Skip to main content
SpringerLink
Log in

A General Framework of Nonleakage-Based Authentication Using CSP for the Internet of Things

  • Conference paper
Web Technologies and Applications (APWeb 2014)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 8710))

Included in the following conference series:

  • 1662 Accesses

Abstract

Authentication is a slippery and important security property related to verify the identity and authenticity of someone or something, its formal definition is one key aspect of the research into authentication. The existing proposed formal definitions of authentication are not widely agreed upon. Moreover, these definitions cannot reach the requirements of diverse security and privacy in the Internet of Things(IoTs). In this paper, with introducing the notion of non-leakage, we proposed a general framework of authentication property in CSP for the Internet of Things. In the framework, we defined three forms of authentication - entity authentication, action authentication and claim authentication- and three strength levels for each form - weak, non-injective and injective level. We formalized each definition using the process algebra CSP. The framework can easily express different security requirements of the IoTs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Li, S., Xu, L., Zhao, S.: The internet of things: a survey. Information Systems Frontiers, 1–17 (2014)

    Google Scholar 

  2. Ahmed, N., Jensen, C.D.: Definition of entity authentication. In: Proc. of 2010 2nd International Workshop on Security and Communication Networks (IWSCN), pp. 1–7 (2010)

    Google Scholar 

  3. Focardi, R., Gorrieri, R., Martinelli, F.: A comparison of three authentication properties. Theoretical Computer Science 291(3), 285–327 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  4. Burrows, M., Abadi, M., Needham, R.M.: A Logic of Authentication. Proc. of the Royal Society of London. Series A. Mathematical and Physical Sciences 426(1871), 233–271 (1989)

    Article  MATH  MathSciNet  Google Scholar 

  5. Gollmann, D.: What do we mean by entity authentication? In: Proc. of 1996 IEEE Symposium on Security and Privacy, pp. 46–54 (1996)

    Google Scholar 

  6. Focardi, R., Gorrieri, R., Martinelli, F.: Message Authentication through Non Interference. In: Rus, T. (ed.) AMAST 2000. LNCS, vol. 1816, pp. 258–272. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  7. Lowe, G.: A hierarchy of authentication specifications. In: Proc. of the 10th IEEE Workshop on Computer Security Foundations, Rockport, MA, USA, pp. 31–43 (1997)

    Google Scholar 

  8. Kurkowski, M., Srebrny, M.: A Quantifier-free First-order Knowledge Logic of Authentication. Fundamenta Informaticae 72(1), 263–282 (2006)

    MATH  MathSciNet  Google Scholar 

  9. Schneider, S.: Security properties and CSP. In: Proc. of 1996 IEEE Symposium on Security and Privacy, pp. 174–187 (1996)

    Google Scholar 

  10. Zhou, J.Y., Gollmann, D.: A fair non-repudiation protocol. In: Proc. of 1996 IEEE Symposium on Security and Privacy, pp. 55–61 (1996)

    Google Scholar 

  11. Focardi, R., Gorrieri, R.: An Information Flow Security Property for CCS. In: Proc. of the Second North American Process Algebra Workshop (NAPAW 1993), Cornell, Ithaca, pp. 1–11 (1993)

    Google Scholar 

  12. Focardi, R., Gorrieri, R., Martinelli, F.: Classification of security properties - (Part II: Network security). In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2001. LNCS, vol. 2946, pp. 139–185. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  13. Woo, T.Y.C., Lam, S.S.: A semantic model for authentication protocols. In: Proc. of 1993 IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 178–194 (1993)

    Google Scholar 

  14. Gollmann, D.: “Authentication by correspondence. IEEE Journal on Selected Areas in Communications 21(1), 88–95 (2003)

    Article  Google Scholar 

  15. Ahmed, N., Jensen, C.D.: Demarcation of Security in Authentication Protocols. In: Proc. of 2011 First SysSec Workshop (SysSec), pp. 43–50 (2011)

    Google Scholar 

  16. Yunchuan, G., Bingxing, F., Lihua, Y., Yuan, Z.: A Security Model for Confidentiality and Integrity in Mobile Computing. Chinese Journal of Computers 36(7), 1424–1433 (2013)

