Security Analysis of the Secure Authentication Protocol by Means of Coloured Petri Nets
Wireless communication demands for specialized protocols secure against attacks on the radio path while fitting the limited calculation and memory capabilities of mobile terminals. To ensure accessibility of mobile services beyond a user’s home network, signing on a foreign network should be possible. The latter must be able to authenticate a user without learning any secret registration data. Chouinard et al.[DBC01] introduce the Secure Authentication Protocol for this purpose.
In this paper, an exhaustive security analysis of the protocol is presented. First, it is mapped to a coloured petri net. Then, two different intruder models are developed and integrated separately into it. The state spaces of the two nets are calculated; they each contain a set of nodes representing all reachable states. Both are examined to detect states where any security objective is violated indicating a security flaw in the protocol. As there are no such states in both nets, the protocol is proven secure.
KeywordsSecure Authentication Protocol Coloured Petri Nets Formal Protocol Verification State Space Analysis Security Analysis
- [CPN]CPN Tools Homepage, http://wiki.daimi.au.dk/cpntools/cpntools.wiki
- [DBC01]Dupré la Tour, I., van Bochmann, G., Chouinard J.-Y.: A Secure Authentication Infrastructure for Mobile Communication Services over the Internet. In: Proceedings IFIP Working Conference CMS 2001, pp. 405–416 (2001)Google Scholar
- [DoY81]Dolev, D., Yao, A.: On the Security of Public Key Protocols. In: Proceedings IEEE Symposium on Foundations of Computer Science, pp. 350–357 (1981)Google Scholar
- [Dre04]Dresp, W.: Computer-gestützte Analyse von kryptographischen Protokollen mittels gefärbter Petrinetze. Diploma Thesis, Department of Business Information Systems, University of Regensburg (2004)Google Scholar
- [DTM95]Doyle, E., Tavares, S., Meijer, H.: Automated Security Analysis of Cryptographic Protocols Using Coloured Petri Net Specifications. In: Workshop on Selected Areas in Cryptography, SAC 1995 Workshop Record, pp. 35–48 (1995)Google Scholar
- [DTM96]Doyle, E., Tavares, S., Meijer, H.: Computer Analysis of Cryptographic Protocols Using Coloured Petri Nets. In: 18th Biennial Symposium on Communication, Kingston, Ontario, pp. 194–199 (1996)Google Scholar