Abstract
Key2phone is a mobile access solution which turns mobile phone into a key for electronic locks, doors and gates. In this paper, we elicit and analyse the essential and necessary safety and security requirements that need to be considered for the Key2phone interaction system. The paper elaborates on suggestions/solutions for the realisation of safety and security concerns considering the Internet of Things (IoT) infrastructure. The authors structure these requirements and illustrate particular computational solutions by deploying the Labelled Transition System Analyser (LTSA), a modelling tool that supports a process algebra notation called Finite State Process (FSP). While determining an integrated solution for this research study, the authors point to key quality factors for successful system functionality.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Finwe Ltd.: Key2phone Mobile Access Solution, http://key2phone.com/english_index.html (cited February 23, 2014)
Magee, J., Kramer, J.: Concurrency: State Models & Java Programs, 2nd edn. John Wiley & Sons (2006) ISBN: 0470093552
Imperial College, London: FSP Notation, http://www.doc.ic.ac.uk/~jnm/LTSdocumention/FSP-notation.html (cited February 23, 2014)
Labelled Transition System Analyser V3.0, http://www.doc.ic.ac.uk/~jnm/book/ltsa/LTSA_applet.html (cited February 23, 2014)
Sommerville, I.: Software Engineering: Dependability and Security Specification, 9th edn., pp. 309–340. Pearson Education Inc. (2011) ISBN-13: 978-0-13-703515-1
Magee, J., Maibaum, T.: Towards Specification, Modelling and Analysis of Fault Tolerance in Self Managed Systems. In: Proceedings of the International Workshop on Self-Adaptation and Self-Managing Systems, Shanghai, China, May 21-22, pp. 30–36 (2006), doi:10.1145/1137677.1137684
Kaisar, E., Austin, M., Papadimitriou, S.: Formal Development and Evaluation of Narrow Passageway System Operations. European Transport Trasporti Europei 34, 88–104 (2006)
Orgi, U.J., Okwong, D.E.B., Etim, A.: Designing and Construction of Door Locking Security System Using GSM. IJECS 2(7), 2235–2257 (2013) ISSN: 2319-7242
Bauer, L., Cranor, L.F., Reiter, M.K., Vaniea, K.: Lessons Learned from the Deployment of a Smartphone-Based Access-Control System. In: Proceedings of Symposium on Usable Privacy and Security (SOUPS), Pittsburgh, PA, USA, July 18-20, pp. 64–75 (2007), doi:10.1145/1280680.1280689
Symantec Inc.: Bluetooth Security Review, http://www.symantec.com/connect/articles/bluetooth-security-review-part-1 (cited February 23, 2014)
Scarfone, K., Souppaya, M.: Guide to Enterprise Password Management: Recommendations of the National Institute of Standards and Technology. National Institute of Standard and Technology (NIST) Special Publication 800-118 (2009) http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf (cited February 3, 2014)
Scarfone, K., Padgette, J.: Guide to Bluetooth Security: Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-121 (2008), http://csrc.nist.gov/publications/drafts/800-121r1/Draft-SP800-121_Rev1.pdf (cited February 3, 2014)
National Security Agency (NSA): Bluetooth Security, http://www.nsa.gov/ia/_files/factsheets/i732-016r-07.pdf (cited February 2, 2014)
Singelée, D., Preneel, B.: Improved pairing protocol for bluetooth. In: Kunz, T., Ravi, S.S. (eds.) ADHOC-NOW 2006. LNCS, vol. 4104, pp. 252–265. Springer, Heidelberg (2006)
Mustafa, H., Sadeghi, A.R., Schulz, S., Xu, W.: You Can Call But Can’t Hide: Detecting Called ID Spoofing Attacks. In: The Proceedings of 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Atlanta Georgia USA, June 23-26 (2014)
Cryptome: Common Cryptographic Algorithms. Revision D.1 publication version. Report no. TR45.AHAG (2000), http://cryptome.org/espy/TR45-ccad1.pdf (cited January 4 2014)
Frantti, T., Savola, R., Hietalahti, H.: A Risk-Driven Security Analysis and Metrics Development for WSN-MCN Router. In: Proceedings of ICTC 2013, pp. 342–347 (2013), doi:10.1109/ICTC.2013.6675370
Bagnall, P.: Improving Visibility. ITNOW 54(3), 30–32 (2012), doi:10.1093/itnow/bws063
Sasse, M.A., Brostoff, S., Weirich, D.: Transforming the ‘Weakest Link’- A Human/Computer Interaction Approach to Usable and Effective Security. BT Technology Journal 19(3), 122–131 (2001), doi:10.1023/A:1011902718709
Niblett, G.: Securing the Human. ITNOW 54(3), 25 (2012), doi: 10.1093/itnow/bws063
Whitten, A., Tygar, J.D.: Usability of Security: A Case Study. Carnegie Mellon University, CMU-CS-98-155 (1998), http://reports-archive.adm.cs.cmu.edu/anon/1998/abstracts/98-155.html (cited February 2, 2014)
Schultz, E.E., Proctor, R.W., Lien, M.C., Salvendy, G.: Usability and Security an Appraisal of Usability Issues in Information Security. Computer & Security 20(7), 620–634 (2001) ISSN: 0167-4048/01
Leveson, N.G.: Intent Specifications: An Approach to Building Human-Centered Specifications. IEEE Transactions on Software Engineering SE-26 (2000)
Zafar, S., Dormey, R.G.: Integrating Safety and Security Requirements into Design of an Embedded System. In: The Proceedings of 12th Asia Pacific Software Engineering Conference, Taipei, Taiwan, December 15-17 (2005)
Flechais, I.: Integrating security and usability into the requirements and design process. Int. J. Electronic Security and Digital Forensics 1(1) (2007)
Graff, M.G., van Wyk, K.R.: Secure Coding Principles and Practices. O’Reilly (June 2003) ISBN: 978-0-596-55601-3
Martin, R.J., Mathur, A.P.: Software and Hardware Quality Assurance: Towards a Common Platform for High Reliability. In: Proceedings of IEEE International Conference on Communications 1990, Atlanta Georgia, USA, April 16-19, vol. 4, pp. 1324–1328 (1990), doi:10.1109/ICC.1990.117284
Li, L., Berki, E., Helenius, M., Savola, R.: New Usability Metrices for Authentication Mechanisms. In: Proceedings of SQM 2012, Tampere, Finland, August 20-23, pp. 239–250 (2012)
Bonneau, J., Herley, C., Oorschot, P.C., Stanjano, F.: A Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 553–567 (2012), doi:10.1109/SP.2012.44(2012)
Diller, A.: Z: An Introduction to Formal Methods, 2nd edn. John Wiley & Sons Ltd., Chichester (1994) ISBN: 978-0-471-93973-3
Kainda, R., Flechais, I., Roscoe, A.W.: Security and Usability. In: Proceedings of ARES 2010, pp. 275–282 (2010), doi:10.1109/ARES.2010.77
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Chaudhary, S., Li, L., Berki, E., Helenius, M., Kela, J., Turunen, M. (2015). Applying Finite State Process Algebra to Formally Specify a Computational Model of Security Requirements in the Key2phone-Mobile Access Solution. In: Núñez, M., Güdemann, M. (eds) Formal Methods for Industrial Critical Systems. FMICS 2015. Lecture Notes in Computer Science(), vol 9128. Springer, Cham. https://doi.org/10.1007/978-3-319-19458-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-19458-5_9
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-19457-8
Online ISBN: 978-3-319-19458-5
eBook Packages: Computer ScienceComputer Science (R0)