Analysis of object-specific authorization protocol (OSAP) using coloured petri nets

Authors:
Younes Seifi;Suriadi Suriadi;Ernest Foo;Colin Boyd
Affiliations:
Queensland University of Technology (QUT) Brisbane, Australia and Bu-Ali Sina University, Hamadan, Iran;Queensland University of Technology (QUT) Brisbane, Australia;Queensland University of Technology (QUT) Brisbane, Australia;Queensland University of Technology (QUT) Brisbane, Australia
Venue:
AISC '12 Proceedings of the Tenth Australasian Information Security Conference - Volume 125
Year:
2012

Citing 14
Cited 0

Automatic verification of finite-state concurrent systems using temporal logic specifications

ACM Transactions on Programming Languages and Systems (TOPLAS)
An attack on the Needham-Schroeder public-key authentication protocol

Information Processing Letters
A Brief Introduction to Coloured Petri Nets

TACAS '97 Proceedings of the Third International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Casper: A Compiler for the Analysis of Security Protocols

CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Athena: a New Efficient Automatic Checker for Security Protocol Analysis

CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
PRISM 2.0: A Tool for Probabilistic Model Checking

QEST '04 Proceedings of the The Quantitative Evaluation of Systems, First International Conference
Modeling and verification of cryptographic protocols using coloured petri nets and design/CPN

Nordic Journal of Computing
Coloured Petri Nets and CPN Tools for modelling and validation of concurrent systems

International Journal on Software Tools for Technology Transfer (STTT)
The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols

CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
ASAP: An Extensible Platform for State Space Analysis

PETRI NETS '09 Proceedings of the 30th International Conference on Applications and Theory of Petri Nets
Automated Security Protocol Analysis With the AVISPA Tool

Electronic Notes in Theoretical Computer Science (ENTCS)
Attack, solution and verification for shared authorisation data in TCG TPM

FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
On the security of public key protocols

IEEE Transactions on Information Theory

Quantified Score

Hi-index	0.00

Visualization

Abstract

The use of Trusted Platform Module (TPM) is becoming increasingly popular in many security systems. To access objects protected by TPM (such as cryptographic keys), several cryptographic protocols, such as the Object Specific Authorization Protocol (OSAP), can be used. Given the sensitivity and the importance of those objects protected by TPM, the security of this protocol is vital. Formal methods allow a precise and complete analysis of cryptographic protocols such that their security properties can be asserted with high assurance. Unfortunately, formal verification of these protocols are limited, despite the abundance of formal tools that one can use. In this paper, we demonstrate the use of Coloured Petri Nets (CPN) - a type of formal technique, to formally model the OSAP. Using this model, we then verify the authentication property of this protocol using the state space analysis technique. The results of analysis demonstrates that as reported by Chen and Ryan the authentication property of OSAP can be violated.