Skip to main content
SpringerLink
Log in

Applying Finite State Process Algebra to Formally Specify a Computational Model of Security Requirements in the Key2phone-Mobile Access Solution

  • Conference paper
Formal Methods for Industrial Critical Systems (FMICS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 9128))

Abstract

Key2phone is a mobile access solution which turns mobile phone into a key for electronic locks, doors and gates. In this paper, we elicit and analyse the essential and necessary safety and security requirements that need to be considered for the Key2phone interaction system. The paper elaborates on suggestions/solutions for the realisation of safety and security concerns considering the Internet of Things (IoT) infrastructure. The authors structure these requirements and illustrate particular computational solutions by deploying the Labelled Transition System Analyser (LTSA), a modelling tool that supports a process algebra notation called Finite State Process (FSP). While determining an integrated solution for this research study, the authors point to key quality factors for successful system functionality.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Finwe Ltd.: Key2phone Mobile Access Solution, http://key2phone.com/english_index.html (cited February 23, 2014)

  2. Magee, J., Kramer, J.: Concurrency: State Models & Java Programs, 2nd edn. John Wiley & Sons (2006) ISBN: 0470093552

    Google Scholar 

  3. Imperial College, London: FSP Notation, http://www.doc.ic.ac.uk/~jnm/LTSdocumention/FSP-notation.html (cited February 23, 2014)

  4. Labelled Transition System Analyser V3.0, http://www.doc.ic.ac.uk/~jnm/book/ltsa/LTSA_applet.html (cited February 23, 2014)

  5. Sommerville, I.: Software Engineering: Dependability and Security Specification, 9th edn., pp. 309–340. Pearson Education Inc. (2011) ISBN-13: 978-0-13-703515-1

    Google Scholar 

  6. Magee, J., Maibaum, T.: Towards Specification, Modelling and Analysis of Fault Tolerance in Self Managed Systems. In: Proceedings of the International Workshop on Self-Adaptation and Self-Managing Systems, Shanghai, China, May 21-22, pp. 30–36 (2006), doi:10.1145/1137677.1137684

    Google Scholar 

  7. Kaisar, E., Austin, M., Papadimitriou, S.: Formal Development and Evaluation of Narrow Passageway System Operations. European Transport Trasporti Europei 34, 88–104 (2006)

    Google Scholar 

  8. Orgi, U.J., Okwong, D.E.B., Etim, A.: Designing and Construction of Door Locking Security System Using GSM. IJECS 2(7), 2235–2257 (2013) ISSN: 2319-7242

    Google Scholar 

  9. Bauer, L., Cranor, L.F., Reiter, M.K., Vaniea, K.: Lessons Learned from the Deployment of a Smartphone-Based Access-Control System. In: Proceedings of Symposium on Usable Privacy and Security (SOUPS), Pittsburgh, PA, USA, July 18-20, pp. 64–75 (2007), doi:10.1145/1280680.1280689

    Google Scholar 

  10. Symantec Inc.: Bluetooth Security Review, http://www.symantec.com/connect/articles/bluetooth-security-review-part-1 (cited February 23, 2014)

  11. Scarfone, K., Souppaya, M.: Guide to Enterprise Password Management: Recommendations of the National Institute of Standards and Technology. National Institute of Standard and Technology (NIST) Special Publication 800-118 (2009) http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf (cited February 3, 2014)

  12. Scarfone, K., Padgette, J.: Guide to Bluetooth Security: Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-121 (2008), http://csrc.nist.gov/publications/drafts/800-121r1/Draft-SP800-121_Rev1.pdf (cited February 3, 2014)

  13. National Security Agency (NSA): Bluetooth Security, http://www.nsa.gov/ia/_files/factsheets/i732-016r-07.pdf (cited February 2, 2014)

  14. Singelée, D., Preneel, B.: Improved pairing protocol for bluetooth. In: Kunz, T., Ravi, S.S. (eds.) ADHOC-NOW 2006. LNCS, vol. 4104, pp. 252–265. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  15. Mustafa, H., Sadeghi, A.R., Schulz, S., Xu, W.: You Can Call But Can’t Hide: Detecting Called ID Spoofing Attacks. In: The Proceedings of 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Atlanta Georgia USA, June 23-26 (2014)

    Google Scholar 

  16. Cryptome: Common Cryptographic Algorithms. Revision D.1 publication version. Report no. TR45.AHAG (2000), http://cryptome.org/espy/TR45-ccad1.pdf (cited January 4 2014)

  17. Frantti, T., Savola, R., Hietalahti, H.: A Risk-Driven Security Analysis and Metrics Development for WSN-MCN Router. In: Proceedings of ICTC 2013, pp. 342–347 (2013), doi:10.1109/ICTC.2013.6675370

