Towards the Automated Verification of Cyber-Physical Security Protocols: Bounding the Number of Timed Intruders

TL;DR

This paper addresses the challenge of verifying cyber-physical security protocols by demonstrating that the number of timed intruders needed for analysis can be limited to the number of protocol participants, simplifying the verification process.

Contribution

It proves that the number of timed intruders required for verification can be bounded by the number of protocol participants, aiding automated analysis.

Findings

Using the same number of intruders as participants suffices for verification.

Preliminary experiments successfully identified attacks in CPSP.

The approach simplifies the verification process for cyber-physical protocols.

Abstract

Timed Intruder Models have been proposed for the verification of Cyber-Physical Security Protocols (CPSP) amending the traditional Dolev-Yao intruder to obey the physical restrictions of the environment. Since to learn a message, a Timed Intruder needs to wait for a message to arrive, mounting an attack may depend on where Timed Intruders are. It may well be the case that in the presence of a great number of intruders there is no attack, but there is an attack in the presence of a small number of well placed intruders. Therefore, a major challenge for the automated verification of CPSP is to determine how many Timed Intruders to use and where should they be placed. This paper answers this question by showing it is enough to use the same number of Timed Intruders as the number of participants. We also report on some preliminary experimental results in discovering attacks in CPSP.