Abstract
Protocol flaws such as the well-known Heartbleed bug, security and privacy issues or incomplete specifications, in general, pose risks to the direct users of a protocol and further stakeholders. Formal methods, such as Colored Petri Nets (CPNs), facilitate the design, development, analysis and verification of new protocols; the detection of flaws; and the mitigation of identified security risks. BlockVoke is a blockchain-based scheme that decentralizes certificate revocations, allows certificate owners and certificate authorities to revoke certificates and rapidly distributes revocation information. CPNs in particular are well-suited to formalize blockchain-based protocols—thus, in this work, we formalize the BlockVoke protocol using CPNs, resulting in a verifiable CPN model and a formal specification of the protocol. We utilize an agent-oriented modeling (AOM) methodology to create goal models and corresponding behavior interface models of BlockVoke. Subsequently, protocols semantics are defined, and the CPN models are derived and implemented using CPN Tools. Moreover, a full state-space analysis of the resulting CPN model is performed to derive relevant model properties of the protocol. The result is a complete and correct formal BlockVoke specification used to guide future implementations and security assessments.
Highlights
Design flaws, security and privacy issues, as well as incomplete specifications, pose risks to the direct users of a protocol and to other stakeholders [1,2,3,4]
The result is a directed graph where the nodes correspond to the set of reachable markings, while the arcs correspond to occurring binding elements [9]
Evaluation limitations of the BlockVoke Colored Petri Nets (CPNs) model may concern the socio-technical nature of the BlockVoke protocol and the modeling process itself, which requires several simplifications, e.g., neither the Bitcoin nor the Ethereum consensus algorithm or mining process was implemented in the CPN model
Summary
Security and privacy issues, as well as incomplete specifications, pose risks to the direct users of a protocol and to other stakeholders [1,2,3,4]. May make it necessary to invalidate a certificate before its validity expires, e.g., a compromised private key or a change in domain ownership may make it necessary to revoke a certificate to prevent attackers from performing MITM attacks or accessing encrypted data [27]. In such a case, the certificate authority (CA) that signed the certificate issues a revocation statement signed by its private key.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
