ABSTRACT
The popularity of the Internet of Things (IoT) has raised the critical need for secure, bug-free protocols, where minor design flaws can lead to significant losses. This work focuses on the Thread protocol, an extensively used solution for IoT security and device diversity. We present a formal π -calculus model of Mesh Commissioning Protocol (MeshCoP), a Thread sub-protocol to securely authenticate and commission new distrusted devices to a Thread Network. Our goal is specifically to verify MeshCoP specification. This study highlights the challenges associated with manually modeling a widely used protocol in the industry. Our analysis confirms the secrecy, key consistency, registration, petitioning, and secure network credentials transfer properties held in MeshCoP.
- Dimitrios-Georgios Akestoridis, Vyas Sekar, and Patrick Tague. 2022. On the Security of Thread Networks: Experimentation with OpenThread-Enabled Devices. In Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (San Antonio, TX, USA) (WiSec ’22). Association for Computing Machinery, New York, NY, USA, 233–244. https://doi.org/10.1145/3507657.3528544Google ScholarDigital Library
- Myrto Arapinis, Vincent Cheval, and Stéphanie Delaune. 2012. Verifying Privacy-Type Properties in a Modular Way. In 2012 IEEE 25th Computer Security Foundations Symposium. IEEE, Cambridge, MA, USA, 95–109. https://doi.org/10.1109/CSF.2012.16Google ScholarDigital Library
- Sepideh Asadi and Hadi Shahriar Shahhoseini. 2012. Formal security analysis of authentication in SNMPv3 protocol by an automated tool. In 6th International Symposium on Telecommunications (IST). IEEE, Tehran, Iran, 1060–1064. https://doi.org/10.1109/ISTEL.2012.6483143Google ScholarCross Ref
- Chetan Bansal, Karthikeyan Bhargavan, and Sergio Maffeis. 2012. Discovering Concrete Attacks on Website Authorization by Formal Analysis. In 2012 IEEE 25th Computer Security Foundations Symposium. IEEE, Cambridge, MA, USA, 247–262. https://doi.org/10.1109/CSF.2012.27Google ScholarDigital Library
- Karthikeyan Bhargavan, Bruno Blanchet, and Nadim Kobeissi. 2017. Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE, San Jose, CA, USA, 483–502. https://doi.org/10.1109/SP.2017.26Google ScholarCross Ref
- D. Dolev and A. Yao. 1983. On the security of public key protocols. IEEE Transactions on Information Theory 29, 2 (1983), 198–208. https://doi.org/10.1109/TIT.1983.1056650Google ScholarDigital Library
- Lucca Hirschi, David Baelde, and Stéphanie Delaune. 2016. A Method for Verifying Privacy-Type Properties: The Unbounded Case. In 2016 IEEE Symposium on Security and Privacy (SP). IEEE, San Jose, CA, USA, 564–581. https://doi.org/10.1109/SP.2016.40Google ScholarCross Ref
- David B. Johnson, Dave Maltz, and Josh Broch. 2001. DSR: The Dynamic Source Routing Protocol for Multi-Hop Wireless Ad Hoc Networks. In Ad Hoc Networking (ad hoc networking ed.). ACM, 139–172. https://www.microsoft.com/en-us/research/publication/dsr-dynamic-source-routing-protocol-multi-hop-wireless-ad-hoc-networks/Google Scholar
- Yu Liu, Zhibo Pang, György Dán, Dapeng Lan, and Shaofang Gong. 2018. A Taxonomy for the Security Assessment of IP-Based Building Automation Systems: The Case of Thread. IEEE Transactions on Industrial Informatics 14, 9 (2018), 4113–4123. https://doi.org/10.1109/TII.2018.2844955Google ScholarCross Ref
- Peter M., Tracy T., Masatsune Y., Anurag G., and Denise R.2017. Forecast: Internet of Things – Endpoints and Associated Services, Worldwide, 2017. https://www.gartner.com/en/documents/3840665. Accessed 2023-01-13.Google Scholar
- Maria Leonor Pacheco, Max von Hippel, Ben Weintraub, Dan Goldwasser, and Cristina Nita-Rotaru. 2022. Automated Attack Synthesis by Extracting Finite State Machines from Protocol Specification Documents. In 2022 IEEE Symposium on Security and Privacy (SP). IEEE, San Francisco, CA, USA, 51–68. https://doi.org/10.1109/SP46214.2022.9833673Google ScholarCross Ref
- Florian Pudlitz, Florian Brokhausen, and Andreas Vogelsang. 2019. Extraction of System States from Natural Language Requirements. In 2019 IEEE 27th International Requirements Engineering Conference (RE). IEEE, Jeju, Korea (South), 211–222. https://doi.org/10.1109/RE.2019.00031Google ScholarCross Ref
- Eric Rescorla and Nagena Modadugu. 2012. Datagram Transport Layer Security Version 1.2. Request for Comments RFC 6347. Internet Engineering Task Force. https://doi.org/10.17487/RFC6347 Num Pages: 32.Google ScholarDigital Library
- Pietro Tedeschi, Savio Sciancalepore, and Roberto Di Pietro. 2023. PPCA - Privacy-Preserving Collision Avoidance for Autonomous Unmanned Aerial Vehicles. IEEE Transactions on Dependable and Secure Computing 20, 2 (2023), 1541–1558. https://doi.org/10.1109/TDSC.2022.3159837Google ScholarDigital Library
- Thread Group. 2023. Thread Specification. https://www.threadgroup.org/ThreadSpec. Accessed 2022-07-07.Google Scholar
- Pankaj Upadhyay, Subodh Sharma, and Guangdong Bai. 2023. Symbolic Security Verification of Mesh Commissioning Protocol in Thread (extended version). https://arxiv.org/abs/2312.12958Google Scholar
- Caimei Wang, Yan Xiong, Wenchao Huang, Huihua Xia, and Jianmeng Huang. 2016. Formal Analysis of Selective Disclosure Attribute-Based Credential System in Applied Pi Calculus. In 2016 IEEE Trustcom/BigDataSE/ISPA. IEEE, 42–49. https://doi.org/10.1109/TrustCom.2016.0044Google ScholarCross Ref
Index Terms
- Symbolic Verification of Mesh Commissioning Protocol of Thread
Recommendations
On the Security of Thread Networks: Experimentation with OpenThread-Enabled Devices
WiSec '22: Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile NetworksThe Thread networking protocol is expected to be utilized by a plethora of smart home devices as one of the IP-based networking technologies that will be supported by the Matter standard that is being developed by members of the Connectivity Standards ...
Universally Composable Symbolic Security Analysis
In light of the growing complexity of cryptographic protocols and applications, it becomes highly desirable to mechanize—and eventually automate—the security analysis of protocols. A natural step towards automation is to allow for symbolic security ...
Computational verification of C protocol implementations by symbolic execution
CCS '12: Proceedings of the 2012 ACM conference on Computer and communications securityWe verify cryptographic protocols coded in C for correspondence properties with respect to the computational model of cryptography. The first step uses symbolic execution to extract a process calculus model from a C implementation of the protocol. The ...
Comments