Formal Modelling of PKI Based Authentication

One of the main aims of certificate based Public Key Infrastructure (PKI) is to provide authentication in distributed systems. Through its functions, PKI authentication can be viewed as a re-usable component that can be integrated with other systems to offer strong authentication, scalability, and mobility, particularly for large organizations. PKI has been used to describe authentication in various types of applications ranging from e-commerce and web services applications to large scale systems such as Grid computing. This paper presents a formal approach for modeling certificate based PKI authentication. The approach makes use of two complementary models: one is state-based, described in Z, and the other is event-based, expressed in the Process Algebra of Hoare’s Communicating Sequential Processes (CSP). The former will be used to capture the state of PKI key components used in the authentication process, the relationships between them, and model “back-end” operations on these components. Whereas the latter, CSP, will be used to model behavior, and in particular, “front-end” interactions and communications. Only when this authentication mechanism is properly formulated, reasoning about its correctness, vulnerabilities and usability can be scrutinized and possibly aided by automation.