A Coloured Petri Net Methodology and Library for Security Analysis of Network Protocols

Formal methods are often used to prove properties of network protocols, including required security properties. However for a protocol modeller the techniques available for security analysis often require expert knowledge of the technique. Also the tight coupling of protocol model and security attacks limit re-use of models. With Coloured Petri nets as the selected formal method, this paper proposes a methodology to support a modeller in performing security analysis of a protocol. The methodology enhances the re-usability, extendability and readability of protocol and attack models, with the aim of simplifying the tasks of the modeller. Key to the methodology is the decoupling of the protocol and attack models by using the hierarchical structure of Coloured Petri nets. Also a library of attack modules is developed based on Dolev-Yao assumptions; the modules can be composed to create complex attacks and re-used across different protocols. To demonstrate the methodology, a case study analysing the ZigBee RF4CE pairing protocol is presented. The case study shows the ease at which attacks can be integrated and how the methodology addresses the state space explosion problem. The impact of two attacks on the ZigBee protocol are analysed, showing several scenarios which lead to a mismatch in state at the ZigBee devices.

[1]  Catherine A. Meadows,et al.  Formal methods for cryptographic protocol analysis: emerging issues and trends , 2003, IEEE J. Sel. Areas Commun..

[2]  Jason Smith,et al.  Modeling and Verification of Privacy Enhancing Protocols , 2009, ICFEM.

[3]  Kyandoghere Kyamakya,et al.  Modelling and performance analysis of a novel position-based reliable unicast and multicast routing method using coloured Petri nets , 2003, 2003 IEEE 58th Vehicular Technology Conference. VTC 2003-Fall (IEEE Cat. No.03CH37484).

[4]  Yang Xu,et al.  Modeling and Analysis of Security Protocols Using Colored Petri Nets , 2011, J. Comput..

[5]  Jonathan Billington,et al.  Verification of a Revised WAP Wireless Transaction Protocol , 2002, ICATPN.

[6]  Lin Liu,et al.  Uncovering SIP Vulnerabilities to DoS Attacks Using Coloured Petri Nets , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[7]  Branislav Sobota,et al.  Performance analysis of processes by automated simulation of Coloured Petri nets , 2010, 2010 10th International Conference on Intelligent Systems Design and Applications.

[8]  Steven Gordon,et al.  Verification of the FlexRay Transport Protocol for AUTOSAR In-Vehicle Communications , 2010 .

[9]  Fulvio Babich,et al.  Formal methods for specification and analysis of communication protocols , 2002, IEEE Communications Surveys & Tutorials.

[10]  Gavin Lowe,et al.  Some new attacks upon security protocols , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[11]  Lian-zhang Zhu,et al.  Queuing Network Models Analysis Based on CPN , 2009, 2009 Second International Conference on Information and Computing Science.

[12]  Jonathan Billington,et al.  Verification of the Capability Exchange Signalling protocol , 2007, International Journal on Software Tools for Technology Transfer.

[13]  Shigong Long Analysis of Concurrent Security Protocols Using Colored Petri Nets , 2009, 2009 International Conference on Networking and Digital Society.

[14]  Lars Michael Kristensen,et al.  Coloured Petri Nets - Modelling and Validation of Concurrent Systems , 2009 .

[15]  Yongyuth Permpoontanalarp,et al.  On-the-Fly Trace Generation and Textual Trace Analysis and Their Applications to the Analysis of Cryptographic Protocols , 2010, FMOODS/FORTE.

[16]  Jonathan Billington,et al.  A Coloured Petri Net Approach to Protocol Verification , 2003, Lectures on Concurrency and Petri Nets.

[17]  Ridha Khédri,et al.  Modeling and Verification of Cryptographic Protocols Using Coloured Petri Nets and Design/CPN , 2005, Nord. J. Comput..

[18]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).