Computer Science

Computer Science ›› 2022, Vol. 49 ›› Issue (11A): 211100111-5.doi: 10.11896/jsjkx.211100111

• Information Security • Previous Articles     Next Articles

Study on Formal Verification of EAP-TLS Protocol

CHEN Li-ping1,2, XU Peng1,2, WANG Dan-chen2,3, XU Yang1,2   

  1. 1 School of Mathematics,Southwest Jiaotong University,Chengdu 611756,China
    2 National-local Joint Engineering Lab of System Credibility Automatic Verification,Chengdu 611756,China
    3 Sichuan Provinical Digital Economy Research Center,Chengdu 610021,China
  • Online:2022-11-10 Published:2022-11-21
  • About author:CHEN Li-ping,born in 1997,postgraduate.Her main research interests include formal verification of security protocols and so on.
    XU Peng,born in 1981,Ph.D,lecturer.His main research interests include cyberspace security,formal verification,spectrum and electromagnetic environment management.
  • Supported by:
    National Natural Science Foundation of China(61976130),Sichuan Province Science and Technology Planning Project(2020YJ0270),Fundamental Research Funds for the Central Universities(2682021GF012) and Scientific Research Plan of Sichuan Radio Monitoring Station([2019]4).

PDF (PC)

317

Abstract: EAP-TLS is a security protocol defined under the 5G standard that provides key services in a specific IoT environment.However,the EAP-TLS protocol cannot provide mutual authentication between user equipment and the network.A protocol with design flaws will endanger the security of the system during operation.Therefore,it is a very necessary process to analyze its security before the implementation of the protocol,try to find potential flaws and improve them.This paper studies theformal model of EAP-TLS protocol and security properties based on Proverif,and verifies the security properties such as the mutual authentication between user equipment and network,confidentiality between KSEAF(security anchor key) and subscriber permanent identity(SUPI).Verification results find that there are some security flaws in the EAP-TLS protocol in terms of authentication under insecure channels,and the user equipment fails to authenticate the network.Analytical results further confirm the reasons of security flaws,and the corresponding attacks are also given.Finally,the possibility of improving security flaws is discussed based on asymmetric key encryption and random numbers in cryptography.

Key words: Authentication protocol, EAP-TLS, Formal verification, Proverif, Insecure channel

CLC Number: 

