Using SPIN to Detect Vulnerabilities in the AACS Drive-Host Authentication Protocol

  • Wei Wang
  • Dongyao Ji
Conference paper

DOI: 10.1007/978-3-540-68855-6_20

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5048)
Cite this paper as:
Wang W., Ji D. (2008) Using SPIN to Detect Vulnerabilities in the AACS Drive-Host Authentication Protocol. In: Suzuki K., Higashino T., Yasumoto K., El-Fakih K. (eds) Formal Techniques for Networked and Distributed Systems – FORTE 2008. FORTE 2008. Lecture Notes in Computer Science, vol 5048. Springer, Berlin, Heidelberg


In this paper, we use SPIN, a model checker for LTL, to detect vulnerabilities in the AACS drive-host authentication protocol. Before the detection, we propose a variant of the Dolev-Yao attacker model [4] and incorporate the synthesis and analysis rules [7] to formalize the protocol and the intruder capabilities. During the detection, we check the authenticity of the protocol and identify a few weaknesses. Besides, we propose a novel collusion attack that seriously threaten the security of the protocol, and build a corresponding LTL formula. Based on the formula, SPIN detects a few relevant attack instances in the original scheme of the authentication protocol and a modified scheme advanced in [5].


AACS SPIN Model Checker LTL Authenticity Collusion Attack 
Download to read the full conference paper text

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Wei Wang
    • 1
  • Dongyao Ji
    • 1
  1. 1.The State Key Laboratory of Information SecurityGraduate University of Chinese Academy of ScienceBeijingP.R. China

Personalised recommendations