Active Attacking Multicast Key Management Protocol Using Alloy

  • Ting Wang
  • Dongyao Ji
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7316)


In this paper, we use Alloy Analyzer, a fully automatic checker, to detect vulnerabilities in the multicast key management protocol proposed by Tanaka and Sato, and discover some previously unknown attacks. We model an active intruder in Alloy, and use Alloy Analyzer to test whether the active intruder can successfully attack the protocol. In this analysis, we check four critical properties that should be satisfied by any secure multicast protocol. However, none of these properties are satisfied. The protocol cannot resist the active intruder. Two unknown flaws caused by the active intruder are disclosed, and another two flaws found by CORAL are identified.


Alloy Multicast Key Management Active Intruder Security Protocol Analysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Taghdiri, M., Jackson, D.: A Lightweight Formal Analysis of a Multicast Key Management Scheme. In: König, H., Heiner, M., Wolisz, A. (eds.) FORTE 2003. LNCS, vol. 2767, pp. 240–256. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Tanaka, S., Sato, F.: A key distribution and rekeying framework with totally ordered multicast protocols. In: Proceedings of the 15th International Conference on Information Networking, pp. 831–838 (2001)Google Scholar
  3. 3.
    Steel, G., Bundy, A.: Attacking Group Multicast Key Management Protocols Using Coral. Electr. Notes Theor. Comput. Sci., 125–144 (2005)Google Scholar
  4. 4.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)MathSciNetzbMATHCrossRefGoogle Scholar
  5. 5.
    Jackson, D.: Automating first-order relational logic. In: Proceedings of the 8th ACM SIGSOFT Symposium on the Foundations of Software Engineering, pp. 130–139 (2000)Google Scholar
  6. 6.
    Jackson, D.: Software Abstractions - Logic, Language, and Analysis. The MIT Press (2006)Google Scholar
  7. 7.
    Alloy Analyzer 4,
  8. 8.
    Moskewicz, M.W., Madigan, C.F., Zhao, Y., Zhang, L., Malik, S.: Chaff: Engineering an Efficient SAT Solver. In: DAC: Proceedings of the 38th annual Design Automation Conference, pp. 530–535. ACM, New York (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Ting Wang
    • 1
  • Dongyao Ji
    • 1
  1. 1.The State Key Laboratory of Information SecurityGraduate University of the Chinese Academy of Sciences Institute of Information Engineering, Chinese Academy of SciencesBeijingP.R. China

Personalised recommendations