A User Centric Security Model for Tamper-Resistant Devices

B.1 Brief Introduction to the CasperFDR
B.1 Brief Introduction to the CasperFDR
For the sake of completeness, we subjected the proposed protocols in this thesis to formal
mechanical analysis based on the CasperFDR tool. The CasperFDR approach uses
the Communicating Sequential Processes (CSP) [143]; a mathematical framework for the
description and analysis of systems that consist of processes (sub-systems). The state of
a process in the CSP changes by engaging with (pre-dened) events. The CSP language
denes how dierent sub-processes can be constructed along with how to dene their interactions.
The Failures-Divergence Renement (FDR) [233] is a model-checking tool for
state machines that is rooted in the CSP framework. The FDR model-checking tool denes
and analyse a systems as described below:
1. All (honest) agents (entities) taking part in a system are modelled as the CSP (sub)
processes, along with the intruder that can interact with other agents in the protocol.
2. The resulting system is tested against the dened (desired) security properties. The
FDR searches the state space to investigate whether any insecure traces can be found.
3. If FDR nds an insecure trace, then the system does not satisfy the desired security
property and the protocol is considered to be insecure in relation to the given security
property.
Using the CSP to dene a system is tedious and painstaking, which is remarkably simplied
by the Casper framework. In Casper, a user species a protocol using abstract notations,
similar to the one that are used to describe protocols in academic literature. The Casper
takes these notations, convert them to CSP code, which is suitable to be analysed by the
FDR model checking tool. Therefore, CasperFDR represents an approach where a protocol
is dened in the Casper notations and then FDR tool is used to verify its suitability under
given security properties.
A Casper script can be divided into two main sections: protocol and system denition,
which are discussed as follow:
B.1.1
Protocol Denition
The protocol denition section of a Casper script denes the generic operations of a protocol.
The protocol denition can be sub-divided into four components that are discussed
below:
Protocol Description: This section represented by #Protocol description in a Casper
script denes the message sequence of the protocol. The notations used in this section are
similar to the standard method of describing a protocol [142].
Free variables: The variables and functions that are used by the protocol denition are
dened in a section that is represented as #Free variables. The variables and functions
241