    Google Scholar 

  17. Younis, M., Farrag, O., Althouse, B.: TAM: A Tiered Authentication of Multicast Protocol for Ad-Hoc Networks. IEEE Transactions on Network and Service Management 9(1), 100–113 (2012)

    Article  Google Scholar 

  18. Ma, D., Tsudik, G.: Extended Abstract: Forward-Secure Sequential Aggregate Authentication. In: Proc. of 2007 IEEE Symposium on Security and Privacy (SP 2007), pp. 86–91 (2007)

    Google Scholar 

  19. Wang, M., Zhu, H., Zhao, Y., Liu, S.: Modeling and Analyzing the (mu)TESLA Protocol Using CSP. In: Proc. of 2011 Fifth International Symposium on Theoretical Aspects of Software Engineering (TASE), pp. 247–250 (2011)

    Google Scholar 

  20. Singh, R., Sharma, T.P.: Proof of the Secrecy Property of Secure WLAN Authentication Scheme ( SWAS ) Using Extended Protocol Composition Logic. Journal of Safety Engineering 2(A), 7–13 (2013)

    Google Scholar 

  21. Fábrega, F.J.T., Jonathan, C.H., Joshua, D.G.: Strand spaces: proving security protocols correct. Journal of Computer Security 7(2), 191–230 (1999)

    Google Scholar 

  22. Paulson, L.C.: Proving properties of security protocols by induction. In: Proc. of the 10th Computer Security Foundations Workshop, pp. 70–83 (1997)

    Google Scholar 

  23. Evans, N., Schneider, S.: Analysing Time Dependent Security Properties in CSP Using PVS. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 222–237. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  24. Abadi, M., Gordon, A.D.: A Calculus for Cryptographic Protocols: The Spi Calculus. Information and Computation 148(1), 1–70 (1999)

    Article  MATH  MathSciNet  Google Scholar 

  25. Mazur, T., Lowe, G.: CSP-based counter abstraction for systems with node identifiers. Science of Computer Programming 81, 3–52 (2014)

    Article  Google Scholar 

  26. Dinh, T., Ryan, M.: Verifying Security Property of Peer-to-Peer Systems Using CSP. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 319–339. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  27. Roscoe, A.W.: “On the expressiveness of CSP,” Technical report Oxford University (2011), http://www.cs.ox.ac.uk/files/1383/expressive.pdf (accessed May, 2014)

  28. Roscoe, A.W.: The Theory and Practice of Concurrency. Prentice-Hall, Upper Saddle River (2010)

    Google Scholar 

  29. Lowe, G.: Breaking and fixing the Needham-Schroeder Public-Key Protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  30. von Oheimb, D.: Information Flow Control Revisited: Noninfluence = Noninterference + Nonleakage. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 225–243. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Beijing University of Posts and Telecommunications, Beijing, China

    Licai Liu, Bingxing Fang & Beiting Yi

  2. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Licai Liu & Bingxing Fang

  3. National Engineering Laboratory for Content Security Technologies, Beijing, China

    Licai Liu & Bingxing Fang

Authors
  1. Licai Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bingxing Fang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Beiting Yi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computer Science, National University of Defense Technology, 410073, Changsha, China

    Weihong Han

  2. School of Information Technology & Electrical Engineering, University of Queensland, 4107, Brisbane, QLD, Australia

    Zi Huang

  3. School of Computer and Communication Engineering, University of Science and Technology Beijing, 100083, Beijing, China

    Changjun Hu

  4. School of Computer Science and Technology, Harbin Institute of Technology, 150006, Harbin, China

    Hongli Zhang

  5. Institute of Information Engineering, Chinese Academy of Sciences, 100864, Beijing, China

    Li Guo

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Liu, L., Fang, B., Yi, B. (2014). A General Framework of Nonleakage-Based Authentication Using CSP for the Internet of Things. In: Han, W., Huang, Z., Hu, C., Zhang, H., Guo, L. (eds) Web Technologies and Applications. APWeb 2014. Lecture Notes in Computer Science, vol 8710. Springer, Cham. https://doi.org/10.1007/978-3-319-11119-3_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-11119-3_29

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-11118-6

  • Online ISBN: 978-3-319-11119-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation