nach oben

Erschienen in:

2017 | OriginalPaper | Buchkapitel

Mapping Requirements Specifications into a Formalized Blockchain-Enabled Authentication Protocol for Secured Personal Identity Assurance

verfasst von : Benjamin Leiding, Alex Norta

Erschienen in: Future Data and Security Engineering

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The design and development of novel security and authentication protocols is a challenging task. Design flaws, security and privacy issues as well as incomplete specifications pose risks for its users. Authcoin is a blockchain-based validation and authentication protocol for secure identity assurance. Formal methods, such as Colored Petri Nets (CPNs), are suitable to design, develop and analyze such new protocols in order to detect flaws and mitigate identified security risks. In this work, the Authcoin protocol is formalized using Colored Petri Nets resulting in a verifiable CPN model. An Agent-Oriented Modeling (AOM) methodology is used to create goal models and corresponding behavior models. Next, these models are used to derive the Authcoin CPN models. The modeling strategy as well as the required protocol semantics are explained in detail. Furthermore, we conduct a state-space analysis on the resulting CPN model and derive specific model properties. The result is a complete and correct formal specification that is used to guide future implementations of Authcoin.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Logistic Regression Methods in Selected Medical Information Systems

Nächstes Kapitel Gait Recognition with Multi-region Size Convolutional Neural Network for Authentication with Wearable Sensors

Nur mit Berechtigung zugänglich

https://whispersystems.org/.

http://cpntools.org/.

https://www.agrello.org/.

Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: the spi calculus. In: Proceedings of the 4th ACM Conference on Computer and Communications Security, pp. 36–47. ACM (1997)

Ahmed, N., Matulevičius, R.: Securing business processes using security risk-oriented patterns. Comput. Stand. Interfaces 36(4), 723–733 (2014)CrossRef

Aly, S., Mustafa, K.: Protocol Verification and Analysis Using Colored Petri Nets (2004)

Brook, C.: Nuclear power plant disrupted by cyber attack (2016). https://threatpost.com/nuclear-power-plant-disrupted-by-cyber-attack/121216/. Accessed 26 Apr 2017

Buterin, V.: Ethereum: A Next-Generation Smart Contract and Decentralized Application Platform (2014). https://github.com/ethereum/wiki/wiki/White-Paper. Accessed 13 Mar 2017

Cam-Winget, N., Housley, R., Wagner, D., Walker, J.: Security flaws in 802.11 data link protocols. Commun. ACM 46(5), 35–39 (2003)CrossRef

Carlsen, U.: Cryptographic protocol flaws: know your enemy. In: Computer Security Foundations Workshop VII, CSFW 7, Proceedings, pp. 192–200. IEEE (1994)

Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the signal messaging protocol. https://eprint.iacr.org/2016/1013.pdf. Accessed 26 Apr 2017

Crazzolara, F., Winskel, G.: Events in security protocols. In: Proceedings of the 8th ACM Conference on Computer and Communications Security, pp. 96–105. ACM (2001)

10.

Dai, P., Mahi, N., Earls, J., Norta, A.: Smart-contract value-transfer protocols on a distributed mobile application platform (2017). https://qtum.org/uploads/files/cf6d69348ca50dd985b60425ccf282f3.pdf. Accessed 13 Mar 2017

11.

DeLoach, S.A.: Analysis and Design using MaSE and agentTool. Technical report, DTIC Document (2001)

12.

Dresp, W.: Security analysis of the secure authentication protocol by means of coloured petri nets. In: Dittmann, J., Katzenbeisser, S., Uhl, A. (eds.) CMS 2005. LNCS, vol. 3677, pp. 230–239. Springer, Heidelberg (2005). https://doi.org/10.1007/11552055_23 CrossRef

13.

Edwards, K.: Cryptographic protocol specification and analysis using Coloured Petri Nets and Java. Ph.D. thesis, Queen’s University Kingston (1999)

14.

Fábrega, F.J.T., Herzog, J.C., Guttman, J.D.: Strand spaces: why is a security protocol correct? In: 1998 IEEE Symposium on Security and Privacy, Proceedings, pp. 160–171. IEEE (1998)

15.

Giorgini, P., Mylopoulos, J., Sebastiani, R.: Goal-oriented requirements analysis and reasoning in the tropos methodology. Eng. Appl. Artif. Intell. 18(2), 159–171 (2005)CrossRef

16.

Hoare, C.A.R.: Communicating sequential processes. In: Hansen, P.B. (ed.) The Origin of Concurrent Programming, pp. 413–443. Springer, New York (1978). https://doi.org/10.1007/978-1-4757-3472-0_16 CrossRef

17.