    Google Scholar 

  18. Bagnall, P.: Improving Visibility. ITNOW 54(3), 30–32 (2012), doi:10.1093/itnow/bws063

    Google Scholar 

  19. Sasse, M.A., Brostoff, S., Weirich, D.: Transforming the ‘Weakest Link’- A Human/Computer Interaction Approach to Usable and Effective Security. BT Technology Journal 19(3), 122–131 (2001), doi:10.1023/A:1011902718709

    Article  Google Scholar 

  20. Niblett, G.: Securing the Human. ITNOW 54(3), 25 (2012), doi: 10.1093/itnow/bws063

    Google Scholar 

  21. Whitten, A., Tygar, J.D.: Usability of Security: A Case Study. Carnegie Mellon University, CMU-CS-98-155 (1998), http://reports-archive.adm.cs.cmu.edu/anon/1998/abstracts/98-155.html (cited February 2, 2014)

  22. Schultz, E.E., Proctor, R.W., Lien, M.C., Salvendy, G.: Usability and Security an Appraisal of Usability Issues in Information Security. Computer & Security 20(7), 620–634 (2001) ISSN: 0167-4048/01

    Google Scholar 

  23. Leveson, N.G.: Intent Specifications: An Approach to Building Human-Centered Specifications. IEEE Transactions on Software Engineering SE-26 (2000)

    Google Scholar 

  24. Zafar, S., Dormey, R.G.: Integrating Safety and Security Requirements into Design of an Embedded System. In: The Proceedings of 12th Asia Pacific Software Engineering Conference, Taipei, Taiwan, December 15-17 (2005)

    Google Scholar 

  25. Flechais, I.: Integrating security and usability into the requirements and design process. Int. J. Electronic Security and Digital Forensics 1(1) (2007)

    Google Scholar 

  26. Graff, M.G., van Wyk, K.R.: Secure Coding Principles and Practices. O’Reilly (June 2003) ISBN: 978-0-596-55601-3

    Google Scholar 

  27. Martin, R.J., Mathur, A.P.: Software and Hardware Quality Assurance: Towards a Common Platform for High Reliability. In: Proceedings of IEEE International Conference on Communications 1990, Atlanta Georgia, USA, April 16-19, vol. 4, pp. 1324–1328 (1990), doi:10.1109/ICC.1990.117284

    Google Scholar 

  28. Li, L., Berki, E., Helenius, M., Savola, R.: New Usability Metrices for Authentication Mechanisms. In: Proceedings of SQM 2012, Tampere, Finland, August 20-23, pp. 239–250 (2012)

    Google Scholar 

  29. Bonneau, J., Herley, C., Oorschot, P.C., Stanjano, F.: A Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 553–567 (2012), doi:10.1109/SP.2012.44(2012)

    Google Scholar 

  30. Diller, A.: Z: An Introduction to Formal Methods, 2nd edn. John Wiley & Sons Ltd., Chichester (1994) ISBN: 978-0-471-93973-3

    Google Scholar 

  31. Kainda, R., Flechais, I., Roscoe, A.W.: Security and Usability. In: Proceedings of ARES 2010, pp. 275–282 (2010), doi:10.1109/ARES.2010.77

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information Sciences, University of Tampere, Kanslerinrinne 1, Pinni B, 30014, Tampere, Finland

    Sunil Chaudhary, Eleni Berki & Markku Turunen

  2. Information Engineering College, Beijing Institute of Petrochemical Technology, 19 Qingyuan North Rd, Daxing, Beijing, China

    Linfeng Li

  3. Department of Computer Science and Information Systems, University of Jyväskylä, P.O. Box 35 (Agora), 40014, Jyväskylä, Finland

    Eleni Berki

  4. Department of Pervasive Computing, Tampere University of Technology, P.O. Box 553, 33101, Tampere, Finland

    Marko Helenius

  5. Finwe Ltd., Elektroniikkatie 8, 90590, Oulu, Finland

    Juha Kela

Authors
  1. Sunil Chaudhary
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Linfeng Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Eleni Berki
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Marko Helenius
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Juha Kela
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Markku Turunen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sunil Chaudhary .

Editor information

Editors and Affiliations

  1. Universidad Complutense de Madrid, Madrid, Spain

    Manuel Núñez

  2. Systerel, Aix-en-Provence, France

    Matthias Güdemann

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Chaudhary, S., Li, L., Berki, E., Helenius, M., Kela, J., Turunen, M. (2015). Applying Finite State Process Algebra to Formally Specify a Computational Model of Security Requirements in the Key2phone-Mobile Access Solution. In: Núñez, M., Güdemann, M. (eds) Formal Methods for Industrial Critical Systems. FMICS 2015. Lecture Notes in Computer Science(), vol 9128. Springer, Cham. https://doi.org/10.1007/978-3-319-19458-5_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-19458-5_9

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-19457-8

  • Online ISBN: 978-3-319-19458-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation