Automatic verification of finite-state concurrent systems using temporal logic specifications
ACM Transactions on Programming Languages and Systems (TOPLAS)
An attack on the Needham-Schroeder public-key authentication protocol
Information Processing Letters
A Brief Introduction to Coloured Petri Nets
TACAS '97 Proceedings of the Third International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Casper: A Compiler for the Analysis of Security Protocols
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Athena: a New Efficient Automatic Checker for Security Protocol Analysis
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
PRISM 2.0: A Tool for Probabilistic Model Checking
QEST '04 Proceedings of the The Quantitative Evaluation of Systems, First International Conference
Modeling and verification of cryptographic protocols using coloured petri nets and design/CPN
Nordic Journal of Computing
Coloured Petri Nets and CPN Tools for modelling and validation of concurrent systems
International Journal on Software Tools for Technology Transfer (STTT)
The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
ASAP: An Extensible Platform for State Space Analysis
PETRI NETS '09 Proceedings of the 30th International Conference on Applications and Theory of Petri Nets
Automated Security Protocol Analysis With the AVISPA Tool
Electronic Notes in Theoretical Computer Science (ENTCS)
Attack, solution and verification for shared authorisation data in TCG TPM
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
On the security of public key protocols
IEEE Transactions on Information Theory
Hi-index | 0.00 |
The use of Trusted Platform Module (TPM) is becoming increasingly popular in many security systems. To access objects protected by TPM (such as cryptographic keys), several cryptographic protocols, such as the Object Specific Authorization Protocol (OSAP), can be used. Given the sensitivity and the importance of those objects protected by TPM, the security of this protocol is vital. Formal methods allow a precise and complete analysis of cryptographic protocols such that their security properties can be asserted with high assurance. Unfortunately, formal verification of these protocols are limited, despite the abundance of formal tools that one can use. In this paper, we demonstrate the use of Coloured Petri Nets (CPN) - a type of formal technique, to formally model the OSAP. Using this model, we then verify the authentication property of this protocol using the state space analysis technique. The results of analysis demonstrates that as reported by Chen and Ryan the authentication property of OSAP can be violated.