analisis untuk membuktikan keamanan pada protokol Zheng et al. Pada penelitian ini dilakukan pembuktian keamanan pada protokol menggunakan metode analisis informal dan formal belief multiset berdasarkan trusted freshness. Pada metode analisis berdasarkan trusted freshness terdapat empat aspek yang akan dianalisis yaitu liveness, confidentiality, freshness, dan association. Analisis keempat aspek tersebut bertujuan untuk membuktikan protokol memenuhi kriteria keamanan UA-Secure, MA-Secure, UK-Secure, dan MK-Secure. Hasil verifikasi belief multiset berdasarkan trusted freshness menunjukkan protokol Zheng et al. memenuhi kriteria keamanan UA-Secure pada entitas P dan D sedangkan kriteria keamanan UA-Secure (pada entitas S), MA-Secure, UK-Secure, dan MK-Secure tidak terpenuhi. Hal tersebut dikarenakan terdapat sifat liveness, confidentiality, freshness, dan association yang tidak dipenuhi oleh trusted freshness dalam protokol ini. Oleh karena itu, protokol Zheng et al. tidak terjamin bersifat aman dan memiliki kemungkinan adanya kerentanan terhadap protokol. Salah satu kerentanan terhadap protokol ini adalah serangan impersonate entitas P atau D. --

An improved authentication protocol in telemedicine system was developed by Zheng et al. in 2018. This authentication protocol has mutual authentication, indistinguishability, and forward security. It can effectively resist attacks such as retransmission, tracking, eavesdropping, man in the middle, and denial of service. The relevant security performance analysis proves that this protocol can have higher efficiency and security. The design of the improved authentication protocol in the telemedicine system needs to be proven using informal and formal methods to ensure that the protocol meets the required security criteria. In this research, we provide necessary proofs using informal and formal belief multiset based trusted freshness to verify security claims and find possible attacks in this protocol. The analysis method based on trusted freshness has four aspects of being analyzed: liveness, confidentiality, freshness, and association. The analysis of these four aspects aims to prove that the protocol meets the security criterions of UA-Secure, MA-Secure, UK-Secure, and MK-Secure. Our Security analysis results show that the protocol meets the security criterions of UA-Secure on entities P and D. Still, this protocol does not meets the security criterions of UA-Secure (on the entity S ), MA-Secure, UK-Secure, and MK-Secure. Because the trusted freshness in this protocol does not meet liveness, confidentiality, freshness, and association. Therefore, the protocols of Zheng et al. are not guaranteed to be secure and have possible vulnerabilities to the protocol. One of the vulnerabilities to this protocol is impersonating attack

---

Availability

Detail Information

Series Title

-

Call Number

2022 BAL a

Publisher

Bogor : Politeknik Siber dan Sandi Negara., 2022

Collation

xv, 77 hlm.

Language

Indonesia

ISBN/ISSN

--

Classification

--

Content Type

-

Media Type

-

Carrier Type

-

Edition

--

Subject(s)

protokol autentikasi
Belief multiset
MA-Secure
MK-Secure
UA-Secure
UK-Secure

Specific Detail Info

-

Statement of Responsibility

Balqis Tuffahati Permana

Other version/related

File Attachment

Comments

---

You must be logged in to post a comment