Security analysis of the secure authentication protocol by means of coloured petri nets

Abstract

Wireless communication demands for specialized protocols secure against attacks on the radio path while fitting the limited calculation and memory capabilities of mobile terminals. To ensure accessibility of mobile services beyond a user's home network, signing on a foreign network should be possible. The latter must be able to authenticate a user without learning any secret registration data. Chouinard et al. [DBC01] introduce the Secure Authentication Protocol for this purpose. In this paper, an exhaustive security analysis of the protocol is presented. First, it is mapped to a coloured petri net. Then, two different intruder models are developed and integrated separately into it. The state spaces of the two nets are calculated; they each contain a set of nodes representing all reachable states. Both are examined to detect states where any security objective is violated indicating a security flaw in the protocol. As there are no such states in both nets, the protocol is proven secure. © IFIP International Federation for Information Processing 2005.