Formal Analysis of the PKMv3 Protocol

WiMax (Worldwide Interoperability for Microwave Access, IEEE 802.16) is a standard-based wireless technology, which uses Privacy Key Management (PKM) protocol to provide authentication and key management. Three versions of PKM protocol have been released and the third one (PKMv3) strengthens the security by enhancing the message management. In this paper, a formal analysis of PKMv3 protocol is presented. Both the Subscriber Station (SS) and the Base Station (BS) are modeled as processes in our framework. Besides, we introduce an intruder model where the intruder has capabilities of overhearing, intercepting and faking messages. Discrete time describes the lifetime of the Authorization Key (AK) and the Transmission Encryption Key (TEK). Moreover, the PKMv3 model is constructed through the discrete-time PROMELA (DT-PROMELA) language and the tool DT-Spin implements the PKMv3 model with lifetime. Finally, we simulate communications between SS and BS and verify some properties, such as liveness, succession and message consistency, which are extracted from the PKMv3 protocol and specified using Linear Temporal Logic (LTL) formulae and assertions. The simulation and verification results demonstrate that the attacks may exist in our model of the PKMv3 protocol.

[1]  Reinhard Wilhelm,et al.  Modeling, Analysis, and Verification - The Formal Methods Manifesto 2010 (Dagstuhl Perspectives Workshop 10482) , 2011, Dagstuhl Manifestos.

[2]  Indranil Saha,et al.  A Finite State Analysis of Time-Triggered CAN (TTCAN) Protocol Using Spin , 2007, 2007 International Conference on Computing: Theory and Applications (ICCTA'07).

[3]  Jian Guo,et al.  Formal Verification of PKMv3 Protocol Using DT-Spin , 2015, 2015 International Symposium on Theoretical Aspects of Software Engineering.

[4]  Shankar M. Patil,et al.  Security in wimax using privacy and key management protocol , 2011, ICWET.

[5]  Maode Ma,et al.  Scalable and efficient key management for Mobile WiMAX networks , 2014, Int. J. Commun. Syst..

[6]  N. Kahya,et al.  Formal analysis of PKM using scyther tool , 2012, 2012 International Conference on Information Technology and e-Services.

[7]  Indranil Saha,et al.  A Finite State Modeling of AFDX Frame Management Using Spin , 2006, FMICS/PDMC.

[8]  Michael Devetsikiotis,et al.  A survey on next generation mobile WiMAX networks: objectives, features and technical challenges , 2009, IEEE Communications Surveys & Tutorials.

[9]  Shengchao Qin,et al.  Expressive program verification via structured specifications , 2014, International Journal on Software Tools for Technology Transfer.

[10]  Dragan Bosnacki,et al.  Discrete-Time Promela and Spin , 1998, FTRTFT.

[11]  Fan Yang Comparative Analysis on TEK Exchange between PKMv1 and PKMV2 for WiMAX , 2011, 2011 7th International Conference on Wireless Communications, Networking and Mobile Computing.

[12]  Xiaoyao Xie,et al.  Verification and research of a Wimax authentication protocol based on SSM , 2010, 2010 2nd International Conference on Education Technology and Computer.

[13]  Zhe Chen,et al.  Model checking aircraft controller software: a case study , 2015, Softw. Pract. Exp..

[14]  Valli Kumari Vatsavayi,et al.  Formal Verification of IEEE802.16m PKMv3 Protocol Using CasperFDR , 2010, ICT.

[15]  Mohammad Abdollahi Azgomi,et al.  Formal Aspects of Computing Model Checking the Observational Determinism Security Property Using Promela and Spin , 2022 .

[16]  Chin-Tser Huang,et al.  Modeling and analysis of IEEE 802.16 PKM Protocols using CasperFDR , 2008, 2008 IEEE International Symposium on Wireless Communication Systems.

[17]  Shengchao Qin,et al.  Automated verification of the FreeRTOS scheduler in Hip/Sleek , 2012, 2012 Sixth International Symposium on Theoretical Aspects of Software Engineering.

[18]  Anders P. Ravn,et al.  Formal Techniques in Real-Time and Fault-Tolerant Systems , 1994, Lecture Notes in Computer Science.

[19]  Zhe Chen,et al.  Modeling and analyzing the convergence property of the BGP routing protocol in SPIN , 2015, Telecommun. Syst..

[20]  Ahmed Taha,et al.  Formal Verification of IEEE 802.16 Security Sublayer Using Scyther Tool , 2009 .

[21]  Anjani Kumar Rai,et al.  An Improved Secure Authentication Protocol for WiMAX with Formal Verification , 2011, ACC.

[22]  Luca Pulina,et al.  Evaluating probabilistic model checking tools for verification of robot control policies , 2016, AI Commun..