• DocumentCode
    1567708
  • Title

    Formally analysing a security protocol for replay attacks

  • Author

    Long, Benjamin W. ; Fidge, Colin J.

  • Author_Institution
    Sch. of Inf. Technol. & Electr. Eng., Queensland Univ., Qld.
  • fYear
    2006
  • Lastpage
    180
  • Abstract
    The Kerberos-One-Time protocol is a key distribution protocol promoted for use with Javacards to provide secure communication over the GSM mobile phone network. From inspection we suspected a replay attack was possible on the protocol. To check this, we formally specified the protocol using Object-Z and then analysed its behaviour in the presence of an attacker using the symbolic analysis laboratory´s model checker. To produce accurate results efficiently, our formalism included an abstraction of the protocol´s data structures that captured just those characteristics that we believed made the protocol vulnerable. Ultimately, the model checker´s analysis confirmed our suspicions about the protocol´s weakness
  • Keywords
    Java; data structures; formal specification; formal verification; mobile radio; object-oriented languages; protocols; specification languages; telecommunication security; GSM mobile phone network; Javacards; Kerberos-One-Time protocol; Object-Z language; formal specification; key distribution protocol; protocol data structure; replay attacks; secure communication; security protocol; symbolic analysis laboratory model checker; Access protocols; Australia; Data security; Data structures; Formal specifications; GSM; Inspection; Java; Mobile handsets; Software engineering;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Software Engineering Conference, 2006. Australian
  • Conference_Location
    Sydney, NSW
  • ISSN
    1530-0803
  • Print_ISBN
    0-7695-2551-2
  • Type

    conf

  • DOI
    10.1109/ASWEC.2006.30
  • Filename
    1615050
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1567708