Skip to main content
SpringerLink
Log in

Formal Analysis of the PKMv3 Protocol

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

WiMax (Worldwide Interoperability for Microwave Access, IEEE 802.16) is a standard-based wireless technology, which uses Privacy Key Management (PKM) protocol to provide authentication and key management. Three versions of PKM protocol have been released and the third one (PKMv3) strengthens the security by enhancing the message management. In this paper, a formal analysis of PKMv3 protocol is presented. Both the Subscriber Station (SS) and the Base Station (BS) are modeled as processes in our framework. Besides, we introduce an intruder model where the intruder has capabilities of overhearing, intercepting and faking messages. Discrete time describes the lifetime of the Authorization Key (AK) and the Transmission Encryption Key (TEK). Moreover, the PKMv3 model is constructed through the discrete-time PROMELA (DT-PROMELA) language and the tool DT-Spin implements the PKMv3 model with lifetime. Finally, we simulate communications between SS and BS and verify some properties, such as liveness, succession and message consistency, which are extracted from the PKMv3 protocol and specified using Linear Temporal Logic (LTL) formulae and assertions. The simulation and verification results demonstrate that the attacks may exist in our model of the PKMv3 protocol.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Bosnacki D, Dams D (1998) Discrete-time Promela and spin. In: Formal techniques in real-time and fault-tolerant systems, 5th international symposium, FTRTFT’98, Lyngby, Denmark, September 14–18, 1998, proceedings, pp 307–310. https://doi.org/10.1007/BFb0055359

  2. Bosnacki D, Dams D (1998) Discrete-time Promela and spin. In: Formal techniques in real-time and fault-tolerant systems, 5th international symposium, FTRTFT’98, Lyngby, Denmark, September 14–18, 1998, proceedings, pp 307–310. https://doi.org/10.1007/BFb0055359

  3. Chen Z, Gu Y, Huang Z, Zheng J, Liu C, Liu Z (2015) Model checking aircraft controller software: a case study. Softw Pract Exper 45(7):989–1017. https://doi.org/10.1002/spe.2242

  4. Chen Z, Zhang D, Ma Y (2015) Modeling and analyzing the convergence property of the BGP routing protocol in SPIN. Telecommun Syst 58(3):205–217. https://doi.org/10.1007/s11235-014-9870-y

  5. Committee I.L.S. et al. (2011) Standard for local and metropolitan area networks-Part 16: air interface for broadband wireless access systems-amendment 3: advanced air interface. IEEE Std 16m:802

    Google Scholar 

  6. Dabaghchian M, Azgomi MA (2015) Model checking the observational determinism security property using PROMELA and SPIN. Form Asp Comput 27(5-6):789–804. https://doi.org/10.1007/s00165-014-0331-x

  7. Dabaghchian M, Azgomi MA (2015) Model checking the observational determinism security property using PROMELA and SPIN. Form Asp Comput 27(5-6):789–804. https://doi.org/10.1007/s00165-014-0331-x

  8. El-Amin AM, El-agooz S, Shehata AEDR, Amer EAE (2013) Design, verification and implementation of enhanced PKM WiMAX authentication protocol. International Journal of Computer Science and Telecommunications 4:41–46

    Google Scholar 

  9. Ferreira JF, Gherghina C, He G, Qin S, Chin WN (2014) Automated verification of the freertos scheduler in hip/sleek. Int J Softw Tools Technol Transfer 16(4):381–397

    Article  Google Scholar 

  10. Gherghina C, David C, Qin S, Chin WN (2014) Expressive program verification via structured specifications. Int J Softw Tools Technol Transfer 16(4):363–380

    Article  Google Scholar 

  11. Kahya N, Ghoualmi N, Lafourcade P (2012) Formal analysis of PKM using scyther tool. In: International conference on information technology and e-services (ICITes), 2012. IEEE, pp 1–6

  12. Kreiker J, Tarlecki A, Vardi MY, Wilhelm R (2011) Modeling, analysis, and verification - the formal methods manifesto 2010 (dagstuhl perspectives workshop 10482). Dagstuhl Manifestos 1(1):21–40. https://doi.org/10.4230/DagMan.1.1.21

    Google Scholar 

  13. Papapanagiotou I, Toumpakaris D, Lee J, Devetsikiotis M (2009) A survey on next generation mobile WiMAX networks: objectives, features and technical challenges. IEEE Commun Surv Tutorials 11(4):3–18. https://doi.org/10.1109/SURV.2009.090402

    Article  Google Scholar 

  14. Pathak S, Pulina L, Tacchella A (2016) Evaluating probabilistic model checking tools for verification of robot control policies. AI Commun 29(2):287–299. https://doi.org/10.3233/AIC-150689

