Using SPIN to Detect Vulnerabilities in the AACS Drive-Host Authentication Protocol
- Cite this paper as:
- Wang W., Ji D. (2008) Using SPIN to Detect Vulnerabilities in the AACS Drive-Host Authentication Protocol. In: Suzuki K., Higashino T., Yasumoto K., El-Fakih K. (eds) Formal Techniques for Networked and Distributed Systems – FORTE 2008. FORTE 2008. Lecture Notes in Computer Science, vol 5048. Springer, Berlin, Heidelberg
In this paper, we use SPIN, a model checker for LTL, to detect vulnerabilities in the AACS drive-host authentication protocol. Before the detection, we propose a variant of the Dolev-Yao attacker model  and incorporate the synthesis and analysis rules  to formalize the protocol and the intruder capabilities. During the detection, we check the authenticity of the protocol and identify a few weaknesses. Besides, we propose a novel collusion attack that seriously threaten the security of the protocol, and build a corresponding LTL formula. Based on the formula, SPIN detects a few relevant attack instances in the original scheme of the authentication protocol and a modified scheme advanced in .