Conferences in Research and Practice in Information Technology
  

Online Version - Last Updated - 20 Jan 2012

 

 
Home
 

 
Procedures and Resources for Authors

 
Information and Resources for Volume Editors
 

 
Orders and Subscriptions
 

 
Published Articles

 
Upcoming Volumes
 

 
Contact Us
 

 
Useful External Links
 

 
CRPIT Site Search
 
    

Analysis of Object-Specific Authorization Protocol (OSAP) using Coloured Petri Nets

Seifi, Y., Suriadi, S., Foo, E. and Boyd, C.

    The use of Trusted Platform Module (TPM) is becoming increasingly popular in many security systems. To access objects protected by TPM (such as cryptographic keys), several cryptographic protocols, such as the Object Specific Authorization Protocol (OSAP), can be used. Given the sensitivity and the importance of those objects protected by TPM, the security of this protocol is vital. Formal methods allow a precise and complete analysis of cryptographic protocols such that their security properties can be asserted with high assurance. Unfortunately, formal verification of these protocols are limited, despite the abundance of formal tools that one can use. In this paper, we demonstrate the use of Coloured Petri Nets (CPN) - a type of formal technique, to formally model the OSAP. Using this model, we then verify the authentication property of this protocol using the state space analysis technique. The results of analysis demonstrates that as reported by Chen and Ryan the authentication property of OSAP can be violated.
Cite as: Seifi, Y., Suriadi, S., Foo, E. and Boyd, C. (2012). Analysis of Object-Specific Authorization Protocol (OSAP) using Coloured Petri Nets. In Proc. Australasian Information Security Conference (AISC 2012) Melbourne, Australia. CRPIT, 125. Pieprzyk, J.and Thomborson, C. Eds., ACS. 47-58
pdf (from crpit.com) pdf (local if available) BibTeX EndNote GS