|Research Unit in Networking|
1 Research unit in Networking, EECS department, University of Liège, Belgium
AbstractThe Challenge Handshake Authentication Protocol, CHAP, is an authentication protocol intended for use primarily by hosts and routers that connect to a network server via switched circuits or dial-up lines, but might be applied to dedicated links as well. In this paper, we specify two versions of the protocol, using the formal language LOTOS, and apply the EUCALYPTUS model-based verification tools to prove that the first version has a flaw, whereas the second one is robust to passive and active attacks. The paper is written in a tutorial fashion with a strong emphasis on the methodology used. The relative simplicity of the CHAP protocol allows one to include complete LOTOS specifications and definitions of properties, so that the experiment can be reproduced easily.
Keywordsmodel-checking, security protocols, verification
Editor: - G. Leduc -
Webmaster: - C. Soldani -
|Still running IPv4 at: 18.104.22.168...||