Advertisement

Applying Finite State Process Algebra to Formally Specify a Computational Model of Security Requirements in the Key2phone-Mobile Access Solution

  • Sunil ChaudharyEmail author
  • Linfeng Li
  • Eleni Berki
  • Marko Helenius
  • Juha Kela
  • Markku Turunen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9128)

Abstract

Key2phone is a mobile access solution which turns mobile phone into a key for electronic locks, doors and gates. In this paper, we elicit and analyse the essential and necessary safety and security requirements that need to be considered for the Key2phone interaction system. The paper elaborates on suggestions/solutions for the realisation of safety and security concerns considering the Internet of Things (IoT) infrastructure. The authors structure these requirements and illustrate particular computational solutions by deploying the Labelled Transition System Analyser (LTSA), a modelling tool that supports a process algebra notation called Finite State Process (FSP). While determining an integrated solution for this research study, the authors point to key quality factors for successful system functionality.

Keywords

Mobile Phone Security Requirement Finite State Machine Sleep Mode Move Mode 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Finwe Ltd.: Key2phone Mobile Access Solution, http://key2phone.com/english_index.html (cited February 23, 2014)
  2. 2.
    Magee, J., Kramer, J.: Concurrency: State Models & Java Programs, 2nd edn. John Wiley & Sons (2006) ISBN: 0470093552Google Scholar
  3. 3.
    Imperial College, London: FSP Notation, http://www.doc.ic.ac.uk/~jnm/LTSdocumention/FSP-notation.html (cited February 23, 2014)
  4. 4.
    Labelled Transition System Analyser V3.0, http://www.doc.ic.ac.uk/~jnm/book/ltsa/LTSA_applet.html (cited February 23, 2014)
  5. 5.
    Sommerville, I.: Software Engineering: Dependability and Security Specification, 9th edn., pp. 309–340. Pearson Education Inc. (2011) ISBN-13: 978-0-13-703515-1Google Scholar
  6. 6.
    Magee, J., Maibaum, T.: Towards Specification, Modelling and Analysis of Fault Tolerance in Self Managed Systems. In: Proceedings of the International Workshop on Self-Adaptation and Self-Managing Systems, Shanghai, China, May 21-22, pp. 30–36 (2006), doi:10.1145/1137677.1137684Google Scholar
  7. 7.
    Kaisar, E., Austin, M., Papadimitriou, S.: Formal Development and Evaluation of Narrow Passageway System Operations. European Transport Trasporti Europei 34, 88–104 (2006)Google Scholar
  8. 8.
    Orgi, U.J., Okwong, D.E.B., Etim, A.: Designing and Construction of Door Locking Security System Using GSM. IJECS 2(7), 2235–2257 (2013) ISSN: 2319-7242Google Scholar
  9. 9.
    Bauer, L., Cranor, L.F., Reiter, M.K., Vaniea, K.: Lessons Learned from the Deployment of a Smartphone-Based Access-Control System. In: Proceedings of Symposium on Usable Privacy and Security (SOUPS), Pittsburgh, PA, USA, July 18-20, pp. 64–75 (2007), doi:10.1145/1280680.1280689Google Scholar
  10. 10.
    Symantec Inc.: Bluetooth Security Review, http://www.symantec.com/connect/articles/bluetooth-security-review-part-1 (cited February 23, 2014)
  11. 11.
    Scarfone, K., Souppaya, M.: Guide to Enterprise Password Management: Recommendations of the National Institute of Standards and Technology. National Institute of Standard and Technology (NIST) Special Publication 800-118 (2009) http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf (cited February 3, 2014)
  12. 12.
    Scarfone, K., Padgette, J.: Guide to Bluetooth Security: Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-121 (2008), http://csrc.nist.gov/publications/drafts/800-121r1/Draft-SP800-121_Rev1.pdf (cited February 3, 2014)
  13. 13.
    National Security Agency (NSA): Bluetooth Security, http://www.nsa.gov/ia/_files/factsheets/i732-016r-07.pdf (cited February 2, 2014)
  14. 14.
