A formal security analysis of an OSA/Parlay authentication interface

R.J. Corin, G. Di Caprio, S. Etalle, S. Gnesi, G. Lenzini, C. Moiso

    Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

    2 Citaten (Scopus)
    1 Downloads (Pure)

    Samenvatting

    We report on an experience in analyzing the security of the Trust and Security Management (TSM) protocol, an authentication procedure within the OSA/Parlay Application Program Interfaces (APIs) of the Open Service Access and Parlay Group. The experience has been conducted jointly by research institutes experienced in security and industry experts in telecommunication networking. OSA/Parlay APIs are designed to enable the creation of telecommunication applications outside the traditional network space and business model. Network operators consider the OSA/Parlay a promising architecture to stimulate the development of web service applications by third party providers, which may not necessarily be experts in telecommunication and security. The TSM protocol is executed by the gateways to OSA/Parlay networks; its role is to authenticate client applications trying to access the interfaces of some object representing an offered network capability. For this reason, potential security flaws in the TSM authentication strategy can cause the unauthorized use of the network, with evident damages to the operator and the quality of services. We report a rigorous formal analysis of the TSM specification, which is originally given in UML. Furthermore, we illustrate our design choices to obtain the formal model, describe the tool-aided verification and finally expose the security flaws discovered.
    Originele taal-2Engels
    TitelFormal Methods for Open Object-Based Distributed Systems (Proceedings 7th IFIP WG 6.1 International Conference, FMOODS 2005, Athens, Greece, June 15-17, 2005)
    RedacteurenM. Steffen, G. Zavattaro
    UitgeverijSpringer
    Pagina's131-146
    ISBN van geprinte versie3-540-26181-8
    DOI's
    StatusGepubliceerd - 2005

    Publicatie series

    NaamLecture Notes in Computer Science
    Volume3535
    ISSN van geprinte versie0302-9743

    Vingerafdruk Duik in de onderzoeksthema's van 'A formal security analysis of an OSA/Parlay authentication interface'. Samen vormen ze een unieke vingerafdruk.

    Citeer dit