  • TN915.04
[1]HUANG Z W.5G network security practice [M].Beijing:Posts &Telecom Press,2020:116-119.
[2]3GPP.3GPP TS 33.501 Security architecture and proceduresfor 5G system(Release 16)[S].Nice:3GPP,2020.
[3]SHOJAIE B,SABERI I,SALLEH M.Enhancing EAP-TLS authentication protocol for IEEE 802.11i[J].Wireless Networks,2017,23(5):1491-1508.
[4]ZHAO Y H,QIAN Q.Research on Security Analysis and Improvement of EAP-TLS Protocol[J].Software Guide,2017,16(8):174-178.
[5]ZHANG J,WANG Q,YANG L,et al.Formal Verification of 5G-EAP-TLS Authentication Protocol[C]//2019 IEEE Fourth International Conference on Data Science in Cyberspace(DSC).Hangzhou:IEEE,2019:503-509.
[6]ZHANG J,YANG L,CAO W,et al.Formal Analysis of 5G EAP-TLS Authentication Protocol Using Proverif[J].IEEE Access,2020,8:23674-23688.
[7]TIAN J.Formal Verification[M].Wiley-IEEE Press,2005:251-266.
[8]BLANCHET B.Modeling and Verifying Security Protocols with the Applied Pi Calculus and Proverif[M].Now Foundations and Trends,2016:1-135.
[9]DIERKS T,RESCORLA E.The Transport Layer Security(TLS) Protocol Version 1.2 [EB/OL].[2020-01-21].https://datatracker.ietf.org/doc/rfc5246/.
[10]YANG Z Q,SU L,YANG B,et al.5G Security Technology and Standards[M].Beijing:Posts & Telecom Press,2020:275-289.
[11]HUANG Z W.5G network security practice [M].Beijing:Posts &Telecom Press,2020:331-332.
[12]RYAN M D,SMYTH B.Applied pi calculus[EB/OL].[2021-11-08].https://www.cs.bham.ac.uk/~mdr/research/papers/pdf/11-applied-pi.extended.pdf.
[13]DOLEV D,YAO A.On the security of public key protocols[J].IEEE Transactions on Information Theory,1983,29(2):198-208.
[14]FENG D G,XU J,LAN X.5G mobile communication network security research[J].Journal of Software,2018,29(6):1813-1825.
[15]QIANG Q,WU G,HUANG K Z,et al.Progress in 5G security technology research and standards[J].Scientia Sinica(Informationis),2021,51(3):347-366.
[1] JIAN Qi-rui, CHEN Ze-mao, WU Xiao-kang. Authentication and Key Agreement Protocol for UAV Communication [J]. Computer Science, 2022, 49(8): 306-313.
[2] WANG Ran-ran, WANG Yong, CAI Yu-tong, JIANG Zheng-tao, DAI Gui-ping. Formal Verification of Yahalom Protocol Based on Process Algebra [J]. Computer Science, 2021, 48(6A): 481-484.
[3] LI Ling, LI Huang-hua, WANG Sheng-yuan. Experiment on Formal Verification Process of Parser of CompCert Compiler in Trusted Compiler Design [J]. Computer Science, 2020, 47(6): 8-15.
[4] FAN Yong-qian, CHEN Gang, CUI Min. Formalization of Finite Field GF(2n) Based on COQ [J]. Computer Science, 2020, 47(12): 311-318.
[5] LIU Jing, LAI Ying-xu, YANG Sheng-zhi, Lina XU. Bilateral Authentication Protocol for WSN and Certification by Strand Space Model [J]. Computer Science, 2019, 46(9): 169-175.
[6] XIA Nu-nu, YANG Jin-ji, ZHAO Gan-sen, MO Xiao-shan. Formal Verification of Cloud-aided Lightweight Certificateless Authentication Protocol Based on Probabilistic Model [J]. Computer Science, 2019, 46(8): 206-211.
[7] MA Zhen-wei,CHEN Gang. Matrix Formalization Based on Coq Record [J]. Computer Science, 2019, 46(7): 139-145.
[8] CHEN Hao, LUO Lei, LI Yun, CHEN Li-rong. Study on Formal Verification of Secure Virtual Machine Monitor [J]. Computer Science, 2019, 46(3): 170-179.
[9] LI Lu-lu, DONG Qing-kuan, CHEN Meng-meng. Cloud-based Lightweight RFID Group Tag Authentication Protocol [J]. Computer Science, 2019, 46(1): 182-189.
[10] XU Yang, YUAN Jin-sha, GAO Hui-sheng, HU Xiao-yu and ZHAO Zhen-bing. RFID Authentication Protocol Based on Pseudo ID and Certification by Strand Space Model [J]. Computer Science, 2017, 44(10): 142-146.
[11] CHEN Hong-song, WANG Gang and FU Zhong-chuan. Cloud Services Cross-domain Authentication Protocol Formal Analysis and Verification Based on Fragment Model Check [J]. Computer Science, 2016, 43(4): 140-144.
[12] LI Yan-chun, LI Xiao-juan, GUAN Yong, WANG Rui, ZHANG Jie and WEI Hong-xing. xMAS-based Formal Verification of SpaceWire Credit Logic [J]. Computer Science, 2016, 43(2): 113-117.
[13] YANG Xiu-mei, GUAN Yong, SHI Zhi-ping, WU Ai-xuan, ZHANG Qian-ying and ZHANG Jie. Higher-order Logic Formalization of Function Matrix and its Calculus [J]. Computer Science, 2016, 43(11): 24-29.
[14] REN Chao-qun and XU Ming. Security Authentication Protocol Based on Cluster for Underwater Acoustic Sensor Networks [J]. Computer Science, 2016, 43(10): 166-171.
[15] CHEN Li-rong, LI Yun and LUO Lei. Research on Formal Verification of Embedded Operating System [J]. Computer Science, 2015, 42(8): 203-214.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.