    Article  MathSciNet  MATH  Google Scholar 

  15. Process analysis toolkit spin home page. http://spinroot.com/spin/whatispin.html

  16. Rai AK, Mishra S, Tripathi PN (2011) An improved secure authentication protocol for wiMAX with formal verification. In: Advances in computing and communications - first international conference, ACC 2011, Kochi, India, July 22–24, 2011. Proceedings, pp 407–416. https://doi.org/10.1007/978-3-642-22714-1_42

  17. Raju KVK, Kumari VV, Varma NS, Raju KVSVN (2010) Formal verification of IEEE802.16m PKMv3 protocol using CasperFDR. In: Information and communication technologies - international conference, ICT 2010, Kochi, Kerala, India, September 7–9, 2010. Proceedings, pp 590–595. https://doi.org/10.1007/978-3-642-15766-0_101

  18. Sadeghi MMG, Ali BM, Ma M, Manan JA (2014) Scalable and efficient key management for Mobile WiMAX networks. Int J Commun Syst 27(10):2166–2189. https://doi.org/10.1002/dac.2466

  19. Saha I, Roy S (2006) A finite state modeling of AFDX frame management using spin. In: Formal methods: applications and technology, 11th international workshop, FMICS 2006 and 5th international workshop PDMC 2006, Bonn, Germany, August 26–27, and August 31, 2006, revised selected papers, pp 227–243. https://doi.org/10.1007/978-3-540-70952-7_15

  20. Saha I, Roy S (2007) A finite state analysis of time-triggered CAN (TTCAN) protocol using spin. In: 2007 international conference on computing: theory and applications (ICCTA 2007), 5–7 March 2007, Kolkata, India, pp 77–81. https://doi.org/10.1109/ICCTA.2007.4

  21. Taha AM, Abdel-Hamid AT, Tahar S (2009) Formal verification of IEEE 802.16 security sublayer using scyther tool. IEEE, pp 1–5

  22. Trivedi DH, Patil MS (2011) Security in wimax using privacy and key management protocol. In: Proceedings of the ICWET ’11 international conference & workshop on emerging trends in technology, Mumbai, Maharashtra, India, February 25–26, 2011, p 1372. https://doi.org/10.1145/1980022.1980379

  23. Xu S, Huang CT, Matthews MM (2008) Modeling and analysis of IEEE 802.16 PKM protocols using CasperFDR. In: IEEE international symposium on wireless communication systems. 2008. ISWCS ’08. IEEE, pp 653–657

  24. Yang F (2011) Comparative analysis on TEK exchange between PKMv1 and PKMV2 for WiMAX. In: 7th international conference on wireless communications, networking and mobile computing (WiCOM), 2011, pp 1–4

  25. You Z, Xie X, Zheng W (2010) Verification and research of a wimax authentication protocol based on SSM

  26. Zhu X, Xu Y, Guo J, Wu X, Zhu H, Miao W (2015) Formal verification of PKMv3 protocol using DT-spin. In: 2015 international symposium on theoretical aspects of software engineering, TASE 2015, Nanjing, China, September 12–14, 2015, pp 71–78. https://doi.org/10.1109/TASE.2015.20

Download references

Acknowledgements

This work was supported by China HGJ Project (No. 2017ZX01038102-002), National Natural Science Foundation of China (61532019) and Shanghai Collaborative Innovation Center of Trustworthy Software for Internet of Things (No. ZF1213). The first author also gratefully acknowledges the financial support from China Scholarship Council (CSC, File No. 201606140137).

Author information

Authors and Affiliations

  1. Soft/Hardware Co-design Engineering Research Center, East China Normal University, Shanghai, China

    Xiaoran Zhu & Jian Guo

  2. Shanghai Key Laboratory of Trustworthy Computing, East China Normal University, Shanghai, China

    Yuanmin Xu & Huibiao Zhu

  3. National Trusted Embedded Software Engineering Technology Research Center, East China Normal University, Shanghai, China

    Xin Li

  4. School of Computer Science and Software Engineering, Shenzhen University, Shenzhen, China

    Huibiao Zhu

  5. Nguyen Tat Thanh University, 300A Nguyen Tat Thanh Street, Ward13, District 4, Ho Chi Minh City, Vietnam

    Phan Cong Vinh

Authors
  1. Xiaoran Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yuanmin Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xin Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jian Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Huibiao Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Phan Cong Vinh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jian Guo.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhu, X., Xu, Y., Li, X. et al. Formal Analysis of the PKMv3 Protocol. Mobile Netw Appl 23, 44–56 (2018). https://doi.org/10.1007/s11036-017-0903-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-017-0903-0

Keywords

Search

Navigation