Formal Verification of Safety Properties for Ownership Authentication Transfer Protocol

TL;DR

This paper models and verifies the safety properties of an ownership authentication transfer protocol in ubiquitous devices using CSP and NuSMV, ensuring privacy and security during ownership transfer.

Contribution

It introduces a formal model of the ownership transfer protocol and verifies its safety properties using model checking, enhancing security in device ownership transfer.

Findings

The protocol satisfies all safety constraints.

Model checking confirms the protocol's correctness.

Ownership transfer prevents impersonation attacks.

Abstract

In ubiquitous computing devices, users tend to store some valuable information in their device. Even though the device can be borrowed by the other user temporarily, it is not safe for any user to borrow or lend the device as it may cause private data of the user to be public. To safeguard the user data and also to preserve user privacy we propose and model the technique of ownership authentication transfer. The user who is willing to sell the device has to transfer the ownership of the device under sale. Once the device is sold and the ownership has been transferred, the old owner will not be able to use that device at any cost. Either of the users will not be able to use the device if the process of ownership has not been carried out properly. This also takes care of the scenario when the device has been stolen or lost, avoiding the impersonation attack. The aim of this paper is to model basic process of proposed ownership authentication transfer protocol and check its safety properties by representing it using CSP and model checking approach. For model checking we have used a symbolic model checker tool called NuSMV. The safety properties of ownership transfer protocol has been modeled in terms of CTL specification and it is observed that the system satisfies all the protocol constraint and is safe to be deployed.