A Secure TFTP Protocol with Security Proofs

TL;DR

This paper proposes a lightweight, secure TFTP protocol with formal security proofs, suitable for embedded smart devices, incorporating encryption techniques and a novel adversary model considering timing attacks.

Contribution

It introduces a secure TFTP protocol with formal security proofs, including a new adversary model that accounts for timing attacks, tailored for embedded device applications.

Findings

Security proofs based on attack model IND-CCA2

Reduction of SSW-ARQ protocol security from Cramer-Shoup scheme

Inclusion of timing attack considerations in adversary model

Abstract

Advances in smart devices has witnessed major developments in many mobile applications such as Android applications. These smart devices normally interconnect to the internet using wireless technology and applications using the TFTP protocol among these wireless devices are becoming commonplace. In this work, we present an enhanced lightweight security protocol for smart device and server communications using Trivial File Transfer Protocol (TFTP). We suggest the use of lightweight symmetric encryption for data encryption and asymmetric encryption for key exchange protocols in TFTP. The target implementation of secure TFTP is for embedded devices such as Wi-Fi Access Points (AP) and remote Base Stations (BS). In this paper we present the security proofs based on an attack model (IND-CCA2) for securing TFTP protocol. We also present the security reduction of SSW-ARQ protocol from Cramer-Shoup encryption scheme and fixed-time side channel security. We have also introduced a novel adversary model in IND-CCA2-(SC-TA) and it is considered a practical model because the model incorporates the timing attack.