Security and performance joint analysis method for authentication protocol based on CPN models

Abstract

Security verification and performance analysis are both crucial aspects for designing effective and efficient authentication protocols. However, in most authentication protocol design practice, two independent models are often adopted for individual security verification and performance analysis, which could not guarantee that performance improvements taking no harm to its security functionalities. In this paper, a colored Petri nets (CPN) model based method is well utilized to integrate security verification and performance analysis for authentication protocols. The main idea is that the functional CPN model for an authentication protocol is constructed firstly for its security verification, and then performance related temporal constrains are added into above model to form a corresponding performance CPN model for simulation based performance evaluation towards that authentication protocol. Because such closely related CPN models are utilized where occurrence sequences existed in performance models are also behavior-equally existed in functional models, it is guaranteed that both models satisfy the security requirements for the authentication protocol. We present the security and performance joint analysis process of TRDP protocol, a representative example of authentication protocols, to illustrate the effectiveness of above CPN based integrated approach.