International Conference on Formal Techniques for Networked and Distributed Systems

FORTE 2008: Formal Techniques for Networked and Distributed Systems – FORTE 2008 pp 305-323

Using SPIN to Detect Vulnerabilities in the AACS Drive-Host Authentication Protocol

  • Wei Wang
  • Dongyao Ji
Conference paper

DOI: 10.1007/978-3-540-68855-6_20

Volume 5048 of the book series Lecture Notes in Computer Science (LNCS)

Abstract

In this paper, we use SPIN, a model checker for LTL, to detect vulnerabilities in the AACS drive-host authentication protocol. Before the detection, we propose a variant of the Dolev-Yao attacker model [4] and incorporate the synthesis and analysis rules [7] to formalize the protocol and the intruder capabilities. During the detection, we check the authenticity of the protocol and identify a few weaknesses. Besides, we propose a novel collusion attack that seriously threaten the security of the protocol, and build a corresponding LTL formula. Based on the formula, SPIN detects a few relevant attack instances in the original scheme of the authentication protocol and a modified scheme advanced in [5].

Keywords

AACSSPINModel CheckerLTLAuthenticityCollusion Attack
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Wei Wang
    • 1
  • Dongyao Ji
    • 1
  1. 1.The State Key Laboratory of Information SecurityGraduate University of Chinese Academy of ScienceBeijingP.R. China