Il Gon Kim

Formal verification of PAP and EAP-MD5 protocols in wireless networks: FDR model checking

IEEE 802.1x and authentication server based security protocols are mainly used for enhancing security of wireless networks. We specify PAP and EAP-MD5 based security protocols formally with Casper and CSP, and then verify their security properties such as secrecy and authentication using FDR. We also show that they are vulnerable to the man-in-the-middle attack. Finally we discuss their security weakness and potential countermeasures related to PAP and EAP-MD5 protocols.

Analysis and Modification of ASK Mobile Security Protocol

Generally, security protocols have been designed and verified using informal techniques. In the result, it is now well recognized that many security protocols which were previously proposed have found to be vulnerable later on. In this paper, we model and verify of the ASK protocol, which is a complicated mobile security protocol. After showing the vulnerability of the ASK protocol using formal verification approach, we propose a modification, and then show that the new protocol is secure against replay attack

Model Checking of RADIUS Protocol in Wireless Networks

Authentication server based security protocols are mainly used for enhancing security of wireless networks. In this paper, we specify RADIUS security protocol in wireless networks with Casper and CSP, and then verify their security properties such as secrecy and authentication using FDR. We also show that RADIUS protocol is vulnerable to the man-in-the-middle attack. In addition, we discuss its security weakness and potential countermeasures related with RADIUS. Finally, we fix it and propose a modified RADIUS protocol against the man-in-the-middle attack.

Security and privacy analysis of RFID systems using model checking

Radio frequency identification (RFID) is expected to become an important and ubiquitous infrastructure technology. As RFID tags are affixed to all items, they may be used to support various useful services. However, this pervasive use of RFID tags opens up the possibility for various attacks violating user privacy and authentication among communication participants. Security mechanisms for RFID systems will be therefore of utmost important. In this paper, we describe problems of previous works on RFID security protocol and specify several known attacks with Casper, CSP and then verify their security properties such as secrecy and authentication using FDR model checking tool. Finally, we propose an RFID security protocol based on strong authenticaion that guarantees data privacy and authentication between a tag and a reader.

Model-Based analysis of money accountability in electronic purses

The Common Electronic Purse Specifications (CEPS) define requirements for all components needed by an organization to implement a globally interoperable electronic purse program. In this paper we describe how we model purchase transaction protcol in CEPS using formal specification language. We define and verify the money accountability property of the CEPS, and we address its violation scenario in the presence of communication network failures. Using model checking technique we find that transaction record stored in the trusted-third party plays a essential role in satisfying the accountability property.

Analyzing the Application of E-Commerce inWireless Network

Owing to the explosive growth of the Internet, various electronic payment systems have been studied and suggested. The security of electronic payment protocols is of particular interest to researchers in academia and industry. However, current electronic cash protocols are not offering adequate security of user information. The BCY protocols (Beller, Chang, and Yacov) are electronic commerce protocols using a certificate in a wireless network. The core of BCY is a set of electronic transactions that reflect common trading activities such as purchasing goods or depositing funds. We use FDR (failure divergence refinements) to verify BCY protocols. Our aim in this paper is to design a practical electronic payment protocol which is secure in wireless circumstances

Secrecy Analysis of Purchase Transaction in Electronic Purses

The common electronic purse specifications (CEPS) was created as a globally interoperable electronic purse standard. However, it is also well known that numerous significant errors have been found in the design of e-commerce protocols. In this paper model-based verification using Casper, CSP and FDR is addressed, demonstrating how the secrecy properties in the CEPS can be achieved. Vulnerabilities are confirmed and its countermeasure are mentioned. In addition, we confirmed that model-based verification techniques should help identify and analyze error in the design of e-commerce protocols