Formally Analysing a Security Protocol for Replay Attacks

Sydney, Australia April 18-April 21

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ASWEC.2006.30

Australian Software Engineering Confe ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Benjamin W. Long Articles by Colin J. Fidge

	ASCII Text	x
	Benjamin W. Long, Colin J. Fidge, "Formally Analysing a Security Protocol for Replay Attacks," Australian Software Engineering Conference, pp. 171-180, Australian Software Engineering Conference (ASWEC'06), 2006.

	BibTex	x
	@article{ 10.1109/ASWEC.2006.30, author = {Benjamin W. Long and Colin J. Fidge}, title = {Formally Analysing a Security Protocol for Replay Attacks}, journal ={Australian Software Engineering Conference}, volume = {0}, year = {2006}, issn = {1530-0803}, pages = {171-180}, doi = {http://doi.ieeecomputersociety.org/10.1109/ASWEC.2006.30}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Australian Software Engineering Conference TI - Formally Analysing a Security Protocol for Replay Attacks SN - 1530-0803 SP171 EP180 A1 - Benjamin W. Long, A1 - Colin J. Fidge, PY - 2006 KW - null VL - 0 JA - Australian Software Engineering Conference ER -

Benjamin W. Long, University of Queensland, 4072, Australia

Colin J. Fidge, Queensland University of Technology, 4001, Australia

The Kerberos-One-Time protocol is a key distribution protocol promoted for use with Javacards to provide secure communication over the GSM mobile phone network. From inspection we suspected a replay attack was possible on the protocol. To check this, we formally specified the protocol using Object-Z and then analysed its behaviour in the presence of an attacker using the Symbolic Analysis Laboratory?s model checker. To produce accurate results efficiently, our formalism included an abstraction of the protocol?s data structures that captured just those characteristics that we believed made the protocol vulnerable. Ultimately, the model checker?s analysis confirmed our suspicions about the protocol?s weakness.

Citation:

Benjamin W. Long, Colin J. Fidge, "Formally Analysing a Security Protocol for Replay Attacks," aswec, pp.171-180, Australian Software Engineering Conference (ASWEC'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.