Using Model-Checking to Reveal a Vulnerability of Tamper-Evident Pairing

  • Rody Kersten
  • Bernard van Gastel
  • Manu Drijvers
  • Sjaak Smetsers
  • Marko van Eekelen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7871)


Wi-Fi Protected Setup is an attempt to simplify configuration of security settings for Wi-Fi networks. It offers, among other methods, Push-Button Configuration (PBC) for devices with a limited user-interface. There are however some security issues in PBC. A solution to these issues was proposed in the form of Tamper-Evident Pairing (TEP).

TEP is based on the Tamper-Evident Announcement (TEA), in which a device engaging in the key agreement not only sends a payload containing its Diffie-Hellmann public key, but also sends a hash of this payload in a special, trustedly secure manner. The idea is that thanks to the special way in which the hash is sent, the receiver can tell whether or not the hash was altered by an adversary and if necessary reject it.

Several parameters needed for implementation of TEP have been left unspecified by its authors. Verification of TEA using the Spin model-checker has revealed that the value of these parameters is critical for the security of the protocol. The implementation decision can break the resistance of TEP against man-in-the-middle attacks. We give appropriate values for these parameters and show how model-checking was applied to retrieve these values.


Security Model-checking Spin Wi-Fi Protected Setup Tamper-Evident Pairing 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Hankes Drielsma, P., Heám, P.C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Armando, A., Carbone, R., Compagna, L.: LTL model checking for security protocols. Journal of Applied Non-Classical Logics 19(4), 403–429 (2009)MathSciNetzbMATHCrossRefGoogle Scholar
  3. 3.
    Bengtsson, J., Larsen, K., Larsson, F., Pettersson, P., Yi, W.: uppaal — a Tool Suite for Automatic Verification of Real–Time Systems. In: Alur, R., Sontag, E.D., Henzinger, T.A. (eds.) HS 1995. LNCS, vol. 1066, pp. 232–243. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  4. 4.
    Blanchet, B.: An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In: 14th IEEE Computer Security Foundations Workshop (CSFW-14), Cape Breton, Nova Scotia, Canada, pp. 82–96. IEEE Computer Society (June 2001)Google Scholar
  5. 5.
    Bošnacki, D., Dams, D.: Integrating real time into Spin: a prototype implementation. In: Bošnacki, D. (ed.) Enhancing State Space Reduction Techniques for Model Checking. Technische Universiteit Eindhoven (1998)Google Scholar
  6. 6.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)MathSciNetzbMATHCrossRefGoogle Scholar
  7. 7.
    Drijvers, M.: Model checking Tamper-Evident Pairing. Bachelor thesis, Radboud University Nijmegen (2012)Google Scholar
  8. 8.
    Gollakota, S., Ahmed, N., Zeldovich, N., Katabi, D.: Secure in-band wireless pairing. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011. USENIX Association, Berkeley (2011)Google Scholar
  9. 9.
    Holzmann, G.: The model checker Spin. IEEE Transactions on Software Engineering 23(5), 279–295 (1997)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Kainda, R., Flechais, I., Roscoe, A.W.: Usability and security of out-of-band channels in secure device pairing protocols. In: Proceedings of the 5th Symposium on Usable Privacy and Security, pp. 11:1–11:12. ACM, New York (2009)Google Scholar
  11. 11.
    Kobsa, A., Sonawalla, R., Tsudik, G., Uzun, E., Wang, Y.: Serial hook-ups: a comparative usability study of secure device pairing methods. In: Proceedings of the 5th Symposium on Usable Privacy and Security, pp. 10:1–10:12. ACM, New York (2009)Google Scholar
  12. 12.
    Kuo, C., Walker, J., Perrig, A.: Low-cost manufacturing, usability, and security: An analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol. 4886, pp. 325–340. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  13. 13.
    Lowe, G.: Towards a completeness result for model checking of security protocols. In: Proceedings of the 11th IEEE Computer Security Foundations Workshop, pp. 96–105 (June 1998)Google Scholar
  14. 14.
    Martin, M., Lam, M.S.: Automatic generation of XSS and SQL injection attacks with goal-directed model checking. In: Proceedings of the 17th Conference on Security Symposium, SS 2008, pp. 31–43. USENIX Association (2008)Google Scholar
  15. 15.
    Martinelli, F.: Partial model checking and theorem proving for ensuring security properties. In: Proceedings of the 11th IEEE Computer Security Foundations Workshop, pp. 44–52 (1998)Google Scholar
  16. 16.
    Mayrhofer, R., Gellersen, H.: On the security of ultrasound as out-of-band channel. In: IEEE International Parallel and Distributed Processing Symposium, IPDPS 2007, pp. 1–6 (March 2007)Google Scholar
  17. 17.
    Mayrhofer, R., Gellersen, H., Hazas, M.: Security by spatial reference: Using relative positioning to authenticate devices for spontaneous interaction. In: Krumm, J., Abowd, G.D., Seneviratne, A., Strang, T. (eds.) UbiComp 2007. LNCS, vol. 4717, pp. 199–216. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    Mayrhofer, R., Welch, M.: A human-verifiable authentication protocol using visible laser light. In: The Second International Conference on Availability, Reliability and Security, ARES 2007, pp. 1143–1148 (April 2007)Google Scholar
  19. 19.
    Ritchey, R., Ammann, P.: Using model checking to analyze network vulnerabilities. In: Proceedings of the 2000 IEEE Symposium on Security and Privacy, S P 2000, pp. 156–165 (2000)Google Scholar
  20. 20.
    Saxena, N., Ekberg, J.-E., Kostiainen, K., Asokan, N.: Secure device pairing based on a visual channel. In: 2006 IEEE Symposium on Security and Privacy, pp. 306–313 (May 2006)Google Scholar
  21. 21.
    Schwarz, B., Chen, H., Wagner, D., Morrison, G., West, J., Lin, J., Tu, W.: Model checking an entire Linux distribution for security violations. In: 21st Annual Computer Security Applications Conference, pp. 10–22 (2005)Google Scholar
  22. 22.
    Smetters, D.B., Balfanz, D., Smetters, D.K., Stewart, P., Wong, H.C.: Talking to strangers: Authentication in ad-hoc wireless networks (2002)Google Scholar
  23. 23.
    Stajano, F., Anderson, R.: The resurrecting duckling: security issues for ubiquitous computing. Computer 35(4), 22–26 (2002)CrossRefGoogle Scholar
  24. 24.
    Suomalainen, J., Valkonen, J., Asokan, N.: Security associations in personal networks: A comparative analysis. In: Stajano, F., Meadows, C., Capkun, S., Moore, T. (eds.) ESAS 2007. LNCS, vol. 4572, pp. 43–57. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  25. 25.
    Viehböck, S.: Brute forcing Wi-Fi protected setup,
  26. 26.
    Ware, C., Judge, J., Chicharo, J., Dutkiewicz, E.: Unfairness and capture behaviour in 802.11 adhoc networks. In: 2000 IEEE International Conference on Communications, ICC 2000, vol. 1, pp. 159–163 (2000)Google Scholar
  27. 27.
    Wi-Fi Alliance: Wi-Fi Protected Setup Specification, version 1.0h (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Rody Kersten
    • 1
  • Bernard van Gastel
    • 2
  • Manu Drijvers
    • 1
  • Sjaak Smetsers
    • 1
  • Marko van Eekelen
    • 1
    • 2
  1. 1.Institute for Computing and Information SciencesRadboud University NijmegenThe Netherlands
  2. 2.School of Computer ScienceOpen University of the NetherlandsThe Netherlands

Personalised recommendations