Security analysis of the TMN protocol by using Coloured Petri Nets: On-the-fly trace generation method and homomorphic property

Abstract: Ahstract-The TMN protocol is a secure key exchange protocol for mobile communication system. Its security has been analyzed thoroughly by many approaches, and many attacks have been found. Recently, we have developed a new Coloured Petri Net (CPN) approach to analyze cryptographic protocols, and then applied it to analyze the TMN protocol with the homomorphic property of the underlying public-key encryption. As preliminary analyses, we found two new attacks of the protocol. In this paper, we extend our previou… Show more

“…In fact, our new attacks in TMN protocol are quite surprisingly since TMN have been analyzed quite extensively [9,11,13,18,[27][28]. Our preliminary results were reported in [21][22][23][24], but this paper extends our previous works by not only generalizing them into the two new techniques, which are the on-the-fly trace generation and the textual trace analysis, but also analyzing the comparative performance between the two trace generation methods.…”

“…Because our method can analyze all attack traces, we found many new attacks in the two protocols in our previous works [21][22][23][24]. For Micali's contract signing protocol, we found one new single-session attack [21] and two new multi-session attacks [22].…”

“…'s modified version of ECS1 [27]. For TMN protocol, we found two new multi-session attacks [24]. In fact, our new attacks in TMN protocol are quite surprisingly since TMN have been analyzed quite extensively [9,11,13,18,[27][28].…”

On-the-Fly Trace Generation and Textual Trace Analysis and Their Applications to the Analysis of Cryptographic Protocols

“…In fact, our new attacks in TMN protocol are quite surprisingly since TMN have been analyzed quite extensively [9,11,13,18,[27][28]. Our preliminary results were reported in [21][22][23][24], but this paper extends our previous works by not only generalizing them into the two new techniques, which are the on-the-fly trace generation and the textual trace analysis, but also analyzing the comparative performance between the two trace generation methods.…”

“…Because our method can analyze all attack traces, we found many new attacks in the two protocols in our previous works [21][22][23][24]. For Micali's contract signing protocol, we found one new single-session attack [21] and two new multi-session attacks [22].…”

“…'s modified version of ECS1 [27]. For TMN protocol, we found two new multi-session attacks [24]. In fact, our new attacks in TMN protocol are quite surprisingly since TMN have been analyzed quite extensively [9,11,13,18,[27][28].…”

On-the-Fly Trace Generation and Textual Trace Analysis and Their Applications to the Analysis of Cryptographic Protocols

“…We found 10 attacks for vulnerability event 1, but Scyther found 3 attacks only. The 3 attacks can be found by our method by using two configurations: one with the schedule for the man-in-the-middle attack [37] and the other with the schedule for two sequential sessions. The following is one of the attacks that is not found by Scyther, but found by our method.…”

“…The second attack [22] is a variant of the first one. In the third and the fourth attacks found by us [37], user A is fooled to commit on a fake session key known by the attacker, and the attacker learns the valid session key K ab . Thus the attacker can impersonate B to A by using the fake key and can impersonate A to B by using the correct session key.…”

On-the-Fly Trace Generation Approach to the Security Analysis of the TMN Protocol with Homomorphic Property: A Petri Nets-Based Method

Symbolic Model Checking of Security Protocols for Ad hoc Networks on any Topologies