A Coloured Petri Net Methodology and Library for Security Analysis of Network Protocols

Formal methods are often used to prove properties of network protocols, including required security properties. However for a protocol modeller the techniques available for security analysis often require expert knowledge of the technique. Also the tight coupling of protocol model and security attacks limit re-use of models. With Coloured Petri nets as the selected formal method, this paper proposes a methodology to support a modeller in performing security analysis of a protocol. The methodology enhances the re-usability, extendability and readability of protocol and attack models, with the aim of simplifying the tasks of the modeller. Key to the methodology is the decoupling of the protocol and attack models by using the hierarchical structure of Coloured Petri nets. Also a library of attack modules is developed based on Dolev-Yao assumptions; the modules can be composed to create complex attacks and re-used across different protocols. To demonstrate the methodology, a case study analysing the ZigBee RF4CE pairing protocol is presented. The case study shows the ease at which attacks can be integrated and how the methodology addresses the state space explosion problem. The impact of two attacks on the ZigBee protocol are analysed, showing several scenarios which lead to a mismatch in state at the ZigBee devices.