Jensen, K.: Coloured petri nets. In: Brauer, W., Reisig, W., Rozenberg, G. (eds.) ACPN 1986. LNCS, vol. 254, pp. 248–299. Springer, Heidelberg (1987). https://doi.org/10.1007/978-3-540-47919-2_10 CrossRef

18.

Jensen, K., Kristensen, L.M., Wells, L.: Coloured Petri Nets and CPN Tools for modelling and validation of concurrent systems. Int. J. Softw. Tools Technol. Transfer 9(3–4), 213–254 (2007)CrossRef

19.

Leiding, B.: Securing the Authcoin Protocol using security risk-oriented patterns. Master’s thesis, University of Göttingen, Germany, DE (2017)

20.

Leiding, B., Cap, C.H., Mundt, T., Rashidibajgan, S.: Authcoin: validation and authentication in decentralized networks. In: The 10th Mediterranean Conference on Information Systems - MCIS 2016, Cyprus, CY, September 2016

21.

Mahunnah, M., Norta, A., Ma, L., Taveter, K.: Heuristics for designing and evaluating socio-technical agent-oriented behaviour models with Coloured Petri Nets. In: 2014 IEEE 38th International Computer Software and Applications Conference Workshops (COMPSACW), pp. 438–443. IEEE (2014)

22.

Milner, R., Parrow, J., Walker, D.: A calculus of mobile processes, I. Inform. Comput. 100(1), 1–40 (1992)CrossRefMATHMathSciNet

23.

Moulin, B., Cloutier, L.: Collaborative work based on multiagent architectures: a methodological perspective. In: Soft Computing, pp. 261–296. Prentice-Hall Inc., Upper Saddle River (1994)

24.

Moulin, B., Brassard, M.: A scenario-based design method and an environment for the development of multiagent systems. In: Zhang, C., Lukose, D. (eds.) DAI 1995. LNCS, vol. 1087, pp. 216–232. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-61314-5_32 CrossRef

25.

Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). https://bitcoin.org/bitcoin.pdf. Accessed 26 Apr 2017

26.

Norta, A., CINCO, Collaborative and Interoperable Computing: Safeguarding trusted eBusiness transactions of lifecycles for cross-enterprise collaboration. University of Helsinki, Department of Computer Science, Helsinki, Finland, Technical report C-2012-1 (2012)

27.

Padgham, L., Winikoff, M.: Prometheus: a methodology for developing intelligent agents. In: Giunchiglia, F., Odell, J., Weiß, G. (eds.) AOSE 2002. LNCS, vol. 2585, pp. 174–185. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36540-0_14 CrossRef

28.

Petri, C.A.: Kommunikation mit Automaten. Ph.D. thesis, Technical University of Darmstadt (1962)

29.

Sornkhom, P., Permpoontanalarp, Y.: Security analysis of Micali’s fair contract signing protocol by using Coloured Petri Nets. In: 2008 Ninth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (2008)

30.

Sterling, L., Taveter, K.: The Art of Agent-Oriented Modeling. MIT Press, Cambridge (2009)

31.

Stubblefield, A., Ioannidis, J., Rubin, A.D.: A key recovery attack on the 802.11b Wired Equivalent Privacy Protocol (WEP). ACM Trans. Inform. Syst. Secur. (TISSEC) 7(2), 319–332 (2004)CrossRef

32.

Vanek, T., Rohlik, M.: Model of DoS resistant broadcast authentication protocol in Colored Petri Net environment. In: Proceedings of 17th International Conference Systems, Signals and Image Processing, (IWSSIP 2010), pp. 264–267 (2010)

33.

Vaudenay, S.: Security flaws induced by CBC padding — applications to SSL, IPSEC, WTLS. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534–545. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_35 CrossRef

34.

Wood, G.: Ethereum: A Secure Decrentralized Generalised Transaction Ledger (2014). http://gavwood.com/paper.pdf. Accessed 13 Mar 2017

35.

Wooldridge, M., Jennings, N.R., Kinny, D.: The Gaia methodology for agent-oriented analysis and design. Auton. Agent. Multi-Agent Syst. 3(3), 285–312 (2000)CrossRef

36.

Xu, Y., Xie, X.: Modeling and analysis of security protocols using Colored Petri Nets. JCP 6(1), 19–27 (2011)CrossRef

Titel: Mapping Requirements Specifications into a Formalized Blockchain-Enabled Authentication Protocol for Secured Personal Identity Assurance
verfasst von: Benjamin Leiding
Alex Norta
Verlag: Springer International Publishing
Buch: Future Data and Security Engineering
Print ISBN: 978-3-319-70003-8

Electronic ISBN: 978-3-319-70004-5

Copyright-Jahr: 2017
DOI: https://doi.org/10.1007/978-3-319-70004-5_13

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"