EEMCS
Home > Publications
Home University of Twente
Education
Research
Prospective Students
Jobs
Publications
Intranet (internal)
 
 Nederlands
 Contact
 Sitemap
 Search
 Organisation

EEMCS EPrints Service


696 A Formal Security Analysis of an OSA/Parlay Authentication Interface
 Home Policy Brochure Browse Search User Area Contact Help

Corin, R.J. and Di Caprio, G. and Etalle, S. and Gnesi, S. and Lenzini, G. and Moiso, C. (2005) A Formal Security Analysis of an OSA/Parlay Authentication Interface. In: 7th IFIP WG 6.1 Int. Conf. on Formal Methods for Open Object-Based Distributed Systems (FMOODS), Athens, Greece. pp. 131-146. Springer-Verlag. ISBN 3-540-26181-8

Full text available as:

PDF
 - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
206 Kb

Official URL: http://dx.doi.org/10.1007/11494881_9

Exported to Metis

Abstract

This paper analyzes the security of the Trust and Security Management (TSM) protocol, an authentication protocol which is part of the Parlay/OSA Application Program Interfaces (APIs). Architectures based on Parlay/OSA APIs allow third party service providers to develop new services that can access, in a controlled and secure way, to those network capabilities offered by the network operator. Role of the TSM protocol, run by network gateways, is to authenticate the client applications trying to access and use the network capabilities features offered. For this reason potential security flaws in its authentication strategy can bring to unauthorized use of network with evident damages to the operator and to the quality of the services. This paper shows how a rigorous formal analysis of TSM underlines serious weaknesses in the model describing its authentication procedure. This usually means that also the original system (i.e., the TSM protocol itself) hides the same flaws. The paper relates about the design activity of the formal model, the tool-aided verification performed and the security flaws discovered. This will allow us to discuss about how the security of the TSM protocol can be generally improved.

Item Type:Conference or Workshop Paper (Proceedings UNSPECIFIED, Presentation Type UNSPECIFIED)
Research Group:EWI-DIES: Distributed and Embedded Security
Research Program:CTIT-ISTRICE: Integrated Security and Privacy in a Networked World
Research Project:PAW: Privacy in an Ambient World, BRICKS/PDC1: Security, Identification and Authentication
Additional Information:Imported from DIES
ID Code:696
Status:Published
Deposited On:12 December 2005
Refereed:Yes
International:Yes
More Information:statisticsmetis

Export this item as:

To correct this item please ask your editor

Repository Staff Only: edit this item