The use of Trusted Platform Module (TPM) is becoming increasingly popular in many security systems. To access objects protected by TPM (such as cryptographic keys), several cryptographic protocols, such as the Object Specific Authorization Protocol (OSAP), can be used. Given the sensitivity and the importance of those objects protected by TPM, the security of this protocol is vital. Formal methods allow a precise and complete analysis of cryptographic protocols such that their security properties can be asserted with high assurance. Unfortunately, formal verification of these protocols are limited, despite the abundance of formal tools that one can use. In this paper, we demonstrate the use of Coloured Petri Nets (CPN) - a type of formal technique, to formally model the OSAP. Using this model, we then verify the authentication property of this protocol using the state space analysis technique. The results of analysis demonstrates that as reported by Chen and Ryan the authentication property of OSAP can be violated.
|Cite as: Seifi, Y., Suriadi, S., Foo, E. and Boyd, C. (2012). Analysis of Object-Specific Authorization Protocol (OSAP) using Coloured Petri Nets. In Proc. Australasian Information Security Conference (AISC 2012) Melbourne, Australia. CRPIT, 125. Pieprzyk, J.and Thomborson, C. Eds., ACS. 47-58 |
(local if available)