Utilization of Timed Automata as a Verification Tool for Security Protocols Ahmet Koltuksuz Yasar University Department of Computer Engineering Izmir, Turkey ahmet.koltuksuz@yasar.edu.tr Burcu Kulahcioglu, Murat Ozkan Izmir Institute of Technology Department of Computer Engineering Izmir, Turkey {burcukulahcioglu, muratozkan}@iyte.edu.tr Abstract— Timed Automata is an extension to the automata- theoretic approach for the modeling of real time systems that introduces time into the classical automata. It has become an important research area in both the context of formal languages and modeling and verification of real time systems since it was proposed by Alur and Dill in the early nineties. Timed automata proposes an efficient model checking method for verification real time systems having mature and efficient automatic verification tools. One of the application areas of timed automata is the verification of security protocols which are known to be time sensitive. This study aims to make use of timed automata as a verification tool for security protocols and gives a case study on the initial part of the Neuman- Stubblebine Repeated Authentication Protocol. Keywords-timed automata, model checking, security protocol verification I. INTRODUCTION Real time systems can be analyzed using formal methods to verify that a system meets some specified requirements. In the literature, most verification methods involve the partial ordering of the occurrence of events in a qualitative notion instead of modeling quantitative time information. However, the correctness of a real time system depends on its quantitative timed properties. To meet the need for timed formalisms, some untimed formalisms are extended with timing information such as timed Petri nets [1], many real time logics [2] and timed process algebras such as CSP [3]. However, timed automata [4] is the most commonly used model for timed systems having mature and efficient automatic verification tools and for an easily understandable syntax and semantics with the support of C-like data structures. Timed automata is proposed as an extension to the automata-theoretic approach, which is extended with clock variables. Timed automata theory has become an important research area and been widely studied in the context of both formal languages and verification of real time systems. The theory of timed automata allows us to create models of real time systems which can be verified using model checking methods [5]. Model checking with timed automata involves building a finite model of a system and verifies a property by traversing through all reachable states. It has the advantages of being fully automatic, and generating counter example in case of a negative result nevertheless, it suffers from the state space explosion problem. One of the most important application areas of timed automata is the verification of the security protocols. Since the use of computers and the internet is considerably increasing, the correctness of security protocols is getting more important. Since an attacker can exploit the timing of message flows, quantitative time information is critical for security issues. This study utilizes timed automata as a verification tool for security protocols including timing information. We directly model the Neuman-Stubblebine repeated authentication protocol [6] using the UPPAAL timed automata tool [7] and perform verification by analyzing its security properties to find possible attacks on it. The next section gives the related work including the timed automata studies on security protocols. Section 3 briefly defines timed automata, the data structures used in its implementation, and the UPPAAL tool. Section 4 explains the modeling of the initial authentication part of the protocol including the modeling of cryptology, automata for the protocol principals and the intruder. The verification of our model is performed in Section 5, in which we present the type flaw attack we found and analyze the quantitative timing properties of the protocol. In addition, we give comments on the modeling and verification of the subsequent authentication part. Section 6 concludes the paper with the results we obtained and the further perspectives for the analysis of the subsequent part of the protocol. II. RELATED WORK Timed automata has several academic and industrial case studies such as the modeling and verification of TDMA (Time Division Multiple Access) protocol [8], audio-video protocols [9], a power controller [10] and a lip synchronization algorithm [11]. In this study, we focus on modeling and verification of security protocols. In the literature, several theorem proving and model checking methods are used to verify the correctness of security protocols, most of which involve the qualitative notion of time rather than the quantitative notion. In this paper, we concentrate on the timed automata formalism verified with model checking methods. Some recent studies analyze security protocols with quantitative timing properties involving the use of timed automata. The studies in [12] and [13] examine Kerberos, TMN, Neumann Stubblebine, Andrew Secure and Wide Mouthed Frog protocols by not modeling them directly as timed automata, but translating a language specification of a 2010 Fourth IEEE International Conference on Secure Software Integration and Reliability Improvement Companion 978-0-7695-4087-0/10 $26.00 © 2010 IEEE DOI 10.1109/SSIRI-C.2010.27 86