Formal Analysis of PANA Authentication and Authorisation Protocol

Author

Gordon, Steven

Author_Institution

Sirindhorn Int. Inst. of Technol., Thammasat Univ., Pathumthani

fYear

2008

fDate

1-4 Dec. 2008

Firstpage

277

Lastpage

284

Abstract

The extensible authentication protocol (EAP), which is typically used over wireless LANs and point-to-point links, allows a server to request authentication information from a client. The protocol for carrying authentication for network access (PANA) is designed to transport EAP messages over IP networks. This paper presents a formal coloured Petri net model and analysis of PANA, focusing on the initial authentication and authorisation phase. State space analysis of selected configurations reveals a deadlock may occur at the client when the server aborts a PANA authentication session. The analysis also derives a formal definition of the service between PANA and EAP, which is important for verifying that PANA correctly interfaces with EAP, and can later be used for automated testing.

Keywords

IP networks; Petri nets; authorisation; formal verification; message authentication; protocols; telecommunication security; IP network; PANA authentication; authentication for network access; authorisation protocol; coloured Petri net model; extensible authentication protocol; formal analysis; state space analysis; Access protocols; Authentication; Authorization; IP networks; Network servers; State-space methods; System recovery; Transport protocols; Wireless LAN; Wireless application protocol; Petri nets; authentication; communication protocols; formal methods; verification;

fLanguage

English

Publisher

ieee

Conference_Titel

Parallel and Distributed Computing, Applications and Technologies, 2008. PDCAT 2008. Ninth International Conference on

Conference_Location

Otago

Print_ISBN

978-0-7695-3443-5

Type

conf

DOI

10.1109/PDCAT.2008.12

Filename

4710992