    Singelée, D., Preneel, B.: Improved pairing protocol for bluetooth. In: Kunz, T., Ravi, S.S. (eds.) ADHOC-NOW 2006. LNCS, vol. 4104, pp. 252–265. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Mustafa, H., Sadeghi, A.R., Schulz, S., Xu, W.: You Can Call But Can’t Hide: Detecting Called ID Spoofing Attacks. In: The Proceedings of 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Atlanta Georgia USA, June 23-26 (2014)Google Scholar
  16. 16.
    Cryptome: Common Cryptographic Algorithms. Revision D.1 publication version. Report no. TR45.AHAG (2000), http://cryptome.org/espy/TR45-ccad1.pdf (cited January 4 2014)
  17. 17.
    Frantti, T., Savola, R., Hietalahti, H.: A Risk-Driven Security Analysis and Metrics Development for WSN-MCN Router. In: Proceedings of ICTC 2013, pp. 342–347 (2013), doi:10.1109/ICTC.2013.6675370Google Scholar
  18. 18.
    Bagnall, P.: Improving Visibility. ITNOW 54(3), 30–32 (2012), doi:10.1093/itnow/bws063Google Scholar
  19. 19.
    Sasse, M.A., Brostoff, S., Weirich, D.: Transforming the ‘Weakest Link’- A Human/Computer Interaction Approach to Usable and Effective Security. BT Technology Journal 19(3), 122–131 (2001), doi:10.1023/A:1011902718709CrossRefGoogle Scholar
  20. 20.
    Niblett, G.: Securing the Human. ITNOW 54(3), 25 (2012), doi: 10.1093/itnow/bws063Google Scholar
  21. 21.
    Whitten, A., Tygar, J.D.: Usability of Security: A Case Study. Carnegie Mellon University, CMU-CS-98-155 (1998), http://reports-archive.adm.cs.cmu.edu/anon/1998/abstracts/98-155.html (cited February 2, 2014)
  22. 22.
    Schultz, E.E., Proctor, R.W., Lien, M.C., Salvendy, G.: Usability and Security an Appraisal of Usability Issues in Information Security. Computer & Security 20(7), 620–634 (2001) ISSN: 0167-4048/01Google Scholar
  23. 23.
    Leveson, N.G.: Intent Specifications: An Approach to Building Human-Centered Specifications. IEEE Transactions on Software Engineering SE-26 (2000)Google Scholar
  24. 24.
    Zafar, S., Dormey, R.G.: Integrating Safety and Security Requirements into Design of an Embedded System. In: The Proceedings of 12th Asia Pacific Software Engineering Conference, Taipei, Taiwan, December 15-17 (2005)Google Scholar
  25. 25.
    Flechais, I.: Integrating security and usability into the requirements and design process. Int. J. Electronic Security and Digital Forensics 1(1) (2007)Google Scholar
  26. 26.
    Graff, M.G., van Wyk, K.R.: Secure Coding Principles and Practices. O’Reilly (June 2003) ISBN: 978-0-596-55601-3Google Scholar
  27. 27.
    Martin, R.J., Mathur, A.P.: Software and Hardware Quality Assurance: Towards a Common Platform for High Reliability. In: Proceedings of IEEE International Conference on Communications 1990, Atlanta Georgia, USA, April 16-19, vol. 4, pp. 1324–1328 (1990), doi:10.1109/ICC.1990.117284Google Scholar
  28. 28.
    Li, L., Berki, E., Helenius, M., Savola, R.: New Usability Metrices for Authentication Mechanisms. In: Proceedings of SQM 2012, Tampere, Finland, August 20-23, pp. 239–250 (2012)Google Scholar
  29. 29.
    Bonneau, J., Herley, C., Oorschot, P.C., Stanjano, F.: A Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 553–567 (2012), doi:10.1109/SP.2012.44(2012)Google Scholar
  30. 30.
    Diller, A.: Z: An Introduction to Formal Methods, 2nd edn. John Wiley & Sons Ltd., Chichester (1994) ISBN: 978-0-471-93973-3Google Scholar
  31. 31.
    Kainda, R., Flechais, I., Roscoe, A.W.: Security and Usability. In: Proceedings of ARES 2010, pp. 275–282 (2010), doi:10.1109/ARES.2010.77Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Sunil Chaudhary
    • 1
    Email author
  • Linfeng Li
    • 2
  • Eleni Berki
    • 1
    • 3
  • Marko Helenius
    • 4
  • Juha Kela
    • 5
  • Markku Turunen
    • 1
  1. 1.School of Information SciencesUniversity of TampereTampereFinland
  2. 2.Information Engineering CollegeBeijing Institute of Petrochemical TechnologyBeijingChina
  3. 3.Department of Computer Science and Information SystemsUniversity of JyväskyläJyväskyläFinland
  4. 4.Department of Pervasive ComputingTampere University of TechnologyTampereFinland
  5. 5.Finwe Ltd.OuluFinland

Personalised recommendations