A Secure TFTP Protocol with Security Proofs
This addresses security vulnerabilities in TFTP for embedded devices like Wi-Fi Access Points and remote Base Stations, but it is incremental as it builds on existing encryption methods.
The authors tackled the lack of security in the Trivial File Transfer Protocol (TFTP) for smart devices by proposing an enhanced lightweight security protocol, achieving security proofs based on an IND-CCA2 attack model and introducing a novel adversary model that incorporates timing attacks.
Advances in smart devices has witnessed major developments in many mobile applications such as Android applications. These smart devices normally interconnect to the internet using wireless technology and applications using the TFTP protocol among these wireless devices are becoming commonplace. In this work, we present an enhanced lightweight security protocol for smart device and server communications using Trivial File Transfer Protocol (TFTP). We suggest the use of lightweight symmetric encryption for data encryption and asymmetric encryption for key exchange protocols in TFTP. The target implementation of secure TFTP is for embedded devices such as Wi-Fi Access Points (AP) and remote Base Stations (BS). In this paper we present the security proofs based on an attack model (IND-CCA2) for securing TFTP protocol. We also present the security reduction of SSW-ARQ protocol from Cramer-Shoup encryption scheme and fixed-time side channel security. We have also introduced a novel adversary model in IND-CCA2-(SC-TA) and it is considered a practical model because the model incorporates the timing attack.